diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet')
204 files changed, 27178 insertions, 26314 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/ACLAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/ACLAdminServlet.java index 0087375c..c4fa440d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/ACLAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/ACLAdminServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; + import java.io.IOException; import java.util.Enumeration; import java.util.Hashtable; @@ -44,9 +45,10 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.usrgrp.IUGSubsystem; import com.netscape.certsrv.usrgrp.IUser; + /** * Manage Access Control List configuration - * + * * @version $Revision$, $Date$ */ public class ACLAdminServlet extends AdminServlet { @@ -61,7 +63,8 @@ public class ACLAdminServlet extends AdminServlet { private final static String INFO = "ACLAdminServlet"; private IAuthzManager mAuthzMgr = null; - private final static String LOGGING_SIGNED_AUDIT_CONFIG_ACL = "LOGGING_SIGNED_AUDIT_CONFIG_ACL_3"; + private final static String LOGGING_SIGNED_AUDIT_CONFIG_ACL = + "LOGGING_SIGNED_AUDIT_CONFIG_ACL_3"; /** * Constructs servlet. @@ -71,18 +74,17 @@ public class ACLAdminServlet extends AdminServlet { mUG = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG); } - /** - * initialize the servlet. + /** + * initialize the servlet. * <ul> * <li>http.param OP_TYPE = OP_SEARCH, * <li>http.param OP_SCOPE - the scope of the request operation: - * <ul> - * <LI>"impl" ACL implementations - * <LI>"acls" ACL rules - * <LI>"evaluatorTypes" ACL evaluators. + * <ul><LI>"impl" ACL implementations + * <LI>"acls" ACL rules + * <LI>"evaluatorTypes" ACL evaluators. + * </ul> * </ul> - * </ul> - * + * * @param config servlet configuration, read from the web.xml file */ public void init(ServletConfig config) throws ServletException { @@ -97,24 +99,24 @@ public class ACLAdminServlet extends AdminServlet { return INFO; } - /** + /** * Process the HTTP request. - * + * * @param req the object holding the request information * @param resp the object holding the response information */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { String scope = super.getParameter(req, Constants.OP_SCOPE); String op = super.getParameter(req, Constants.OP_TYPE); if (op == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_INVALID_PROTOCOL")); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), null, resp); + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_INVALID_PROTOCOL")); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), + null, resp); return; } @@ -123,10 +125,9 @@ public class ACLAdminServlet extends AdminServlet { try { super.authenticate(req); } catch (IOException e) { - log(ILogger.LL_SECURITY, - CMS.getLogMessage("ADMIN_SRVLT_FAIL_AUTHS")); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHS_FAILED"), null, resp); + log(ILogger.LL_SECURITY, CMS.getLogMessage("ADMIN_SRVLT_FAIL_AUTHS")); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req),"CMS_ADMIN_SRVLT_AUTHS_FAILED"), + null, resp); return; } @@ -135,11 +136,13 @@ public class ACLAdminServlet extends AdminServlet { try { SessionContext mSC = SessionContext.getContext(); - user = (IUser) mSC.get(SessionContext.USER); + user = (IUser) + mSC.get(SessionContext.USER); } catch (Exception e) { log(ILogger.LL_FAILURE, e.toString()); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_PERFORM_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"), + null, resp); return; } @@ -149,8 +152,9 @@ public class ACLAdminServlet extends AdminServlet { if (op.equals(OpDef.OP_SEARCH)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_ACL)) { @@ -166,8 +170,9 @@ public class ACLAdminServlet extends AdminServlet { } else if (op.equals(OpDef.OP_READ)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_ACL)) { @@ -177,8 +182,9 @@ public class ACLAdminServlet extends AdminServlet { } else if (op.equals(OpDef.OP_MODIFY)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_ACL)) { @@ -188,8 +194,9 @@ public class ACLAdminServlet extends AdminServlet { } else if (op.equals(OpDef.OP_ADD)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_ACL_IMPLS)) { @@ -199,8 +206,9 @@ public class ACLAdminServlet extends AdminServlet { } else if (op.equals(OpDef.OP_DELETE)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_ACL_IMPLS)) { @@ -208,37 +216,41 @@ public class ACLAdminServlet extends AdminServlet { return; } } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_INVALID_OP_SCOPE")); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp); + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_INVALID_OP_SCOPE")); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } catch (EBaseException e) { log(ILogger.LL_FAILURE, e.toString()); - sendResponse(ERROR, e.toString(getLocale(req)), null, resp); + sendResponse(ERROR, e.toString(getLocale(req)), + null, resp); return; } catch (Exception e) { log(ILogger.LL_FAILURE, e.toString()); log(ILogger.LL_DEBUG, "SRVLT_FAIL_PERFORM 2"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_PERFORM_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"), + null, resp); return; } log(ILogger.LL_DEBUG, "SRVLT_FAIL_PERFORM 3"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_PERFORM_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"), + null, resp); return; } /** * list acls resources by name */ - private void listResources(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private void listResources(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { NameValuePairs params = new NameValuePairs(); @@ -248,7 +260,7 @@ public class ACLAdminServlet extends AdminServlet { ACL acl = (ACL) res.nextElement(); String desc = acl.getDescription(); - if (desc == null) + if (desc == null) params.add(acl.getName(), ""); else params.add(acl.getName(), desc); @@ -260,17 +272,19 @@ public class ACLAdminServlet extends AdminServlet { /** * get acls information for a resource */ - private void getResourceACL(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private void getResourceACL(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { NameValuePairs params = new NameValuePairs(); - // get resource id first + //get resource id first String resourceId = super.getParameter(req, Constants.RS_ID); if (resourceId == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -315,10 +329,10 @@ public class ACLAdminServlet extends AdminServlet { return; } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ACLS_SRVLT_RESOURCE_NOT_FOUND")); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ACL_RESOURCE_NOT_FOUND"), null, resp); + log(ILogger.LL_FAILURE, CMS.getLogMessage("ACLS_SRVLT_RESOURCE_NOT_FOUND")); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req),"CMS_ACL_RESOURCE_NOT_FOUND"), + null, resp); return; } } @@ -326,20 +340,19 @@ public class ACLAdminServlet extends AdminServlet { /** * modify acls information for a resource * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ACL used when configuring * Access Control List (ACL) information * </ul> - * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private void updateResources(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, + private void updateResources(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String auditMessage = null; @@ -352,25 +365,27 @@ public class ACLAdminServlet extends AdminServlet { String resourceId = super.getParameter(req, Constants.RS_ID); if (resourceId == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ACL, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ACL, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // get resource acls String resourceACLs = super.getParameter(req, Constants.PR_ACI); String rights = super.getParameter(req, Constants.PR_ACL_RIGHTS); - String desc = super.getParameter(req, Constants.PR_ACL_DESC); + String desc = super.getParameter(req, Constants.PR_ACL_DESC); try { mAuthzMgr.updateACLs(resourceId, rights, resourceACLs, desc); @@ -379,8 +394,10 @@ public class ACLAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ACL, auditSubjectID, - ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ACL, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); @@ -391,56 +408,62 @@ public class ACLAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ACL, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ACL, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ACL_UPDATE_FAIL"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req),"CMS_ACL_UPDATE_FAIL"), + null, resp); return; } // } catch( EBaseException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ACL, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ACL, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit1; + // // rethrow the specific exception to be handled later + // throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ACL, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ACL, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ACL, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ACL, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } - + /** * list access evaluators by types and class paths */ - private void listACLsEvaluators(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, + private void listACLsEvaluators(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration res = mAuthzMgr.aclEvaluatorElements(); @@ -456,7 +479,7 @@ public class ACLAdminServlet extends AdminServlet { } private void listACLsEvaluatorTypes(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration res = mAuthzMgr.aclEvaluatorElements(); @@ -467,7 +490,7 @@ public class ACLAdminServlet extends AdminServlet { StringBuffer str = new StringBuffer(); for (int i = 0; i < operators.length; i++) { - if (str.length() > 0) + if (str.length() > 0) str.append(","); str.append(operators[i]); } @@ -481,23 +504,22 @@ public class ACLAdminServlet extends AdminServlet { /** * add access evaluators * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ACL used when configuring * Access Control List (ACL) information * </ul> - * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of this ACL evaluator's - * substore + * substore * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void addACLsEvaluator(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, - IOException, EBaseException { + private synchronized void addACLsEvaluator(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -511,30 +533,35 @@ public class ACLAdminServlet extends AdminServlet { if (type == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ACL, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ACL, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // is the evaluator type unique? /* - * if (!mACLs.isTypeUnique(type)) { String infoMsg = - * "replacing existing type: "+ type; log(ILogger.LL_WARN, infoMsg); - * } + if (!mACLs.isTypeUnique(type)) { + String infoMsg = "replacing existing type: "+ type; + log(ILogger.LL_WARN, infoMsg); + } */ // get class String classPath = super.getParameter(req, Constants.PR_ACL_CLASS); - IConfigStore destStore = mConfig.getSubStore(PROP_EVAL); - IConfigStore mStore = destStore.getSubStore(ScopeDef.SC_ACL_IMPLS); + IConfigStore destStore = + mConfig.getSubStore(PROP_EVAL); + IConfigStore mStore = + destStore.getSubStore(ScopeDef.SC_ACL_IMPLS); // Does the class exist? Class newImpl = null; @@ -548,54 +575,60 @@ public class ACLAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ACL, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ACL, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ACL_CLASS_LOAD_FAIL"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req),"CMS_ACL_CLASS_LOAD_FAIL"), + null, resp); return; } // is the class an IAccessEvaluator? try { - if (Class.forName( - "com.netscape.certsrv.evaluators.IAccessEvaluator") - .isAssignableFrom(newImpl) == false) { - String errMsg = "class not com.netscape.certsrv.evaluators.IAccessEvaluator" - + classPath; + if + (Class.forName("com.netscape.certsrv.evaluators.IAccessEvaluator").isAssignableFrom(newImpl) == false) { + String errMsg = "class not com.netscape.certsrv.evaluators.IAccessEvaluator" + + classPath; log(ILogger.LL_FAILURE, errMsg); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ACL, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ACL, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ACL_ILL_CLASS"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req),"CMS_ACL_ILL_CLASS"), + null, resp); return; } } catch (Exception e) { - String errMsg = "class not com.netscape.certsrv.evaluators.IAccessEvaluator" - + classPath; + String errMsg = "class not com.netscape.certsrv.evaluators.IAccessEvaluator" + + classPath; log(ILogger.LL_FAILURE, errMsg); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ACL, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ACL, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse( - ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ACL_ILL_CLASS"), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req),"CMS_ACL_ILL_CLASS"), + null, resp); return; } @@ -607,18 +640,20 @@ public class ACLAdminServlet extends AdminServlet { try { mConfig.commit(true); } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ACLS_SRVLT_FAIL_COMMIT")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("ACLS_SRVLT_FAIL_COMMIT")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ACL, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ACL, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ACL_COMMIT_FAIL"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req),"CMS_ACL_COMMIT_FAIL"), + null, resp); return; } @@ -626,20 +661,22 @@ public class ACLAdminServlet extends AdminServlet { IAccessEvaluator evaluator = null; try { - evaluator = (IAccessEvaluator) Class.forName(classPath) - .newInstance(); + evaluator = (IAccessEvaluator) Class.forName(classPath).newInstance(); } catch (Exception e) { log(ILogger.LL_FAILURE, e.toString()); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ACL, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ACL, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ACL_INST_CLASS_FAIL"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req),"CMS_ACL_INST_CLASS_FAIL"), + null, resp); return; } @@ -650,71 +687,76 @@ public class ACLAdminServlet extends AdminServlet { mAuthzMgr.registerEvaluator(type, evaluator); } - // ... + //... NameValuePairs params = new NameValuePairs(); // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ACL, - auditSubjectID, ILogger.SUCCESS, auditParams(req)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ACL, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); sendResponse(SUCCESS, null, params, resp); // } catch( EBaseException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ACL, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ACL, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit1; + // // rethrow the specific exception to be handled later + // throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ACL, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ACL, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ACL, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ACL, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } /** * remove access evaluators * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ACL used when configuring * Access Control List (ACL) information * </ul> - * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of this ACL evaluator's - * substore + * substore * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void deleteACLsEvaluator(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, + private synchronized void deleteACLsEvaluator(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, IOException, EBaseException { String auditMessage = null; @@ -727,18 +769,20 @@ public class ACLAdminServlet extends AdminServlet { String id = req.getParameter(Constants.RS_ID); if (id == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ACL, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ACL, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -746,18 +790,20 @@ public class ACLAdminServlet extends AdminServlet { Hashtable mEvaluators = mAuthzMgr.getAccessEvaluators(); if (mEvaluators.containsKey(id) == false) { - log(ILogger.LL_FAILURE, - "evaluator attempted to be removed not found"); + log(ILogger.LL_FAILURE, "evaluator attempted to be removed not found"); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ACL, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ACL, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ACL_EVAL_NOT_FOUND"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req),"CMS_ACL_EVAL_NOT_FOUND"), + null, resp); return; } @@ -766,100 +812,116 @@ public class ACLAdminServlet extends AdminServlet { mEvaluators.remove((Object) id); try { - IConfigStore destStore = mConfig.getSubStore(PROP_EVAL); - IConfigStore mStore = destStore - .getSubStore(ScopeDef.SC_ACL_IMPLS); + IConfigStore destStore = + mConfig.getSubStore(PROP_EVAL); + IConfigStore mStore = + destStore.getSubStore(ScopeDef.SC_ACL_IMPLS); mStore.removeSubStore(id); } catch (Exception eeee) { - // CMS.debugStackTrace(eeee); + //CMS.debugStackTrace(eeee); } // commiting try { mConfig.commit(true); } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ACLS_SRVLT_FAIL_COMMIT")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("ACLS_SRVLT_FAIL_COMMIT")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ACL, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ACL, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ACL_COMMIT_FAIL"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req),"CMS_ACL_COMMIT_FAIL"), + null, resp); return; } // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ACL, - auditSubjectID, ILogger.SUCCESS, auditParams(req)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ACL, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); sendResponse(SUCCESS, null, params, resp); return; // } catch( EBaseException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ACL, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ACL, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit1; + // // rethrow the specific exception to be handled later + // throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ACL, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ACL, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ACL, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ACL, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } - + /** * Searchs for certificate requests. */ - + /* - * private void getACLs(HttpServletRequest req, HttpServletResponse resp) - * throws ServletException, IOException, EBaseException { NameValuePairs - * params = new NameValuePairs(); ByteArrayOutputStream bos = new - * ByteArrayOutputStream(); ObjectOutputStream oos = new - * ObjectOutputStream(bos); String names = getParameter(req, - * Constants.PT_NAMES); StringTokenizer st = new StringTokenizer(names, - * ","); while (st.hasMoreTokens()) { String target = st.nextToken(); ACL - * acl = AccessManager.getInstance().getACL(target); oos.writeObject(acl); } - * // BASE64Encoder encoder = new BASE64Encoder(); // - * params.add(Constants.PT_ACLS, encoder.encodeBuffer(bos.toByteArray())); - * params.add(Constants.PT_ACLS, CMS.BtoA(bos.toByteArray())); - * sendResponse(SUCCESS, null, params, resp); } + private void getACLs(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { + NameValuePairs params = new NameValuePairs(); + ByteArrayOutputStream bos = new ByteArrayOutputStream(); + ObjectOutputStream oos = new ObjectOutputStream(bos); + String names = getParameter(req, Constants.PT_NAMES); + StringTokenizer st = new StringTokenizer(names, ","); + while (st.hasMoreTokens()) { + String target = st.nextToken(); + ACL acl = AccessManager.getInstance().getACL(target); + oos.writeObject(acl); + } + // BASE64Encoder encoder = new BASE64Encoder(); + // params.add(Constants.PT_ACLS, encoder.encodeBuffer(bos.toByteArray())); + params.add(Constants.PT_ACLS, CMS.BtoA(bos.toByteArray())); + sendResponse(SUCCESS, null, params, resp); + } */ private void log(int level, String msg) { if (mLogger == null) return; - mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS, level, - "ACLAdminServlet: " + msg); + mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS, + level, "ACLAdminServlet: " + msg); } -} +} + diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/AdminResources.java b/pki/base/common/src/com/netscape/cms/servlet/admin/AdminResources.java index 038355f0..2024e496 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/AdminResources.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/AdminResources.java @@ -17,11 +17,13 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; + import java.util.ListResourceBundle; + /** * A class represents a resource bundle for the remote admin. - * + * * @version $Revision$, $Date$ * @see java.util.ListResourceBundle */ @@ -35,7 +37,8 @@ public class AdminResources extends ListResourceBundle { } /** - * Constants. The suffix represents the number of possible parameters. + * Constants. The suffix represents the number of + * possible parameters. */ static final Object[][] contents = {}; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java index a6fb0bfd..08996734 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; + import java.io.ByteArrayOutputStream; import java.io.DataOutputStream; import java.io.IOException; @@ -55,27 +56,32 @@ import com.netscape.certsrv.usrgrp.IUGSubsystem; import com.netscape.certsrv.usrgrp.IUser; import com.netscape.cms.servlet.base.UserInfo; + /** - * A class represents an administration servlet that is responsible to serve - * administrative operation such as configuration parameter updates. - * - * Since each administration servlet needs to perform authentication information - * parsing and response formulation, it makes sense to encapsulate the + * A class represents an administration servlet that + * is responsible to serve administrative + * operation such as configuration parameter updates. + * + * Since each administration servlet needs to perform + * authentication information parsing and response + * formulation, it makes sense to encapsulate the * commonalities into this class. - * - * By extending this serlvet, the subclass does not need to re-implement the - * request parsing code (i.e. authentication information parsing). - * - * If a subsystem needs to expose configuration parameters management, it should - * create an administration servlet (i.e. CAAdminServlet) and register it to - * RemoteAdmin subsystem. - * + * + * By extending this serlvet, the subclass does not + * need to re-implement the request parsing code + * (i.e. authentication information parsing). + * + * If a subsystem needs to expose configuration + * parameters management, it should create an + * administration servlet (i.e. CAAdminServlet) + * and register it to RemoteAdmin subsystem. + * * <code> * public class CAAdminServlet extends AdminServlet { * ... * } * </code> - * + * * @version $Revision$, $Date$ */ public class AdminServlet extends HttpServlet { @@ -111,7 +117,8 @@ public class AdminServlet extends HttpServlet { public final static String AUTHZ_SRC_TYPE = "sourceType"; public final static String AUTHZ_SRC_LDAP = "ldap"; public final static String AUTHZ_SRC_XML = "web.xml"; - public static final String CERT_ATTR = "javax.servlet.request.X509Certificate"; + public static final String CERT_ATTR = + "javax.servlet.request.X509Certificate"; public final static String SIGNED_AUDIT_SCOPE = "Scope"; public final static String SIGNED_AUDIT_OPERATION = "Operation"; @@ -122,13 +129,20 @@ public class AdminServlet extends HttpServlet { public final static String SIGNED_AUDIT_NAME_VALUE_DELIMITER = ";;"; public final static String SIGNED_AUDIT_NAME_VALUE_PAIRS_DELIMITER = "+"; - private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL = "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4"; - private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS = "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3"; - private final static String LOGGING_SIGNED_AUDIT_AUTHZ_FAIL = "LOGGING_SIGNED_AUDIT_AUTHZ_FAIL_4"; - private final static String LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS = "LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS_4"; - private final static String LOGGING_SIGNED_AUDIT_ROLE_ASSUME = "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3"; - private final static String CERTUSERDB = IAuthSubsystem.CERTUSERDB_AUTHMGR_ID; - private final static String PASSWDUSERDB = IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID; + private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL = + "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4"; + private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS = + "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3"; + private final static String LOGGING_SIGNED_AUDIT_AUTHZ_FAIL = + "LOGGING_SIGNED_AUDIT_AUTHZ_FAIL_4"; + private final static String LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS = + "LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS_4"; + private final static String LOGGING_SIGNED_AUDIT_ROLE_ASSUME = + "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3"; + private final static String CERTUSERDB = + IAuthSubsystem.CERTUSERDB_AUTHMGR_ID; + private final static String PASSWDUSERDB = + IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID; /** * Constructs generic administration servlet. @@ -151,20 +165,18 @@ public class AdminServlet extends HttpServlet { srcType = authzConfig.getString(AUTHZ_SRC_TYPE, AUTHZ_SRC_LDAP); } catch (EBaseException e) { - CMS.debug("AdminServlet: " - + CMS.getLogMessage("ADMIN_SRVLT_FAIL_SRC_TYPE")); + CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_FAIL_SRC_TYPE")); } - mAuthz = (IAuthzSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTHZ); + mAuthz = + (IAuthzSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTHZ); mServletID = getSCparam(sc, PROP_ID, "servlet id unknown"); - CMS.debug("AdminServlet: " - + CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_INITED", mServletID)); + CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_INITED", mServletID)); if (srcType.equalsIgnoreCase(AUTHZ_SRC_XML)) { - CMS.debug("AdminServlet: " - + CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_INITED", "")); - // get authz mgr from xml file; if not specified, use - // ldap by default + CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_INITED", "")); + // get authz mgr from xml file; if not specified, use + // ldap by default mAclMethod = getSCparam(sc, PROP_AUTHZ_MGR, AUTHZ_MGR_LDAP); if (mAclMethod.equalsIgnoreCase(AUTHZ_MGR_BASIC)) { @@ -173,79 +185,72 @@ public class AdminServlet extends HttpServlet { if (aclInfo != null) { try { addACLInfo(aclInfo); - // mAuthz.authzMgrAccessInit(mAclMethod, aclInfo); + //mAuthz.authzMgrAccessInit(mAclMethod, aclInfo); } catch (EBaseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_MGR_INIT_FAIL")); - throw new ServletException( - "failed to init authz info from xml config file"); + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_MGR_INIT_FAIL")); + throw new ServletException("failed to init authz info from xml config file"); } - CMS.debug("AdminServlet: " - + CMS.getLogMessage( - "ADMIN_SRVLT_AUTHZ_MGR_INIT_DONE", - mServletID)); + CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_MGR_INIT_DONE", mServletID)); } else { // PROP_AUTHZ_MGR not specified, use default authzmgr - CMS.debug("AdminServlet: " - + CMS.getLogMessage( - "ADMIN_SRVLT_PROP_ACL_NOT_SPEC", PROP_ACL, - mServletID, AUTHZ_MGR_LDAP)); + CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_PROP_ACL_NOT_SPEC", PROP_ACL, mServletID, AUTHZ_MGR_LDAP)); } } else { // PROP_AUTHZ_MGR not specified, use default authzmgr - CMS.debug("AdminServlet: " - + CMS.getLogMessage("ADMIN_SRVLT_PROP_ACL_NOT_SPEC", - PROP_AUTHZ_MGR, mServletID, AUTHZ_MGR_LDAP)); + CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_PROP_ACL_NOT_SPEC", PROP_AUTHZ_MGR, mServletID, AUTHZ_MGR_LDAP)); } } else { mAclMethod = AUTHZ_MGR_LDAP; - CMS.debug("AdminServlet: " - + CMS.getLogMessage("ADMIN_SRVLT_AUTH_LDAP_NOT_XML", - mServletID)); + CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_AUTH_LDAP_NOT_XML", mServletID)); } } - public void outputHttpParameters(HttpServletRequest httpReq) { + public void outputHttpParameters(HttpServletRequest httpReq) + { CMS.debug("AdminServlet:service() uri = " + httpReq.getRequestURI()); Enumeration paramNames = httpReq.getParameterNames(); while (paramNames.hasMoreElements()) { - String pn = (String) paramNames.nextElement(); + String pn = (String)paramNames.nextElement(); // added this facility so that password can be hidden, - // all sensitive parameters should be prefixed with + // all sensitive parameters should be prefixed with // __ (double underscores); however, in the event that // a security parameter slips through, we perform multiple // additional checks to insure that it is NOT displayed - if (pn.startsWith("__") || pn.endsWith("password") - || pn.endsWith("passwd") || pn.endsWith("pwd") - || pn.equalsIgnoreCase("admin_password_again") - || pn.equalsIgnoreCase("directoryManagerPwd") - || pn.equalsIgnoreCase("bindpassword") - || pn.equalsIgnoreCase("bindpwd") - || pn.equalsIgnoreCase("passwd") - || pn.equalsIgnoreCase("password") - || pn.equalsIgnoreCase("pin") || pn.equalsIgnoreCase("pwd") - || pn.equalsIgnoreCase("pwdagain") - || pn.equalsIgnoreCase("uPasswd")) { - CMS.debug("AdminServlet::service() param name='" + pn - + "' value='(sensitive)'"); + if( pn.startsWith("__") || + pn.endsWith("password") || + pn.endsWith("passwd") || + pn.endsWith("pwd") || + pn.equalsIgnoreCase("admin_password_again") || + pn.equalsIgnoreCase("directoryManagerPwd") || + pn.equalsIgnoreCase("bindpassword") || + pn.equalsIgnoreCase("bindpwd") || + pn.equalsIgnoreCase("passwd") || + pn.equalsIgnoreCase("password") || + pn.equalsIgnoreCase("pin") || + pn.equalsIgnoreCase("pwd") || + pn.equalsIgnoreCase("pwdagain") || + pn.equalsIgnoreCase("uPasswd") ) { + CMS.debug("AdminServlet::service() param name='" + pn + + "' value='(sensitive)'" ); } else { - CMS.debug("AdminServlet::service() param name='" + pn - + "' value='" + httpReq.getParameter(pn) + "'"); + CMS.debug("AdminServlet::service() param name='" + pn + + "' value='" + httpReq.getParameter(pn) + "'" ); } } } - + /** * Serves HTTP admin request. */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { boolean running_state = CMS.isInRunningState(); if (!running_state) - throw new IOException("CMS server is not ready to serve."); + throw new IOException( + "CMS server is not ready to serve."); if (CMS.debugOn()) { - outputHttpParameters(req); + outputHttpParameters(req); } } @@ -269,21 +274,22 @@ public class AdminServlet extends HttpServlet { } /** - * Authenticates to the identity scope with the given userid and password - * via identity manager. + * Authenticates to the identity scope with the given + * userid and password via identity manager. * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_FAIL used when authentication - * fails (in case of SSL-client auth, only webserver env can pick up the SSL - * violation; CMS authMgr can pick up cert mis-match, so this event is used) - * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_SUCCESS used when - * authentication succeeded + * fails (in case of SSL-client auth, only webserver env can pick up the + * SSL violation; CMS authMgr can pick up cert mis-match, so this event + * is used) + * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_SUCCESS used when authentication + * succeeded * </ul> - * * @exception IOException an input/output error has occurred */ - protected void authenticate(HttpServletRequest req) throws IOException { + protected void authenticate(HttpServletRequest req) throws + IOException { String auditMessage = null; String auditSubjectID = ILogger.UNIDENTIFIED; @@ -300,20 +306,22 @@ public class AdminServlet extends HttpServlet { } catch (EBaseException e) { // do nothing for now. } - IAuthSubsystem auth = (IAuthSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_AUTH); + IAuthSubsystem auth = (IAuthSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); X509Certificate cert = null; if (authType.equals("sslclientauth")) { - X509Certificate[] allCerts = (X509Certificate[]) req - .getAttribute(CERT_ATTR); + X509Certificate[] allCerts = + (X509Certificate[]) req.getAttribute(CERT_ATTR); if (allCerts == null || allCerts.length == 0) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, - ILogger.UNIDENTIFIED, ILogger.FAILURE, CERTUSERDB, - auditUID); + LOGGING_SIGNED_AUDIT_AUTH_FAIL, + ILogger.UNIDENTIFIED, + ILogger.FAILURE, + CERTUSERDB, + auditUID); audit(auditMessage); @@ -350,25 +358,25 @@ public class AdminServlet extends HttpServlet { String scope = req.getParameter(Constants.OP_SCOPE); String op = req.getParameter(Constants.OP_TYPE); - log(ILogger.LL_DEBUG, - CMS.getLogMessage("ADMIN_SRVLT_ABOUT_AUTH", mServletID)); + log(ILogger.LL_DEBUG, CMS.getLogMessage("ADMIN_SRVLT_ABOUT_AUTH", + mServletID)); try { if (authType.equals("sslclientauth")) { - IAuthManager authMgr = auth - .get(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID); - IAuthCredentials authCreds = getAuthCreds(authMgr, cert); + IAuthManager + authMgr = auth.get(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID); + IAuthCredentials authCreds = + getAuthCreds(authMgr, cert); token = (AuthToken) authMgr.authenticate(authCreds); } else { String authToken = req.getHeader(HDR_AUTHORIZATION); - String b64s = authToken.substring(authToken - .lastIndexOf(' ') + 1); - String authCode = new String( - com.netscape.osutil.OSUtil.AtoB(b64s)); + String b64s = authToken.substring( + authToken.lastIndexOf(' ') + 1); + String authCode = new String(com.netscape.osutil.OSUtil.AtoB(b64s)); String userid = authCode.substring(0, authCode.lastIndexOf(':')); - String password = authCode.substring(authCode - .lastIndexOf(':') + 1); + String password = authCode.substring( + authCode.lastIndexOf(':') + 1); AuthCredentials cred = new AuthCredentials(); // save the "userid" of this certificate in case it @@ -387,36 +395,40 @@ public class AdminServlet extends HttpServlet { cred.set("pwd", password); token = auth.authenticate(cred, - IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID); - CMS.debug("AdminServlet: " - + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FOR_SRVLT", - mServletID)); + IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID); + CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FOR_SRVLT", + mServletID)); } } catch (EBaseException e) { - // will fix it later for authorization + //will fix it later for authorization /* - * String errMsg = "authenticate(): " + - * AdminResources.SRVLT_FAIL_AUTHS +": "+userid +":"+ - * e.getMessage(); log(ILogger.LL_FAILURE, - * CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAIL", - * CMS.getLogMessage("ADMIN_SRVLT_FAIL_AUTHS"), - * userid,e.getMessage())); + String errMsg = "authenticate(): " + + AdminResources.SRVLT_FAIL_AUTHS +": "+userid +":"+ + e.getMessage(); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAIL", + CMS.getLogMessage("ADMIN_SRVLT_FAIL_AUTHS"), + userid,e.getMessage())); */ if (authType.equals("sslclientauth")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, - ILogger.UNIDENTIFIED, ILogger.FAILURE, CERTUSERDB, - auditUID); + LOGGING_SIGNED_AUDIT_AUTH_FAIL, + ILogger.UNIDENTIFIED, + ILogger.FAILURE, + CERTUSERDB, + auditUID); audit(auditMessage); } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, - ILogger.UNIDENTIFIED, ILogger.FAILURE, - PASSWDUSERDB, auditUID); + LOGGING_SIGNED_AUDIT_AUTH_FAIL, + ILogger.UNIDENTIFIED, + ILogger.FAILURE, + PASSWDUSERDB, + auditUID); audit(auditMessage); } @@ -428,24 +440,29 @@ public class AdminServlet extends HttpServlet { String tuserid = token.getInString("userid"); if (tuserid == null) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, CMS.getLogMessage( - "ADMIN_SRVLT_NO_AUTH_TOKEN", tuserid)); + mLogger.log( + ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_NO_AUTH_TOKEN", + tuserid)); if (authType.equals("sslclientauth")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, - ILogger.UNIDENTIFIED, ILogger.FAILURE, - CERTUSERDB, auditUID); + LOGGING_SIGNED_AUDIT_AUTH_FAIL, + ILogger.UNIDENTIFIED, + ILogger.FAILURE, + CERTUSERDB, + auditUID); audit(auditMessage); } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, - ILogger.UNIDENTIFIED, ILogger.FAILURE, - PASSWDUSERDB, auditUID); + LOGGING_SIGNED_AUDIT_AUTH_FAIL, + ILogger.UNIDENTIFIED, + ILogger.FAILURE, + PASSWDUSERDB, + auditUID); audit(auditMessage); } @@ -459,24 +476,29 @@ public class AdminServlet extends HttpServlet { IUser user = mUG.getUser(tuserid); if (user == null) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, CMS.getLogMessage( - "ADMIN_SRVLT_USER_NOT_FOUND", tuserid)); + mLogger.log( + ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_FOUND", + tuserid)); if (authType.equals("sslclientauth")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, - ILogger.UNIDENTIFIED, ILogger.FAILURE, - CERTUSERDB, auditUID); + LOGGING_SIGNED_AUDIT_AUTH_FAIL, + ILogger.UNIDENTIFIED, + ILogger.FAILURE, + CERTUSERDB, + auditUID); audit(auditMessage); } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, - ILogger.UNIDENTIFIED, ILogger.FAILURE, - PASSWDUSERDB, auditUID); + LOGGING_SIGNED_AUDIT_AUTH_FAIL, + ILogger.UNIDENTIFIED, + ILogger.FAILURE, + PASSWDUSERDB, + auditUID); audit(auditMessage); } @@ -492,27 +514,27 @@ public class AdminServlet extends HttpServlet { sessionContext.put(SessionContext.USER_ID, tuserid); sessionContext.put(SessionContext.USER, user); } catch (EUsrGrpException e) { - mLogger.log( - ILogger.EV_SYSTEM, - ILogger.S_OTHER, - ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_USR_GRP_ERR", - e.toString())); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_USR_GRP_ERR", e.toString())); if (authType.equals("sslclientauth")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, - ILogger.UNIDENTIFIED, ILogger.FAILURE, CERTUSERDB, - auditUID); + LOGGING_SIGNED_AUDIT_AUTH_FAIL, + ILogger.UNIDENTIFIED, + ILogger.FAILURE, + CERTUSERDB, + auditUID); audit(auditMessage); } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, - ILogger.UNIDENTIFIED, ILogger.FAILURE, - PASSWDUSERDB, auditUID); + LOGGING_SIGNED_AUDIT_AUTH_FAIL, + ILogger.UNIDENTIFIED, + ILogger.FAILURE, + PASSWDUSERDB, + auditUID); audit(auditMessage); } @@ -520,23 +542,28 @@ public class AdminServlet extends HttpServlet { throw new IOException("authentication failed"); } catch (EBaseException e) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERROR", e.toString())); + ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_ERROR", + e.toString())); if (authType.equals("sslclientauth")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, - ILogger.UNIDENTIFIED, ILogger.FAILURE, CERTUSERDB, - auditUID); + LOGGING_SIGNED_AUDIT_AUTH_FAIL, + ILogger.UNIDENTIFIED, + ILogger.FAILURE, + CERTUSERDB, + auditUID); audit(auditMessage); } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, - ILogger.UNIDENTIFIED, ILogger.FAILURE, - PASSWDUSERDB, auditUID); + LOGGING_SIGNED_AUDIT_AUTH_FAIL, + ILogger.UNIDENTIFIED, + ILogger.FAILURE, + PASSWDUSERDB, + auditUID); audit(auditMessage); } @@ -552,15 +579,19 @@ public class AdminServlet extends HttpServlet { if (authType.equals("sslclientauth")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_SUCCESS, auditSubjectID(), - ILogger.SUCCESS, CERTUSERDB); + LOGGING_SIGNED_AUDIT_AUTH_SUCCESS, + auditSubjectID(), + ILogger.SUCCESS, + CERTUSERDB); audit(auditMessage); } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_SUCCESS, auditSubjectID(), - ILogger.SUCCESS, PASSWDUSERDB); + LOGGING_SIGNED_AUDIT_AUTH_SUCCESS, + auditSubjectID(), + ILogger.SUCCESS, + PASSWDUSERDB); audit(auditMessage); } @@ -568,15 +599,21 @@ public class AdminServlet extends HttpServlet { if (authType.equals("sslclientauth")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, ILogger.UNIDENTIFIED, - ILogger.FAILURE, CERTUSERDB, auditUID); + LOGGING_SIGNED_AUDIT_AUTH_FAIL, + ILogger.UNIDENTIFIED, + ILogger.FAILURE, + CERTUSERDB, + auditUID); audit(auditMessage); } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, ILogger.UNIDENTIFIED, - ILogger.FAILURE, PASSWDUSERDB, auditUID); + LOGGING_SIGNED_AUDIT_AUTH_FAIL, + ILogger.UNIDENTIFIED, + ILogger.FAILURE, + PASSWDUSERDB, + auditUID); audit(auditMessage); } @@ -586,8 +623,9 @@ public class AdminServlet extends HttpServlet { } } - public static AuthCredentials getAuthCreds(IAuthManager authMgr, - X509Certificate clientCert) throws EBaseException { + public static AuthCredentials getAuthCreds( + IAuthManager authMgr, X509Certificate clientCert) + throws EBaseException { // get credentials from http parameters. String[] reqCreds = authMgr.getRequiredCreds(); AuthCredentials creds = new AuthCredentials(); @@ -597,7 +635,8 @@ public class AdminServlet extends HttpServlet { if (reqCred.equals(IAuthManager.CRED_SSL_CLIENT_CERT)) { // cert could be null; - creds.set(reqCred, new X509Certificate[] { clientCert }); + creds.set(reqCred, new X509Certificate[] { clientCert} + ); } } return creds; @@ -606,16 +645,15 @@ public class AdminServlet extends HttpServlet { /** * Authorize must occur after Authenticate * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_FAIL used when authorization * has failed - * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS used when - * authorization is successful - * <li>signed.audit LOGGING_SIGNED_AUDIT_ROLE_ASSUME used when user assumes - * a role (in current CMS that's when one accesses a role port) + * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS used when authorization + * is successful + * <li>signed.audit LOGGING_SIGNED_AUDIT_ROLE_ASSUME used when user assumes a + * role (in current CMS that's when one accesses a role port) * </ul> - * * @param req HTTP servlet request * @return the authorization token */ @@ -633,79 +671,92 @@ public class AdminServlet extends HttpServlet { AuthzToken authzTok = null; - CMS.debug("AdminServlet: " - + CMS.getLogMessage("ADMIN_SRVLT_CHECK_AUTHZ_AUTH", mServletID)); + CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_CHECK_AUTHZ_AUTH", mServletID)); // hardcoded for now .. just testing try { // we check both "read" and "write" for now. later within - // each servlet, they can break it down - authzTok = mAuthz.authorize(mAclMethod, authToken, AUTHZ_RES_NAME, - mOp); + // each servlet, they can break it down + authzTok = mAuthz.authorize(mAclMethod, authToken, AUTHZ_RES_NAME, mOp); // initialize the ACL resource, overwriting "auditACLResource" // if it is not null - resource = (String) authzTok.get(AuthzToken.TOKEN_AUTHZ_RESOURCE); + resource = (String) + authzTok.get(AuthzToken.TOKEN_AUTHZ_RESOURCE); if (resource != null) { auditACLResource = resource.trim(); } // initialize the operation, overwriting "auditOperation" // if it is not null - operation = (String) authzTok.get(AuthzToken.TOKEN_AUTHZ_OPERATION); + operation = (String) + authzTok.get(AuthzToken.TOKEN_AUTHZ_OPERATION); if (operation != null) { auditOperation = operation.trim(); } CMS.debug(CMS.getLogMessage("ADMIN_SRVLT_AUTH_SUCCEED", mServletID)); } catch (EAuthzAccessDenied e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, - auditSubjectID, ILogger.FAILURE, auditACLResource, - auditOperation); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, + auditSubjectID, + ILogger.FAILURE, + auditACLResource, + auditOperation); audit(auditMessage); // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_ROLE_ASSUME, - auditSubjectID, ILogger.FAILURE, - auditGroups(auditSubjectID)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_ROLE_ASSUME, + auditSubjectID, + ILogger.FAILURE, + auditGroups(auditSubjectID)); audit(auditMessage); return null; } catch (EBaseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, - auditSubjectID, ILogger.FAILURE, auditACLResource, - auditOperation); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, + auditSubjectID, + ILogger.FAILURE, + auditACLResource, + auditOperation); audit(auditMessage); // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_ROLE_ASSUME, - auditSubjectID, ILogger.FAILURE, - auditGroups(auditSubjectID)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_ROLE_ASSUME, + auditSubjectID, + ILogger.FAILURE, + auditGroups(auditSubjectID)); audit(auditMessage); return null; } catch (Exception e) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, - auditSubjectID, ILogger.FAILURE, auditACLResource, - auditOperation); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, + auditSubjectID, + ILogger.FAILURE, + auditACLResource, + auditOperation); audit(auditMessage); // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_ROLE_ASSUME, - auditSubjectID, ILogger.FAILURE, - auditGroups(auditSubjectID)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_ROLE_ASSUME, + auditSubjectID, + ILogger.FAILURE, + auditGroups(auditSubjectID)); audit(auditMessage); @@ -713,15 +764,21 @@ public class AdminServlet extends HttpServlet { } // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS, - auditSubjectID, ILogger.SUCCESS, auditACLResource, - auditOperation); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS, + auditSubjectID, + ILogger.SUCCESS, + auditACLResource, + auditOperation); audit(auditMessage); // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_ROLE_ASSUME, - auditSubjectID, ILogger.SUCCESS, auditGroups(auditSubjectID)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_ROLE_ASSUME, + auditSubjectID, + ILogger.SUCCESS, + auditGroups(auditSubjectID)); audit(auditMessage); @@ -740,7 +797,7 @@ public class AdminServlet extends HttpServlet { locale = Locale.getDefault(); } else { locale = new Locale(UserInfo.getUserLanguage(lang), - UserInfo.getUserCountry(lang)); + UserInfo.getUserCountry(lang)); } return locale; } @@ -751,14 +808,15 @@ public class AdminServlet extends HttpServlet { /** * Sends response. - * + * * @param returnCode return code * @param errorMsg localized error message * @param params result parameters * @param resp HTTP servlet response */ protected void sendResponse(int returnCode, String errorMsg, - NameValuePairs params, HttpServletResponse resp) throws IOException { + NameValuePairs params, HttpServletResponse resp) + throws IOException { ByteArrayOutputStream bos = new ByteArrayOutputStream(); DataOutputStream dos = new DataOutputStream(bos); @@ -774,10 +832,11 @@ public class AdminServlet extends HttpServlet { if (e.hasMoreElements()) { while (e.hasMoreElements()) { String name = (String) e.nextElement(); - String value = java.net.URLEncoder.encode((String) params - .getValue(name)); + String value = java.net.URLEncoder.encode((String) + params.getValue(name)); - buf.append(java.net.URLEncoder.encode(name) + "=" + value); + buf.append(java.net.URLEncoder.encode(name) + + "=" + value); if (e.hasMoreElements()) buf.append("&"); } @@ -820,24 +879,25 @@ public class AdminServlet extends HttpServlet { protected String getParameter(HttpServletRequest req, String name) { // Servlet framework already apply URLdecode - // return URLdecode(req.getParameter(name)); + // return URLdecode(req.getParameter(name)); return req.getParameter(name); } /** * Generic configuration store get operation. */ - protected synchronized void getConfig(IConfigStore config, - HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + protected synchronized void getConfig( + IConfigStore config, HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration e = req.getParameterNames(); while (e.hasMoreElements()) { String name = (String) e.nextElement(); - // if (name.equals(Constants.PT_OP)) - // continue; + //if (name.equals(Constants.PT_OP)) + // continue; if (name.equals(Constants.OP_TYPE)) continue; if (name.equals(Constants.RS_ID)) @@ -845,36 +905,38 @@ public class AdminServlet extends HttpServlet { if (name.equals(Constants.OP_SCOPE)) continue; - // System.out.println(name); - // System.out.println(name+","+config.getString(name)); + //System.out.println(name); + //System.out.println(name+","+config.getString(name)); params.add(name, config.getString(name)); } sendResponse(SUCCESS, null, params, resp); } /** - * Generic configuration store set operation. The caller is responsible to - * do validiation before calling this, and commit changes after this call. + * Generic configuration store set operation. + * The caller is responsible to do validiation before + * calling this, and commit changes after this call. */ - protected synchronized void setConfig(IConfigStore config, - HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + protected synchronized void setConfig( + IConfigStore config, HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration e = req.getParameterNames(); while (e.hasMoreElements()) { String name = (String) e.nextElement(); - // if (name.equals(Constants.PT_OP)) - // continue; + //if (name.equals(Constants.PT_OP)) + // continue; if (name.equals(Constants.OP_TYPE)) continue; if (name.equals(Constants.RS_ID)) continue; if (name.equals(Constants.OP_SCOPE)) continue; - // XXX Need validation... - // XXX what if update failed + // XXX Need validation... + // XXX what if update failed config.putString(name, req.getParameter(name)); } commit(true); @@ -884,9 +946,10 @@ public class AdminServlet extends HttpServlet { /** * Lists configuration store. */ - protected synchronized void listConfig(IConfigStore config, - HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + protected synchronized void listConfig( + IConfigStore config, HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { Enumeration e = config.getPropertyNames(); NameValuePairs params = new NameValuePairs(); @@ -904,14 +967,14 @@ public class AdminServlet extends HttpServlet { public boolean authorize(IAuthToken token) throws EBaseException { String mGroupNames[] = { "Administrators" }; boolean mAnd = true; - + try { String userid = token.getInString("userid"); if (userid == null) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_GRP_AUTHZ_FAIL", userid)); + mLogger.log( + ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_GRP_AUTHZ_FAIL", userid)); return false; } @@ -920,9 +983,9 @@ public class AdminServlet extends HttpServlet { IUser user = mUG.getUser(userid); if (user == null) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_IN_DB", userid)); + mLogger.log( + ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_IN_DB", userid)); return false; } @@ -938,10 +1001,10 @@ public class AdminServlet extends HttpServlet { if (mAnd) { for (int i = 0; i < mGroupNames.length; i++) { if (!mUG.isMemberOf(user, mGroupNames[i])) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, CMS.getLogMessage( - "ADMIN_SRVLT_USER_NOT_IN_GRP", userid, - mGroupNames[i])); + mLogger.log( + ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_IN_GRP", userid, + mGroupNames[i])); return false; } } @@ -949,10 +1012,10 @@ public class AdminServlet extends HttpServlet { } else { for (int i = 0; i < mGroupNames.length; i++) { if (mUG.isMemberOf(user, mGroupNames[i])) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_INFO, CMS.getLogMessage( - "ADMIN_SRVLT_GRP_AUTH_SUCC_USER", - userid, mGroupNames[i])); + mLogger.log(ILogger.EV_SYSTEM, + ILogger.S_OTHER, ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_GRP_AUTH_SUCC_USER", userid, + mGroupNames[i])); return true; } } @@ -964,25 +1027,24 @@ public class AdminServlet extends HttpServlet { groups.append(mGroupNames[j]); } mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, CMS.getLogMessage( - "ADMIN_SRVLT_USER_NOT_ANY_GRP", userid, - groups.toString())); + ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_ANY_GRP", userid, groups.toString())); return false; } } catch (EUsrGrpException e) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_USR_GRP_ERR", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_USR_GRP_ERR", e.toString())); return false; } } /** * FileConfigStore functionality - * - * The original config file is moved to <filename>.<date>. Commits the - * current properties to the configuration file. + * + * The original config file is moved to <filename>.<date>. + * Commits the current properties to the configuration file. * <P> - * + * * @param createBackup true if a backup file should be created */ protected void commit(boolean createBackup) throws EBaseException { @@ -992,17 +1054,17 @@ public class AdminServlet extends HttpServlet { private void log(int level, String msg) { if (mLogger == null) return; - mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ADMIN, level, - "AdminServlet: " + msg); + mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ADMIN, + level, "AdminServlet: " + msg); } /** * Signed Audit Log - * - * This method is inherited by all extended admin servlets and is called to - * store messages to the signed audit log. + * + * This method is inherited by all extended admin servlets + * and is called to store messages to the signed audit log. * <P> - * + * * @param msg signed audit log message */ protected void audit(String msg) { @@ -1013,17 +1075,21 @@ public class AdminServlet extends HttpServlet { return; } - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, null, - ILogger.S_SIGNED_AUDIT, ILogger.LL_SECURITY, msg); + mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, + null, + ILogger.S_SIGNED_AUDIT, + ILogger.LL_SECURITY, + msg); } /** * Signed Audit Log Subject ID - * - * This method is inherited by all extended "CMSServlet"s, and is called to - * obtain the "SubjectID" for a signed audit log message. + * + * This method is inherited by all extended "CMSServlet"s, + * and is called to obtain the "SubjectID" for + * a signed audit log message. * <P> - * + * * @return id string containing the signed audit log message SubjectID */ protected String auditSubjectID() { @@ -1038,7 +1104,8 @@ public class AdminServlet extends HttpServlet { SessionContext auditContext = SessionContext.getExistingContext(); if (auditContext != null) { - subjectID = (String) auditContext.get(SessionContext.USER_ID); + subjectID = (String) + auditContext.get(SessionContext.USER_ID); if (subjectID != null) { subjectID = subjectID.trim(); @@ -1054,13 +1121,13 @@ public class AdminServlet extends HttpServlet { /** * Signed Audit Parameters - * - * This method is inherited by all extended admin servlets and is called to - * extract parameters from the HttpServletRequest and return a string of - * name;;value pairs separated by a '+' if more than one name;;value pair - * exists. + * + * This method is inherited by all extended admin servlets and + * is called to extract parameters from the HttpServletRequest + * and return a string of name;;value pairs separated by a '+' + * if more than one name;;value pair exists. * <P> - * + * * @param req HTTP servlet request * @return a delimited string of one or more delimited name/value pairs */ @@ -1075,7 +1142,8 @@ public class AdminServlet extends HttpServlet { // always identify the scope of the request if (req.getParameter(Constants.OP_SCOPE) != null) { - parameters = SIGNED_AUDIT_SCOPE + SIGNED_AUDIT_NAME_VALUE_DELIMITER + parameters = SIGNED_AUDIT_SCOPE + + SIGNED_AUDIT_NAME_VALUE_DELIMITER + req.getParameter(Constants.OP_SCOPE); } @@ -1126,47 +1194,48 @@ public class AdminServlet extends HttpServlet { value = value.trim(); if (value.equals("")) { - parameters += name + SIGNED_AUDIT_NAME_VALUE_DELIMITER + parameters += name + + SIGNED_AUDIT_NAME_VALUE_DELIMITER + ILogger.SIGNED_AUDIT_EMPTY_VALUE; } else { // // To fix Blackflag Bug # 613800: // - // Check "com.netscape.certsrv.common.Constants" for - // case-insensitive "password", "pwd", and "passwd" - // name fields, and hide any password values: + // Check "com.netscape.certsrv.common.Constants" for + // case-insensitive "password", "pwd", and "passwd" + // name fields, and hide any password values: // - /* "password" */if (name.equals(Constants.PASSWORDTYPE) - || name.equals(Constants.TYPE_PASSWORD) - || name.equals(Constants.PR_USER_PASSWORD) - || name.equals(Constants.PT_OLD_PASSWORD) - || name.equals(Constants.PT_NEW_PASSWORD) - || name.equals(Constants.PT_DIST_STORE) - || name.equals(Constants.PT_DIST_EMAIL) - || - /* "pwd" */name.equals(Constants.PR_AUTH_ADMIN_PWD) - || - // ignore this one name.equals( - // Constants.PR_BINDPWD_PROMPT ) || - name.equals(Constants.PR_DIRECTORY_MANAGER_PWD) - || name.equals(Constants.PR_OLD_AGENT_PWD) - || name.equals(Constants.PR_AGENT_PWD) - || name.equals(Constants.PT_PUBLISH_PWD) || - /* "passwd" */name.equals(Constants.PR_BIND_PASSWD) - || name.equals(Constants.PR_BIND_PASSWD_AGAIN) - || name.equals(Constants.PR_TOKEN_PASSWD)) { + /* "password" */ if( name.equals( Constants.PASSWORDTYPE ) || + name.equals( Constants.TYPE_PASSWORD ) || + name.equals( Constants.PR_USER_PASSWORD ) || + name.equals( Constants.PT_OLD_PASSWORD ) || + name.equals( Constants.PT_NEW_PASSWORD ) || + name.equals( Constants.PT_DIST_STORE ) || + name.equals( Constants.PT_DIST_EMAIL ) || + /* "pwd" */ name.equals( Constants.PR_AUTH_ADMIN_PWD ) || + // ignore this one name.equals( Constants.PR_BINDPWD_PROMPT ) || + name.equals( Constants.PR_DIRECTORY_MANAGER_PWD ) || + name.equals( Constants.PR_OLD_AGENT_PWD ) || + name.equals( Constants.PR_AGENT_PWD ) || + name.equals( Constants.PT_PUBLISH_PWD ) || + /* "passwd" */ name.equals( Constants.PR_BIND_PASSWD ) || + name.equals( Constants.PR_BIND_PASSWD_AGAIN ) || + name.equals( Constants.PR_TOKEN_PASSWD ) ) { // hide password value - parameters += name + SIGNED_AUDIT_NAME_VALUE_DELIMITER - + SIGNED_AUDIT_PASSWORD_VALUE; + parameters += name + + SIGNED_AUDIT_NAME_VALUE_DELIMITER + + SIGNED_AUDIT_PASSWORD_VALUE; } else { // process normally - parameters += name + SIGNED_AUDIT_NAME_VALUE_DELIMITER - + value; + parameters += name + + SIGNED_AUDIT_NAME_VALUE_DELIMITER + + value; } } } else { - parameters += name + SIGNED_AUDIT_NAME_VALUE_DELIMITER + parameters += name + + SIGNED_AUDIT_NAME_VALUE_DELIMITER + ILogger.SIGNED_AUDIT_EMPTY_VALUE; } } @@ -1176,14 +1245,14 @@ public class AdminServlet extends HttpServlet { /** * Signed Audit Groups - * - * This method is called to extract all "groups" associated with the - * "auditSubjectID()". + * + * This method is called to extract all "groups" associated + * with the "auditSubjectID()". * <P> - * + * * @param SubjectID string containing the signed audit log message SubjectID - * @return a delimited string of groups associated with the - * "auditSubjectID()" + * @return a delimited string of groups associated + * with the "auditSubjectID()" */ private String auditGroups(String SubjectID) { // if no signed audit object exists, bail @@ -1191,7 +1260,8 @@ public class AdminServlet extends HttpServlet { return null; } - if ((SubjectID == null) || (SubjectID.equals(ILogger.UNIDENTIFIED))) { + if ((SubjectID == null) || + (SubjectID.equals(ILogger.UNIDENTIFIED))) { return ILogger.SIGNED_AUDIT_EMPTY_VALUE; } @@ -1209,7 +1279,7 @@ public class AdminServlet extends HttpServlet { IGroup group = (IGroup) groups.nextElement(); if (group.isMember(SubjectID) == true) { - if (membersString.length() != 0) { + if (membersString.length()!=0) { membersString.append(", "); } @@ -1217,7 +1287,7 @@ public class AdminServlet extends HttpServlet { } } - if (membersString.length() != 0) { + if (membersString.length()!= 0) { return membersString.toString(); } else { return ILogger.SIGNED_AUDIT_EMPTY_VALUE; @@ -1225,8 +1295,7 @@ public class AdminServlet extends HttpServlet { } protected NameValuePairs convertStringArrayToNVPairs(String[] s) { - if (s == null) - return null; + if (s == null) return null; NameValuePairs nvps = new NameValuePairs(); int i; @@ -1241,8 +1310,7 @@ public class AdminServlet extends HttpServlet { } - protected static IExtendedPluginInfo getClassByNameAsExtendedPluginInfo( - String className) { + protected static IExtendedPluginInfo getClassByNameAsExtendedPluginInfo(String className) { IExtendedPluginInfo epi = null; diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/AuthAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/AuthAdminServlet.java index 9945171f..ff9b9911 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/AuthAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/AuthAdminServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; + import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -45,12 +46,13 @@ import com.netscape.certsrv.common.ScopeDef; import com.netscape.certsrv.ldap.ILdapAuthInfo; import com.netscape.certsrv.logging.ILogger; + /** - * A class representing an administration servlet for the Authentication - * Management subsystem. This servlet is responsible to serve configuration - * requests for the Auths Management subsystem. - * + * A class representing an administration servlet for the + * Authentication Management subsystem. This servlet is responsible + * to serve configuration requests for the Auths Management subsystem. * + * * @version $Revision$, $Date$ */ public class AuthAdminServlet extends AdminServlet { @@ -62,11 +64,13 @@ public class AuthAdminServlet extends AdminServlet { private final static String INFO = "AuthAdminServlet"; private IAuthSubsystem mAuths = null; - private final static String PW_PASSWORD_CACHE_ADD = "PASSWORD_CACHE_ADD"; + private final static String PW_PASSWORD_CACHE_ADD = + "PASSWORD_CACHE_ADD"; private final static String VIEW = ";" + Constants.VIEW; private final static String EDIT = ";" + Constants.EDIT; - private final static String LOGGING_SIGNED_AUDIT_CONFIG_AUTH = "LOGGING_SIGNED_AUDIT_CONFIG_AUTH_3"; + private final static String LOGGING_SIGNED_AUDIT_CONFIG_AUTH = + "LOGGING_SIGNED_AUDIT_CONFIG_AUTH_3"; public AuthAdminServlet() { super(); @@ -84,19 +88,19 @@ public class AuthAdminServlet extends AdminServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** - * retrieve extended plugin info such as brief description, type info from - * policy, authentication, need to add: listener, mapper and publishing - * plugins --- same as policy, should we move this into - * extendedpluginhelper? + * retrieve extended plugin info such as brief description, type info + * from policy, authentication, + * need to add: listener, mapper and publishing plugins + * --- same as policy, should we move this into extendedpluginhelper? */ private void getExtendedPluginInfo(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); @@ -105,14 +109,13 @@ public class AuthAdminServlet extends AdminServlet { String implType = id.substring(0, colon); String implName = id.substring(colon + 1); - NameValuePairs params = getExtendedPluginInfo(getLocale(req), implType, - implName); + NameValuePairs params = + getExtendedPluginInfo(getLocale(req), implType, implName); sendResponse(SUCCESS, null, params, resp); } - private NameValuePairs getExtendedPluginInfo(Locale locale, - String implType, String implName) { + private NameValuePairs getExtendedPluginInfo(Locale locale, String implType, String implName) { IExtendedPluginInfo ext_info = null; Object impl = null; @@ -128,8 +131,7 @@ public class AuthAdminServlet extends AdminServlet { if (ext_info == null) { nvps = new NameValuePairs(); } else { - nvps = convertStringArrayToNVPairs(ext_info - .getExtendedPluginInfo(locale)); + nvps = convertStringArrayToNVPairs(ext_info.getExtendedPluginInfo(locale)); } return nvps; @@ -140,41 +142,42 @@ public class AuthAdminServlet extends AdminServlet { * Serves HTTP admin request. */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { super.service(req, resp); String scope = req.getParameter(Constants.OP_SCOPE); String op = req.getParameter(Constants.OP_TYPE); if (op == null) { - // System.out.println("SRVLT_INVALID_PROTOCOL"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), null, resp); + //System.out.println("SRVLT_INVALID_PROTOCOL"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), + null, resp); return; } // if it is not authentication, that means it is for CSC admin ping. // the best way to do is to define another protocol for ping and move // it to the generic servlet which is admin servlet. - if (!op.equals(OpDef.OP_AUTH)) { + if (!op.equals(OpDef.OP_AUTH)) { if (scope.equals(ScopeDef.SC_AUTH)) { String id = req.getParameter(Constants.RS_ID); // for CSC admin ping only - if (op.equals(OpDef.OP_READ) - && id.equals(Constants.RS_ID_CONFIG)) { + if (op.equals(OpDef.OP_READ) && + id.equals(Constants.RS_ID_CONFIG)) { - // no need to authenticate this. if we're alive, return - // true. + // no need to authenticate this. if we're alive, return true. NameValuePairs params = new NameValuePairs(); params.add(Constants.PR_PING, Constants.TRUE); sendResponse(SUCCESS, null, params, resp); return; } else { - // System.out.println("SRVLT_INVALID_OP_TYPE"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), null, resp); + //System.out.println("SRVLT_INVALID_OP_TYPE"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), + null, resp); return; } } @@ -183,7 +186,7 @@ public class AuthAdminServlet extends AdminServlet { try { if (op.equals(OpDef.OP_AUTH)) { if (scope.equals(ScopeDef.SC_AUTHTYPE)) { - IConfigStore configStore = CMS.getConfigStore(); + IConfigStore configStore = CMS.getConfigStore(); String val = configStore.getString("authType", "pwd"); NameValuePairs params = new NameValuePairs(); @@ -193,11 +196,11 @@ public class AuthAdminServlet extends AdminServlet { } } } catch (Exception e) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHS_FAILED"), null, resp); + sendResponse(ERROR,CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"), + null, resp); return; } - // for the rest + // for the rest try { super.authenticate(req); if (op.equals(OpDef.OP_AUTH)) { // for admin authentication only @@ -205,9 +208,9 @@ public class AuthAdminServlet extends AdminServlet { return; } } catch (IOException e) { - // System.out.println("SRVLT_FAIL_AUTHS"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHS_FAILED"), null, resp); + //System.out.println("SRVLT_FAIL_AUTHS"); + sendResponse(ERROR,CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"), + null, resp); return; } @@ -219,24 +222,24 @@ public class AuthAdminServlet extends AdminServlet { try { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage( - getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } getExtendedPluginInfo(req, resp); return; } catch (EBaseException e) { - sendResponse(ERROR, e.toString(getLocale(req)), null, - resp); + sendResponse(ERROR, e.toString(getLocale(req)), null, resp); return; } } if (op.equals(OpDef.OP_SEARCH)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_AUTH_IMPLS)) { @@ -246,15 +249,17 @@ public class AuthAdminServlet extends AdminServlet { listAuthMgrInsts(req, resp); return; } else { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else if (op.equals(OpDef.OP_READ)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_AUTH_IMPLS)) { @@ -264,15 +269,17 @@ public class AuthAdminServlet extends AdminServlet { getInstConfig(req, resp); return; } else { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else if (op.equals(OpDef.OP_ADD)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_AUTH_IMPLS)) { @@ -282,15 +289,17 @@ public class AuthAdminServlet extends AdminServlet { addAuthMgrInst(req, resp, scope); return; } else { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else if (op.equals(OpDef.OP_DELETE)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_AUTH_IMPLS)) { @@ -300,15 +309,17 @@ public class AuthAdminServlet extends AdminServlet { delAuthMgrInst(req, resp, scope); return; } else { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else if (op.equals(OpDef.OP_MODIFY)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_AUTH_MGR_INSTANCE)) { @@ -316,17 +327,19 @@ public class AuthAdminServlet extends AdminServlet { return; } } else { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } - } + } } catch (EBaseException e) { sendResponse(ERROR, e.toString(getLocale(req)), null, resp); return; - } - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_PERFORM_FAILED"), null, resp); + } + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"), + null, resp); return; } @@ -343,23 +356,22 @@ public class AuthAdminServlet extends AdminServlet { /** * Add authentication manager plug-in * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring * authentication * </ul> - * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of this authentication - * manager's substore + * manager's substore * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void addAuthMgrPlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, - IOException, EBaseException { + private synchronized void addAuthMgrPlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -372,30 +384,33 @@ public class AuthAdminServlet extends AdminServlet { if (id == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - // System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + //System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // is the manager id unique? if (mAuths.getPlugins().containsKey((Object) id)) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse( - ERROR, - new EAuthException(CMS.getUserMessage(getLocale(req), - "CMS_AUTHENTICATION_DUP_MGR_PLUGIN_ID", id)) - .toString(), null, resp); + sendResponse(ERROR, + new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_DUP_MGR_PLUGIN_ID", id)).toString(), + null, resp); return; } @@ -404,36 +419,39 @@ public class AuthAdminServlet extends AdminServlet { if (classPath == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_AUTHENTICATION_NULL_AUTHMGR_CLASSNAME"), null, - resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_NULL_AUTHMGR_CLASSNAME"), + null, resp); return; } - if (classPath - .equals("com.netscape.cmscore.authentication.PasswdUserDBAuthentication") - || classPath - .equals("com.netscape.cmscore.authentication.CertUserDBAuthentication")) { + if (classPath.equals("com.netscape.cmscore.authentication.PasswdUserDBAuthentication") || + classPath.equals("com.netscape.cmscore.authentication.CertUserDBAuthentication")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_BASE_PERMISSION_DENIED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp); return; } - IConfigStore destStore = mConfig - .getSubStore(DestDef.DEST_AUTH_ADMIN); - IConfigStore instancesConfig = destStore.getSubStore(scope); + IConfigStore destStore = + mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN); + IConfigStore instancesConfig = + destStore.getSubStore(scope); // Does the class exist? Class newImpl = null; @@ -443,26 +461,30 @@ public class AuthAdminServlet extends AdminServlet { } catch (ClassNotFoundException e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_AUTHENTICATION_AUTHMGR_PLUGIN_NOT_FOUND"), null, - resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_AUTHMGR_PLUGIN_NOT_FOUND"), + null, resp); return; } catch (IllegalArgumentException e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_AUTHENTICATION_AUTHMGR_PLUGIN_NOT_FOUND"), null, - resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_AUTHMGR_PLUGIN_NOT_FOUND"), + null, resp); return; } @@ -471,26 +493,31 @@ public class AuthAdminServlet extends AdminServlet { if (IAuthManager.class.isAssignableFrom(newImpl) == false) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_AUTHENTICATION_ILL_CLASS"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_ILL_CLASS"), + null, resp); return; } - } catch (NullPointerException e) { // unlikely, only if newImpl - // null. + } catch (NullPointerException e) { // unlikely, only if newImpl null. // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_AUTHENTICATION_ILL_CLASS"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_ILL_CLASS"), + null, resp); return; } @@ -504,14 +531,17 @@ public class AuthAdminServlet extends AdminServlet { } catch (EBaseException e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - // System.out.println("SRVLT_FAIL_COMMIT"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); + //System.out.println("SRVLT_FAIL_COMMIT"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -519,75 +549,80 @@ public class AuthAdminServlet extends AdminServlet { AuthMgrPlugin plugin = new AuthMgrPlugin(id, classPath); mAuths.getPlugins().put(id, plugin); - mAuths.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_PLUGIN_ADD", id)); + mAuths.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_PLUGIN_ADD", id)); NameValuePairs params = new NameValuePairs(); // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, ILogger.SUCCESS, auditParams(req)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); sendResponse(SUCCESS, null, params, resp); return; // } catch( EBaseException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit1; + // // rethrow the specific exception to be handled later + // throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } /** * Add authentication manager instance * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring * authentication * </ul> - * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of this authentication - * manager's substore + * manager's substore * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void addAuthMgrInst(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, - IOException, EBaseException { + private synchronized void addAuthMgrInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -600,13 +635,16 @@ public class AuthAdminServlet extends AdminServlet { if (id == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -614,13 +652,16 @@ public class AuthAdminServlet extends AdminServlet { if (mAuths.getInstances().containsKey((Object) id)) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_AUTHENTICATION_ILL_MGR_INST_ID"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_ILL_MGR_INST_ID"), + null, resp); return; } @@ -632,41 +673,43 @@ public class AuthAdminServlet extends AdminServlet { if (implname == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_AUTHENTICATION_MISSING_PARAMS"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_MISSING_PARAMS"), + null, resp); return; } // prevent agent & admin creation. - if (implname.equals(IAuthSubsystem.PASSWDUSERDB_PLUGIN_ID) - || implname.equals(IAuthSubsystem.CERTUSERDB_PLUGIN_ID)) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_BASE_PERMISSION_DENIED"), null, resp); + if (implname.equals(IAuthSubsystem.PASSWDUSERDB_PLUGIN_ID) || + implname.equals(IAuthSubsystem.CERTUSERDB_PLUGIN_ID)) { + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp); } // check if implementation exists. - AuthMgrPlugin plugin = (AuthMgrPlugin) mAuths.getPlugins().get( - implname); + AuthMgrPlugin plugin = + (AuthMgrPlugin) mAuths.getPlugins().get(implname); if (plugin == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse( - ERROR, - new EAuthMgrPluginNotFound(CMS.getUserMessage( - getLocale(req), - "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", - implname)).toString(), null, resp); + sendResponse(ERROR, + new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", implname)).toString(), + null, resp); return; } @@ -675,9 +718,10 @@ public class AuthAdminServlet extends AdminServlet { // are there, but not checking the values are valid String[] configParams = mAuths.getConfigParams(implname); - IConfigStore destStore = mConfig - .getSubStore(DestDef.DEST_AUTH_ADMIN); - IConfigStore instancesConfig = destStore.getSubStore(scope); + IConfigStore destStore = + mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN); + IConfigStore instancesConfig = + destStore.getSubStore(scope); IConfigStore substore = instancesConfig.makeSubStore(id); if (configParams != null) { @@ -703,56 +747,52 @@ public class AuthAdminServlet extends AdminServlet { IAuthManager authMgrInst = null; try { - authMgrInst = (IAuthManager) Class.forName(className) - .newInstance(); + authMgrInst = (IAuthManager) Class.forName(className).newInstance(); } catch (ClassNotFoundException e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // cleanup instancesConfig.removeSubStore(id); - sendResponse( - ERROR, - new EAuthException(CMS - .getUserMessage(getLocale(req), - "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", - className)).toString(), null, resp); + sendResponse(ERROR, + new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), + null, resp); return; } catch (InstantiationException e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); instancesConfig.removeSubStore(id); - sendResponse( - ERROR, - new EAuthException(CMS - .getUserMessage(getLocale(req), - "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", - className)).toString(), null, resp); + sendResponse(ERROR, + new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); instancesConfig.removeSubStore(id); - sendResponse( - ERROR, - new EAuthException(CMS - .getUserMessage(getLocale(req), - "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", - className)).toString(), null, resp); + sendResponse(ERROR, + new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), + null, resp); return; } @@ -762,8 +802,10 @@ public class AuthAdminServlet extends AdminServlet { } catch (EBaseException e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -779,31 +821,37 @@ public class AuthAdminServlet extends AdminServlet { } catch (EBaseException e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // clean up. instancesConfig.removeSubStore(id); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } // inited and commited ok. now add manager instance to list. mAuths.add(id, authMgrInst); - mAuths.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_MGR_ADD", id)); + mAuths.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_MGR_ADD", id)); NameValuePairs params = new NameValuePairs(); params.add(Constants.PR_AUTH_IMPL_NAME, implname); // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, ILogger.SUCCESS, auditParams(req)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); @@ -811,8 +859,11 @@ public class AuthAdminServlet extends AdminServlet { return; } catch (EBaseException eAudit1) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -820,38 +871,42 @@ public class AuthAdminServlet extends AdminServlet { throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } - private synchronized void listAuthMgrPlugins(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + private synchronized void listAuthMgrPlugins(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration e = mAuths.getPlugins().keys(); while (e.hasMoreElements()) { String name = (String) e.nextElement(); - AuthMgrPlugin value = (AuthMgrPlugin) mAuths.getPlugins().get(name); + AuthMgrPlugin value = (AuthMgrPlugin) + mAuths.getPlugins().get(name); if (value.isVisible()) { params.add(name, value.getClassPath() + EDIT); @@ -861,16 +916,16 @@ public class AuthAdminServlet extends AdminServlet { return; } - private synchronized void listAuthMgrInsts(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + private synchronized void listAuthMgrInsts(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); - for (Enumeration e = mAuths.getInstances().keys(); e.hasMoreElements();) { + for (Enumeration e = mAuths.getInstances().keys(); + e.hasMoreElements();) { String name = (String) e.nextElement(); - AuthManagerProxy proxy = (AuthManagerProxy) mAuths.getInstances() - .get(name); + AuthManagerProxy proxy = (AuthManagerProxy) mAuths.getInstances().get(name); IAuthManager value = proxy.getAuthManager(); String enableStr = "enabled"; @@ -878,12 +933,11 @@ public class AuthAdminServlet extends AdminServlet { enableStr = "disabled"; } - AuthMgrPlugin amgrplugin = (AuthMgrPlugin) mAuths.getPlugins().get( - value.getImplName()); + AuthMgrPlugin amgrplugin = (AuthMgrPlugin) + mAuths.getPlugins().get(value.getImplName()); if (!amgrplugin.isVisible()) { - params.add(name, value.getImplName() + ";invisible;" - + enableStr); + params.add(name, value.getImplName() + ";invisible;" + enableStr); } else { params.add(name, value.getImplName() + ";visible;" + enableStr); } @@ -895,22 +949,21 @@ public class AuthAdminServlet extends AdminServlet { /** * Delete authentication manager plug-in * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring * authentication * </ul> - * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of this authentication - * manager's substore + * manager's substore * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void delAuthMgrPlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, + private synchronized void delAuthMgrPlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, IOException, EBaseException { String auditMessage = null; @@ -925,69 +978,74 @@ public class AuthAdminServlet extends AdminServlet { if (id == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - // System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + //System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // prevent deletion of admin and agent. - if (id.equals(IAuthSubsystem.PASSWDUSERDB_PLUGIN_ID) - || id.equals(IAuthSubsystem.CERTUSERDB_PLUGIN_ID)) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_BASE_PERMISSION_DENIED"), null, resp); + if (id.equals(IAuthSubsystem.PASSWDUSERDB_PLUGIN_ID) || + id.equals(IAuthSubsystem.CERTUSERDB_PLUGIN_ID)) { + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp); } // does auth manager exist? if (mAuths.getPlugins().containsKey(id) == false) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse( - ERROR, - new EAuthMgrPluginNotFound(CMS.getUserMessage( - getLocale(req), - "CMS_AUTHENTICATION_DUP_MGR_PLUGIN_ID", id)) - .toString(), null, resp); + sendResponse(ERROR, + new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_DUP_MGR_PLUGIN_ID", id)).toString(), + null, resp); return; } // first check if any instances from this auth manager // DON'T remove auth manager if any instance - for (Enumeration e = mAuths.getInstances().keys(); e - .hasMoreElements();) { - IAuthManager authMgr = (IAuthManager) mAuths.get((String) e - .nextElement()); + for (Enumeration e = mAuths.getInstances().keys(); + e.hasMoreElements();) { + IAuthManager authMgr = (IAuthManager) mAuths.get((String) e.nextElement()); if (authMgr.getImplName() == id) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_AUTHENTICATION_MGR_IN_USE"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_MGR_IN_USE"), + null, resp); return; } } - + // then delete this auth manager mAuths.getPlugins().remove((Object) id); - IConfigStore destStore = mConfig - .getSubStore(DestDef.DEST_AUTH_ADMIN); - IConfigStore instancesConfig = destStore.getSubStore(scope); + IConfigStore destStore = + mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN); + IConfigStore instancesConfig = + destStore.getSubStore(scope); instancesConfig.removeSubStore(id); // commiting @@ -996,79 +1054,87 @@ public class AuthAdminServlet extends AdminServlet { } catch (EBaseException e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, ILogger.SUCCESS, auditParams(req)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); sendResponse(SUCCESS, null, params, resp); return; // } catch( EBaseException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit1; + // // rethrow the specific exception to be handled later + // throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit1; + // // rethrow the specific exception to be handled later + // throw eAudit1; } } /** * Delete authentication manager instance * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring * authentication * </ul> - * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of this authentication - * manager's substore + * manager's substore * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void delAuthMgrInst(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, + private synchronized void delAuthMgrInst(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, IOException, EBaseException { String auditMessage = null; @@ -1083,52 +1149,56 @@ public class AuthAdminServlet extends AdminServlet { if (id == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - // System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + //System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // prevent deletion of admin and agent. - if (id.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID) - || id.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_BASE_PERMISSION_DENIED"), null, resp); + if (id.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID) || + id.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp); } // does auth manager instance exist? if (mAuths.getInstances().containsKey(id) == false) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse( - ERROR, - new EAuthMgrNotFound(CMS.getUserMessage(getLocale(req), - "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", id)) - .toString(), null, resp); + sendResponse(ERROR, + new EAuthMgrNotFound(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", id)).toString(), + null, resp); return; } // only remove from memory // cannot shutdown because we don't keep track of whether it's - // being used. + // being used. IAuthManager mgrInst = (IAuthManager) mAuths.get(id); mAuths.getInstances().remove((Object) id); // remove the configuration. - IConfigStore destStore = mConfig - .getSubStore(DestDef.DEST_AUTH_ADMIN); - IConfigStore instancesConfig = destStore.getSubStore(scope); + IConfigStore destStore = + mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN); + IConfigStore instancesConfig = + destStore.getSubStore(scope); instancesConfig.removeSubStore(id); // commiting @@ -1137,85 +1207,96 @@ public class AuthAdminServlet extends AdminServlet { } catch (EBaseException e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - // System.out.println("SRVLT_FAIL_COMMIT"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); + //System.out.println("SRVLT_FAIL_COMMIT"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } - // This only works in the fact that we only support one instance per - // auth plugin. + //This only works in the fact that we only support one instance per + //auth plugin. ILdapAuthInfo authInfo = CMS.getLdapAuthInfo(); authInfo.removePassword("Rule " + id); // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, ILogger.SUCCESS, auditParams(req)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); sendResponse(SUCCESS, null, params, resp); return; // } catch( EBaseException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit1; + // // rethrow the specific exception to be handled later + // throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } /** - * used for getting the required configuration parameters (with possible - * default values) for a particular auth manager plugin implementation name - * specified in the RS_ID. Actually, there is no logic in here to set any - * default value here...there's no default value for any parameter in this - * authentication subsystem at this point. Later, if we do have one (or - * some), it can be added. The interface remains the same. + * used for getting the required configuration parameters (with + * possible default values) for a particular auth manager plugin + * implementation name specified in the RS_ID. Actually, there is + * no logic in here to set any default value here...there's no + * default value for any parameter in this authentication subsystem + * at this point. Later, if we do have one (or some), it can be + * added. The interface remains the same. */ - private synchronized void getConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + private synchronized void getConfig(HttpServletRequest req, + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String implname = req.getParameter(Constants.RS_ID); if (implname == null) { - // System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + //System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -1233,26 +1314,25 @@ public class AuthAdminServlet extends AdminServlet { return; } - private synchronized void getInstConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + private synchronized void getInstConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - // System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + //System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // does auth manager instance exist? if (mAuths.getInstances().containsKey(id) == false) { - sendResponse( - ERROR, - new EAuthMgrNotFound(CMS.getUserMessage(getLocale(req), - "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", id)) - .toString(), null, resp); + sendResponse(ERROR, + new EAuthMgrNotFound(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", id)).toString(), + null, resp); return; } @@ -1281,29 +1361,29 @@ public class AuthAdminServlet extends AdminServlet { } /** - * Modify authentication manager instance This will actually create a new - * instance with new configuration parameters and replace the old instance - * if the new instance is created and initialized successfully. The old - * instance is left running, so this is very expensive. Restart of server - * recommended. + * Modify authentication manager instance + * This will actually create a new instance with new configuration + * parameters and replace the old instance if the new instance is + * created and initialized successfully. + * The old instance is left running, so this is very expensive. + * Restart of server recommended. * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring * authentication * </ul> - * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of this authentication - * manager's substore + * manager's substore * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void modAuthMgrInst(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, - IOException, EBaseException { + private synchronized void modAuthMgrInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { // expensive operation. @@ -1318,37 +1398,41 @@ public class AuthAdminServlet extends AdminServlet { if (id == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - // System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + //System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // prevent modification of admin and agent. - if (id.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID) - || id.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_BASE_PERMISSION_DENIED"), null, resp); + if (id.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID) || + id.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp); } // Does the manager instance exist? if (!mAuths.getInstances().containsKey((Object) id)) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse( - ERROR, - CMS.getUserMessage("CMS_AUTHENTICATION_MGR_IMPL_NOT_FOUND"), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage("CMS_AUTHENTICATION_MGR_IMPL_NOT_FOUND"), + null, resp); return; } @@ -1358,42 +1442,43 @@ public class AuthAdminServlet extends AdminServlet { if (implname == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse( - ERROR, - CMS.getUserMessage("CMS_AUTHENTICATION_MISSING_PARAMS"), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage("CMS_AUTHENTICATION_MISSING_PARAMS"), + null, resp); return; } - // get plugin for implementation - AuthMgrPlugin plugin = (AuthMgrPlugin) mAuths.getPlugins().get( - implname); + // get plugin for implementation + AuthMgrPlugin plugin = + (AuthMgrPlugin) mAuths.getPlugins().get(implname); if (plugin == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse( - ERROR, - new EAuthMgrPluginNotFound(CMS.getUserMessage( - getLocale(req), - "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", - implname)).toString(), null, resp); + sendResponse(ERROR, + new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", implname)).toString(), + null, resp); return; } - // save old instance substore params in case new one fails. + // save old instance substore params in case new one fails. - IAuthManager oldinst = (IAuthManager) mAuths.get(id); + IAuthManager oldinst = + (IAuthManager) mAuths.get(id); IConfigStore oldConfig = oldinst.getConfigStore(); String[] oldConfigParms = oldinst.getConfigParams(); @@ -1401,7 +1486,7 @@ public class AuthAdminServlet extends AdminServlet { // implName is always required so always include it it. saveParams.add(IAuthSubsystem.PROP_PLUGIN, - (String) oldConfig.get(IAuthSubsystem.PROP_PLUGIN)); + (String) oldConfig.get(IAuthSubsystem.PROP_PLUGIN)); if (oldConfigParms != null) { for (int i = 0; i < oldConfigParms.length; i++) { String key = oldConfigParms[i]; @@ -1417,9 +1502,10 @@ public class AuthAdminServlet extends AdminServlet { // remove old substore. - IConfigStore destStore = mConfig - .getSubStore(DestDef.DEST_AUTH_ADMIN); - IConfigStore instancesConfig = destStore.getSubStore(scope); + IConfigStore destStore = + mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN); + IConfigStore instancesConfig = + destStore.getSubStore(scope); instancesConfig.removeSubStore(id); @@ -1447,56 +1533,52 @@ public class AuthAdminServlet extends AdminServlet { IAuthManager newMgrInst = null; try { - newMgrInst = (IAuthManager) Class.forName(className) - .newInstance(); + newMgrInst = (IAuthManager) Class.forName(className).newInstance(); } catch (ClassNotFoundException e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // cleanup restore(instancesConfig, id, saveParams); - sendResponse( - ERROR, - new EAuthException(CMS - .getUserMessage(getLocale(req), - "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", - className)).toString(), null, resp); + sendResponse(ERROR, + new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), + null, resp); return; } catch (InstantiationException e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); restore(instancesConfig, id, saveParams); - sendResponse( - ERROR, - new EAuthException(CMS - .getUserMessage(getLocale(req), - "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", - className)).toString(), null, resp); + sendResponse(ERROR, + new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); restore(instancesConfig, id, saveParams); - sendResponse( - ERROR, - new EAuthException(CMS - .getUserMessage(getLocale(req), - "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", - className)).toString(), null, resp); + sendResponse(ERROR, + new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), + null, resp); return; } @@ -1507,8 +1589,10 @@ public class AuthAdminServlet extends AdminServlet { } catch (EBaseException e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -1518,22 +1602,25 @@ public class AuthAdminServlet extends AdminServlet { return; } - // initialized ok. commiting + // initialized ok. commiting try { mConfig.commit(true); } catch (EBaseException e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // clean up. restore(instancesConfig, id, saveParams); - // System.out.println("SRVLT_FAIL_COMMIT"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); + //System.out.println("SRVLT_FAIL_COMMIT"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -1541,14 +1628,17 @@ public class AuthAdminServlet extends AdminServlet { mAuths.add(id, newMgrInst); - mAuths.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_MGR_REPL", id)); + mAuths.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_MGR_REPL", id)); NameValuePairs params = new NameValuePairs(); // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, ILogger.SUCCESS, auditParams(req)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); @@ -1556,8 +1646,11 @@ public class AuthAdminServlet extends AdminServlet { return; } catch (EBaseException eAudit1) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -1565,31 +1658,34 @@ public class AuthAdminServlet extends AdminServlet { throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } // convenience routine. - private static void restore(IConfigStore store, String id, - NameValuePairs saveParams) { + private static void restore(IConfigStore store, + String id, NameValuePairs saveParams) { store.removeSubStore(id); IConfigStore rstore = store.makeSubStore(id); @@ -1599,7 +1695,7 @@ public class AuthAdminServlet extends AdminServlet { String key = (String) keys.nextElement(); String value = saveParams.getValue(key); - if (value != null) + if (value != null) rstore.put(key, value); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/AuthCredentials.java b/pki/base/common/src/com/netscape/cms/servlet/admin/AuthCredentials.java index cca86dce..bfa9cccd 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/AuthCredentials.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/AuthCredentials.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; + import java.util.Enumeration; import java.util.Hashtable; @@ -24,10 +25,11 @@ import com.netscape.certsrv.authentication.IAuthCredentials; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IArgBlock; + /** * Authentication Credentials as input to the authMgr * <P> - * + * * @version $Revision$, $Date$ */ public class AuthCredentials implements IAuthCredentials { @@ -36,23 +38,21 @@ public class AuthCredentials implements IAuthCredentials { */ private static final long serialVersionUID = -6938644716486895814L; private Hashtable authCreds = null; - // Inserted by bskim + // Inserted by bskim private IArgBlock argblk = null; - // Insert end - + public AuthCredentials() { authCreds = new Hashtable(); } /** * sets a credential with credential name and the credential - * * @param name credential name * @param cred credential * @exception com.netscape.certsrv.base.EBaseException NullPointerException */ - public void set(String name, Object cred) throws EBaseException { + public void set(String name, Object cred)throws EBaseException { if (cred == null) { throw new EBaseException("AuthCredentials.set()"); } @@ -62,8 +62,7 @@ public class AuthCredentials implements IAuthCredentials { /** * returns the credential to which the specified name is mapped in this - * credential set - * + * credential set * @param name credential name * @return the named authentication credential */ @@ -72,10 +71,9 @@ public class AuthCredentials implements IAuthCredentials { } /** - * removes the name and its corresponding credential from this credential - * set. This method does nothing if the named credential is not in the - * credential set. - * + * removes the name and its corresponding credential from this + * credential set. This method does nothing if the named + * credential is not in the credential set. * @param name credential name */ public void delete(String name) { @@ -83,27 +81,27 @@ public class AuthCredentials implements IAuthCredentials { } /** - * returns an enumeration of the credentials in this credential set. Use the - * Enumeration methods on the returned object to fetch the elements - * sequentially. - * + * returns an enumeration of the credentials in this credential + * set. Use the Enumeration methods on the returned object to + * fetch the elements sequentially. * @return an enumeration of the values in this credential set * @see java.util.Enumeration */ public Enumeration getElements() { return (authCreds.elements()); } - + // Inserted by bskim public void setArgBlock(IArgBlock blk) { argblk = blk; return; - } + } // Insert end - + public IArgBlock getArgBlock() { return argblk; - } + } // Insert end } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java index 483ebdac..1cd3240f 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; + import java.io.File; import java.io.IOException; import java.net.UnknownHostException; @@ -44,11 +45,13 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.request.IRequestListener; import com.netscape.cmsutil.util.Utils; + /** - * A class representings an administration servlet for Certificate Authority. - * This servlet is responsible to serve CA administrative operations such as - * configuration parameter updates. - * + * A class representings an administration servlet for Certificate + * Authority. This servlet is responsible to serve CA + * administrative operations such as configuration parameter + * updates. + * * @version $Revision$, $Date$ */ public class CAAdminServlet extends AdminServlet { @@ -62,7 +65,8 @@ public class CAAdminServlet extends AdminServlet { private final static String INFO = "CAAdminServlet"; - private final static String LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE = "LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE_3"; + private final static String LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE = + "LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE_3"; private ICertificateAuthority mCA = null; protected static final String PROP_ENABLED = "enabled"; @@ -90,22 +94,22 @@ public class CAAdminServlet extends AdminServlet { } /** - * Serves HTTP request. Each request is authenticated to the authenticate - * manager. + * Serves HTTP request. Each request is authenticated to + * the authenticate manager. */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { super.service(req, resp); - - // get all operational flags + + //get all operational flags String op = req.getParameter(Constants.OP_TYPE); String scope = req.getParameter(Constants.OP_SCOPE); - // check operational flags + //check operational flags if ((op == null) || (scope == null)) { sendResponse(1, "Invalid Protocol", null, resp); return; - } + } super.authenticate(req); @@ -115,8 +119,9 @@ public class CAAdminServlet extends AdminServlet { try { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } getExtendedPluginInfo(req, resp); @@ -129,8 +134,9 @@ public class CAAdminServlet extends AdminServlet { if (op.equals(OpDef.OP_READ)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_GENERAL)) @@ -152,8 +158,9 @@ public class CAAdminServlet extends AdminServlet { } else if (op.equals(OpDef.OP_MODIFY)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_GENERAL)) @@ -164,9 +171,9 @@ public class CAAdminServlet extends AdminServlet { setCRLIPsConfig(req, resp); else if (scope.equals(ScopeDef.SC_CRL)) setCRLConfig(req, resp); - else if (scope.equals(ScopeDef.SC_NOTIFICATION_REQ_COMP)) + else if (scope.equals(ScopeDef.SC_NOTIFICATION_REQ_COMP)) setNotificationReqCompConfig(req, resp); - else if (scope.equals(ScopeDef.SC_NOTIFICATION_REV_COMP)) + else if (scope.equals(ScopeDef.SC_NOTIFICATION_REV_COMP)) setNotificationRevCompConfig(req, resp); else if (scope.equals(ScopeDef.SC_NOTIFICATION_RIQ)) setNotificationRIQConfig(req, resp); @@ -175,8 +182,9 @@ public class CAAdminServlet extends AdminServlet { } else if (op.equals(OpDef.OP_SEARCH)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_CRLEXTS_RULES)) @@ -186,8 +194,9 @@ public class CAAdminServlet extends AdminServlet { } else if (op.equals(OpDef.OP_ADD)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_CRLIPS)) @@ -195,8 +204,9 @@ public class CAAdminServlet extends AdminServlet { } else if (op.equals(OpDef.OP_DELETE)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_CRLIPS)) @@ -210,24 +220,23 @@ public class CAAdminServlet extends AdminServlet { } } - /* - * ========================================================== private - * methods========================================================== - */ - + /*========================================================== + * private methods + *==========================================================*/ + /* * handle request completion (cert issued) notification config requests */ private void getNotificationCompConfig(HttpServletRequest req, - HttpServletResponse resp, IConfigStore rc) throws ServletException, + HttpServletResponse resp, IConfigStore rc) throws ServletException, IOException, EBaseException { - + NameValuePairs params = new NameValuePairs(); Enumeration e = req.getParameterNames(); - + while (e.hasMoreElements()) { String name = (String) e.nextElement(); - + if (name.equals(Constants.OP_TYPE)) continue; if (name.equals(Constants.RS_ID)) @@ -238,35 +247,33 @@ public class CAAdminServlet extends AdminServlet { continue; params.add(name, rc.getString(name, "")); } - + params.add(Constants.PR_ENABLE, - rc.getString(PROP_ENABLED, Constants.FALSE)); + rc.getString(PROP_ENABLED, Constants.FALSE)); sendResponse(SUCCESS, null, params, resp); } - + private void getNotificationRevCompConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { - + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { + IConfigStore config = mCA.getConfigStore(); - IConfigStore nc = config - .getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); - IConfigStore rc = nc - .getSubStore(ICertificateAuthority.PROP_CERT_REVOKED_SUBSTORE); - + IConfigStore nc = + config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); + IConfigStore rc = nc.getSubStore(ICertificateAuthority.PROP_CERT_REVOKED_SUBSTORE); + getNotificationCompConfig(req, resp, rc); } - + private void getNotificationReqCompConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { - + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { + IConfigStore config = mCA.getConfigStore(); - IConfigStore nc = config - .getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); - IConfigStore rc = nc - .getSubStore(ICertificateAuthority.PROP_CERT_ISSUED_SUBSTORE); - + IConfigStore nc = + config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); + IConfigStore rc = nc.getSubStore(ICertificateAuthority.PROP_CERT_ISSUED_SUBSTORE); + getNotificationCompConfig(req, resp, rc); } @@ -274,17 +281,16 @@ public class CAAdminServlet extends AdminServlet { * handle getting request in queue notification config info */ private void getNotificationRIQConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); IConfigStore config = mCA.getConfigStore(); - IConfigStore nc = config - .getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); + IConfigStore nc = + config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); - IConfigStore riq = nc - .getSubStore(ICertificateAuthority.PROP_REQ_IN_Q_SUBSTORE); + IConfigStore riq = nc.getSubStore(ICertificateAuthority.PROP_REQ_IN_Q_SUBSTORE); Enumeration e = req.getParameterNames(); @@ -302,8 +308,8 @@ public class CAAdminServlet extends AdminServlet { params.add(name, riq.getString(name, "")); } - params.add(Constants.PR_ENABLE, - riq.getString(PROP_ENABLED, Constants.FALSE)); + params.add(Constants.PR_ENABLE, + riq.getString(PROP_ENABLED, Constants.FALSE)); sendResponse(SUCCESS, null, params, resp); } @@ -311,16 +317,15 @@ public class CAAdminServlet extends AdminServlet { * handle setting request in queue notification config info */ private void setNotificationRIQConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { IConfigStore config = mCA.getConfigStore(); - IConfigStore nc = config - .getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); + IConfigStore nc = + config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); - IConfigStore riq = nc - .getSubStore(ICertificateAuthority.PROP_REQ_IN_Q_SUBSTORE); + IConfigStore riq = nc.getSubStore(ICertificateAuthority.PROP_REQ_IN_Q_SUBSTORE); - // set rest of the parameters + //set rest of the parameters Enumeration e = req.getParameterNames(); while (e.hasMoreElements()) { @@ -341,15 +346,15 @@ public class CAAdminServlet extends AdminServlet { File template = new File(val); if ((!template.exists()) || (!template.canRead()) - || (template.isDirectory())) { - String error = "Template: " + val - + " does not exist or invalid"; + || (template.isDirectory())) { + String error = + "Template: " + val + " does not exist or invalid"; - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_INVALID_PATH")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_INVALID_PATH")); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_INVALID_PATH"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PATH"), + null, resp); return; } } @@ -372,11 +377,10 @@ public class CAAdminServlet extends AdminServlet { * handle setting request complete notification config info */ private void setNotificationCompConfig(HttpServletRequest req, - HttpServletResponse resp, IConfigStore rc, - IRequestListener thisListener) throws ServletException, + HttpServletResponse resp, IConfigStore rc, IRequestListener thisListener) throws ServletException, IOException, EBaseException { - - // set rest of the parameters + + //set rest of the parameters Enumeration e = req.getParameterNames(); while (e.hasMoreElements()) { @@ -397,15 +401,15 @@ public class CAAdminServlet extends AdminServlet { File template = new File(val); if ((!template.exists()) || (!template.canRead()) - || (template.isDirectory())) { - String error = "Template: " + val - + " does not exist or invalid"; + || (template.isDirectory())) { + String error = + "Template: " + val + " does not exist or invalid"; - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_INVALID_PATH")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_INVALID_PATH")); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_INVALID_PATH"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PATH"), + null, resp); return; } } @@ -425,35 +429,33 @@ public class CAAdminServlet extends AdminServlet { } private void setNotificationRevCompConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { IConfigStore config = mCA.getConfigStore(); - IConfigStore nc = config - .getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); + IConfigStore nc = + config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); - IConfigStore rc = nc - .getSubStore(ICertificateAuthority.PROP_CERT_REVOKED_SUBSTORE); + IConfigStore rc = nc.getSubStore(ICertificateAuthority.PROP_CERT_REVOKED_SUBSTORE); setNotificationCompConfig(req, resp, rc, mCA.getCertRevokedListener()); - } + } private void setNotificationReqCompConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { IConfigStore config = mCA.getConfigStore(); - IConfigStore nc = config - .getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); + IConfigStore nc = + config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); - IConfigStore rc = nc - .getSubStore(ICertificateAuthority.PROP_CERT_ISSUED_SUBSTORE); + IConfigStore rc = nc.getSubStore(ICertificateAuthority.PROP_CERT_ISSUED_SUBSTORE); setNotificationCompConfig(req, resp, rc, mCA.getCertIssuedListener()); } private void listCRLIPsConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration ips = mCA.getCRLIssuingPoints(); @@ -466,17 +468,17 @@ public class CAAdminServlet extends AdminServlet { if (ipId != null && ipId.length() > 0) params.add(ipId, ip.getDescription()); - params.add(ipId + "." + Constants.PR_ENABLED, (Boolean - .valueOf(ip.isCRLIssuingPointEnabled())).toString()); + params.add(ipId + "." + Constants.PR_ENABLED, + (Boolean.valueOf(ip.isCRLIssuingPointEnabled())).toString()); } } - + sendResponse(SUCCESS, null, params, resp); } private void getCRLIPsConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String id = req.getParameter(Constants.RS_ID); @@ -516,12 +518,11 @@ public class CAAdminServlet extends AdminServlet { /** * Add CRL issuing points configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when * configuring CRL profile (extensions, frequency, CRL format) * </ul> - * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred @@ -529,8 +530,8 @@ public class CAAdminServlet extends AdminServlet { * @exception EBaseException an error has occurred */ private void addCRLIPsConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -544,8 +545,10 @@ public class CAAdminServlet extends AdminServlet { if (ipId == null || ipId.length() == 0) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -559,8 +562,10 @@ public class CAAdminServlet extends AdminServlet { if (desc == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -572,16 +577,16 @@ public class CAAdminServlet extends AdminServlet { String sEnable = req.getParameter(Constants.PR_ENABLED); boolean enable = true; - if (sEnable != null && sEnable.length() > 0 - && sEnable.equalsIgnoreCase(Constants.FALSE)) { + if (sEnable != null && sEnable.length() > 0 && + sEnable.equalsIgnoreCase(Constants.FALSE)) { enable = false; params.add(Constants.PR_ENABLED, Constants.FALSE); } else { params.add(Constants.PR_ENABLED, Constants.TRUE); } - IConfigStore crlSubStore = mCA.getConfigStore().getSubStore( - ICertificateAuthority.PROP_CRL_SUBSTORE); + IConfigStore crlSubStore = + mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE); Enumeration crlNames = crlSubStore.getSubStoreNames(); while (crlNames.hasMoreElements()) { @@ -590,21 +595,24 @@ public class CAAdminServlet extends AdminServlet { if (ipId.equals(name)) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, ipId + " CRL IP already exists", null, - resp); + sendResponse(ERROR, ipId + " CRL IP already exists", null, resp); return; } } if (!mCA.addCRLIssuingPoint(crlSubStore, ipId, enable, desc)) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -615,8 +623,10 @@ public class CAAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, auditSubjectID, - ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); @@ -624,8 +634,10 @@ public class CAAdminServlet extends AdminServlet { } catch (EBaseException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -634,37 +646,38 @@ public class CAAdminServlet extends AdminServlet { } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } /** * Set CRL issuing points configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when * configuring CRL profile (extensions, frequency, CRL format) * </ul> - * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred @@ -672,8 +685,8 @@ public class CAAdminServlet extends AdminServlet { * @exception EBaseException an error has occurred */ private void setCRLIPsConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -687,8 +700,10 @@ public class CAAdminServlet extends AdminServlet { if (ipId == null || ipId.length() == 0) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -702,8 +717,10 @@ public class CAAdminServlet extends AdminServlet { if (desc == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -715,16 +732,16 @@ public class CAAdminServlet extends AdminServlet { String sEnable = req.getParameter(Constants.PR_ENABLED); boolean enable = true; - if (sEnable != null && sEnable.length() > 0 - && sEnable.equalsIgnoreCase(Constants.FALSE)) { + if (sEnable != null && sEnable.length() > 0 && + sEnable.equalsIgnoreCase(Constants.FALSE)) { enable = false; params.add(Constants.PR_ENABLED, Constants.FALSE); } else { params.add(Constants.PR_ENABLED, Constants.TRUE); } - IConfigStore crlSubStore = mCA.getConfigStore().getSubStore( - ICertificateAuthority.PROP_CRL_SUBSTORE); + IConfigStore crlSubStore = + mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE); boolean done = false; Enumeration crlNames = crlSubStore.getSubStoreNames(); @@ -742,8 +759,8 @@ public class CAAdminServlet extends AdminServlet { if (c != null) { c.putString(Constants.PR_DESCRIPTION, desc); - c.putString(Constants.PR_ENABLED, - (enable) ? Constants.TRUE : Constants.FALSE); + c.putString(Constants.PR_ENABLED, + (enable) ? Constants.TRUE : Constants.FALSE); } done = true; break; @@ -752,8 +769,10 @@ public class CAAdminServlet extends AdminServlet { if (!done) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -764,8 +783,10 @@ public class CAAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, auditSubjectID, - ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); @@ -773,8 +794,10 @@ public class CAAdminServlet extends AdminServlet { } catch (EBaseException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -783,37 +806,38 @@ public class CAAdminServlet extends AdminServlet { } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } /** * Delete CRL issuing points configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when * configuring CRL profile (extensions, frequency, CRL format) * </ul> - * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred @@ -821,8 +845,8 @@ public class CAAdminServlet extends AdminServlet { * @exception EBaseException an error has occurred */ private void deleteCRLIPsConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -834,8 +858,8 @@ public class CAAdminServlet extends AdminServlet { String id = req.getParameter(Constants.RS_ID); if (id != null && id.length() > 0) { - IConfigStore crlSubStore = mCA.getConfigStore().getSubStore( - ICertificateAuthority.PROP_CRL_SUBSTORE); + IConfigStore crlSubStore = + mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE); boolean done = false; Enumeration crlNames = crlSubStore.getSubStoreNames(); @@ -851,8 +875,10 @@ public class CAAdminServlet extends AdminServlet { if (!done) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -864,8 +890,10 @@ public class CAAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, auditSubjectID, - ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); @@ -873,8 +901,10 @@ public class CAAdminServlet extends AdminServlet { } catch (EBaseException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -883,31 +913,33 @@ public class CAAdminServlet extends AdminServlet { } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } private void getCRLExtsConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String ipId = null; @@ -942,12 +974,11 @@ public class CAAdminServlet extends AdminServlet { /** * Delete CRL extensions configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when * configuring CRL profile (extensions, frequency, CRL format) * </ul> - * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred @@ -955,8 +986,8 @@ public class CAAdminServlet extends AdminServlet { * @exception EBaseException an error has occurred */ private void setCRLExtsConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -975,11 +1006,11 @@ public class CAAdminServlet extends AdminServlet { ICMSCRLExtensions crlExts = ip.getCRLExtensions(); IConfigStore config = mCA.getConfigStore(); - IConfigStore crlsSubStore = config - .getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE); + IConfigStore crlsSubStore = + config.getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE); IConfigStore crlSubStore = crlsSubStore.getSubStore(ipId); - IConfigStore crlExtsSubStore = crlSubStore - .getSubStore(ICertificateAuthority.PROP_CRLEXT_SUBSTORE); + IConfigStore crlExtsSubStore = + crlSubStore.getSubStore(ICertificateAuthority.PROP_CRLEXT_SUBSTORE); String id = req.getParameter(Constants.RS_ID); @@ -1013,8 +1044,10 @@ public class CAAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, auditSubjectID, - ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); @@ -1022,8 +1055,10 @@ public class CAAdminServlet extends AdminServlet { } catch (EBaseException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -1032,31 +1067,33 @@ public class CAAdminServlet extends AdminServlet { } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } private void listCRLExtsConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String id = req.getParameter(Constants.PR_ID); @@ -1066,11 +1103,9 @@ public class CAAdminServlet extends AdminServlet { } IConfigStore config = mCA.getConfigStore(); - IConfigStore crlsSubStore = config - .getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE); + IConfigStore crlsSubStore = config.getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE); IConfigStore crlSubStore = crlsSubStore.getSubStore(id); - IConfigStore crlExtsSubStore = crlSubStore - .getSubStore(ICertificateAuthority.PROP_CRLEXT_SUBSTORE); + IConfigStore crlExtsSubStore = crlSubStore.getSubStore(ICertificateAuthority.PROP_CRLEXT_SUBSTORE); if (crlExtsSubStore != null) { Enumeration enumExts = crlExtsSubStore.getSubStoreNames(); @@ -1078,8 +1113,7 @@ public class CAAdminServlet extends AdminServlet { while (enumExts.hasMoreElements()) { String extName = (String) enumExts.nextElement(); boolean crlExtEnabled = false; - IConfigStore crlExtSubStore = crlExtsSubStore - .getSubStore(extName); + IConfigStore crlExtSubStore = crlExtsSubStore.getSubStore(extName); Enumeration properties = crlExtSubStore.getPropertyNames(); while (properties.hasMoreElements()) { @@ -1089,35 +1123,33 @@ public class CAAdminServlet extends AdminServlet { crlExtEnabled = crlExtSubStore.getBoolean(name, false); } } - params.add(extName, extName + ";visible;" - + ((crlExtEnabled) ? "enabled" : "disabled")); + params.add(extName, extName + ";visible;" + ((crlExtEnabled) ? "enabled" : "disabled")); } } sendResponse(SUCCESS, null, params, resp); } - /** - * retrieve extended plugin info such as brief description, type info from - * CRL extensions + /** + * retrieve extended plugin info such as brief description, + * type info from CRL extensions */ private void getExtendedPluginInfo(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); int colon = id.indexOf(':'); String implType = id.substring(0, colon); String implName = id.substring(colon + 1); - NameValuePairs params = getExtendedPluginInfo(getLocale(req), implType, - implName); + NameValuePairs params = + getExtendedPluginInfo(getLocale(req), implType, implName); sendResponse(SUCCESS, null, params, resp); } - private NameValuePairs getExtendedPluginInfo(Locale locale, - String implType, String implName) { + private NameValuePairs getExtendedPluginInfo(Locale locale, String implType, String implName) { IExtendedPluginInfo ext_info = null; Object impl = null; @@ -1150,8 +1182,7 @@ public class CAAdminServlet extends AdminServlet { if (ext_info == null) { nvps = new NameValuePairs(); } else { - nvps = convertStringArrayToNVPairs(ext_info - .getExtendedPluginInfo(locale)); + nvps = convertStringArrayToNVPairs(ext_info.getExtendedPluginInfo(locale)); } return nvps; @@ -1160,12 +1191,11 @@ public class CAAdminServlet extends AdminServlet { /** * Set CRL configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when * configuring CRL profile (extensions, frequency, CRL format) * </ul> - * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred @@ -1173,7 +1203,7 @@ public class CAAdminServlet extends AdminServlet { * @exception EBaseException an error has occurred */ private void setCRLConfig(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1184,19 +1214,18 @@ public class CAAdminServlet extends AdminServlet { String id = req.getParameter(Constants.RS_ID); - if (id == null || id.length() <= 0 - || id.equals(Constants.RS_ID_CONFIG)) { + if (id == null || id.length() <= 0 || + id.equals(Constants.RS_ID_CONFIG)) { id = ICertificateAuthority.PROP_MASTER_CRL; } ICRLIssuingPoint ip = mCA.getCRLIssuingPoint(id); - // Save New Settings to the config file + //Save New Settings to the config file IConfigStore config = mCA.getConfigStore(); - IConfigStore crlsSubStore = config - .getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE); + IConfigStore crlsSubStore = config.getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE); IConfigStore crlSubStore = crlsSubStore.getSubStore(id); - // set reset of the parameters + //set reset of the parameters Enumeration e = req.getParameterNames(); while (e.hasMoreElements()) { @@ -1221,8 +1250,10 @@ public class CAAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, auditSubjectID, - ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); @@ -1233,8 +1264,10 @@ public class CAAdminServlet extends AdminServlet { } catch (EBaseException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -1243,40 +1276,44 @@ public class CAAdminServlet extends AdminServlet { } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } - private void getCRLConfig(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private void getCRLConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String id = req.getParameter(Constants.RS_ID); - if (id == null || id.length() <= 0 || id.equals(Constants.RS_ID_CONFIG)) { + if (id == null || id.length() <= 0 || + id.equals(Constants.RS_ID_CONFIG)) { id = ICertificateAuthority.PROP_MASTER_CRL; } - IConfigStore crlsSubStore = mCA.getConfigStore().getSubStore( - ICertificateAuthority.PROP_CRL_SUBSTORE); + IConfigStore crlsSubStore = + mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE); IConfigStore crlSubStore = crlsSubStore.getSubStore(id); Enumeration e = req.getParameterNames(); @@ -1298,10 +1335,10 @@ public class CAAdminServlet extends AdminServlet { getSigningAlgConfig(params); sendResponse(SUCCESS, null, params, resp); } - + private void getConnectorConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { IConfigStore caConfig = mCA.getConfigStore(); IConfigStore connectorConfig = caConfig.getSubStore("connector"); IConfigStore caConnectorConfig = null; @@ -1333,14 +1370,14 @@ public class CAAdminServlet extends AdminServlet { } private void setConnectorConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { IConfigStore caConfig = mCA.getConfigStore(); IConfigStore connectorConfig = caConfig.getSubStore("connector"); IConfigStore caConnectorConfig = null; - // String nickname = CMS.getServerCertNickname(); +// String nickname = CMS.getServerCertNickname(); if (isKRAConnector(req)) { caConnectorConfig = connectorConfig.getSubStore("KRA"); @@ -1360,17 +1397,17 @@ public class CAAdminServlet extends AdminServlet { continue; if (name.equals(Constants.OP_SCOPE)) continue; - /* - * if (name.equals("nickName")) { - * caConnectorConfig.putString(name, nickname); continue; } - */ +/* + if (name.equals("nickName")) { + caConnectorConfig.putString(name, nickname); + continue; + } +*/ if (name.equals("host")) { try { Utils.checkHost(req.getParameter("host")); } catch (UnknownHostException e) { - sendResponse(ERROR, - "Unknown Host " + req.getParameter("host"), - null, resp); + sendResponse(ERROR, "Unknown Host " + req.getParameter("host"), null, resp); return; } } @@ -1419,43 +1456,47 @@ public class CAAdminServlet extends AdminServlet { } private void getGeneralConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String value = "false"; /* - * ISubsystem eeGateway = - * SubsystemRegistry.getInstance().get("eeGateway"); if (eeGateway != - * null) { IConfigStore eeConfig = eeGateway.getConfigStore(); if - * (eeConfig != null) value = eeConfig.getString("enabled", "true"); - * String ocspValue = "true"; ocspValue = - * eeConfig.getString("enableOCSP", "true"); - * params.add(Constants.PR_OCSP_ENABLED, ocspValue); } - * params.add(Constants.PR_EE_ENABLED, value); + ISubsystem eeGateway = + SubsystemRegistry.getInstance().get("eeGateway"); + if (eeGateway != null) { + IConfigStore eeConfig = eeGateway.getConfigStore(); + if (eeConfig != null) + value = eeConfig.getString("enabled", "true"); + String ocspValue = "true"; + ocspValue = eeConfig.getString("enableOCSP", "true"); + params.add(Constants.PR_OCSP_ENABLED, ocspValue); + } + params.add(Constants.PR_EE_ENABLED, value); */ + IConfigStore caConfig = mCA.getConfigStore(); - value = caConfig.getString( - ICertificateAuthority.PROP_ENABLE_PAST_CATIME, "false"); + value = caConfig.getString(ICertificateAuthority.PROP_ENABLE_PAST_CATIME, "false"); params.add(Constants.PR_VALIDITY, value); getSigningAlgConfig(params); getSerialConfig(params); getMaxSerialConfig(params); - + sendResponse(SUCCESS, null, params, resp); } private void getSigningAlgConfig(NameValuePairs params) { - params.add(Constants.PR_DEFAULT_ALGORITHM, mCA.getDefaultAlgorithm()); + params.add(Constants.PR_DEFAULT_ALGORITHM, + mCA.getDefaultAlgorithm()); String[] algorithms = mCA.getCASigningAlgorithms(); StringBuffer algorStr = new StringBuffer(); for (int i = 0; i < algorithms.length; i++) { - if (i == 0) + if (i == 0) algorStr.append(algorithms[i]); else { algorStr.append(":"); @@ -1466,22 +1507,24 @@ public class CAAdminServlet extends AdminServlet { } private void getSerialConfig(NameValuePairs params) { - params.add(Constants.PR_SERIAL, mCA.getStartSerial()); + params.add(Constants.PR_SERIAL, + mCA.getStartSerial()); } private void getMaxSerialConfig(NameValuePairs params) { - params.add(Constants.PR_MAXSERIAL, mCA.getMaxSerial()); + params.add(Constants.PR_MAXSERIAL, + mCA.getMaxSerial()); } private void setGeneralConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { ISubsystem eeGateway = null; /* - * ISubsystem eeGateway = - * SubsystemRegistry.getInstance().get("eeGateway"); + ISubsystem eeGateway = + SubsystemRegistry.getInstance().get("eeGateway"); */ IConfigStore eeConfig = null; @@ -1490,7 +1533,7 @@ public class CAAdminServlet extends AdminServlet { Enumeration enum1 = req.getParameterNames(); boolean restart = false; - // mCA.setMaxSerial(""); + //mCA.setMaxSerial(""); while (enum1.hasMoreElements()) { String key = (String) enum1.nextElement(); String value = req.getParameter(key); @@ -1498,11 +1541,15 @@ public class CAAdminServlet extends AdminServlet { if (key.equals(Constants.PR_EE_ENABLED)) { /* - * if (eeConfig != null) { if - * (((EEGateway)eeGateway).isEnabled() && value.equals("false") - * || !((EEGateway)eeGateway).isEnabled() && - * value.equals("true")) { restart=true;; } - * eeConfig.putString("enabled", value); } + if (eeConfig != null) { + if (((EEGateway)eeGateway).isEnabled() && + value.equals("false") || + !((EEGateway)eeGateway).isEnabled() && + value.equals("true")) { + restart=true;; + } + eeConfig.putString("enabled", value); + } */ } else if (key.equals(Constants.PR_VALIDITY)) { mCA.setValidity(value); @@ -1523,21 +1570,23 @@ public class CAAdminServlet extends AdminServlet { } /** - * Retrieves configuration parameters of certificate authority. + * Retrieves configuration parameters of certificate + * authority. */ - private synchronized void getConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + private synchronized void getConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { // validate super.getConfig(mCA.getConfigStore(), req, resp); } /** - * Sets configuration parameters of certificate authority. + * Sets configuration parameters of certificate + * authority. */ - private synchronized void setConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + private synchronized void setConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { super.setConfig(mCA.getConfigStore(), req, resp); // XXX - commit changes } @@ -1545,18 +1594,19 @@ public class CAAdminServlet extends AdminServlet { /** * Lists configuration store parameters. */ - private synchronized void listConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + private synchronized void listConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { super.listConfig(mCA.getConfigStore(), req, resp); } /** - * Locks a request so that no one can modify it except owner. + * Locks a request so that no one can modify it except + * owner. */ - private synchronized void lockRequest(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + private synchronized void lockRequest(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); // XXX @@ -1564,11 +1614,12 @@ public class CAAdminServlet extends AdminServlet { } /** - * Locks certificate record so that no one can modify it except owner. + * Locks certificate record so that no one can + * modify it except owner. */ - private synchronized void lockCertRecord(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + private synchronized void lockCertRecord(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); sendResponse(SUCCESS, null, params, resp); @@ -1577,9 +1628,9 @@ public class CAAdminServlet extends AdminServlet { /** * Modifies a cert record. */ - private synchronized void modifyCertRecord(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + private synchronized void modifyCertRecord(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); // XXX @@ -1589,7 +1640,7 @@ public class CAAdminServlet extends AdminServlet { private void log(int level, String msg) { if (mLogger == null) return; - mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER, level, - "CAAdminServlet: " + msg); + mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER, + level, "CAAdminServlet: " + msg); } -} +} diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java index ba8aa448..f57d12e2 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; + import java.io.BufferedReader; import java.io.File; import java.io.FileInputStream; @@ -82,10 +83,11 @@ import com.netscape.cmsutil.util.Cert; import com.netscape.symkey.SessionKey; /** - * A class representings an administration servlet. This servlet is responsible - * to serve Certificate Server level administrative operations such as - * configuration parameter updates. - * + * A class representings an administration servlet. This + * servlet is responsible to serve Certificate Server + * level administrative operations such as configuration + * parameter updates. + * * @version $Revision$, $Date$ */ public final class CMSAdminServlet extends AdminServlet { @@ -106,11 +108,16 @@ public final class CMSAdminServlet extends AdminServlet { private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); private final static byte EOL[] = { Character.LINE_SEPARATOR }; - private final static String LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION = "LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION_3"; - private final static String LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY = "LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY_3"; - private final static String LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC = "LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC_3"; - private final static String LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION = "LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION_2"; - private final static String LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION = "LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION_3"; + private final static String LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION = + "LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION_3"; + private final static String LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY = + "LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY_3"; + private final static String LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC = + "LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC_3"; + private final static String LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION = + "LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION_2"; + private final static String LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION = + "LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION_3"; // CMS must be instantiated before this admin servlet. @@ -139,13 +146,13 @@ public final class CMSAdminServlet extends AdminServlet { * Serves HTTP request. */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { super.service(req, resp); try { super.authenticate(req); } catch (IOException e) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHS_FAILED"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"), + null, resp); return; } @@ -157,8 +164,9 @@ public final class CMSAdminServlet extends AdminServlet { if (scope.equals(ScopeDef.SC_PLATFORM)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } getEnv(req, resp); @@ -167,8 +175,9 @@ public final class CMSAdminServlet extends AdminServlet { if (op.equals(OpDef.OP_READ)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_LDAP)) @@ -190,13 +199,14 @@ public final class CMSAdminServlet extends AdminServlet { } else if (op.equals(OpDef.OP_MODIFY)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_LDAP)) setDBConfig(req, resp); - else if (scope.equals(ScopeDef.SC_SMTP)) + else if (scope.equals(ScopeDef.SC_SMTP)) modifySMTPConfig(req, resp); else if (scope.equals(ScopeDef.SC_TASKS)) performTasks(req, resp); @@ -204,9 +214,9 @@ public final class CMSAdminServlet extends AdminServlet { modifyEncryption(req, resp); else if (scope.equals(ScopeDef.SC_ISSUE_IMPORT_CERT)) issueImportCert(req, resp); - else if (scope.equals(ScopeDef.SC_INSTALL_CERT)) + else if (scope.equals(ScopeDef.SC_INSTALL_CERT)) installCert(req, resp); - else if (scope.equals(ScopeDef.SC_IMPORT_CROSS_CERT)) + else if (scope.equals(ScopeDef.SC_IMPORT_CROSS_CERT)) importXCert(req, resp); else if (scope.equals(ScopeDef.SC_DELETE_CERTS)) deleteCerts(req, resp); @@ -219,8 +229,9 @@ public final class CMSAdminServlet extends AdminServlet { } else if (op.equals(OpDef.OP_SEARCH)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_SUBSYSTEM)) @@ -229,31 +240,33 @@ public final class CMSAdminServlet extends AdminServlet { getCACerts(req, resp); else if (scope.equals(ScopeDef.SC_ALL_CERTLIST)) getAllCertsManage(req, resp); - else if (scope.equals(ScopeDef.SC_USERCERTSLIST)) + else if (scope.equals(ScopeDef.SC_USERCERTSLIST)) getUserCerts(req, resp); - else if (scope.equals(ScopeDef.SC_TKSKEYSLIST)) + else if (scope.equals(ScopeDef.SC_TKSKEYSLIST)) getTKSKeys(req, resp); - else if (scope.equals(ScopeDef.SC_TOKEN)) + else if (scope.equals(ScopeDef.SC_TOKEN)) getAllTokenNames(req, resp); else if (scope.equals(ScopeDef.SC_ROOTCERTSLIST)) getRootCerts(req, resp); } else if (op.equals(OpDef.OP_DELETE)) { mOp = "delete"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_ROOTCERTSLIST)) { deleteRootCert(req, resp); } else if (scope.equals(ScopeDef.SC_USERCERTSLIST)) { - deleteUserCert(req, resp); + deleteUserCert(req,resp); } } else if (op.equals(OpDef.OP_PROCESS)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_CERT_REQUEST)) @@ -270,13 +283,14 @@ public final class CMSAdminServlet extends AdminServlet { checkTokenStatus(req, resp); else if (scope.equals(ScopeDef.SC_SELFTESTS)) runSelfTestsOnDemand(req, resp); - else if (scope.equals(ScopeDef.SC_TKSKEYSLIST)) + else if (scope.equals(ScopeDef.SC_TKSKEYSLIST)) createMasterKey(req, resp); } else if (op.equals(OpDef.OP_VALIDATE)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_SUBJECT_NAME)) @@ -289,7 +303,8 @@ public final class CMSAdminServlet extends AdminServlet { validateCurveName(req, resp); } } catch (EBaseException e) { - sendResponse(ERROR, e.toString(getLocale(req)), null, resp); + sendResponse(ERROR, e.toString(getLocale(req)), + null, resp); return; } catch (Exception e) { StringWriter sw = new StringWriter(); @@ -301,24 +316,25 @@ public final class CMSAdminServlet extends AdminServlet { } } - private void getEnv(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private void getEnv(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); if (File.separator.equals("\\")) params.add(Constants.PR_NT, Constants.TRUE); else params.add(Constants.PR_NT, Constants.FALSE); - + sendResponse(SUCCESS, null, params, resp); } private void getAllTokenNames(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); NameValuePairs params = new NameValuePairs(); params.add(Constants.PR_TOKEN_LIST, jssSubSystem.getTokenList()); @@ -327,15 +343,15 @@ public final class CMSAdminServlet extends AdminServlet { } private void getAllNicknames(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); params.add(Constants.PR_ALL_NICKNAMES, jssSubSystem.getAllCerts()); - + sendResponse(SUCCESS, null, params, resp); } @@ -346,26 +362,27 @@ public final class CMSAdminServlet extends AdminServlet { String type = ""; ISubsystem sys = (ISubsystem) e.nextElement(); - // get subsystem type - if ((sys instanceof IKeyRecoveryAuthority) - && subsystem.equals("kra")) + //get subsystem type + if ((sys instanceof IKeyRecoveryAuthority) && + subsystem.equals("kra")) return true; - else if ((sys instanceof IRegistrationAuthority) - && subsystem.equals("ra")) + else if ((sys instanceof IRegistrationAuthority) && + subsystem.equals("ra")) return true; - else if ((sys instanceof ICertificateAuthority) - && subsystem.equals("ca")) + else if ((sys instanceof ICertificateAuthority) && + subsystem.equals("ca")) return true; - else if ((sys instanceof IOCSPAuthority) - && subsystem.equals("ocsp")) + else if ((sys instanceof IOCSPAuthority) && + subsystem.equals("ocsp")) return true; } return false; } - private void readEncryption(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private void readEncryption(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { Enumeration e = CMS.getSubsystems(); boolean isCAInstalled = false; @@ -378,7 +395,7 @@ public final class CMSAdminServlet extends AdminServlet { String type = ""; ISubsystem sys = (ISubsystem) e.nextElement(); - // get subsystem type + //get subsystem type if (sys instanceof IKeyRecoveryAuthority) isKRAInstalled = true; else if (sys instanceof IRegistrationAuthority) @@ -389,20 +406,19 @@ public final class CMSAdminServlet extends AdminServlet { isOCSPInstalled = true; else if (sys instanceof ITKSAuthority) isTKSInstalled = true; + + } - } - - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); String caTokenName = ""; NameValuePairs params = new NameValuePairs(); - params.add(Constants.PR_CIPHER_VERSION, jssSubSystem.getCipherVersion()); - params.add(Constants.PR_CIPHER_FORTEZZA, - jssSubSystem.isCipherFortezza()); - params.add(Constants.PR_CIPHER_PREF, - jssSubSystem.getCipherPreferences()); + params.add(Constants.PR_CIPHER_VERSION, + jssSubSystem.getCipherVersion()); + params.add(Constants.PR_CIPHER_FORTEZZA, jssSubSystem.isCipherFortezza()); + params.add(Constants.PR_CIPHER_PREF, jssSubSystem.getCipherPreferences()); String tokenList = jssSubSystem.getTokenList(); @@ -412,7 +428,7 @@ public final class CMSAdminServlet extends AdminServlet { while (tokenizer.hasMoreElements()) { String tokenName = (String) tokenizer.nextElement(); String certs = jssSubSystem.getCertListWithoutTokenName(tokenName); - + if (certs.equals("")) continue; if (tokenNewList.equals("")) @@ -426,8 +442,7 @@ public final class CMSAdminServlet extends AdminServlet { params.add(Constants.PR_TOKEN_LIST, tokenNewList); if (isCAInstalled) { - ICertificateAuthority ca = (ICertificateAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_CA); + ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getSigningUnit(); caTokenName = signingUnit.getTokenName(); @@ -437,31 +452,31 @@ public final class CMSAdminServlet extends AdminServlet { String caNickName = signingUnit.getNickname(); - // params.add(Constants.PR_CERT_CA, caTokenName+","+caNickName); + //params.add(Constants.PR_CERT_CA, caTokenName+","+caNickName); params.add(Constants.PR_CERT_CA, getCertNickname(caNickName)); } if (isRAInstalled) { - IRegistrationAuthority ra = (IRegistrationAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_RA); + IRegistrationAuthority ra = (IRegistrationAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_RA); String raNickname = ra.getNickname(); params.add(Constants.PR_CERT_RA, getCertNickname(raNickname)); } if (isKRAInstalled) { - IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_KRA); + IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_KRA); String kraNickname = kra.getNickname(); params.add(Constants.PR_CERT_TRANS, getCertNickname(kraNickname)); } if (isTKSInstalled) { - ITKSAuthority tks = (ITKSAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_TKS); + ITKSAuthority tks = (ITKSAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_TKS); } String nickName = CMS.getServerCertNickname(); - + params.add(Constants.PR_CERT_SERVER, getCertNickname(nickName)); sendResponse(SUCCESS, null, params, resp); @@ -503,19 +518,18 @@ public final class CMSAdminServlet extends AdminServlet { /** * Modify encryption configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION used when * configuring encryption (cert settings and SSL cipher preferences) * </ul> - * * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException failed to modify encryption configuration */ private void modifyEncryption(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -525,8 +539,8 @@ public final class CMSAdminServlet extends AdminServlet { try { Enumeration enum1 = req.getParameterNames(); NameValuePairs params = new NameValuePairs(); - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); jssSubSystem.getInternalTokenName(); Enumeration e = CMS.getSubsystems(); @@ -540,7 +554,7 @@ public final class CMSAdminServlet extends AdminServlet { String type = ""; ISubsystem sys = (ISubsystem) e.nextElement(); - // get subsystem type + //get subsystem type if (sys instanceof IKeyRecoveryAuthority) isKRAInstalled = true; else if (sys instanceof IRegistrationAuthority) @@ -549,23 +563,21 @@ public final class CMSAdminServlet extends AdminServlet { isCAInstalled = true; else if (sys instanceof IOCSPAuthority) isOCSPInstalled = true; - else if (sys instanceof ITKSAuthority) + else if (sys instanceof ITKSAuthority) isTKSInstalled = true; } - ICertificateAuthority ca = null; + ICertificateAuthority ca = null; IRegistrationAuthority ra = null; IKeyRecoveryAuthority kra = null; - ITKSAuthority tks = null; + ITKSAuthority tks = null; if (isCAInstalled) ca = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA); if (isRAInstalled) - ra = (IRegistrationAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_RA); + ra = (IRegistrationAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_RA); if (isKRAInstalled) - kra = (IKeyRecoveryAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_KRA); + kra = (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA); if (isTKSInstalled) tks = (ITKSAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_TKS); @@ -581,20 +593,19 @@ public final class CMSAdminServlet extends AdminServlet { ISigningUnit signingUnit = ca.getSigningUnit(); if ((val != null) && (!val.equals(""))) { - StringTokenizer tokenizer = new StringTokenizer(val, - ","); + StringTokenizer tokenizer = new StringTokenizer(val, ","); if (tokenizer.countTokens() != 2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, - auditSubjectID, ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - throw new EBaseException( - CMS.getLogMessage("BASE_INVALID_UI_INFO")); + throw new EBaseException(CMS.getLogMessage("BASE_INVALID_UI_INFO")); } String tokenName = (String) tokenizer.nextElement(); @@ -612,14 +623,14 @@ public final class CMSAdminServlet extends AdminServlet { } else // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, - auditSubjectID, ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - throw new EBaseException( - CMS.getLogMessage("BASE_NOT_CA_CERT")); + throw new EBaseException(CMS.getLogMessage("BASE_NOT_CA_CERT")); } } else if (name.equals(Constants.PR_CERT_RA)) { if ((val != null) && (!val.equals(""))) { @@ -649,8 +660,10 @@ public final class CMSAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, auditSubjectID, - ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); @@ -659,8 +672,10 @@ public final class CMSAdminServlet extends AdminServlet { } catch (EBaseException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -669,26 +684,28 @@ public final class CMSAdminServlet extends AdminServlet { } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; - // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); - // - // audit( auditMessage ); - // - // // rethrow the specific exception to be handled later - // throw eAudit3; - } + // } catch( ServletException eAudit3 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit3; + } } private String getCertConfigNickname(String val) throws EBaseException { @@ -710,9 +727,9 @@ public final class CMSAdminServlet extends AdminServlet { CMS.setServerCertNickname(nickName); /* - * RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance(); - * HTTPService httpsService = raAdmin.getHttpsService(); - * httpsService.setNickName(nickName); + RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance(); + HTTPService httpsService = raAdmin.getHttpsService(); + httpsService.setNickName(nickName); */ } @@ -720,9 +737,9 @@ public final class CMSAdminServlet extends AdminServlet { CMS.setServerCertNickname(nickName); /* - * AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID); - * HTTPService httpsService = gateway.getHttpsService(); - * httpsService.setNickName(nickName); + AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID); + HTTPService httpsService = gateway.getHttpsService(); + httpsService.setNickName(nickName); */ } @@ -730,9 +747,9 @@ public final class CMSAdminServlet extends AdminServlet { CMS.setServerCertNickname(nickName); /* - * HTTPSubsystem eeGateway = ra.getHTTPSubsystem(); HTTPService - * httpsService = eeGateway.getHttpsService(); - * httpsService.setNickName(nickName); + HTTPSubsystem eeGateway = ra.getHTTPSubsystem(); + HTTPService httpsService = eeGateway.getHttpsService(); + httpsService.setNickName(nickName); */ } @@ -740,30 +757,31 @@ public final class CMSAdminServlet extends AdminServlet { CMS.setServerCertNickname(nickName); /* - * HTTPSubsystem caGateway = ca.getHTTPSubsystem(); HTTPService - * httpsService = caGateway.getHttpsService(); - * httpsService.setNickName(nickName); + HTTPSubsystem caGateway = ca.getHTTPSubsystem(); + HTTPService httpsService = caGateway.getHttpsService(); + httpsService.setNickName(nickName); */ } /** * Performs Server Tasks: RESTART/STOP operation */ - private void performTasks(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private void performTasks(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { String restart = req.getParameter(Constants.PR_SERVER_RESTART); String stop = req.getParameter(Constants.PR_SERVER_STOP); NameValuePairs params = new NameValuePairs(); if (restart != null) { - // XXX Uncommented afetr watchdog is implemented + //XXX Uncommented afetr watchdog is implemented sendResponse(SUCCESS, null, params, resp); - // mServer.restart(); + //mServer.restart(); return; } if (stop != null) { - // XXX Send response first then shutdown + //XXX Send response first then shutdown sendResponse(SUCCESS, null, params, resp); CMS.shutdown(); return; @@ -776,8 +794,9 @@ public final class CMSAdminServlet extends AdminServlet { /** * Reads subsystems that server has loaded with. */ - private void readSubsystem(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private void readSubsystem(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration e = CMS.getSubsystems(); StringBuffer buff = new StringBuffer(); @@ -786,7 +805,7 @@ public final class CMSAdminServlet extends AdminServlet { String type = ""; ISubsystem sys = (ISubsystem) e.nextElement(); - // get subsystem type + //get subsystem type if (sys instanceof IKeyRecoveryAuthority) type = Constants.PR_KRA_INSTANCE; if (sys instanceof IRegistrationAuthority) @@ -795,7 +814,7 @@ public final class CMSAdminServlet extends AdminServlet { type = Constants.PR_CA_INSTANCE; if (sys instanceof IOCSPAuthority) type = Constants.PR_OCSP_INSTANCE; - if (sys instanceof ITKSAuthority) + if (sys instanceof ITKSAuthority) type = Constants.PR_TKS_INSTANCE; if (!type.trim().equals("")) params.add(sys.getId(), type); @@ -807,13 +826,13 @@ public final class CMSAdminServlet extends AdminServlet { /** * Reads server statistics. */ - private void readStat(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private void readStat(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); IConfigStore cs = CMS.getConfigStore(); try { - String installdate = cs - .getString(Constants.PR_STAT_INSTALLDATE, ""); + String installdate = cs.getString(Constants.PR_STAT_INSTALLDATE, ""); params.add(Constants.PR_STAT_INSTALLDATE, installdate); } catch (Exception e) { } @@ -831,9 +850,9 @@ public final class CMSAdminServlet extends AdminServlet { } params.add(Constants.PR_STAT_STARTUP, - (new Date(CMS.getStartupTime())).toString()); + (new Date(CMS.getStartupTime())).toString()); params.add(Constants.PR_STAT_TIME, - (new Date(System.currentTimeMillis())).toString()); + (new Date(System.currentTimeMillis())).toString()); sendResponse(SUCCESS, null, params, resp); } @@ -841,105 +860,127 @@ public final class CMSAdminServlet extends AdminServlet { * Modifies network information. */ private void modifyNetworkConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { /* - * HTTPSubsystem eeGateway = (HTTPSubsystem) - * SubsystemRegistry.getInstance().get("eeGateway"); RemoteAdmin raAdmin - * = (RemoteAdmin)RemoteAdmin.getInstance(); AgentGateway agent = - * (AgentGateway)mReg.get(AgentGateway.ID); - * - * Enumeration enum1 = req.getParameterNames(); - * - * String eeHTTPportString = null; String eeHTTPSportString = null; - * String agentHTTPSportString = null; String radminHTTPSportString = - * null; - * - * String gatewayBacklog = "15"; - * - * // eeHTTPEnabled corresponds to the checkbox which enables the // - * HTTP EE port String eeHTTPEnabled = Constants.FALSE; - * - * while (enum1.hasMoreElements()) { String key = - * (String)enum1.nextElement(); String value = - * (String)req.getParameter(key); - * - * if (key.equals(Constants.PR_AGENT_S_BACKLOG)) { - * agent.setHTTPSBacklog(value); } else if - * (key.equals(Constants.PR_GATEWAY_S_BACKLOG)) { - * eeGateway.setHTTPSBacklog(value); } else if - * (key.equals(Constants.PR_ADMIN_S_BACKLOG)) { - * raAdmin.setHTTPSBacklog(value); } else if - * (key.equals(Constants.PR_GATEWAY_BACKLOG)) { gatewayBacklog = value; - * } else if (key.equals(Constants.PR_GATEWAY_PORT_ENABLED)) { - * eeHTTPEnabled = value; } } - * - * - * eeHTTPportString = req.getParameter(Constants.PR_GATEWAY_PORT); - * eeHTTPSportString = req.getParameter(Constants.PR_GATEWAY_S_PORT); - * agentHTTPSportString= req.getParameter(Constants.PR_AGENT_S_PORT); - * radminHTTPSportString= req.getParameter(Constants.PR_ADMIN_S_PORT); - * - * - * int eeHTTPport=0; int eeHTTPSport=0; int agentHTTPSport=0; int - * radminHTTPSport=0; if (eeHTTPportString != null) eeHTTPport = - * Integer.parseInt(eeHTTPportString); if (eeHTTPSportString != null) - * eeHTTPSport = Integer.parseInt(eeHTTPSportString); if - * (agentHTTPSportString != null) agentHTTPSport = - * Integer.parseInt(agentHTTPSportString); if (radminHTTPSportString != - * null) radminHTTPSport = Integer.parseInt(radminHTTPSportString); - * - * - * String portName=""; int portnum; try { - * - * // EE HTTP is special, since it has it's own checkbox for - * enabling/disabling if (eeHTTPEnabled.equals(Constants.TRUE) && - * eeHTTPport != 0 && eeHTTPport != eeGateway.getHTTPPort()) { portName - * = "End-entity"; checkPortAvailable(eeHTTPport); } - * - * if (eeHTTPSport != 0 && eeHTTPSport != eeGateway.getHTTPSPort()) { - * portName = "SSL End-entity"; checkPortAvailable(eeHTTPSport); } if - * (agentHTTPSport != 0 && agentHTTPSport != agent.getHTTPSPort()) { - * portName = "Agent"; checkPortAvailable(agentHTTPSport); } if - * (radminHTTPSport != 0 && radminHTTPSport != raAdmin.getHTTPSPort()) { - * portName = "Remote Admin"; checkPortAvailable(radminHTTPSport); } - * - * // If any of the above ports are not available, an exception // will - * be thrown and these methods below will not be called - * - * if (eeHTTPEnabled.equals(Constants.TRUE)) { - * eeGateway.setHTTPPort(eeHTTPport); } - * eeGateway.setHTTPSPort(eeHTTPSport); - * agent.setHTTPSPort(agentHTTPSport); - * raAdmin.setHTTPSPort(radminHTTPSport); - * - * } catch (IOException e) { // send 'port in use' error - * sendResponse(ERROR, portName+" "+e.getMessage(), null, resp); // we - * do not want to save the config in this case return; } - * - * eeGateway.setHTTPBacklog(gatewayBacklog); - * eeGateway.setHTTPPortEnable(eeHTTPEnabled); - * - * mConfig.commit(true); sendResponse(RESTART, null, null, resp); - */ + HTTPSubsystem eeGateway = (HTTPSubsystem) + SubsystemRegistry.getInstance().get("eeGateway"); + RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance(); + AgentGateway agent = (AgentGateway)mReg.get(AgentGateway.ID); + + Enumeration enum1 = req.getParameterNames(); + + String eeHTTPportString = null; + String eeHTTPSportString = null; + String agentHTTPSportString = null; + String radminHTTPSportString = null; + + String gatewayBacklog = "15"; + + // eeHTTPEnabled corresponds to the checkbox which enables the + // HTTP EE port + String eeHTTPEnabled = Constants.FALSE; + + while (enum1.hasMoreElements()) { + String key = (String)enum1.nextElement(); + String value = (String)req.getParameter(key); + + if (key.equals(Constants.PR_AGENT_S_BACKLOG)) { + agent.setHTTPSBacklog(value); + } else if (key.equals(Constants.PR_GATEWAY_S_BACKLOG)) { + eeGateway.setHTTPSBacklog(value); + } else if (key.equals(Constants.PR_ADMIN_S_BACKLOG)) { + raAdmin.setHTTPSBacklog(value); + } else if (key.equals(Constants.PR_GATEWAY_BACKLOG)) { + gatewayBacklog = value; + } else if (key.equals(Constants.PR_GATEWAY_PORT_ENABLED)) { + eeHTTPEnabled = value; + } + } + + + eeHTTPportString = req.getParameter(Constants.PR_GATEWAY_PORT); + eeHTTPSportString = req.getParameter(Constants.PR_GATEWAY_S_PORT); + agentHTTPSportString= req.getParameter(Constants.PR_AGENT_S_PORT); + radminHTTPSportString= req.getParameter(Constants.PR_ADMIN_S_PORT); + + + int eeHTTPport=0; + int eeHTTPSport=0; + int agentHTTPSport=0; + int radminHTTPSport=0; + if (eeHTTPportString != null) eeHTTPport = Integer.parseInt(eeHTTPportString); + if (eeHTTPSportString != null) eeHTTPSport = Integer.parseInt(eeHTTPSportString); + if (agentHTTPSportString != null) agentHTTPSport = Integer.parseInt(agentHTTPSportString); + if (radminHTTPSportString != null) radminHTTPSport = Integer.parseInt(radminHTTPSportString); + + + String portName=""; + int portnum; + try { + + // EE HTTP is special, since it has it's own checkbox for enabling/disabling + if (eeHTTPEnabled.equals(Constants.TRUE) && + eeHTTPport != 0 && + eeHTTPport != eeGateway.getHTTPPort()) + { + portName = "End-entity"; + checkPortAvailable(eeHTTPport); + } + + if (eeHTTPSport != 0 && eeHTTPSport != eeGateway.getHTTPSPort()) { + portName = "SSL End-entity"; + checkPortAvailable(eeHTTPSport); + } + if (agentHTTPSport != 0 && agentHTTPSport != agent.getHTTPSPort()) { + portName = "Agent"; + checkPortAvailable(agentHTTPSport); + } + if (radminHTTPSport != 0 && radminHTTPSport != raAdmin.getHTTPSPort()) { + portName = "Remote Admin"; + checkPortAvailable(radminHTTPSport); + } + + // If any of the above ports are not available, an exception + // will be thrown and these methods below will not be called + + if (eeHTTPEnabled.equals(Constants.TRUE)) { + eeGateway.setHTTPPort(eeHTTPport); + } + eeGateway.setHTTPSPort(eeHTTPSport); + agent.setHTTPSPort(agentHTTPSport); + raAdmin.setHTTPSPort(radminHTTPSport); + + } catch (IOException e) { + // send 'port in use' error + sendResponse(ERROR, portName+" "+e.getMessage(), null, resp); + // we do not want to save the config in this case + return; + } + + eeGateway.setHTTPBacklog(gatewayBacklog); + eeGateway.setHTTPPortEnable(eeHTTPEnabled); + + mConfig.commit(true); + sendResponse(RESTART, null, null, resp); + */ } /** * Check if the port is available for binding. - * * @throws IOException if not available */ - private void checkPortAvailable(int port) throws IOException { + private void checkPortAvailable(int port) + throws IOException { try { // see if the port is being used by somebody else ServerSocket ss = new ServerSocket(port); ss.close(); } catch (Exception e) { - throw new IOException("port " + port - + " is in use. Please select another port"); + throw new IOException("port " + port + " is in use. Please select another port"); } } @@ -947,8 +988,8 @@ public final class CMSAdminServlet extends AdminServlet { * Reads network information. */ private void readNetworkConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -959,52 +1000,58 @@ public final class CMSAdminServlet extends AdminServlet { sendResponse(SUCCESS, null, params, resp); } - private void getEENetworkConfig(NameValuePairs params) - throws EBaseException { + private void getEENetworkConfig(NameValuePairs params) + throws EBaseException { /* - * HTTPSubsystem eeGateway = (HTTPSubsystem)mReg.get("eeGateway"); if - * (eeGateway == null) { // i.e. standalone DRM - * params.add(Constants.PR_GATEWAY_S_PORT, "-1"); - * params.add(Constants.PR_GATEWAY_PORT, "-1"); - * params.add(Constants.PR_GATEWAY_S_BACKLOG, "-1"); - * params.add(Constants.PR_GATEWAY_BACKLOG,"-1"); - * params.add(Constants.PR_GATEWAY_PORT_ENABLED,"false"); } else { - * params.add(Constants.PR_GATEWAY_S_PORT, ""+eeGateway.getHTTPSPort()); - * params.add(Constants.PR_GATEWAY_PORT, ""+eeGateway.getHTTPPort()); - * params.add(Constants.PR_GATEWAY_S_BACKLOG, - * ""+eeGateway.getHTTPBacklog()); - * params.add(Constants.PR_GATEWAY_BACKLOG, - * ""+eeGateway.getHTTPSBacklog()); - * params.add(Constants.PR_GATEWAY_PORT_ENABLED, - * eeGateway.getHTTPPortEnable()); } - */ + HTTPSubsystem eeGateway = + (HTTPSubsystem)mReg.get("eeGateway"); + if (eeGateway == null) { + // i.e. standalone DRM + params.add(Constants.PR_GATEWAY_S_PORT, "-1"); + params.add(Constants.PR_GATEWAY_PORT, "-1"); + params.add(Constants.PR_GATEWAY_S_BACKLOG, "-1"); + params.add(Constants.PR_GATEWAY_BACKLOG,"-1"); + params.add(Constants.PR_GATEWAY_PORT_ENABLED,"false"); + } else { + params.add(Constants.PR_GATEWAY_S_PORT, + ""+eeGateway.getHTTPSPort()); + params.add(Constants.PR_GATEWAY_PORT, + ""+eeGateway.getHTTPPort()); + params.add(Constants.PR_GATEWAY_S_BACKLOG, + ""+eeGateway.getHTTPBacklog()); + params.add(Constants.PR_GATEWAY_BACKLOG, + ""+eeGateway.getHTTPSBacklog()); + params.add(Constants.PR_GATEWAY_PORT_ENABLED, + eeGateway.getHTTPPortEnable()); + } + */ } private void getAdminConfig(NameValuePairs params) throws EBaseException { /* - * RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance(); - * params.add(Constants.PR_ADMIN_S_PORT, ""+raAdmin.getHTTPSPort()); - * params - * .add(Constants.PR_ADMIN_S_BACKLOG,""+raAdmin.getHTTPSBacklog()); + RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance(); + params.add(Constants.PR_ADMIN_S_PORT, ""+raAdmin.getHTTPSPort()); + params.add(Constants.PR_ADMIN_S_BACKLOG,""+raAdmin.getHTTPSBacklog()); */ } private void getAgentConfig(NameValuePairs params) throws EBaseException { /* - * AgentGateway agent = (AgentGateway)mReg.get(AgentGateway.ID); - * params.add(Constants.PR_AGENT_S_PORT, ""+agent.getHTTPSPort()); - * params.add(Constants.PR_AGENT_S_BACKLOG,""+agent.getHTTPSBacklog()); + AgentGateway agent = (AgentGateway)mReg.get(AgentGateway.ID); + params.add(Constants.PR_AGENT_S_PORT, ""+agent.getHTTPSPort()); + params.add(Constants.PR_AGENT_S_BACKLOG,""+agent.getHTTPSBacklog()); */ } /** * Modifies database information. */ - private void setDBConfig(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private void setDBConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { IConfigStore dbConfig = mConfig.getSubStore(PROP_INTERNAL_DB); Enumeration enum1 = req.getParameterNames(); @@ -1018,53 +1065,56 @@ public final class CMSAdminServlet extends AdminServlet { continue; if (key.equals(Constants.OP_SCOPE)) continue; - - dbConfig.putString(key, req.getParameter(key)); + + dbConfig.putString(key, req.getParameter(key)); } sendResponse(RESTART, null, null, resp); mConfig.commit(true); } - - /** + /** * Create Master Key */ - private void createMasterKey(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { +private void createMasterKey(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration e = req.getParameterNames(); - String newKeyName = null, selectedToken = null; + String newKeyName = null, selectedToken = null; while (e.hasMoreElements()) { String name = (String) e.nextElement(); - if (name.equals(Constants.PR_KEY_LIST)) { - newKeyName = req.getParameter(name); - } - if (name.equals(Constants.PR_TOKEN_LIST)) { - selectedToken = req.getParameter(name); - } + if (name.equals(Constants.PR_KEY_LIST)) + { + newKeyName = req.getParameter(name); + } + if (name.equals(Constants.PR_TOKEN_LIST)) + { + selectedToken = req.getParameter(name); + } + } - if (selectedToken != null && newKeyName != null) { - String symKeys = SessionKey.GenMasterKey(selectedToken, newKeyName); - CMS.getConfigStore().putString("tks.defaultSlot", selectedToken); - String masterKeyPrefix = CMS.getConfigStore().getString( - "tks.master_key_prefix", null); - - SessionKey.SetDefaultPrefix(masterKeyPrefix); - params.add(Constants.PR_KEY_LIST, newKeyName); - params.add(Constants.PR_TOKEN_LIST, selectedToken); - } - sendResponse(SUCCESS, null, params, resp); - } + if(selectedToken!=null && newKeyName!=null) + { + String symKeys = SessionKey.GenMasterKey(selectedToken,newKeyName); + CMS.getConfigStore().putString("tks.defaultSlot", selectedToken); + String masterKeyPrefix = CMS.getConfigStore().getString("tks.master_key_prefix", null); + + SessionKey.SetDefaultPrefix(masterKeyPrefix); + params.add(Constants.PR_KEY_LIST, newKeyName); + params.add(Constants.PR_TOKEN_LIST, selectedToken); + } + sendResponse(SUCCESS, null, params, resp); +} - /** + /** * Reads secmod.db */ - private void getTKSKeys(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private void getTKSKeys(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration e = req.getParameterNames(); @@ -1072,56 +1122,57 @@ public final class CMSAdminServlet extends AdminServlet { while (e.hasMoreElements()) { String name = (String) e.nextElement(); - if (name.equals(Constants.PR_TOKEN_LIST)) { - String selectedToken = req.getParameter(name); - - int count = 0; - int keys_found = 0; - - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); - - CryptoToken token = null; - CryptoManager mCryptoManager = null; - try { - mCryptoManager = CryptoManager.getInstance(); - } catch (Exception e2) { - } - - if (!jssSubSystem.isTokenLoggedIn(selectedToken)) { - PasswordCallback cpcb = new ConsolePasswordCallback(); - while (true) { + if (name.equals(Constants.PR_TOKEN_LIST)) + { + String selectedToken = req.getParameter(name); + + int count = 0; + int keys_found = 0; + + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + + CryptoToken token = null; + CryptoManager mCryptoManager = null; + try { + mCryptoManager = CryptoManager.getInstance(); + } catch (Exception e2) { + } + + if(!jssSubSystem.isTokenLoggedIn(selectedToken)) + { + PasswordCallback cpcb = new ConsolePasswordCallback(); + while (true) { try { - token = mCryptoManager - .getTokenByName(selectedToken); - token.login(cpcb); + token = mCryptoManager.getTokenByName(selectedToken); + token.login(cpcb); break; } catch (Exception e3) { - // log(ILogger.LL_FAILURE, - // CMS.getLogMessage("CMSCORE_SECURITY_INCORRECT_PWD")); + //log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_INCORRECT_PWD")); continue; } - } - } - // String symKeys = new String("key1,key2"); - String symKeys = SessionKey.ListSymmetricKeys(selectedToken); - params.add(Constants.PR_TOKEN_LIST, symKeys); + } + } + // String symKeys = new String("key1,key2"); + String symKeys = SessionKey.ListSymmetricKeys(selectedToken); + params.add(Constants.PR_TOKEN_LIST, symKeys); - } + } } sendResponse(SUCCESS, null, params, resp); } - + + /** * Reads database information. */ - private void getDBConfig(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private void getDBConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { IConfigStore dbConfig = mConfig.getSubStore(PROP_DB); IConfigStore ldapConfig = dbConfig.getSubStore("ldap"); NameValuePairs params = new NameValuePairs(); Enumeration e = req.getParameterNames(); - + while (e.hasMoreElements()) { String name = (String) e.nextElement(); @@ -1133,7 +1184,7 @@ public final class CMSAdminServlet extends AdminServlet { continue; if (name.equals(Constants.PR_SECURE_PORT_ENABLED)) params.add(name, ldapConfig.getString(name, "Constants.FALSE")); - else + else params.add(name, ldapConfig.getString(name, "")); } sendResponse(SUCCESS, null, params, resp); @@ -1143,8 +1194,8 @@ public final class CMSAdminServlet extends AdminServlet { * Modifies SMTP configuration. */ private void modifySMTPConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { // XXX IConfigStore sConfig = mConfig.getSubStore(PROP_SMTP); @@ -1157,7 +1208,7 @@ public final class CMSAdminServlet extends AdminServlet { if (port != null) sConfig.putString("port", port); - + commit(true); sendResponse(SUCCESS, null, null, resp); @@ -1166,18 +1217,22 @@ public final class CMSAdminServlet extends AdminServlet { /** * Reads SMTP configuration. */ - private void readSMTPConfig(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private void readSMTPConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { IConfigStore dbConfig = mConfig.getSubStore(PROP_SMTP); NameValuePairs params = new NameValuePairs(); - params.add(Constants.PR_SERVER_NAME, dbConfig.getString("host")); - params.add(Constants.PR_PORT, dbConfig.getString("port")); + params.add(Constants.PR_SERVER_NAME, + dbConfig.getString("host")); + params.add(Constants.PR_PORT, + dbConfig.getString("port")); sendResponse(SUCCESS, null, params, resp); } - private void loggedInToken(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private void loggedInToken(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { Enumeration enum1 = req.getParameterNames(); String tokenName = ""; String pwd = ""; @@ -1193,8 +1248,8 @@ public final class CMSAdminServlet extends AdminServlet { } } - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); jssSubSystem.loggedInToken(tokenName, pwd); @@ -1204,8 +1259,8 @@ public final class CMSAdminServlet extends AdminServlet { } private void checkTokenStatus(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { Enumeration enum1 = req.getParameterNames(); String key = ""; String value = ""; @@ -1218,8 +1273,8 @@ public final class CMSAdminServlet extends AdminServlet { } } - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); boolean status = jssSubSystem.isTokenLoggedIn(value); NameValuePairs params = new NameValuePairs(); @@ -1232,18 +1287,18 @@ public final class CMSAdminServlet extends AdminServlet { /** * Retrieve a certificate request * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC used when * asymmetric keys are generated * </ul> - * * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException failed to retrieve certificate request */ - private void getCertRequest(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private void getCertRequest(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditPublicKey = ILogger.SIGNED_AUDIT_EMPTY_VALUE; @@ -1291,11 +1346,11 @@ public final class CMSAdminServlet extends AdminServlet { } } - pathname = mConfig.getString("instanceRoot", "") + File.separator - + "conf" + File.separator; + pathname = mConfig.getString("instanceRoot", "") + + File.separator + "conf" + File.separator; dir = pathname; - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); KeyPair keypair = null; PQGParams pqgParams = null; @@ -1321,8 +1376,10 @@ public final class CMSAdminServlet extends AdminServlet { if (nickname.equals("")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC, - auditSubjectID, ILogger.FAILURE, auditPublicKey); + LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC, + auditSubjectID, + ILogger.FAILURE, + auditPublicKey); audit(auditMessage); @@ -1333,13 +1390,11 @@ public final class CMSAdminServlet extends AdminServlet { } else { if (keyType.equals("ECC")) { // get ECC keypair - keypair = jssSubSystem.getECCKeyPair(tokenName, - keyCurveName, certType); - } else { // DSA or RSA + keypair = jssSubSystem.getECCKeyPair(tokenName, keyCurveName, certType); + } else { //DSA or RSA if (keyType.equals("DSA")) - pqgParams = jssSubSystem.getPQG(keyLength); - keypair = jssSubSystem.getKeyPair(tokenName, keyType, - keyLength, pqgParams); + pqgParams = jssSubSystem.getPQG(keyLength); + keypair = jssSubSystem.getKeyPair(tokenName, keyType, keyLength, pqgParams); } } @@ -1384,8 +1439,10 @@ public final class CMSAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC, auditSubjectID, - ILogger.SUCCESS, auditPublicKey); + LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC, + auditSubjectID, + ILogger.SUCCESS, + auditPublicKey); audit(auditMessage); @@ -1394,8 +1451,10 @@ public final class CMSAdminServlet extends AdminServlet { } catch (EBaseException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC, auditSubjectID, - ILogger.FAILURE, auditPublicKey); + LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC, + auditSubjectID, + ILogger.FAILURE, + auditPublicKey); audit(auditMessage); @@ -1404,32 +1463,34 @@ public final class CMSAdminServlet extends AdminServlet { } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC, auditSubjectID, - ILogger.FAILURE, auditPublicKey); + LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC, + auditSubjectID, + ILogger.FAILURE, + auditPublicKey); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; - // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC, - // auditSubjectID, - // ILogger.FAILURE, - // auditPublicKey ); - // - // audit( auditMessage ); - // - // // rethrow the specific exception to be handled later - // throw eAudit3; - } - } - - private void setCANewnickname(String tokenName, String nickname) - throws EBaseException { - ICertificateAuthority ca = (ICertificateAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_CA); + // } catch( ServletException eAudit3 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC, + // auditSubjectID, + // ILogger.FAILURE, + // auditPublicKey ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit3; + } + } + + private void setCANewnickname(String tokenName, String nickname) + throws EBaseException { + ICertificateAuthority ca = (ICertificateAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getSigningUnit(); if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) @@ -1443,17 +1504,17 @@ public final class CMSAdminServlet extends AdminServlet { } private String getCANewnickname() throws EBaseException { - ICertificateAuthority ca = (ICertificateAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_CA); + ICertificateAuthority ca = (ICertificateAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getSigningUnit(); - return signingUnit.getNewNickName(); + return signingUnit.getNewNickName(); } private void setRANewnickname(String tokenName, String nickname) - throws EBaseException { - IRegistrationAuthority ra = (IRegistrationAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_RA); + throws EBaseException { + IRegistrationAuthority ra = (IRegistrationAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_RA); if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) ra.setNewNickName(nickname); @@ -1466,16 +1527,15 @@ public final class CMSAdminServlet extends AdminServlet { } private String getRANewnickname() throws EBaseException { - IRegistrationAuthority ra = (IRegistrationAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_RA); + IRegistrationAuthority ra = (IRegistrationAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_RA); return ra.getNewNickName(); } private void setOCSPNewnickname(String tokenName, String nickname) - throws EBaseException { - IOCSPAuthority ocsp = (IOCSPAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_OCSP); + throws EBaseException { + IOCSPAuthority ocsp = (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP); if (ocsp != null) { ISigningUnit signingUnit = ocsp.getSigningUnit(); @@ -1489,8 +1549,8 @@ public final class CMSAdminServlet extends AdminServlet { signingUnit.setNewNickName(tokenName + ":" + nickname); } } else { - ICertificateAuthority ca = (ICertificateAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_CA); + ICertificateAuthority ca = (ICertificateAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getOCSPSigningUnit(); if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) @@ -1505,26 +1565,25 @@ public final class CMSAdminServlet extends AdminServlet { } private String getOCSPNewnickname() throws EBaseException { - IOCSPAuthority ocsp = (IOCSPAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_OCSP); + IOCSPAuthority ocsp = (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP); if (ocsp != null) { ISigningUnit signingUnit = ocsp.getSigningUnit(); - return signingUnit.getNewNickName(); + return signingUnit.getNewNickName(); } else { - ICertificateAuthority ca = (ICertificateAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_CA); + ICertificateAuthority ca = (ICertificateAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getOCSPSigningUnit(); - return signingUnit.getNewNickName(); + return signingUnit.getNewNickName(); } } - private void setKRANewnickname(String tokenName, String nickname) - throws EBaseException { - IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_KRA); + private void setKRANewnickname(String tokenName, String nickname) + throws EBaseException { + IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_KRA); if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) kra.setNewNickName(nickname); @@ -1537,81 +1596,87 @@ public final class CMSAdminServlet extends AdminServlet { } private String getKRANewnickname() throws EBaseException { - IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_KRA); + IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA); return kra.getNewNickName(); } - private void setRADMNewnickname(String tokenName, String nickName) - throws EBaseException { + private void setRADMNewnickname(String tokenName, String nickName) + throws EBaseException { CMS.setServerCertNickname(tokenName, nickName); /* - * RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance(); - * HTTPService httpsService = raAdmin.getHttpsService(); if - * (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) - * httpsService.setNewNickName(nickName); else { if - * (tokenName.equals("") && nickName.equals("")) - * httpsService.setNewNickName(""); else - * httpsService.setNewNickName(tokenName+":"+nickName); } + RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance(); + HTTPService httpsService = raAdmin.getHttpsService(); + if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) + httpsService.setNewNickName(nickName); + else { + if (tokenName.equals("") && nickName.equals("")) + httpsService.setNewNickName(""); + else + httpsService.setNewNickName(tokenName+":"+nickName); + } */ } - private String getRADMNewnickname() throws EBaseException { + private String getRADMNewnickname() + throws EBaseException { // assuming the nickname does not change. return CMS.getServerCertNickname(); /* - * RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance(); - * HTTPService httpsService = raAdmin.getHttpsService(); return - * httpsService.getNewNickName(); + RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance(); + HTTPService httpsService = raAdmin.getHttpsService(); + return httpsService.getNewNickName(); */ } private void setAgentNewnickname(String tokenName, String nickName) - throws EBaseException { + throws EBaseException { CMS.setServerCertNickname(tokenName, nickName); /* - * AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID); - * HTTPService httpsService = gateway.getHttpsService(); if - * (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) - * httpsService.setNewNickName(nickName); else { if - * (tokenName.equals("") && nickName.equals("")) - * httpsService.setNewNickName(""); else - * httpsService.setNewNickName(tokenName+":"+nickName); } + AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID); + HTTPService httpsService = gateway.getHttpsService(); + if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) + httpsService.setNewNickName(nickName); + else { + if (tokenName.equals("") && nickName.equals("")) + httpsService.setNewNickName(""); + else + httpsService.setNewNickName(tokenName+":"+nickName); + } */ } - private String getAgentNewnickname() throws EBaseException { + private String getAgentNewnickname() + throws EBaseException { // assuming the nickname does not change. return CMS.getServerCertNickname(); /* - * AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID); - * HTTPService httpsService = gateway.getHttpsService(); return - * httpsService.getNewNickName(); + AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID); + HTTPService httpsService = gateway.getHttpsService(); + return httpsService.getNewNickName(); */ } /** * Issue import certificate * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when - * "Certificate Setup Wizard" is used to import CA certs into the + * "Certificate Setup Wizard" is used to import CA certs into the * certificate database * </ul> - * * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException failed to issue an import certificate */ private void issueImportCert(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1635,9 +1700,9 @@ public final class CMSAdminServlet extends AdminServlet { String key = (String) enum1.nextElement(); String value = req.getParameter(key); - if (key.equals("pathname")) { + if (key.equals("pathname")) { configPath = mConfig.getString("instanceRoot", "") - + File.separator + "conf" + File.separator; + + File.separator + "conf" + File.separator; pathname = configPath + value; } else { if (key.equals(Constants.PR_TOKEN_NAME)) @@ -1648,17 +1713,17 @@ public final class CMSAdminServlet extends AdminServlet { String certType = (String) properties.get(Constants.RS_ID); - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); - IDBSubsystem dbs = (IDBSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_DBS); - ICertificateAuthority ca = (ICertificateAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_CA); - ICertificateRepository repository = (ICertificateRepository) ca - .getCertificateRepository(); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + IDBSubsystem dbs = (IDBSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_DBS); + ICertificateAuthority ca = (ICertificateAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_CA); + ICertificateRepository repository = + (ICertificateRepository) ca.getCertificateRepository(); ISigningUnit signingUnit = ca.getSigningUnit(); String oldtokenname = null; - // this is the old nick name + //this is the old nick name String nickname = getNickname(certType); String nicknameWithoutTokenName = ""; String oldcatokenname = signingUnit.getTokenName(); @@ -1676,13 +1741,15 @@ public final class CMSAdminServlet extends AdminServlet { } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - throw new EBaseException( - CMS.getLogMessage("BASE_CERT_NOT_FOUND")); + throw new + EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND")); } if (newtokenname == null) @@ -1695,34 +1762,39 @@ public final class CMSAdminServlet extends AdminServlet { } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - throw new EBaseException( - CMS.getLogMessage("BASE_CERT_NOT_FOUND")); + throw new + EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND")); } - // xxx renew ca ,use old issuer? - properties.setIssuerName(jssSubSystem.getCertSubjectName( - oldcatokenname, canicknameWithoutTokenName)); + //xxx renew ca ,use old issuer? + properties.setIssuerName( + jssSubSystem.getCertSubjectName(oldcatokenname, + canicknameWithoutTokenName)); KeyPair pair = null; if (nickname.equals("")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - throw new EBaseException( - CMS.getLogMessage("BASE_CERT_NOT_FOUND")); + throw new + EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND")); } - // xxx set to old nickname? + //xxx set to old nickname? properties.setCertNickname(nickname); if (!certType.equals(Constants.PR_CA_SIGNING_CERT)) { CertificateExtensions exts = jssSubSystem.getExtensions( @@ -1743,25 +1815,25 @@ public final class CMSAdminServlet extends AdminServlet { defaultOCSPSigningAlg = properties.getHashType(); } } - + // create a new CA certificate or ssl server cert - if (properties.getKeyCurveName() != null) { // new ECC + if (properties.getKeyCurveName() != null) { //new ECC CMS.debug("CMSAdminServlet: issueImportCert: generating ECC keys"); pair = jssSubSystem.getECCKeyPair(properties); - if (certType.equals(Constants.PR_CA_SIGNING_CERT)) + if (certType.equals(Constants.PR_CA_SIGNING_CERT)) caKeyPair = pair; - } else if (properties.getKeyLength() != null) { // new RSA or DSA + } else if (properties.getKeyLength() != null) { //new RSA or DSA keyType = properties.getKeyType(); String keyLen = properties.getKeyLength(); PQGParams pqgParams = null; if (keyType.equals("DSA")) { pqgParams = jssSubSystem.getCAPQG(Integer.parseInt(keyLen), - mConfig); - // properties.put(Constants.PR_PQGPARAMS, pqgParams); + mConfig); + //properties.put(Constants.PR_PQGPARAMS, pqgParams); } pair = jssSubSystem.getKeyPair(properties); - if (certType.equals(Constants.PR_CA_SIGNING_CERT)) + if (certType.equals(Constants.PR_CA_SIGNING_CERT)) caKeyPair = pair; // renew the CA certificate or ssl server cert } else { @@ -1774,12 +1846,11 @@ public final class CMSAdminServlet extends AdminServlet { } /* - * String alg = jssSubSystem.getSignatureAlgorithm(nickname); - * SignatureAlgorithm sigAlg = - * SigningUnit.mapAlgorithmToJss(alg); - * properties.setSignatureAlgorithm(sigAlg); - * properties.setAlgorithmId( jssSubSystem.getAlgorithmId(alg, - * mConfig)); + String alg = jssSubSystem.getSignatureAlgorithm(nickname); + SignatureAlgorithm sigAlg = SigningUnit.mapAlgorithmToJss(alg); + properties.setSignatureAlgorithm(sigAlg); + properties.setAlgorithmId( + jssSubSystem.getAlgorithmId(alg, mConfig)); */ } @@ -1792,11 +1863,10 @@ public final class CMSAdminServlet extends AdminServlet { // value provided for signedBy SignatureAlgorithm sigAlg = Cert.mapAlgorithmToJss(alg); properties.setSignatureAlgorithm(sigAlg); - properties.setAlgorithmId(jssSubSystem.getAlgorithmId(alg, - mConfig)); + properties.setAlgorithmId(jssSubSystem.getAlgorithmId(alg, mConfig)); } - if (pair == null) + if (pair == null) CMS.debug("CMSAdminServlet: issueImportCert: key pair is null"); BigInteger nextSerialNo = repository.getNextSerialNumber(); @@ -1804,40 +1874,42 @@ public final class CMSAdminServlet extends AdminServlet { properties.setSerialNumber(nextSerialNo); properties.setKeyPair(pair); properties.setConfigFile(mConfig); - // properties.put(Constants.PR_CA_KEYPAIR, pair); + // properties.put(Constants.PR_CA_KEYPAIR, pair); properties.put(Constants.PR_CA_KEYPAIR, caKeyPair); - X509CertImpl signedCert = jssSubSystem.getSignedCert(properties, - certType, caKeyPair.getPrivate()); + X509CertImpl signedCert = + jssSubSystem.getSignedCert(properties, certType, + caKeyPair.getPrivate()); - if (signedCert == null) - CMS.debug("CMSAdminServlet: issueImportCert: signedCert is null"); + if (signedCert == null) + CMS.debug("CMSAdminServlet: issueImportCert: signedCert is null"); - /* - * bug 600124 try { jssSubSystem.deleteTokenCertificate(nickname, - * pathname); } catch (Throwable e) { //skip it } + /* bug 600124 + try { + jssSubSystem.deleteTokenCertificate(nickname, pathname); + } catch (Throwable e) { + //skip it + } */ boolean nicknameChanged = false; - // xxx import cert with nickname without token name? - // jss adds the token prefix!!! - // log(ILogger.LL_DEBUG,"import as alias"+ - // nicknameWithoutTokenName); + //xxx import cert with nickname without token name? + //jss adds the token prefix!!! + //log(ILogger.LL_DEBUG,"import as alias"+ nicknameWithoutTokenName); try { - CMS.debug("CMSAdminServlet: issueImportCert: Importing cert: " - + nicknameWithoutTokenName); + CMS.debug("CMSAdminServlet: issueImportCert: Importing cert: " + nicknameWithoutTokenName); jssSubSystem.importCert(signedCert, nicknameWithoutTokenName, - certType); + certType); } catch (EBaseException e) { // if it fails, let use a different nickname to try - Date now = new Date(); - String newNickname = nicknameWithoutTokenName + "-" - + now.getTime(); + Date now = new Date(); + String newNickname = nicknameWithoutTokenName + + "-" + now.getTime(); - CMS.debug("CMSAdminServlet: issueImportCert: Importing cert with nickname: " - + newNickname); - jssSubSystem.importCert(signedCert, newNickname, certType); + CMS.debug("CMSAdminServlet: issueImportCert: Importing cert with nickname: " + newNickname); + jssSubSystem.importCert(signedCert, newNickname, + certType); nicknameWithoutTokenName = newNickname; nicknameChanged = true; if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { @@ -1848,26 +1920,28 @@ public final class CMSAdminServlet extends AdminServlet { } ICertRecord certRecord = repository.createCertRecord( - signedCert.getSerialNumber(), signedCert, null); + signedCert.getSerialNumber(), + signedCert, null); repository.addCertificateRecord(certRecord); if (certType.equals(Constants.PR_CA_SIGNING_CERT)) { try { - X509CertInfo certInfo = (X509CertInfo) signedCert - .get(X509CertImpl.NAME + "." + X509CertImpl.INFO); - CertificateExtensions extensions = (CertificateExtensions) certInfo - .get(X509CertInfo.EXTENSIONS); + X509CertInfo certInfo = (X509CertInfo) signedCert.get( + X509CertImpl.NAME + "." + X509CertImpl.INFO); + CertificateExtensions extensions = (CertificateExtensions) + certInfo.get(X509CertInfo.EXTENSIONS); if (extensions != null) { - BasicConstraintsExtension basic = (BasicConstraintsExtension) extensions - .get(BasicConstraintsExtension.NAME); + BasicConstraintsExtension basic = + (BasicConstraintsExtension) + extensions.get(BasicConstraintsExtension.NAME); if (basic == null) log(CMS.getLogMessage("ADMIN_SRVLT_BASIC_CONSTRAIN_NULL")); else { - Integer pathlen = (Integer) basic - .get(BasicConstraintsExtension.PATH_LEN); + Integer pathlen = (Integer) + basic.get(BasicConstraintsExtension.PATH_LEN); int num = pathlen.intValue(); if (num == 0) @@ -1884,32 +1958,34 @@ public final class CMSAdminServlet extends AdminServlet { } } - CMS.debug("CMSAdminServlet: oldtoken:" + oldtokenname + CMS.debug("CMSAdminServlet: oldtoken:" + oldtokenname + " newtoken:" + newtokenname + " nickname:" + nickname); - if ((newtokenname != null && !newtokenname.equals(oldtokenname)) - || nicknameChanged) { + if ((newtokenname != null && + !newtokenname.equals(oldtokenname)) || nicknameChanged) { if (certType.equals(Constants.PR_CA_SIGNING_CERT)) { if (newtokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { signingUnit.updateConfig(nicknameWithoutTokenName, - newtokenname); + newtokenname); } else { - signingUnit.updateConfig(newtokenname + ":" - + nicknameWithoutTokenName, newtokenname); + signingUnit.updateConfig(newtokenname + ":" + + nicknameWithoutTokenName, + newtokenname); } - } else if (certType.equals(Constants.PR_SERVER_CERT)) { + } else if (certType.equals(Constants.PR_SERVER_CERT)) { if (newtokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { nickname = nicknameWithoutTokenName; } else { nickname = newtokenname + ":" - + nicknameWithoutTokenName; + + nicknameWithoutTokenName; } - // setRADMNewnickname("",""); - // modifyRADMCert(nickname); + //setRADMNewnickname("",""); + //modifyRADMCert(nickname); modifyAgentGatewayCert(nickname); if (isSubsystemInstalled("ra")) { - IRegistrationAuthority ra = (IRegistrationAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_RA); + IRegistrationAuthority ra = + (IRegistrationAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_RA); modifyEEGatewayCert(ra, nickname); } @@ -1921,28 +1997,28 @@ public final class CMSAdminServlet extends AdminServlet { nickname = nicknameWithoutTokenName; } else { nickname = newtokenname + ":" - + nicknameWithoutTokenName; + + nicknameWithoutTokenName; } modifyRADMCert(nickname); } else if (certType.equals(Constants.PR_OCSP_SIGNING_CERT)) { - if (ca != null) { + if (ca != null) { ISigningUnit ocspSigningUnit = ca.getOCSPSigningUnit(); - if (newtokenname - .equals(Constants.PR_INTERNAL_TOKEN_NAME)) { + if (newtokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { ocspSigningUnit.updateConfig( - nicknameWithoutTokenName, newtokenname); + nicknameWithoutTokenName, newtokenname); } else { - ocspSigningUnit.updateConfig(newtokenname + ":" - + nicknameWithoutTokenName, newtokenname); + ocspSigningUnit.updateConfig(newtokenname + ":" + + nicknameWithoutTokenName, + newtokenname); } } } } - + // set signing algorithms if needed - if (certType.equals(Constants.PR_CA_SIGNING_CERT)) + if (certType.equals(Constants.PR_CA_SIGNING_CERT)) signingUnit.setDefaultAlgorithm(defaultSigningAlg); if (defaultOCSPSigningAlg != null) { @@ -1955,50 +2031,54 @@ public final class CMSAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); mConfig.commit(true); sendResponse(SUCCESS, null, null, resp); } catch (EBaseException eAudit1) { - CMS.debug("CMSAdminServlet: issueImportCert: EBaseException thrown: " - + eAudit1.toString()); + CMS.debug("CMSAdminServlet: issueImportCert: EBaseException thrown: " + eAudit1.toString()); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit1; } catch (IOException eAudit2) { - CMS.debug("CMSAdminServlet: issueImportCert: IOException thrown: " - + eAudit2.toString()); + CMS.debug("CMSAdminServlet: issueImportCert: IOException thrown: " + eAudit2.toString()); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; - // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); - // - // audit( auditMessage ); - // - // // rethrow the specific exception to be handled later - // throw eAudit3; - } + // } catch( ServletException eAudit3 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit3; + } } private String getDefaultSigningAlg(String keyType, String messageDigest) { @@ -2007,7 +2087,7 @@ public final class CMSAdminServlet extends AdminServlet { return "MD2withRSA"; } else if (messageDigest.equals("MD5")) { return "MD5withRSA"; - } else if (messageDigest.equals("SHA1")) { + } else if (messageDigest.equals("SHA1")) { return "SHA1withRSA"; } else if (messageDigest.equals("SHA256")) { return "SHA256withRSA"; @@ -2018,7 +2098,7 @@ public final class CMSAdminServlet extends AdminServlet { if (messageDigest.equals("SHA1")) { return "SHA1withDSA"; } - } else /* EC */{ + } else /* EC */ { if (messageDigest.equals("SHA1")) { return "SHA1withEC"; } else if (messageDigest.equals("SHA256")) { @@ -2032,31 +2112,32 @@ public final class CMSAdminServlet extends AdminServlet { return null; } - private void updateCASignature(String nickname, KeyCertData properties, - ICryptoSubsystem jssSubSystem) throws EBaseException { + private void updateCASignature(String nickname, KeyCertData properties, + ICryptoSubsystem jssSubSystem) throws EBaseException { String alg = jssSubSystem.getSignatureAlgorithm(nickname); SignatureAlgorithm sigAlg = Cert.mapAlgorithmToJss(alg); properties.setSignatureAlgorithm(sigAlg); - properties.setAlgorithmId(jssSubSystem.getAlgorithmId(alg, mConfig)); + properties.setAlgorithmId( + jssSubSystem.getAlgorithmId(alg, mConfig)); } /** * Install certificates * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when - * "Certificate Setup Wizard" is used to import CA certs into the + * "Certificate Setup Wizard" is used to import CA certs into the * certificate database * </ul> - * * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException failed to install a certificate */ - private void installCert(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private void installCert(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -2077,30 +2158,31 @@ public final class CMSAdminServlet extends AdminServlet { String key = (String) enum1.nextElement(); String value = req.getParameter(key); - if (key.equals(Constants.PR_PKCS10)) + if (key.equals(Constants.PR_PKCS10)) pkcs = value; else if (key.equals(Constants.RS_ID)) certType = value; else if (key.equals(Constants.PR_NICKNAME)) nickname = value; - else if (key.equals("pathname")) + else if (key.equals("pathname")) pathname = value; else if (key.equals(Constants.PR_SERVER_ROOT)) serverRoot = value; - else if (key.equals(Constants.PR_SERVER_ID)) + else if (key.equals(Constants.PR_SERVER_ID)) serverID = value; - else if (key.equals(Constants.PR_CERT_FILEPATH)) + else if (key.equals(Constants.PR_CERT_FILEPATH)) certpath = value; } - + try { if (pkcs == null || pkcs.equals("")) { if (certpath == null || certpath.equals("")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -2110,8 +2192,8 @@ public final class CMSAdminServlet extends AdminServlet { throw ex; } else { FileInputStream in = new FileInputStream(certpath); - BufferedReader d = new BufferedReader( - new InputStreamReader(in)); + BufferedReader d = + new BufferedReader(new InputStreamReader(in)); String content = ""; pkcs = ""; @@ -2131,22 +2213,24 @@ public final class CMSAdminServlet extends AdminServlet { } catch (IOException ee) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); throw new EBaseException( - CMS.getLogMessage("BASE_OPEN_FILE_FAILED")); + CMS.getLogMessage("BASE_OPEN_FILE_FAILED")); } pkcs = pkcs.trim(); - pathname = serverRoot + File.separator + serverID + File.separator - + "config" + File.separator + pathname; + pathname = serverRoot + File.separator + serverID + + File.separator + "config" + File.separator + pathname; - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); - // String nickname = getNickname(certType); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + //String nickname = getNickname(certType); String nicknameWithoutTokenName = ""; int index = nickname.indexOf(":"); @@ -2159,93 +2243,98 @@ public final class CMSAdminServlet extends AdminServlet { } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); throw new EBaseException( - CMS.getLogMessage("BASE_CERT_NOT_FOUND")); + CMS.getLogMessage("BASE_CERT_NOT_FOUND")); } /* - * if (certType.equals(Constants.PR_CA_SIGNING_CERT) || - * certType.equals(Constants.PR_RA_SIGNING_CERT) || - * certType.equals(Constants.PR_OCSP_SIGNING_CERT) || - * certType.equals(Constants.PR_KRA_TRANSPORT_CERT) || - * certType.equals(Constants.PR_SERVER_CERT) || - * certType.equals(Constants.PR_SERVER_CERT_RADM)) { String - * oldnickname = getNickname(certType); try { - * jssSubsystem.deleteTokenCertificate(oldnickname, pathname); - * //jssSubsystem.deleteTokenCertificate(nickname, pathname); } - * catch (EBaseException e) { // skip it } } else { try { - * jssSubsystem.deleteTokenCertificate(nickname, pathname); } catch - * (EBaseException e) { // skip it } } - */ + if (certType.equals(Constants.PR_CA_SIGNING_CERT) || + certType.equals(Constants.PR_RA_SIGNING_CERT) || + certType.equals(Constants.PR_OCSP_SIGNING_CERT) || + certType.equals(Constants.PR_KRA_TRANSPORT_CERT) || + certType.equals(Constants.PR_SERVER_CERT) || + certType.equals(Constants.PR_SERVER_CERT_RADM)) { + String oldnickname = getNickname(certType); + try { + jssSubsystem.deleteTokenCertificate(oldnickname, + pathname); + //jssSubsystem.deleteTokenCertificate(nickname, + pathname); + } catch (EBaseException e) { + // skip it + } + } else { + try { + jssSubsystem.deleteTokenCertificate(nickname, pathname); + } catch (EBaseException e) { + // skip it + } + } + */ // 600124 - renewal of SSL crash the server // we now do not delete previously installed certificates. - // Same Subject | Same Nickname | Same Key | Legal - // ----------------------------------------------------------- - // 1. Yes Yes No Yes - // 2. Yes Yes Yes Yes - // 3. No No Yes Yes - // 4. No No No Yes - // 5. No Yes Yes No - // 6. No Yes No No - // 7. Yes No Yes No - // 8. Yes No No No + // Same Subject | Same Nickname | Same Key | Legal + // ----------------------------------------------------------- + // 1. Yes Yes No Yes + // 2. Yes Yes Yes Yes + // 3. No No Yes Yes + // 4. No No No Yes + // 5. No Yes Yes No + // 6. No Yes No No + // 7. Yes No Yes No + // 8. Yes No No No // Based on above table, the following cases are permitted: // Existing Key: - // (a) Same Subject & Same Nickname --- (2) - // (b) Different Subject & Different Nickname --- (3) - // (In order to support Case b., we need to use a different - // nickname). + // (a) Same Subject & Same Nickname --- (2) + // (b) Different Subject & Different Nickname --- (3) + // (In order to support Case b., we need to use a different + // nickname). // New Key: - // (c) Same Subject & Same Nickname --- (1) - // (d) Different Subject & Different Nickname --- (4) - // (In order to support Case b., we need to use a different - // nickname). + // (c) Same Subject & Same Nickname --- (1) + // (d) Different Subject & Different Nickname --- (4) + // (In order to support Case b., we need to use a different + // nickname). // - CMS.debug("CMSAdminServlet.installCert(): About to try jssSubSystem.importCert: " - + nicknameWithoutTokenName); + CMS.debug("CMSAdminServlet.installCert(): About to try jssSubSystem.importCert: "+ nicknameWithoutTokenName); try { - jssSubSystem.importCert(pkcs, nicknameWithoutTokenName, - certType); + jssSubSystem.importCert(pkcs, nicknameWithoutTokenName, + certType); } catch (EBaseException e) { boolean certFound = false; String eString = e.toString(); - if (eString - .contains("Failed to find certificate that was just imported")) { - CMS.debug("CMSAdminServlet.installCert(): nickname=" - + nicknameWithoutTokenName + " TokenException: " - + eString); + if(eString.contains("Failed to find certificate that was just imported")) { + CMS.debug("CMSAdminServlet.installCert(): nickname="+nicknameWithoutTokenName + " TokenException: " + eString); X509Certificate cert = null; try { - cert = CryptoManager.getInstance().findCertByNickname( - nickname); + cert = CryptoManager.getInstance().findCertByNickname(nickname); if (cert != null) { certFound = true; } - CMS.debug("CMSAdminServlet.installCert() Found cert just imported: " - + nickname); + CMS.debug("CMSAdminServlet.installCert() Found cert just imported: " + nickname); } catch (Exception ex) { - CMS.debug("CMSAdminServlet.installCert() Can't find cert just imported: " - + ex.toString()); + CMS.debug("CMSAdminServlet.installCert() Can't find cert just imported: " + ex.toString()); } - } + } if (!certFound) { // if it fails, let use a different nickname to try - Date now = new Date(); - String newNickname = nicknameWithoutTokenName + "-" - + now.getTime(); + Date now = new Date(); + String newNickname = nicknameWithoutTokenName + "-" + + now.getTime(); jssSubSystem.importCert(pkcs, newNickname, certType); nicknameWithoutTokenName = newNickname; @@ -2254,17 +2343,16 @@ public final class CMSAdminServlet extends AdminServlet { } else { nickname = tokenName + ":" + newNickname; } - CMS.debug("CMSAdminServlet: installCert(): After second install attempt following initial error: nickname=" - + nickname); - } + CMS.debug("CMSAdminServlet: installCert(): After second install attempt following initial error: nickname="+nickname); + } } if (certType.equals(Constants.PR_CA_SIGNING_CERT)) { - ICertificateAuthority ca = (ICertificateAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_CA); + ICertificateAuthority ca = + (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getSigningUnit(); - String signatureAlg = jssSubSystem - .getSignatureAlgorithm(nickname); + String signatureAlg = + jssSubSystem.getSignatureAlgorithm(nickname); signingUnit.setDefaultAlgorithm(signatureAlg); setCANewnickname("", ""); @@ -2273,25 +2361,26 @@ public final class CMSAdminServlet extends AdminServlet { if (nickname.equals(nicknameWithoutTokenName)) { signingUnit.updateConfig(nickname, - Constants.PR_INTERNAL_TOKEN_NAME); + Constants.PR_INTERNAL_TOKEN_NAME); extensions = jssSubSystem.getExtensions( - Constants.PR_INTERNAL_TOKEN_NAME, nickname); + Constants.PR_INTERNAL_TOKEN_NAME, nickname); } else { String tokenname1 = nickname.substring(0, index); signingUnit.updateConfig(nickname, tokenname1); extensions = jssSubSystem.getExtensions(tokenname1, - nicknameWithoutTokenName); + nicknameWithoutTokenName); } if (extensions != null) { - BasicConstraintsExtension basic = (BasicConstraintsExtension) extensions - .get(BasicConstraintsExtension.NAME); + BasicConstraintsExtension basic = + (BasicConstraintsExtension) + extensions.get(BasicConstraintsExtension.NAME); if (basic == null) log(CMS.getLogMessage("ADMIN_SRVLT_BASIC_CONSTRAIN_NULL")); else { - Integer pathlen = (Integer) basic - .get(BasicConstraintsExtension.PATH_LEN); + Integer pathlen = (Integer) + basic.get(BasicConstraintsExtension.PATH_LEN); int num = pathlen.intValue(); if (num == 0) @@ -2309,34 +2398,35 @@ public final class CMSAdminServlet extends AdminServlet { } } else if (certType.equals(Constants.PR_RA_SIGNING_CERT)) { setRANewnickname("", ""); - IRegistrationAuthority ra = (IRegistrationAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_RA); + IRegistrationAuthority ra = + (IRegistrationAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_RA); ra.setNickname(nickname); } else if (certType.equals(Constants.PR_OCSP_SIGNING_CERT)) { setOCSPNewnickname("", ""); - IOCSPAuthority ocsp = (IOCSPAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_OCSP); + IOCSPAuthority ocsp = + (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP); if (ocsp != null) { ISigningUnit signingUnit = ocsp.getSigningUnit(); if (nickname.equals(nicknameWithoutTokenName)) { signingUnit.updateConfig(nickname, - Constants.PR_INTERNAL_TOKEN_NAME); + Constants.PR_INTERNAL_TOKEN_NAME); } else { String tokenname1 = nickname.substring(0, index); signingUnit.updateConfig(nickname, tokenname1); } - } else { - ICertificateAuthority ca = (ICertificateAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_CA); + } else { + ICertificateAuthority ca = + (ICertificateAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getOCSPSigningUnit(); if (nickname.equals(nicknameWithoutTokenName)) { signingUnit.updateConfig(nickname, - Constants.PR_INTERNAL_TOKEN_NAME); + Constants.PR_INTERNAL_TOKEN_NAME); } else { String tokenname1 = nickname.substring(0, index); @@ -2345,23 +2435,25 @@ public final class CMSAdminServlet extends AdminServlet { } } else if (certType.equals(Constants.PR_KRA_TRANSPORT_CERT)) { setKRANewnickname("", ""); - IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_KRA); + IKeyRecoveryAuthority kra = + (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA); kra.setNickname(nickname); } else if (certType.equals(Constants.PR_SERVER_CERT)) { setAgentNewnickname("", ""); - // modifyRADMCert(nickname); + //modifyRADMCert(nickname); modifyAgentGatewayCert(nickname); if (isSubsystemInstalled("ra")) { - IRegistrationAuthority ra = (IRegistrationAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_RA); + IRegistrationAuthority ra = + (IRegistrationAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_RA); modifyEEGatewayCert(ra, nickname); } if (isSubsystemInstalled("ca")) { - ICertificateAuthority ca = (ICertificateAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_CA); + ICertificateAuthority ca = + (ICertificateAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_CA); modifyCAGatewayCert(ca, nickname); } @@ -2372,41 +2464,47 @@ public final class CMSAdminServlet extends AdminServlet { boolean verified = CMS.verifySystemCertByNickname(nickname, null); if (verified == true) { - CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() succeeded:" - + nickname); + CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() succeeded:"+ nickname); auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, - auditSubjectID, ILogger.SUCCESS, nickname); + auditSubjectID, + ILogger.SUCCESS, + nickname); audit(auditMessage); } else { - CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() failed:" - + nickname); + CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() failed:"+ nickname); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, - auditSubjectID, ILogger.FAILURE, nickname); + LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, + auditSubjectID, + ILogger.FAILURE, + nickname); audit(auditMessage); } // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); mConfig.commit(true); - if (verified == true) { + if(verified == true) { sendResponse(SUCCESS, null, null, resp); } else { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_CERT_VALIDATE_FAILED"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_CERT_VALIDATE_FAILED"), + null, resp); } } catch (EBaseException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -2415,45 +2513,47 @@ public final class CMSAdminServlet extends AdminServlet { } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; - // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); - // - // audit( auditMessage ); - // - // // rethrow the specific exception to be handled later - // throw eAudit3; - } + // } catch( ServletException eAudit3 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit3; + } } /** - * For "importing" cross-signed cert into internal db for further cross pair - * matching and publishing + * For "importing" cross-signed cert into internal db for further + * cross pair matching and publishing * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when * "Certificate Setup Wizard" is used to import a CA cross-signed * certificate into the database * </ul> - * * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException failed to import a cross-certificate pair */ - private void importXCert(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private void importXCert(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -2474,28 +2574,29 @@ public final class CMSAdminServlet extends AdminServlet { String value = req.getParameter(key); // really should be PR_CERT_CONTENT - if (key.equals(Constants.PR_PKCS10)) + if (key.equals(Constants.PR_PKCS10)) b64Cert = value; else if (key.equals(Constants.RS_ID)) certType = value; - else if (key.equals("pathname")) + else if (key.equals("pathname")) pathname = value; else if (key.equals(Constants.PR_SERVER_ROOT)) serverRoot = value; - else if (key.equals(Constants.PR_SERVER_ID)) + else if (key.equals(Constants.PR_SERVER_ID)) serverID = value; - else if (key.equals(Constants.PR_CERT_FILEPATH)) + else if (key.equals(Constants.PR_CERT_FILEPATH)) certpath = value; } - + try { if (b64Cert == null || b64Cert.equals("")) { if (certpath == null || certpath.equals("")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -2505,8 +2606,8 @@ public final class CMSAdminServlet extends AdminServlet { throw ex; } else { FileInputStream in = new FileInputStream(certpath); - BufferedReader d = new BufferedReader( - new InputStreamReader(in)); + BufferedReader d = + new BufferedReader(new InputStreamReader(in)); String content = ""; b64Cert = ""; @@ -2525,13 +2626,15 @@ public final class CMSAdminServlet extends AdminServlet { } catch (IOException ee) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); throw new EBaseException( - CMS.getLogMessage("BASE_OPEN_FILE_FAILED")); + CMS.getLogMessage("BASE_OPEN_FILE_FAILED")); } CMS.debug("CMSAdminServlet: got b64Cert"); b64Cert = Cert.stripBrackets(b64Cert.trim()); @@ -2545,25 +2648,27 @@ public final class CMSAdminServlet extends AdminServlet { CMS.debug("CMSAdminServlet: exception: " + e.toString()); } - pathname = serverRoot + File.separator + serverID + File.separator - + "config" + File.separator + pathname; + pathname = serverRoot + File.separator + serverID + + File.separator + "config" + File.separator + pathname; - ICrossCertPairSubsystem ccps = (ICrossCertPairSubsystem) CMS - .getSubsystem("CrossCertPair"); + ICrossCertPairSubsystem ccps = + (ICrossCertPairSubsystem) CMS.getSubsystem("CrossCertPair"); try { - // this will import into internal ldap crossCerts entry + //this will import into internal ldap crossCerts entry ccps.importCert(bCert); } catch (Exception e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); sendResponse(1, "xcert importing failure:" + e.toString(), - null, resp); + null, resp); return; } @@ -2574,19 +2679,20 @@ public final class CMSAdminServlet extends AdminServlet { } catch (EBaseException e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(1, "xcerts publishing failure:" + e.toString(), - null, resp); + sendResponse(1, "xcerts publishing failure:" + e.toString(), null, resp); return; } - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); - String content = jssSubSystem.getCertPrettyPrint(b64Cert, + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + String content = jssSubSystem.getCertPrettyPrint(b64Cert, super.getLocale(req)); results.add(Constants.PR_NICKNAME, "FBCA cross-signed cert"); @@ -2594,8 +2700,10 @@ public final class CMSAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); @@ -2603,8 +2711,10 @@ public final class CMSAdminServlet extends AdminServlet { } catch (EBaseException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -2613,45 +2723,46 @@ public final class CMSAdminServlet extends AdminServlet { } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; - // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); - // - // audit( auditMessage ); - // - // // rethrow the specific exception to be handled later - // throw eAudit3; - } + // } catch( ServletException eAudit3 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit3; + } } private String getNickname(String certType) throws EBaseException { String nickname = ""; if (certType.equals(Constants.PR_CA_SIGNING_CERT)) { - ICertificateAuthority ca = (ICertificateAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_CA); + ICertificateAuthority ca = + (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getSigningUnit(); nickname = signingUnit.getNickname(); } else if (certType.equals(Constants.PR_OCSP_SIGNING_CERT)) { - IOCSPAuthority ocsp = (IOCSPAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_OCSP); + IOCSPAuthority ocsp = + (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP); if (ocsp == null) { // this is a local CA service - ICertificateAuthority ca = (ICertificateAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_CA); + ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getOCSPSigningUnit(); nickname = signingUnit.getNickname(); @@ -2661,26 +2772,27 @@ public final class CMSAdminServlet extends AdminServlet { nickname = signingUnit.getNickname(); } } else if (certType.equals(Constants.PR_RA_SIGNING_CERT)) { - IRegistrationAuthority ra = (IRegistrationAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_RA); + IRegistrationAuthority ra = + (IRegistrationAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_RA); nickname = ra.getNickname(); } else if (certType.equals(Constants.PR_KRA_TRANSPORT_CERT)) { - IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_KRA); + IKeyRecoveryAuthority kra = + (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA); nickname = kra.getNickname(); } else if (certType.equals(Constants.PR_SERVER_CERT)) { nickname = CMS.getServerCertNickname(); } else if (certType.equals(Constants.PR_SERVER_CERT_RADM)) { nickname = CMS.getServerCertNickname(); - } + } return nickname; } - private void getCertInfo(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private void getCertInfo(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { Enumeration enum1 = req.getParameterNames(); NameValuePairs results = new NameValuePairs(); String pkcs = ""; @@ -2713,8 +2825,8 @@ public final class CMSAdminServlet extends AdminServlet { throw ex; } else { FileInputStream in = new FileInputStream(path); - BufferedReader d = new BufferedReader( - new InputStreamReader(in)); + BufferedReader d = + new BufferedReader(new InputStreamReader(in)); String content = ""; pkcs = ""; @@ -2737,10 +2849,9 @@ public final class CMSAdminServlet extends AdminServlet { pkcs = pkcs.trim(); int totalLen = pkcs.length(); - if (pkcs.indexOf(BEGIN_HEADER) != 0 - || pkcs.indexOf(END_HEADER) != (totalLen - 25)) { - throw (new EBaseException( - CMS.getLogMessage("BASE_INVALID_CERT_FORMAT"))); + if (pkcs.indexOf(BEGIN_HEADER) != 0 || + pkcs.indexOf(END_HEADER) != (totalLen - 25)) { + throw (new EBaseException(CMS.getLogMessage("BASE_INVALID_CERT_FORMAT"))); } String nickname = ""; @@ -2763,25 +2874,25 @@ public final class CMSAdminServlet extends AdminServlet { if (nickname.equals("")) nickname = getNickname(certType); - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); String content = jssSubSystem.getCertPrettyPrint(pkcs, super.getLocale(req)); if (nickname != null && !nickname.equals("")) results.add(Constants.PR_NICKNAME, nickname); results.add(Constants.PR_CERT_CONTENT, content); - // results = jssSubSystem.getCertInfo(value); + //results = jssSubSystem.getCertInfo(value); sendResponse(SUCCESS, null, results, resp); } private void getCertPrettyPrint(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { Enumeration enum1 = req.getParameterNames(); - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); String nickname = ""; String serialno = ""; String issuername = ""; @@ -2801,7 +2912,7 @@ public final class CMSAdminServlet extends AdminServlet { if (key.equals(Constants.PR_NICK_NAME)) { nickname = value; continue; - } + } if (key.equals(Constants.PR_SERIAL_NUMBER)) { serialno = value; continue; @@ -2812,19 +2923,19 @@ public final class CMSAdminServlet extends AdminServlet { } } - String print = jssSubSystem.getCertPrettyPrintAndFingerPrint(nickname, - serialno, issuername, locale); + String print = jssSubSystem.getCertPrettyPrintAndFingerPrint(nickname, + serialno, issuername, locale); pairs.add(nickname, print); sendResponse(SUCCESS, null, pairs, resp); } private void getRootCertTrustBit(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { Enumeration enum1 = req.getParameterNames(); - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); String nickname = ""; String serialno = ""; String issuername = ""; @@ -2855,86 +2966,92 @@ public final class CMSAdminServlet extends AdminServlet { } } - String trustbit = jssSubSystem.getRootCertTrustBit(nickname, serialno, - issuername); + String trustbit = jssSubSystem.getRootCertTrustBit(nickname, + serialno, issuername); pairs.add(nickname, trustbit); sendResponse(SUCCESS, null, pairs, resp); } - private void getCACerts(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + private void getCACerts(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); NameValuePairs pairs = jssSubSystem.getCACerts(); sendResponse(SUCCESS, null, pairs, resp); } - private void deleteRootCert(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private void deleteRootCert(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); int mindex = id.indexOf(":SERIAL#<"); String nickname = id.substring(0, mindex); String sstr1 = id.substring(mindex); int lindex = sstr1.indexOf(">"); String serialno = sstr1.substring(9, lindex); - String issuername = sstr1.substring(lindex + 1); + String issuername = sstr1.substring(lindex+1); jssSubSystem.deleteRootCert(nickname, serialno, issuername); sendResponse(SUCCESS, null, null, resp); } - private void deleteUserCert(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private void deleteUserCert(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); int mindex = id.indexOf(":SERIAL#<"); String nickname = id.substring(0, mindex); String sstr1 = id.substring(mindex); int lindex = sstr1.indexOf(">"); String serialno = sstr1.substring(9, lindex); - String issuername = sstr1.substring(lindex + 1); + String issuername = sstr1.substring(lindex+1); jssSubSystem.deleteUserCert(nickname, serialno, issuername); sendResponse(SUCCESS, null, null, resp); } - private void getRootCerts(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + private void getRootCerts(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); NameValuePairs pairs = jssSubSystem.getRootCerts(); sendResponse(SUCCESS, null, pairs, resp); } private void getAllCertsManage(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); NameValuePairs pairs = jssSubSystem.getAllCertsManage(); sendResponse(SUCCESS, null, pairs, resp); } - private void getUserCerts(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + private void getUserCerts(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); NameValuePairs pairs = jssSubSystem.getUserCerts(); sendResponse(SUCCESS, null, pairs, resp); } - private void deleteCerts(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private void deleteCerts(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { Enumeration enum1 = req.getParameterNames(); - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); String nickname = ""; String date = ""; @@ -2952,18 +3069,18 @@ public final class CMSAdminServlet extends AdminServlet { nickname = value.substring(0, index); date = value.substring(index + 1); - // cant use this one now since jss doesnt have the interface to + // cant use this one now since jss doesnt have the interface to // do it. jssSubSystem.deleteCert(nickname, date); - // jssSubsystem.deleteCACert(nickname, date); + // jssSubsystem.deleteCACert(nickname, date); } sendResponse(SUCCESS, null, null, resp); } private void validateSubjectName(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { Enumeration enum1 = req.getParameterNames(); @@ -2972,19 +3089,19 @@ public final class CMSAdminServlet extends AdminServlet { String value = req.getParameter(key); if (key.equals(Constants.PR_SUBJECT_NAME)) { - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); jssSubSystem.isX500DN(value); } } sendResponse(SUCCESS, null, null, resp); - } + } private void validateKeyLength(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { Enumeration enum1 = req.getParameterNames(); String keyType = "RSA"; String keyLen = "512"; @@ -3003,18 +3120,18 @@ public final class CMSAdminServlet extends AdminServlet { } } int keyLength = Integer.parseInt(keyLen); - int minKey = mConfig.getInteger(ConfigConstants.PR_RSA_MIN_KEYLENGTH, - 512); - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + int minKey = mConfig.getInteger( + ConfigConstants.PR_RSA_MIN_KEYLENGTH, 512); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); // jssSubSystem.checkKeyLength(keyType, keyLength, certType, minKey); sendResponse(SUCCESS, null, null, resp); } private void validateCurveName(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { Enumeration enum1 = req.getParameterNames(); String curveName = null; @@ -3030,22 +3147,21 @@ public final class CMSAdminServlet extends AdminServlet { String curveList = mConfig.getString("keys.ecc.curve.list", "nistp521"); String[] curves = curveList.split(","); boolean match = false; - for (int i = 0; i < curves.length; i++) { + for (int i=0; i<curves.length; i++) { if (curves[i].equals(curveName)) { match = true; } } if (!match) { - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_INVALID_ECC_CURVE_NAME")); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ECC_CURVE_NAME")); } sendResponse(SUCCESS, null, null, resp); } private void validateCertExtension(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { Enumeration enum1 = req.getParameterNames(); String certExt = ""; @@ -3059,18 +3175,19 @@ public final class CMSAdminServlet extends AdminServlet { } } - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); jssSubSystem.checkCertificateExt(certExt); sendResponse(SUCCESS, null, null, resp); } - private void getSubjectName(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private void getSubjectName(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration enum1 = req.getParameterNames(); - + String nickname = ""; String keyType = "RSA"; String keyLen = "512"; @@ -3088,8 +3205,8 @@ public final class CMSAdminServlet extends AdminServlet { } } - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); String subjectName = jssSubSystem.getSubjectDN(nickname); params.add(Constants.PR_SUBJECT_NAME, subjectName); @@ -3097,8 +3214,8 @@ public final class CMSAdminServlet extends AdminServlet { } private void processSubjectName(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration enum1 = req.getParameterNames(); @@ -3117,8 +3234,8 @@ public final class CMSAdminServlet extends AdminServlet { } } - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); String subjectName = jssSubSystem.getSubjectDN(nickname); params.add(Constants.PR_SUBJECT_NAME, subjectName); @@ -3126,8 +3243,8 @@ public final class CMSAdminServlet extends AdminServlet { } public void setRootCertTrust(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String nickname = req.getParameter(Constants.PR_NICK_NAME); @@ -3137,15 +3254,16 @@ public final class CMSAdminServlet extends AdminServlet { CMS.debug("CMSAdminServlet: setRootCertTrust()"); - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); try { - jssSubSystem - .setRootCertTrust(nickname, serialno, issuername, trust); - } catch (EBaseException e) { + jssSubSystem.setRootCertTrust(nickname, serialno, issuername, trust); + } catch (EBaseException e) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later @@ -3154,8 +3272,10 @@ public final class CMSAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, auditSubjectID, - ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); @@ -3165,19 +3285,19 @@ public final class CMSAdminServlet extends AdminServlet { /** * Establish trust of a CA certificate * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when - * "Manage Certificate" is used to edit the trustness of certs and deletion - * of certs + * "Manage Certificate" is used to edit the trustness of certs and + * deletion of certs * </ul> - * * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException failed to establish CA certificate trust */ - private void trustCACert(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private void trustCACert(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -3187,8 +3307,8 @@ public final class CMSAdminServlet extends AdminServlet { // to the signed audit log and stored as failures try { Enumeration enum1 = req.getParameterNames(); - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); String trust = ""; while (enum1.hasMoreElements()) { @@ -3208,18 +3328,22 @@ public final class CMSAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); - // sendResponse(SUCCESS, null, null, resp); + //sendResponse(SUCCESS, null, null, resp); sendResponse(RESTART, null, null, resp); } catch (EBaseException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -3228,46 +3352,50 @@ public final class CMSAdminServlet extends AdminServlet { } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; - // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); - // - // audit( auditMessage ); - // - // // rethrow the specific exception to be handled later - // throw eAudit3; - } + // } catch( ServletException eAudit3 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit3; + } } /** * Execute all self tests specified to be run on demand. * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION used when self * tests are run on demand * </ul> - * - * @exception EMissingSelfTestException a self test plugin instance property - * name was missing + * @exception EMissingSelfTestException a self test plugin instance + * property name was missing * @exception ESelfTestException a self test is missing a required - * configuration parameter + * configuration parameter * @exception IOException an input/output error has occurred */ - private synchronized void runSelfTestsOnDemand(HttpServletRequest req, - HttpServletResponse resp) throws EMissingSelfTestException, - ESelfTestException, IOException { + private synchronized void + runSelfTestsOnDemand(HttpServletRequest req, + HttpServletResponse resp) + throws EMissingSelfTestException, + ESelfTestException, + IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -3276,7 +3404,7 @@ public final class CMSAdminServlet extends AdminServlet { try { if (CMS.debugOn()) { CMS.debug("CMSAdminServlet::runSelfTestsOnDemand():" - + " ENTERING . . ."); + + " ENTERING . . ."); } Enumeration enum1 = req.getParameterNames(); @@ -3296,28 +3424,32 @@ public final class CMSAdminServlet extends AdminServlet { } } - ISelfTestSubsystem mSelfTestSubsystem = (ISelfTestSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_SELFTESTS); + ISelfTestSubsystem mSelfTestSubsystem = (ISelfTestSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_SELFTESTS); - if ((request == null) || (request.equals(""))) { + if ((request == null) || + (request.equals(""))) { // self test plugin run on demand request parameter was missing // log the error - logMessage = CMS.getLogMessage( - "SELFTESTS_RUN_ON_DEMAND_REQUEST", getServletInfo(), - Constants.PR_RUN_SELFTESTS_ON_DEMAND); + logMessage = CMS.getLogMessage("SELFTESTS_RUN_ON_DEMAND_REQUEST", + getServletInfo(), + Constants.PR_RUN_SELFTESTS_ON_DEMAND + ); mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), - logMessage); + logMessage); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, - auditSubjectID, ILogger.FAILURE); + LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, + auditSubjectID, + ILogger.FAILURE); audit(auditMessage); // notify console of FAILURE - content += logMessage + "\n"; + content += logMessage + + "\n"; sendResponse(ERROR, content, null, resp); // raise an exception @@ -3325,77 +3457,83 @@ public final class CMSAdminServlet extends AdminServlet { } // run all self test plugin instances (designated on-demand) - String[] selftests = mSelfTestSubsystem - .listSelfTestsEnabledOnDemand(); + String[] selftests = mSelfTestSubsystem.listSelfTestsEnabledOnDemand(); if (selftests != null && selftests.length > 0) { // log that execution of on-demand self tests has begun logMessage = CMS.getLogMessage("SELFTESTS_RUN_ON_DEMAND", - getServletInfo()); + getServletInfo()); mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), - logMessage); + logMessage); // store this information for console notification - content += logMessage + "\n"; + content += logMessage + + "\n"; for (int i = 0; i < selftests.length; i++) { if (selftests[i] != null) { instanceName = selftests[i].trim(); - instanceFullName = ISelfTestSubsystem.ID + "." - + ISelfTestSubsystem.PROP_CONTAINER + "." - + ISelfTestSubsystem.PROP_INSTANCE + "." + instanceFullName = ISelfTestSubsystem.ID + + "." + + ISelfTestSubsystem.PROP_CONTAINER + + "." + + ISelfTestSubsystem.PROP_INSTANCE + + "." + instanceName; } else { // self test plugin instance property name was missing // log the error logMessage = CMS.getLogMessage( - "SELFTESTS_PARAMETER_WAS_NULL", - getServletInfo()); + "SELFTESTS_PARAMETER_WAS_NULL", + getServletInfo()); mSelfTestSubsystem.log( - mSelfTestSubsystem.getSelfTestLogger(), - logMessage); + mSelfTestSubsystem.getSelfTestLogger(), + logMessage); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, - auditSubjectID, ILogger.FAILURE); + LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, + auditSubjectID, + ILogger.FAILURE); audit(auditMessage); // notify console of FAILURE - content += logMessage + "\n"; + content += logMessage + + "\n"; sendResponse(ERROR, content, null, resp); // raise an exception throw new EMissingSelfTestException(); } - ISelfTest test = (ISelfTest) mSelfTestSubsystem - .getSelfTest(instanceName); + ISelfTest test = (ISelfTest) + mSelfTestSubsystem.getSelfTest(instanceName); if (test == null) { - // self test plugin instance property name is not - // present + // self test plugin instance property name is not present // log the error - logMessage = CMS.getLogMessage( - "SELFTESTS_MISSING_NAME", getServletInfo(), - instanceFullName); + logMessage = CMS.getLogMessage("SELFTESTS_MISSING_NAME", + getServletInfo(), + instanceFullName); mSelfTestSubsystem.log( - mSelfTestSubsystem.getSelfTestLogger(), - logMessage); + mSelfTestSubsystem.getSelfTestLogger(), + logMessage); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, - auditSubjectID, ILogger.FAILURE); + LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, + auditSubjectID, + ILogger.FAILURE); audit(auditMessage); // notify console of FAILURE - content += logMessage + "\n"; + content += logMessage + + "\n"; sendResponse(ERROR, content, null, resp); // raise an exception @@ -3405,14 +3543,15 @@ public final class CMSAdminServlet extends AdminServlet { try { if (CMS.debugOn()) { CMS.debug("CMSAdminServlet::runSelfTestsOnDemand():" - + " running \"" - + test.getSelfTestName() - + "\""); + + " running \"" + + test.getSelfTestName() + + "\""); } // store this information for console notification content += "CMSAdminServlet::runSelfTestsOnDemand():" - + " running \"" + test.getSelfTestName() + + " running \"" + + test.getSelfTestName() + "\" . . .\n"; test.runSelfTest(mSelfTestSubsystem.getSelfTestLogger()); @@ -3421,27 +3560,30 @@ public final class CMSAdminServlet extends AdminServlet { content += "COMPLETED SUCCESSFULLY\n"; } catch (ESelfTestException e) { // Check to see if the self test was critical: - if (mSelfTestSubsystem - .isSelfTestCriticalOnDemand(instanceName)) { + if (mSelfTestSubsystem.isSelfTestCriticalOnDemand( + instanceName)) { // log the error logMessage = CMS.getLogMessage( - "SELFTESTS_RUN_ON_DEMAND_FAILED", - getServletInfo(), instanceFullName); + "SELFTESTS_RUN_ON_DEMAND_FAILED", + getServletInfo(), + instanceFullName); mSelfTestSubsystem.log( - mSelfTestSubsystem.getSelfTestLogger(), - logMessage); + mSelfTestSubsystem.getSelfTestLogger(), + logMessage); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, - auditSubjectID, ILogger.FAILURE); + LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, + auditSubjectID, + ILogger.FAILURE); audit(auditMessage); // notify console of FAILURE content += "FAILED WITH CRITICAL ERROR\n"; - content += logMessage + "\n"; + content += logMessage + + "\n"; sendResponse(ERROR, content, null, resp); // shutdown the system gracefully @@ -3457,47 +3599,52 @@ public final class CMSAdminServlet extends AdminServlet { // log that execution of all "critical" on-demand self tests // has completed "successfully" - logMessage = CMS.getLogMessage( - "SELFTESTS_RUN_ON_DEMAND_SUCCEEDED", getServletInfo()); + logMessage = CMS.getLogMessage("SELFTESTS_RUN_ON_DEMAND_SUCCEEDED", + getServletInfo()); mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), - logMessage); + logMessage); // store this information for console notification - content += logMessage + "\n"; + content += logMessage + + "\n"; } else { // log this fact logMessage = CMS.getLogMessage("SELFTESTS_NOT_RUN_ON_DEMAND", - getServletInfo()); + getServletInfo()); mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), - logMessage); + logMessage); // store this information for console notification - content += logMessage + "\n"; + content += logMessage + + "\n"; } // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, auditSubjectID, - ILogger.SUCCESS); + LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, + auditSubjectID, + ILogger.SUCCESS); audit(auditMessage); // notify console of SUCCESS results.add(Constants.PR_RUN_SELFTESTS_ON_DEMAND_CLASS, - CMSAdminServlet.class.getName()); - results.add(Constants.PR_RUN_SELFTESTS_ON_DEMAND_CONTENT, content); + CMSAdminServlet.class.getName()); + results.add(Constants.PR_RUN_SELFTESTS_ON_DEMAND_CONTENT, + content); sendResponse(SUCCESS, null, results, resp); if (CMS.debugOn()) { CMS.debug("CMSAdminServlet::runSelfTestsOnDemand():" - + " EXITING."); + + " EXITING."); } } catch (EMissingSelfTestException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, auditSubjectID, - ILogger.FAILURE); + LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, + auditSubjectID, + ILogger.FAILURE); audit(auditMessage); @@ -3506,8 +3653,9 @@ public final class CMSAdminServlet extends AdminServlet { } catch (ESelfTestException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, auditSubjectID, - ILogger.FAILURE); + LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, + auditSubjectID, + ILogger.FAILURE); audit(auditMessage); @@ -3516,8 +3664,9 @@ public final class CMSAdminServlet extends AdminServlet { } catch (IOException eAudit3) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, auditSubjectID, - ILogger.FAILURE); + LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, + auditSubjectID, + ILogger.FAILURE); audit(auditMessage); @@ -3527,17 +3676,16 @@ public final class CMSAdminServlet extends AdminServlet { } public void log(int level, String msg) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, - "CMSAdminServlet: " + msg); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, "CMSAdminServlet: " + msg); } /** * Signed Audit Log Public Key - * + * * This method is called to obtain the public key from the passed in * "KeyPair" object for a signed audit log message. * <P> - * + * * @param object a Key Pair Object * @return key string containing the public key */ @@ -3586,3 +3734,4 @@ public final class CMSAdminServlet extends AdminServlet { } } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/JobsAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/JobsAdminServlet.java index a4b82b13..7f18d94e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/JobsAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/JobsAdminServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; + import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -41,9 +42,10 @@ import com.netscape.certsrv.jobs.IJobsScheduler; import com.netscape.certsrv.jobs.JobPlugin; import com.netscape.certsrv.logging.ILogger; + /** - * A class representing an administration servlet for the Jobs Scheduler and - * it's scheduled jobs. + * A class representing an administration servlet for the + * Jobs Scheduler and it's scheduled jobs. * * @version $Revision$, $Date$ */ @@ -73,23 +75,24 @@ public class JobsAdminServlet extends AdminServlet { */ public void init(ServletConfig config) throws ServletException { super.init(config); - mJobsSched = (IJobsScheduler) CMS.getSubsystem(CMS.SUBSYSTEM_JOBS); + mJobsSched = (IJobsScheduler) + CMS.getSubsystem(CMS.SUBSYSTEM_JOBS); } /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } - /** - * retrieve extended plugin info such as brief description, type info from - * jobs + /** + * retrieve extended plugin info such as brief description, type info + * from jobs */ private void getExtendedPluginInfo(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); int colon = id.indexOf(':'); @@ -97,18 +100,18 @@ public class JobsAdminServlet extends AdminServlet { String implType = id.substring(0, colon); String implName = id.substring(colon + 1); - NameValuePairs params = getExtendedPluginInfo(getLocale(req), implType, - implName); + NameValuePairs params = + getExtendedPluginInfo(getLocale(req), implType, implName); sendResponse(SUCCESS, null, params, resp); } - private NameValuePairs getExtendedPluginInfo(Locale locale, - String implType, String implName) { + private NameValuePairs getExtendedPluginInfo(Locale locale, String implType, String implName) { IExtendedPluginInfo ext_info = null; Object impl = null; - JobPlugin jp = (JobPlugin) mJobsSched.getPlugins().get(implName); + JobPlugin jp = + (JobPlugin) mJobsSched.getPlugins().get(implName); if (jp != null) impl = getClassByNameAsExtendedPluginInfo(jp.getClassPath()); @@ -123,8 +126,7 @@ public class JobsAdminServlet extends AdminServlet { if (ext_info == null) { nvps = new NameValuePairs(); } else { - nvps = convertStringArrayToNVPairs(ext_info - .getExtendedPluginInfo(locale)); + nvps = convertStringArrayToNVPairs(ext_info.getExtendedPluginInfo(locale)); } return nvps; @@ -135,24 +137,25 @@ public class JobsAdminServlet extends AdminServlet { * Serves HTTP admin request. */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { super.service(req, resp); String scope = req.getParameter(Constants.OP_SCOPE); String op = req.getParameter(Constants.OP_TYPE); if (op == null) { - // System.out.println("SRVLT_INVALID_PROTOCOL"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), null, resp); + //System.out.println("SRVLT_INVALID_PROTOCOL"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), + null, resp); return; } try { super.authenticate(req); } catch (IOException e) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHS_FAILED"), null, resp); + sendResponse(ERROR,CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"), + null, resp); return; } @@ -161,8 +164,9 @@ public class JobsAdminServlet extends AdminServlet { if (op.equals(OpDef.OP_READ)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_JOBS)) @@ -170,26 +174,27 @@ public class JobsAdminServlet extends AdminServlet { else if (scope.equals(ScopeDef.SC_JOBS_IMPLS)) getConfig(req, resp); else if (scope.equals(ScopeDef.SC_JOBS_INSTANCE)) - getInstConfig(req, resp); + getInstConfig(req, resp); else if (scope.equals(ScopeDef.SC_EXTENDED_PLUGIN_INFO)) { - try { - getExtendedPluginInfo(req, resp); - } catch (EBaseException e) { - sendResponse(ERROR, e.toString(getLocale(req)), null, - resp); - return; + try { + getExtendedPluginInfo(req, resp); + } catch (EBaseException e) { + sendResponse(ERROR, e.toString(getLocale(req)), null, resp); + return; } } else { - // System.out.println("SRVLT_INVALID_OP_SCOPE"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp); + //System.out.println("SRVLT_INVALID_OP_SCOPE"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else if (op.equals(OpDef.OP_MODIFY)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_JOBS)) { @@ -197,15 +202,17 @@ public class JobsAdminServlet extends AdminServlet { } else if (scope.equals(ScopeDef.SC_JOBS_INSTANCE)) { modJobsInst(req, resp, scope); } else { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else if (op.equals(OpDef.OP_SEARCH)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_JOBS_IMPLS)) @@ -213,16 +220,18 @@ public class JobsAdminServlet extends AdminServlet { else if (scope.equals(ScopeDef.SC_JOBS_INSTANCE)) listJobsInsts(req, resp); else { - // System.out.println("SRVLT_INVALID_OP_SCOPE"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp); + //System.out.println("SRVLT_INVALID_OP_SCOPE"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else if (op.equals(OpDef.OP_ADD)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_JOBS_IMPLS)) @@ -230,16 +239,18 @@ public class JobsAdminServlet extends AdminServlet { else if (scope.equals(ScopeDef.SC_JOBS_INSTANCE)) addJobsInst(req, resp, scope); else { - // System.out.println("SRVLT_INVALID_OP_SCOPE"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp); + //System.out.println("SRVLT_INVALID_OP_SCOPE"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else if (op.equals(OpDef.OP_DELETE)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_JOBS_IMPLS)) @@ -247,54 +258,58 @@ public class JobsAdminServlet extends AdminServlet { else if (scope.equals(ScopeDef.SC_JOBS_INSTANCE)) delJobsInst(req, resp, scope); else { - // System.out.println("SRVLT_INVALID_OP_SCOPE"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp); + //System.out.println("SRVLT_INVALID_OP_SCOPE"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), + null, resp); return; } } catch (EBaseException e) { sendResponse(ERROR, e.toString(getLocale(req)), null, resp); return; - } + } } - private synchronized void addJobPlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, - IOException, EBaseException { + private synchronized void addJobPlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - // System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + //System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // is the job plugin id unique? if (mJobsSched.getPlugins().containsKey((Object) id)) { - sendResponse( - ERROR, - new EJobsException(CMS.getUserMessage(getLocale(req), - "CMS_JOB_SRVLT_ILL_JOB_PLUGIN_ID", id)).toString(), - null, resp); + sendResponse(ERROR, + new EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ILL_JOB_PLUGIN_ID", id)).toString(), + null, resp); return; } String classPath = req.getParameter(Constants.PR_JOBS_CLASS); if (classPath == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_JOB_SRVLT_NULL_CLASS"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_NULL_CLASS"), + null, resp); return; } - IConfigStore destStore = mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); - IConfigStore instancesConfig = destStore.getSubStore(scope); + IConfigStore destStore = + mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); + IConfigStore instancesConfig = + destStore.getSubStore(scope); // Does the class exist? Class newImpl = null; @@ -302,25 +317,29 @@ public class JobsAdminServlet extends AdminServlet { try { newImpl = Class.forName(classPath); } catch (ClassNotFoundException e) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_JOB_SRVLT_NO_CLASS"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_NO_CLASS"), + null, resp); return; } catch (IllegalArgumentException e) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_JOB_SRVLT_NO_CLASS"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_NO_CLASS"), + null, resp); return; } // is the class an IJob? try { if (IJob.class.isAssignableFrom(newImpl) == false) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_JOB_SRVLT_ILL_CLASS"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ILL_CLASS"), + null, resp); return; } } catch (NullPointerException e) { // unlikely, only if newImpl null. - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_JOB_SRVLT_ILL_CLASS"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ILL_CLASS"), + null, resp); return; } @@ -332,9 +351,10 @@ public class JobsAdminServlet extends AdminServlet { try { mConfig.commit(true); } catch (EBaseException e) { - // System.out.println("SRVLT_FAIL_COMMIT"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); + //System.out.println("SRVLT_FAIL_COMMIT"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -342,8 +362,8 @@ public class JobsAdminServlet extends AdminServlet { JobPlugin plugin = new JobPlugin(id, classPath); mJobsSched.getPlugins().put(id, plugin); - mJobsSched.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_JS_PLUGIN_ADD", id)); + mJobsSched.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_JS_PLUGIN_ADD", id)); NameValuePairs params = new NameValuePairs(); @@ -351,22 +371,24 @@ public class JobsAdminServlet extends AdminServlet { return; } - private synchronized void addJobsInst(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, - IOException, EBaseException { + private synchronized void addJobsInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // is the job instance id unique? if (mJobsSched.getInstances().containsKey((Object) id)) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_JOB_SRVLT_ILL_JOB_INST_ID"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ILL_JOB_INST_ID"), + null, resp); return; } @@ -376,20 +398,22 @@ public class JobsAdminServlet extends AdminServlet { String implname = req.getParameter(Constants.PR_JOBS_IMPL_NAME); if (implname == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_JOB_SRVLT_ADD_MISSING_PARAMS"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ADD_MISSING_PARAMS"), + null, resp); return; } // check if implementation exists. - JobPlugin plugin = (JobPlugin) mJobsSched.getPlugins().get(implname); + JobPlugin plugin = + (JobPlugin) mJobsSched.getPlugins().get(implname); if (plugin == null) { - sendResponse( - ERROR, - new EJobsException(CMS.getUserMessage(getLocale(req), - "CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND", id)) - .toString(), null, resp); + sendResponse(ERROR, + new + EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND", + id)).toString(), + null, resp); return; } @@ -398,8 +422,10 @@ public class JobsAdminServlet extends AdminServlet { // are there, but not checking the values are valid String[] configParams = mJobsSched.getConfigParams(implname); - IConfigStore destStore = mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); - IConfigStore instancesConfig = destStore.getSubStore(scope); + IConfigStore destStore = + mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); + IConfigStore instancesConfig = + destStore.getSubStore(scope); IConfigStore substore = instancesConfig.makeSubStore(id); if (configParams != null) { @@ -410,13 +436,11 @@ public class JobsAdminServlet extends AdminServlet { if (val != null && !val.equals("")) { substore.put(key, val); } else if (!key.equals("profileId")) { - sendResponse( - ERROR, - new EJobsException( - CMS.getUserMessage( - getLocale(req), - "CMS_JOB_SRVLT_MISSING_INST_PARAM_VAL", - key)).toString(), null, resp); + sendResponse(ERROR, + new + EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_MISSING_INST_PARAM_VAL", + key)).toString(), + null, resp); return; } } @@ -433,32 +457,29 @@ public class JobsAdminServlet extends AdminServlet { } catch (ClassNotFoundException e) { // cleanup instancesConfig.removeSubStore(id); - sendResponse( - ERROR, - new EJobsException(CMS.getUserMessage(getLocale(req), - "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), - null, resp); + sendResponse(ERROR, + new EJobsException( + CMS.getUserMessage(getLocale(req),"CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), + null, resp); return; } catch (InstantiationException e) { instancesConfig.removeSubStore(id); - sendResponse( - ERROR, - new EJobsException(CMS.getUserMessage(getLocale(req), - "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), - null, resp); + sendResponse(ERROR, + new EJobsException( + CMS.getUserMessage(getLocale(req),"CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { instancesConfig.removeSubStore(id); - sendResponse( - ERROR, - new EJobsException(CMS.getUserMessage(getLocale(req), - "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), - null, resp); + sendResponse(ERROR, + new EJobsException( + CMS.getUserMessage(getLocale(req),"CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), + null, resp); return; } - - IJobsScheduler scheduler = (IJobsScheduler) CMS - .getSubsystem(CMS.SUBSYSTEM_JOBS); + + IJobsScheduler scheduler = (IJobsScheduler) + CMS.getSubsystem(CMS.SUBSYSTEM_JOBS); // initialize the job plugin try { @@ -476,16 +497,17 @@ public class JobsAdminServlet extends AdminServlet { } catch (EBaseException e) { // clean up. instancesConfig.removeSubStore(id); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } // inited and commited ok. now add manager instance to list. mJobsSched.getInstances().put(id, jobsInst); - mJobsSched.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_JOB_INST_ADD", id)); + mJobsSched.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_JOB_INST_ADD", id)); NameValuePairs params = new NameValuePairs(); @@ -494,93 +516,101 @@ public class JobsAdminServlet extends AdminServlet { return; } - private synchronized void listJobPlugins(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + private synchronized void listJobPlugins(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration e = mJobsSched.getPlugins().keys(); while (e.hasMoreElements()) { String name = (String) e.nextElement(); - JobPlugin value = (JobPlugin) mJobsSched.getPlugins().get(name); + JobPlugin value = (JobPlugin) + mJobsSched.getPlugins().get(name); params.add(name, value.getClassPath()); - // params.add(name, value.getClassPath()+EDIT); + // params.add(name, value.getClassPath()+EDIT); } sendResponse(SUCCESS, null, params, resp); return; } - private synchronized void listJobsInsts(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + private synchronized void listJobsInsts(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); - for (Enumeration e = mJobsSched.getInstances().keys(); e - .hasMoreElements();) { + for (Enumeration e = mJobsSched.getInstances().keys(); + e.hasMoreElements();) { String name = (String) e.nextElement(); - IJob value = (IJob) mJobsSched.getInstances().get((Object) name); + IJob value = (IJob) + mJobsSched.getInstances().get((Object) name); - // params.add(name, value.getImplName()); - params.add(name, value.getImplName() + VISIBLE - + (value.isEnabled() ? ENABLED : DISABLED)); + // params.add(name, value.getImplName()); + params.add(name, value.getImplName() + VISIBLE + + (value.isEnabled() ? ENABLED : DISABLED) + ); } sendResponse(SUCCESS, null, params, resp); return; } - private synchronized void delJobPlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, + private synchronized void delJobPlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String id = req.getParameter(Constants.RS_ID); if (id == null) { - // System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + //System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // does this job plugin exist? if (mJobsSched.getPlugins().containsKey(id) == false) { - sendResponse( - ERROR, - new EJobsException(CMS.getUserMessage(getLocale(req), - "CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND", id)) - .toString(), null, resp); + sendResponse(ERROR, + new + EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND", + id)).toString(), + null, resp); return; } // first check if any instances from this job plugin // DON'T remove job plugin if any instance - for (Enumeration e = mJobsSched.getInstances().elements(); e - .hasMoreElements();) { + for (Enumeration e = mJobsSched.getInstances().elements(); + e.hasMoreElements();) { IJob jobs = (IJob) e.nextElement(); if ((jobs.getImplName()).equals(id)) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_JOB_SRVLT_JOB_IN_USE"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_JOB_IN_USE"), + null, resp); return; } } - + // then delete this job plugin mJobsSched.getPlugins().remove((Object) id); - IConfigStore destStore = mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); - IConfigStore instancesConfig = destStore.getSubStore(scope); + IConfigStore destStore = + mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); + IConfigStore instancesConfig = + destStore.getSubStore(scope); instancesConfig.removeSubStore(id); // commiting try { mConfig.commit(true); } catch (EBaseException e) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -588,49 +618,52 @@ public class JobsAdminServlet extends AdminServlet { return; } - private synchronized void delJobsInst(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, + private synchronized void delJobsInst(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String id = req.getParameter(Constants.RS_ID); if (id == null) { - // System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + //System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // does job plugin instance exist? if (mJobsSched.getInstances().containsKey(id) == false) { - sendResponse( - ERROR, - new EJobsException(CMS.getUserMessage(getLocale(req), - "CMS_JOB_SRVLT_JOB_NOT_FOUND", id)).toString(), - null, resp); + sendResponse(ERROR, + new EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_JOB_NOT_FOUND", + id)).toString(), + null, resp); return; } // only remove from memory // cannot shutdown because we don't keep track of whether it's - // being used. + // being used. IJob jobInst = (IJob) mJobsSched.getInstances().get(id); mJobsSched.getInstances().remove((Object) id); // remove the configuration. - IConfigStore destStore = mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); - IConfigStore instancesConfig = destStore.getSubStore(scope); + IConfigStore destStore = + mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); + IConfigStore instancesConfig = + destStore.getSubStore(scope); instancesConfig.removeSubStore(id); // commiting try { mConfig.commit(true); } catch (EBaseException e) { - // System.out.println("SRVLT_FAIL_COMMIT"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); + //System.out.println("SRVLT_FAIL_COMMIT"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -639,23 +672,25 @@ public class JobsAdminServlet extends AdminServlet { } /** - * used for getting the required configuration parameters (with possible - * default values) for a particular job plugin implementation name specified - * in the RS_ID. Actually, there is no logic in here to set any default - * value here...there's no default value for any parameter in this job - * scheduler subsystem at this point. Later, if we do have one (or some), it - * can be added. The interface remains the same. + * used for getting the required configuration parameters (with + * possible default values) for a particular job plugin + * implementation name specified in the RS_ID. Actually, there is + * no logic in here to set any default value here...there's no + * default value for any parameter in this job scheduler subsystem + * at this point. Later, if we do have one (or some), it can be + * added. The interface remains the same. */ - private synchronized void getConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + private synchronized void getConfig(HttpServletRequest req, + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String implname = req.getParameter(Constants.RS_ID); if (implname == null) { - // System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + //System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -673,25 +708,25 @@ public class JobsAdminServlet extends AdminServlet { return; } - private synchronized void getInstConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + private synchronized void getInstConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - // System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + //System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // does job plugin instance exist? if (mJobsSched.getInstances().containsKey(id) == false) { - sendResponse( - ERROR, - new EJobsException(CMS.getUserMessage(getLocale(req), - "CMS_JOB_SRVLT_JOB_NOT_FOUND", id)).toString(), - null, resp); + sendResponse(ERROR, + new EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_JOB_NOT_FOUND", + id)).toString(), + null, resp); return; } @@ -722,30 +757,34 @@ public class JobsAdminServlet extends AdminServlet { } /** - * Modify job plugin instance. This will actually create a new instance with - * new configuration parameters and replace the old instance, if the new - * instance created and initialized successfully. The old instance is left - * running. so this is very expensive. Restart of server recommended. + * Modify job plugin instance. + * This will actually create a new instance with new configuration + * parameters and replace the old instance, if the new instance + * created and initialized successfully. + * The old instance is left running. so this is very expensive. + * Restart of server recommended. */ - private synchronized void modJobsInst(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, - IOException, EBaseException { + private synchronized void modJobsInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { // expensive operation. String id = req.getParameter(Constants.RS_ID); if (id == null) { - // System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + //System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // Does the job instance exist? if (!mJobsSched.getInstances().containsKey((Object) id)) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_JOB_SRVLT_ILL_JOB_INST_ID"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ILL_JOB_INST_ID"), + null, resp); return; } @@ -753,26 +792,28 @@ public class JobsAdminServlet extends AdminServlet { String implname = req.getParameter(Constants.PR_JOBS_IMPL_NAME); if (implname == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_JOB_SRVLT_ADD_MISSING_PARAMS"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ADD_MISSING_PARAMS"), + null, resp); return; } - // get plugin for implementation - JobPlugin plugin = (JobPlugin) mJobsSched.getPlugins().get(implname); + // get plugin for implementation + JobPlugin plugin = + (JobPlugin) mJobsSched.getPlugins().get(implname); if (plugin == null) { - sendResponse( - ERROR, - new EJobsException(CMS.getUserMessage(getLocale(req), - "CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND", id)) - .toString(), null, resp); + sendResponse(ERROR, + new EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND", + id)).toString(), + null, resp); return; } - // save old instance substore params in case new one fails. + // save old instance substore params in case new one fails. - IJob oldinst = (IJob) mJobsSched.getInstances().get((Object) id); + IJob oldinst = + (IJob) mJobsSched.getInstances().get((Object) id); IConfigStore oldConfig = oldinst.getConfigStore(); String[] oldConfigParms = oldinst.getConfigParams(); @@ -780,7 +821,7 @@ public class JobsAdminServlet extends AdminServlet { // implName is always required so always include it it. saveParams.add(IJobsScheduler.PROP_PLUGIN, - (String) oldConfig.get(IJobsScheduler.PROP_PLUGIN)); + (String) oldConfig.get(IJobsScheduler.PROP_PLUGIN)); if (oldConfigParms != null) { for (int i = 0; i < oldConfigParms.length; i++) { String key = oldConfigParms[i]; @@ -796,8 +837,10 @@ public class JobsAdminServlet extends AdminServlet { // remove old substore. - IConfigStore destStore = mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); - IConfigStore instancesConfig = destStore.getSubStore(scope); + IConfigStore destStore = + mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); + IConfigStore instancesConfig = + destStore.getSubStore(scope); instancesConfig.removeSubStore(id); @@ -817,13 +860,11 @@ public class JobsAdminServlet extends AdminServlet { substore.put(key, val); } else if (!key.equals("profileId")) { restore(instancesConfig, id, saveParams); - sendResponse( - ERROR, - new EJobsException( - CMS.getUserMessage( - getLocale(req), - "CMS_JOB_SRVLT_MISSING_INST_PARAM_VAL", - key)).toString(), null, resp); + sendResponse(ERROR, + new + EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_MISSING_INST_PARAM_VAL", + key)).toString(), + null, resp); return; } } @@ -838,34 +879,31 @@ public class JobsAdminServlet extends AdminServlet { } catch (ClassNotFoundException e) { // cleanup restore(instancesConfig, id, saveParams); - sendResponse( - ERROR, - new EJobsException(CMS.getUserMessage(getLocale(req), - "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), - null, resp); + sendResponse(ERROR, + new EJobsException( + CMS.getUserMessage(getLocale(req),"CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), + null, resp); return; } catch (InstantiationException e) { restore(instancesConfig, id, saveParams); - sendResponse( - ERROR, - new EJobsException(CMS.getUserMessage(getLocale(req), - "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), - null, resp); + sendResponse(ERROR, + new EJobsException( + CMS.getUserMessage(getLocale(req),"CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { restore(instancesConfig, id, saveParams); - sendResponse( - ERROR, - new EJobsException(CMS.getUserMessage(getLocale(req), - "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), - null, resp); + sendResponse(ERROR, + new EJobsException( + CMS.getUserMessage(getLocale(req),"CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), + null, resp); return; } // initialize the job plugin - IJobsScheduler scheduler = (IJobsScheduler) CMS - .getSubsystem(CMS.SUBSYSTEM_JOBS); + IJobsScheduler scheduler = (IJobsScheduler) + CMS.getSubsystem(CMS.SUBSYSTEM_JOBS); try { newJobInst.init(scheduler, id, implname, substore); @@ -881,16 +919,17 @@ public class JobsAdminServlet extends AdminServlet { return; } - // initialized ok. commiting + // initialized ok. commiting try { mConfig.commit(true); } catch (EBaseException e) { // clean up. restore(instancesConfig, id, saveParams); - // System.out.println("SRVLT_FAIL_COMMIT"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); + //System.out.println("SRVLT_FAIL_COMMIT"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -898,8 +937,8 @@ public class JobsAdminServlet extends AdminServlet { mJobsSched.getInstances().put(id, newJobInst); - mJobsSched.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_JOB_INST_REP", id)); + mJobsSched.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_JOB_INST_REP", id)); NameValuePairs params = new NameValuePairs(); @@ -907,24 +946,26 @@ public class JobsAdminServlet extends AdminServlet { return; } - private void getSettings(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private void getSettings(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); IConfigStore config = mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); - params.add(Constants.PR_ENABLE, - config.getString(IJobsScheduler.PROP_ENABLED, Constants.FALSE)); + params.add(Constants.PR_ENABLE, + config.getString(IJobsScheduler.PROP_ENABLED, + Constants.FALSE)); // default 1 minute - params.add(Constants.PR_JOBS_FREQUENCY, - config.getString(IJobsScheduler.PROP_INTERVAL, "1")); + params.add(Constants.PR_JOBS_FREQUENCY, + config.getString(IJobsScheduler.PROP_INTERVAL, "1")); - // System.out.println("Send: "+params.toString()); + //System.out.println("Send: "+params.toString()); sendResponse(SUCCESS, null, params, resp); } private void setSettings(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { - // Save New Settings to the config file + throws ServletException, IOException, EBaseException { + //Save New Settings to the config file IConfigStore config = mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); String enabled = config.getString(IJobsScheduler.PROP_ENABLED); @@ -937,13 +978,14 @@ public class JobsAdminServlet extends AdminServlet { config.putString(IJobsScheduler.PROP_ENABLED, enabledSetTo); } - // set frequency - String interval = req.getParameter(Constants.PR_JOBS_FREQUENCY); + //set frequency + String interval = + req.getParameter(Constants.PR_JOBS_FREQUENCY); if (interval != null) { config.putString(IJobsScheduler.PROP_INTERVAL, interval); - mJobsSched.setInterval(config - .getInteger(IJobsScheduler.PROP_INTERVAL)); + mJobsSched.setInterval( + config.getInteger(IJobsScheduler.PROP_INTERVAL)); } if (enabledChanged == true) { @@ -957,8 +999,8 @@ public class JobsAdminServlet extends AdminServlet { } // convenience routine. - private static void restore(IConfigStore store, String id, - NameValuePairs saveParams) { + private static void restore(IConfigStore store, + String id, NameValuePairs saveParams) { store.removeSubStore(id); IConfigStore rstore = store.makeSubStore(id); @@ -968,7 +1010,7 @@ public class JobsAdminServlet extends AdminServlet { String key = (String) keys.nextElement(); String value = saveParams.getValue(key); - if (!value.equals("")) + if (!value.equals("")) rstore.put(key, value); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/KRAAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/KRAAdminServlet.java index 9efe2b73..2c780bb2 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/KRAAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/KRAAdminServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; + import java.io.IOException; import java.util.Enumeration; import java.util.Hashtable; @@ -42,11 +43,13 @@ import com.netscape.certsrv.password.IPasswordCheck; import com.netscape.certsrv.security.Credential; import com.netscape.certsrv.security.IStorageKeyUnit; + /** - * A class representings an administration servlet for Key Recovery Authority. - * This servlet is responsible to serve KRA administrative operation such as - * configuration parameter updates. - * + * A class representings an administration servlet for Key + * Recovery Authority. This servlet is responsible to serve + * KRA administrative operation such as configuration + * parameter updates. + * * @version $Revision$, $Date$ */ public class KRAAdminServlet extends AdminServlet { @@ -61,7 +64,8 @@ public class KRAAdminServlet extends AdminServlet { private IKeyRecoveryAuthority mKRA = null; - private final static String LOGGING_SIGNED_AUDIT_CONFIG_DRM = "LOGGING_SIGNED_AUDIT_CONFIG_DRM_3"; + private final static String LOGGING_SIGNED_AUDIT_CONFIG_DRM = + "LOGGING_SIGNED_AUDIT_CONFIG_DRM_3"; /** * Constructs KRA servlet. @@ -77,57 +81,63 @@ public class KRAAdminServlet extends AdminServlet { /** * Returns serlvet information. - * + * * @return name of this servlet */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** * Serves HTTP admin request. - * + * * @param req HTTP request * @param resp HTTP response */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { super.service(req, resp); super.authenticate(req); String scope = req.getParameter(Constants.OP_SCOPE); if (scope == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } String op = req.getParameter(Constants.OP_TYPE); if (op == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), + null, resp); return; } - + try { AUTHZ_RES_NAME = "certServer.kra.configuration"; if (op.equals(OpDef.OP_READ)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } - /* - * Functions not implemented in console if - * (scope.equals(ScopeDef.SC_AUTO_RECOVERY)) { - * readAutoRecoveryConfig(req, resp); return; } else if - * (scope.equals(ScopeDef.SC_RECOVERY)) { - * readRecoveryConfig(req, resp); return; } else if - * (scope.equals(ScopeDef.SC_NOTIFICATION_RIQ)) { - * getNotificationRIQConfig(req, resp); return; } else - */ + /* Functions not implemented in console + if (scope.equals(ScopeDef.SC_AUTO_RECOVERY)) { + readAutoRecoveryConfig(req, resp); + return; + } else if (scope.equals(ScopeDef.SC_RECOVERY)) { + readRecoveryConfig(req, resp); + return; + } else if (scope.equals(ScopeDef.SC_NOTIFICATION_RIQ)) { + getNotificationRIQConfig(req, resp); + return; + } else + */ if (scope.equals(ScopeDef.SC_GENERAL)) { getGeneralConfig(req, resp); return; @@ -135,52 +145,59 @@ public class KRAAdminServlet extends AdminServlet { } else if (op.equals(OpDef.OP_MODIFY)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } - /* - * Functions not implemented in console if - * (scope.equals(ScopeDef.SC_AUTO_RECOVERY)) { - * modifyAutoRecoveryConfig(req, resp); return; } else if - * (scope.equals(ScopeDef.SC_AGENT_PWD)) { changeAgentPwd(req, - * resp); return; } else if (scope.equals(ScopeDef.SC_MNSCHEME)) - * { changeMNScheme(req, resp); return; } else if - * (scope.equals(ScopeDef.SC_NOTIFICATION_RIQ)) { - * setNotificationRIQConfig(req, resp); return; } else - */ + /* Functions not implemented in console + if (scope.equals(ScopeDef.SC_AUTO_RECOVERY)) { + modifyAutoRecoveryConfig(req, resp); + return; + } else if (scope.equals(ScopeDef.SC_AGENT_PWD)) { + changeAgentPwd(req, resp); + return; + } else if (scope.equals(ScopeDef.SC_MNSCHEME)) { + changeMNScheme(req, resp); + return; + } else if (scope.equals(ScopeDef.SC_NOTIFICATION_RIQ)) { + setNotificationRIQConfig(req, resp); + return; + } else + */ if (scope.equals(ScopeDef.SC_GENERAL)) { - setGeneralConfig(req, resp); + setGeneralConfig(req,resp); } - } + } } catch (EBaseException e) { // convert exception into locale-specific message - sendResponse(ERROR, e.toString(getLocale(req)), null, resp); + sendResponse(ERROR, e.toString(getLocale(req)), + null, resp); return; } catch (Exception e) { e.printStackTrace(); } - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), + null, resp); } private void getGeneralConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); int value = 1; value = mKRA.getNoOfRequiredAgents(); - params.add(Constants.PR_NO_OF_REQUIRED_RECOVERY_AGENTS, - Integer.toString(value)); + params.add(Constants.PR_NO_OF_REQUIRED_RECOVERY_AGENTS, Integer.toString(value)); sendResponse(SUCCESS, null, params, resp); } private void setGeneralConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { Enumeration enum1 = req.getParameterNames(); boolean restart = false; @@ -193,24 +210,28 @@ public class KRAAdminServlet extends AdminServlet { if (key.equals(Constants.PR_NO_OF_REQUIRED_RECOVERY_AGENTS)) { try { - int number = Integer.parseInt(value); + int number = Integer.parseInt(value); mKRA.setNoOfRequiredAgents(number); } catch (NumberFormatException e) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_DRM, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - throw new EBaseException( - "Number of agents must be an integer"); + throw new EBaseException("Number of agents must be an integer"); } } } commit(true); - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, ILogger.SUCCESS, auditParams(req)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_DRM, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); @@ -223,18 +244,17 @@ public class KRAAdminServlet extends AdminServlet { /** * Changes M-N scheme. * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_DRM used when configuring * DRM (Key recovery scheme, change of any secret component) * </ul> - * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception EBaseException an error has occurred */ - private synchronized void changeMNScheme(HttpServletRequest req, - HttpServletResponse resp) throws EBaseException { + private synchronized void changeMNScheme(HttpServletRequest req, + HttpServletResponse resp) throws EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -243,67 +263,80 @@ public class KRAAdminServlet extends AdminServlet { try { try { NameValuePairs params = new NameValuePairs(); - String recN = getParameter(req, Constants.PR_RECOVERY_N); - String recM = getParameter(req, Constants.PR_RECOVERY_M); - String oldAgents = getParameter(req, + String recN = getParameter(req, + Constants.PR_RECOVERY_N); + String recM = getParameter(req, + Constants.PR_RECOVERY_M); + String oldAgents = getParameter(req, Constants.PR_OLD_RECOVERY_AGENT); - String agents = getParameter(req, Constants.PR_RECOVERY_AGENT); + String agents = getParameter(req, + Constants.PR_RECOVERY_AGENT); if (recN == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_DRM, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - throw new EKRAException(CMS.getLogMessage("KRA_INVALID_N")); + throw new EKRAException( + CMS.getLogMessage("KRA_INVALID_N")); } if (recM == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_DRM, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - throw new EKRAException(CMS.getLogMessage("KRA_INVALID_M")); + throw new EKRAException( + CMS.getLogMessage("KRA_INVALID_M")); } - if (recN != null && recM != null && oldAgents != null - && agents != null) { + if (recN != null && recM != null && oldAgents != null + && agents != null) { int nVal = Integer.parseInt(recN); int mVal = Integer.parseInt(recM); - Credential oldcreds[] = parseCredentialStr(oldAgents); + Credential oldcreds[] = + parseCredentialStr(oldAgents); if (oldcreds == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_DRM, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - throw new EKRAException( + throw new EKRAException( CMS.getLogMessage("KRA_INVALID_PASSWORD")); } - Credential creds[] = parseCredentialStr(agents); + Credential creds[] = + parseCredentialStr(agents); if (creds == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_DRM, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - throw new EKRAException( + throw new EKRAException( CMS.getLogMessage("KRA_INVALID_PASSWORD")); } else { for (int i = 0; i < creds.length; i++) { @@ -314,29 +347,31 @@ public class KRAAdminServlet extends AdminServlet { if (!checker.isGoodPassword(pass)) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_DRM, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - throw new EBaseException( - checker.getReason(pass)); + throw new EBaseException(checker.getReason(pass)); } } } - if (mKRA.getStorageKeyUnit().changeAgentMN(nVal, mVal, - oldcreds, creds)) { + if (mKRA.getStorageKeyUnit().changeAgentMN( + nVal, mVal, oldcreds, creds)) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_DRM, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); // successful operation - sendResponse(SUCCESS, null, params, resp); + sendResponse(SUCCESS, null, params, + resp); return; } } @@ -344,17 +379,22 @@ public class KRAAdminServlet extends AdminServlet { } // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_DRM, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - throw new EBaseException( - CMS.getLogMessage("BASE_INVALID_OPERATION")); + throw new EBaseException(CMS.getLogMessage("BASE_INVALID_OPERATION")); } catch (EBaseException eAudit1) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_DRM, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -366,18 +406,17 @@ public class KRAAdminServlet extends AdminServlet { /** * Changes recovery agent password. * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_DRM used when configuring * DRM (Key recovery scheme, change of any secret component) * </ul> - * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception EBaseException an error has occurred */ - private synchronized void changeAgentPwd(HttpServletRequest req, - HttpServletResponse resp) throws EBaseException { + private synchronized void changeAgentPwd(HttpServletRequest req, + HttpServletResponse resp) throws EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -386,29 +425,35 @@ public class KRAAdminServlet extends AdminServlet { try { try { String id = getParameter(req, Constants.RS_ID); - String oldpwd = getParameter(req, Constants.PR_OLD_AGENT_PWD); - String newpwd = getParameter(req, Constants.PR_AGENT_PWD); + String oldpwd = getParameter(req, + Constants.PR_OLD_AGENT_PWD); + String newpwd = getParameter(req, + Constants.PR_AGENT_PWD); IPasswordCheck checker = CMS.getPasswordChecker(); if (!checker.isGoodPassword(newpwd)) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_DRM, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); throw new EBaseException(checker.getReason(newpwd)); } - - if (mKRA.getStorageKeyUnit().changeAgentPassword(id, oldpwd, - newpwd)) { + + if (mKRA.getStorageKeyUnit().changeAgentPassword(id, + oldpwd, newpwd)) { NameValuePairs params = new NameValuePairs(); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, auditSubjectID, - ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_DRM, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); @@ -417,29 +462,36 @@ public class KRAAdminServlet extends AdminServlet { } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_DRM, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - throw new EKRAException( + throw new EKRAException( CMS.getLogMessage("KRA_INVALID_PASSWORD")); } } catch (IOException e) { } // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_DRM, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - throw new EBaseException( - CMS.getLogMessage("BASE_INVALID_OPERATION")); + throw new EBaseException(CMS.getLogMessage("BASE_INVALID_OPERATION")); } catch (EBaseException eAudit1) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_DRM, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -451,18 +503,18 @@ public class KRAAdminServlet extends AdminServlet { /** * Modifies auto recovery configuration. * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_DRM used when configuring * DRM (Key recovery scheme, change of any secret component) * </ul> - * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception EBaseException an error has occurred */ - private synchronized void modifyAutoRecoveryConfig(HttpServletRequest req, - HttpServletResponse resp) throws EBaseException { + private synchronized void modifyAutoRecoveryConfig( + HttpServletRequest req, HttpServletResponse resp) + throws EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -471,35 +523,42 @@ public class KRAAdminServlet extends AdminServlet { try { try { NameValuePairs params = new NameValuePairs(); - String autoOn = getParameter(req, Constants.PR_AUTO_RECOVERY_ON); - String agents = getParameter(req, Constants.PR_RECOVERY_AGENT); + String autoOn = getParameter(req, + Constants.PR_AUTO_RECOVERY_ON); + String agents = getParameter(req, + Constants.PR_RECOVERY_AGENT); if (autoOn.equals(Constants.TRUE)) { - Credential creds[] = parseCredentialStr(agents); + Credential creds[] = parseCredentialStr( + agents); if (mKRA.setAutoRecoveryState(creds, true)) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_DRM, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); - sendResponse(SUCCESS, null, params, resp); + sendResponse(SUCCESS, null, params, + resp); return; } } else if (autoOn.equals(Constants.FALSE)) { if (mKRA.setAutoRecoveryState(null, false)) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_DRM, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); - sendResponse(SUCCESS, null, params, resp); + sendResponse(SUCCESS, null, params, + resp); return; } } @@ -507,17 +566,22 @@ public class KRAAdminServlet extends AdminServlet { } // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_DRM, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - throw new EBaseException( - CMS.getLogMessage("BASE_INVALID_OPERATION")); + throw new EBaseException(CMS.getLogMessage("BASE_INVALID_OPERATION")); } catch (EBaseException eAudit1) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_DRM, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -528,17 +592,19 @@ public class KRAAdminServlet extends AdminServlet { /** * Reads auto recovery status. - * + * * @param req HTTP request * @param resp HTTP response */ - private synchronized void readAutoRecoveryConfig(HttpServletRequest req, - HttpServletResponse resp) throws EBaseException { + private synchronized void readAutoRecoveryConfig( + HttpServletRequest req, HttpServletResponse resp) + throws EBaseException { try { NameValuePairs params = new NameValuePairs(); - params.add(Constants.PR_AUTO_RECOVERY_ON, mKRA - .getAutoRecoveryState() ? Constants.TRUE : Constants.FALSE); + params.add(Constants.PR_AUTO_RECOVERY_ON, + mKRA.getAutoRecoveryState() ? + Constants.TRUE : Constants.FALSE); sendResponse(SUCCESS, null, params, resp); } catch (IOException e) { throw new EBaseException( @@ -548,25 +614,26 @@ public class KRAAdminServlet extends AdminServlet { /** * Reads recovery configuration. - * + * * @param req HTTP request * @param resp HTTP response */ - private synchronized void readRecoveryConfig(HttpServletRequest req, - HttpServletResponse resp) throws EBaseException { + private synchronized void readRecoveryConfig( + HttpServletRequest req, HttpServletResponse resp) + throws EBaseException { try { IStorageKeyUnit sku = mKRA.getStorageKeyUnit(); NameValuePairs params = new NameValuePairs(); - params.add(Constants.PR_RECOVERY_N, - Integer.toString(sku.getNoOfAgents())); - params.add(Constants.PR_RECOVERY_M, - Integer.toString(sku.getNoOfRequiredAgents())); + params.add(Constants.PR_RECOVERY_N, + Integer.toString(sku.getNoOfAgents())); + params.add(Constants.PR_RECOVERY_M, + Integer.toString(sku.getNoOfRequiredAgents())); Enumeration e = sku.getAgentIdentifiers(); StringBuffer as = new StringBuffer(); while (e.hasMoreElements()) { - as.append((String) e.nextElement()); + as.append((String)e.nextElement()); if (e.hasMoreElements()) { as.append(","); } @@ -581,12 +648,13 @@ public class KRAAdminServlet extends AdminServlet { /** * Reads information about auto recovery agents. - * + * * @param req HTTP request * @param resp HTTP response */ - private synchronized void readAutoRecoveryAgents(HttpServletRequest req, - HttpServletResponse resp) throws EBaseException { + private synchronized void readAutoRecoveryAgents( + HttpServletRequest req, HttpServletResponse resp) + throws EBaseException { try { // send the entire list anyway NameValuePairs params = new NameValuePairs(); @@ -600,9 +668,8 @@ public class KRAAdminServlet extends AdminServlet { } } params.add(Constants.PR_GROUP_USER, users.toString()); - params.add(Constants.PR_GROUP_DESC, "Auto Recovery Agents"); // XXX - // - - // localized + params.add(Constants.PR_GROUP_DESC, + "Auto Recovery Agents"); // XXX - localized sendResponse(SUCCESS, null, params, resp); } catch (IOException e) { throw new EBaseException( @@ -612,26 +679,31 @@ public class KRAAdminServlet extends AdminServlet { /** * Modifies information about auto recovery agents. - * + * * @param req HTTP request * @param resp HTTP response */ - private synchronized void modifyAutoRecoveryAgents(HttpServletRequest req, - HttpServletResponse resp) throws EBaseException { + private synchronized void modifyAutoRecoveryAgents( + HttpServletRequest req, HttpServletResponse resp) + throws EBaseException { Vector v = new Vector(); - String users = getParameter(req, Constants.PR_GROUP_USER); + String users = getParameter(req, + Constants.PR_GROUP_USER); StringTokenizer st = new StringTokenizer(users, ","); while (st.hasMoreTokens()) { v.addElement(st.nextToken()); } - String desc = getParameter(req, Constants.PR_GROUP_DESC); - String agents = getParameter(req, Constants.PR_RECOVERY_AGENT); - Credential creds[] = parseCredentialStr(agents); + String desc = getParameter(req, + Constants.PR_GROUP_DESC); + String agents = getParameter(req, + Constants.PR_RECOVERY_AGENT); + Credential creds[] = parseCredentialStr( + agents); // XXX - check if the given password matched // put ids into hashtable so that we can // figure out what should be saved and deleted - Enumeration e = mKRA.getAutoRecoveryIDs(); + Enumeration e = mKRA.getAutoRecoveryIDs(); Hashtable h = new Hashtable(); while (e.hasMoreElements()) { @@ -653,13 +725,14 @@ public class KRAAdminServlet extends AdminServlet { Enumeration dels = h.keys(); while (dels.hasMoreElements()) { - mKRA.removeAutoRecovery((String) dels.nextElement()); + mKRA.removeAutoRecovery((String) + dels.nextElement()); } } /** * Parses uid0=pwd0,uid1=pwd1,... into AgentCredential. - * + * * @param s credential string * @return a list of credentials */ @@ -671,7 +744,8 @@ public class KRAAdminServlet extends AdminServlet { String a = st.nextToken(); StringTokenizer st0 = new StringTokenizer(a, "="); - v.addElement(new Credential(st0.nextToken(), st0.nextToken())); + v.addElement(new Credential(st0.nextToken(), + st0.nextToken())); } Credential ac[] = new Credential[v.size()]; @@ -683,13 +757,14 @@ public class KRAAdminServlet extends AdminServlet { * handle getting request in queue notification config info */ private void getNotificationRIQConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); IConfigStore config = mKRA.getConfigStore(); - IConfigStore nc = config.getSubStore(mKRA.PROP_NOTIFY_SUBSTORE); + IConfigStore nc = + config.getSubStore(mKRA.PROP_NOTIFY_SUBSTORE); IConfigStore riq = nc.getSubStore(mKRA.PROP_REQ_IN_Q_SUBSTORE); @@ -709,21 +784,20 @@ public class KRAAdminServlet extends AdminServlet { params.add(name, riq.getString(name, "")); } - params.add(Constants.PR_ENABLE, - riq.getString(PROP_ENABLED, Constants.FALSE)); - // System.out.println("Send: "+params.toString()); + params.add(Constants.PR_ENABLE, + riq.getString(PROP_ENABLED, Constants.FALSE)); + //System.out.println("Send: "+params.toString()); sendResponse(SUCCESS, null, params, resp); } /** * Handle setting request in queue notification config info * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_DRM used when configuring * DRM (Key recovery scheme, change of any secret component) * </ul> - * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred @@ -731,8 +805,8 @@ public class KRAAdminServlet extends AdminServlet { * @exception EBaseException an error has occurred */ private void setNotificationRIQConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -740,11 +814,12 @@ public class KRAAdminServlet extends AdminServlet { // to the signed audit log and stored as failures try { IConfigStore config = mKRA.getConfigStore(); - IConfigStore nc = config.getSubStore(mKRA.PROP_NOTIFY_SUBSTORE); + IConfigStore nc = + config.getSubStore(mKRA.PROP_NOTIFY_SUBSTORE); IConfigStore riq = nc.getSubStore(mKRA.PROP_REQ_IN_Q_SUBSTORE); - // set rest of the parameters + //set rest of the parameters Enumeration e = req.getParameterNames(); while (e.hasMoreElements()) { @@ -773,16 +848,22 @@ public class KRAAdminServlet extends AdminServlet { commit(true); // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, ILogger.SUCCESS, auditParams(req)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_DRM, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); sendResponse(SUCCESS, null, null, resp); } catch (EBaseException eAudit1) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_DRM, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -790,25 +871,28 @@ public class KRAAdminServlet extends AdminServlet { throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_DRM, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_DRM, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_DRM, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java index 45e63061..58e4dbdf 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; + import java.io.IOException; import java.util.Enumeration; import java.util.Hashtable; @@ -44,11 +45,13 @@ import com.netscape.certsrv.logging.ILogSubsystem; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.logging.LogPlugin; + /** - * A class representings an administration servlet for logging subsystem. This - * servlet is responsible to serve logging administrative operation such as - * configuration parameter updates and log retriever. - * + * A class representings an administration servlet for logging + * subsystem. This servlet is responsible to serve + * logging administrative operation such as configuration + * parameter updates and log retriever. + * * @version $Revision$, $Date$ */ public class LogAdminServlet extends AdminServlet { @@ -66,9 +69,12 @@ public class LogAdminServlet extends AdminServlet { private final static String EDIT = ";" + Constants.EDIT; private final static String SIGNED_AUDIT_LOG_TYPE = "SignedAudit"; - private final static String LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT = "LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT_3"; - private final static String LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE = "LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE_4"; - private final static String LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE = "LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE_4"; + private final static String LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT = + "LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT_3"; + private final static String LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE = + "LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE_4"; + private final static String LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE = + "LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE_4"; /** * Constructs Log servlet. @@ -108,14 +114,15 @@ public class LogAdminServlet extends AdminServlet { * Serves HTTP admin request. */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { super.service(req, resp); String op = req.getParameter(Constants.OP_TYPE); if (op == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), + null, resp); return; } @@ -130,16 +137,16 @@ public class LogAdminServlet extends AdminServlet { if (scope.equals(ScopeDef.SC_EXTENDED_PLUGIN_INFO)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } try { getExtendedPluginInfo(req, resp); return; } catch (EBaseException e) { - sendResponse(ERROR, e.toString(getLocale(req)), null, - resp); + sendResponse(ERROR, e.toString(getLocale(req)), null, resp); return; } } @@ -147,8 +154,9 @@ public class LogAdminServlet extends AdminServlet { if (op.equals(OpDef.OP_READ)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } @@ -161,15 +169,17 @@ public class LogAdminServlet extends AdminServlet { } else if (scope.equals(ScopeDef.SC_GENERAL)) { getGeneralConfig(req, resp); } else { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else if (op.equals(OpDef.OP_DELETE)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } @@ -180,15 +190,17 @@ public class LogAdminServlet extends AdminServlet { delLogInst(req, resp, scope); return; } else { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else if (op.equals(OpDef.OP_ADD)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } @@ -199,16 +211,18 @@ public class LogAdminServlet extends AdminServlet { addLogInst(req, resp, scope); return; } else { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else if (op.equals(OpDef.OP_MODIFY)) { AUTHZ_RES_NAME = "certServer.log.configuration"; mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } @@ -218,15 +232,17 @@ public class LogAdminServlet extends AdminServlet { } else if (scope.equals(ScopeDef.SC_GENERAL)) { setGeneralConfig(req, resp); } else { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else if (op.equals(OpDef.OP_SEARCH)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_LOG_IMPLS)) { @@ -239,74 +255,70 @@ public class LogAdminServlet extends AdminServlet { listLogInsts(req, resp, false); return; } else if (scope.equals(ScopeDef.SC_LOG_CONTENT)) { - String instName = req - .getParameter(Constants.PR_LOG_INSTANCE); + String instName = req.getParameter(Constants.PR_LOG_INSTANCE); if (instName.equals("System")) { AUTHZ_RES_NAME = "certServer.log.content.system"; } else if (instName.equals("Transactions")) { AUTHZ_RES_NAME = "certServer.log.content.transactions"; - } else if (instName - .equals(Constants.PR_LOG_SIGNED_AUDIT)) { + } else if (instName.equals(Constants.PR_LOG_SIGNED_AUDIT)) { AUTHZ_RES_NAME = "certServer.log.content.signedAudit"; } mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage( - getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } - ILogEventListener loginst = mSys - .getLogInstance(instName); + ILogEventListener loginst = + mSys.getLogInstance(instName); if (loginst != null) { - NameValuePairs nvps = loginst - .retrieveLogContent(toHashtable(req)); + NameValuePairs nvps = loginst.retrieveLogContent(toHashtable(req)); sendResponse(SUCCESS, null, nvps, resp); } return; } else if (scope.equals(ScopeDef.SC_LOG_ARCH)) { - String instName = req - .getParameter(Constants.PR_LOG_INSTANCE); + String instName = req.getParameter(Constants.PR_LOG_INSTANCE); if (instName.equals("System")) { AUTHZ_RES_NAME = "certServer.log.content.system"; } else if (instName.equals("Transactions")) { AUTHZ_RES_NAME = "certServer.log.content.transactions"; - } else if (instName - .equals(Constants.PR_LOG_SIGNED_AUDIT)) { + } else if (instName.equals(Constants.PR_LOG_SIGNED_AUDIT)) { AUTHZ_RES_NAME = "certServer.log.content.signedAudit"; } mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage( - getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } - ILogEventListener loginst = mSys - .getLogInstance(instName); + ILogEventListener loginst = + mSys.getLogInstance(instName); if (loginst != null) { - NameValuePairs nvps = loginst - .retrieveLogList(toHashtable(req)); + NameValuePairs nvps = loginst.retrieveLogList(toHashtable(req)); sendResponse(SUCCESS, null, nvps, resp); } return; } else { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), + null, resp); return; } } @@ -316,15 +328,16 @@ public class LogAdminServlet extends AdminServlet { } catch (Exception e) { System.out.println("XXX >>>" + e.toString() + "<<<"); e.printStackTrace(); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), + null, resp); } return; } - private synchronized void listLogInsts(HttpServletRequest req, - HttpServletResponse resp, boolean all) throws ServletException, + private synchronized void listLogInsts(HttpServletRequest req, + HttpServletResponse resp, boolean all) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -333,14 +346,14 @@ public class LogAdminServlet extends AdminServlet { for (; e.hasMoreElements();) { String name = (String) e.nextElement(); - ILogEventListener value = ((ILogSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_LOG)).getLogInstance(name); + ILogEventListener value = ((ILogSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_LOG)).getLogInstance(name); if (value == null) continue; String pName = mSys.getLogPluginName(value); - LogPlugin pClass = (LogPlugin) mSys.getLogPlugins().get(pName); - String c = pClass.getClassPath(); + LogPlugin pClass = (LogPlugin) + mSys.getLogPlugins().get(pName); + String c = pClass.getClassPath(); // not show ntEventlog here if (all || (!all && !c.endsWith("NTEventLog"))) @@ -350,30 +363,28 @@ public class LogAdminServlet extends AdminServlet { return; } - /** - * retrieve extended plugin info such as brief description, type info from - * logging + /** + * retrieve extended plugin info such as brief description, type info + * from logging */ private void getExtendedPluginInfo(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); int colon = id.indexOf(':'); String implType = id.substring(0, colon); String implName = id.substring(colon + 1); - NameValuePairs params = getExtendedPluginInfo(getLocale(req), implType, - implName); + NameValuePairs params = getExtendedPluginInfo(getLocale(req), implType, implName); sendResponse(SUCCESS, null, params, resp); } - private NameValuePairs getExtendedPluginInfo(Locale locale, - String implType, String implName) { - IExtendedPluginInfo ext_info = null; + private NameValuePairs getExtendedPluginInfo(Locale locale, String implType, String implName) { + IExtendedPluginInfo ext_info = null; Object impl = null; - LogPlugin lp = (LogPlugin) mSys.getLogPlugins().get(implName); + LogPlugin lp = (LogPlugin) mSys.getLogPlugins().get(implName); if (lp != null) { impl = getClassByNameAsExtendedPluginInfo(lp.getClassPath()); @@ -389,8 +400,7 @@ public class LogAdminServlet extends AdminServlet { if (ext_info == null) { nvps = new NameValuePairs(); } else { - nvps = convertStringArrayToNVPairs(ext_info - .getExtendedPluginInfo(locale)); + nvps = convertStringArrayToNVPairs(ext_info.getExtendedPluginInfo(locale)); } return nvps; @@ -400,12 +410,11 @@ public class LogAdminServlet extends AdminServlet { /** * Add log plug-in * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when * configuring signedAudit * </ul> - * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of the log's substore @@ -413,9 +422,9 @@ public class LogAdminServlet extends AdminServlet { * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void addLogPlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, - IOException, EBaseException { + private synchronized void addLogPlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -433,19 +442,22 @@ public class LogAdminServlet extends AdminServlet { } if (id == null) { - // System.out.println("SRVLT_NULL_RS_ID"); + //System.out.println("SRVLT_NULL_RS_ID"); // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); } - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -454,17 +466,17 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); } - sendResponse( - ERROR, - new ELogException(CMS.getUserMessage(getLocale(req), - "CMS_LOG_SRVLT_ILL_PLUGIN_ID", id)).toString(), - null, resp); + sendResponse(ERROR, + new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ILL_PLUGIN_ID", id)).toString(), + null, resp); return; } @@ -474,21 +486,25 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); } - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_LOG_SRVLT_NULL_CLASS"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_NULL_CLASS"), + null, resp); return; } IConfigStore destStore = null; destStore = mConfig.getSubStore("log"); - IConfigStore instancesConfig = destStore.getSubStore("impl"); + IConfigStore instancesConfig = + destStore.getSubStore("impl"); // Does the class exist? Class newImpl = null; @@ -499,27 +515,33 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); } - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_LOG_SRVLT_NO_CLASS"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_NO_CLASS"), + null, resp); return; } catch (IllegalArgumentException e) { // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); } - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_LOG_SRVLT_NO_CLASS"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_NO_CLASS"), + null, resp); return; } @@ -529,30 +551,34 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); } - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_LOG_SRVLT_ILL_CLASS"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ILL_CLASS"), + null, resp); return; } - } catch (NullPointerException e) { // unlikely, only if newImpl - // null. + } catch (NullPointerException e) { // unlikely, only if newImpl null. // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); } - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_LOG_SRVLT_ILL_CLASS"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ILL_CLASS"), + null, resp); return; } @@ -564,19 +590,22 @@ public class LogAdminServlet extends AdminServlet { try { mConfig.commit(true); } catch (EBaseException e) { - // System.out.println("SRVLT_FAIL_COMMIT"); + //System.out.println("SRVLT_FAIL_COMMIT"); // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); } - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -590,8 +619,10 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); } @@ -599,39 +630,41 @@ public class LogAdminServlet extends AdminServlet { sendResponse(SUCCESS, null, params, resp); return; // } catch( EBaseException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit1; + // // rethrow the specific exception to be handled later + // throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } @@ -648,12 +681,11 @@ public class LogAdminServlet extends AdminServlet { /** * Add log instance * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when * configuring signedAudit * </ul> - * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of the log's substore @@ -661,9 +693,9 @@ public class LogAdminServlet extends AdminServlet { * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void addLogInst(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, - IOException, EBaseException { + private synchronized void addLogInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -684,14 +716,17 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); } - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -699,13 +734,16 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); } - sendResponse(ERROR, "Invalid ID '" + id + "'", null, resp); + sendResponse(ERROR, "Invalid ID '" + id + "'", + null, resp); return; } @@ -713,60 +751,71 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); } - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_LOG_SRVLT_ILL_INST_ID"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ILL_INST_ID"), + null, resp); return; } // get required parameters - String implname = req.getParameter(Constants.PR_LOG_IMPL_NAME); + String implname = req.getParameter( + Constants.PR_LOG_IMPL_NAME); if (implname == null) { // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); } - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_LOG_SRVLT_ADD_MISSING_PARAMS"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ADD_MISSING_PARAMS"), + null, resp); return; } // check if implementation exists. - LogPlugin plugin = (LogPlugin) mSys.getLogPlugins().get(implname); + LogPlugin plugin = + (LogPlugin) mSys.getLogPlugins().get( + implname); if (plugin == null) { // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); } - sendResponse( - ERROR, - new ELogPluginNotFound(CMS.getUserMessage( - getLocale(req), "CMS_LOG_PLUGIN_NOT_FOUND", - implname)).toString(), null, resp); + sendResponse(ERROR, + new ELogPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_PLUGIN_NOT_FOUND",implname)).toString(), + null, resp); return; } Vector configParams = mSys.getLogDefaultParams(implname); - IConfigStore destStore = mConfig.getSubStore("log"); - IConfigStore instancesConfig = destStore.getSubStore("instance"); + IConfigStore destStore = + mConfig.getSubStore("log"); + IConfigStore instancesConfig = + destStore.getSubStore("instance"); IConfigStore substore = instancesConfig.makeSubStore(id); if (configParams != null) { @@ -776,16 +825,17 @@ public class LogAdminServlet extends AdminServlet { String val = req.getParameter(kv.substring(0, index)); if (val == null) { - substore.put(kv.substring(0, index), - kv.substring(index + 1)); + substore.put(kv.substring(0, index), + kv.substring(index + 1)); } else { - substore.put(kv.substring(0, index), val); + substore.put(kv.substring(0, index), + val); } } } substore.put("pluginName", implname); - // Fix Blackflag Bug #615603: Currently, although expiring log + // Fix Blackflag Bug #615603: Currently, although expiring log // files is no longer supported, it is still a required parameter // that must be present during the creation and modification of // custom log plugins. @@ -796,8 +846,7 @@ public class LogAdminServlet extends AdminServlet { ILogEventListener logInst = null; try { - logInst = (ILogEventListener) Class.forName(className) - .newInstance(); + logInst = (ILogEventListener) Class.forName(className).newInstance(); } catch (ClassNotFoundException e) { // cleanup instancesConfig.removeSubStore(id); @@ -805,17 +854,17 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); } - sendResponse( - ERROR, - new ELogException(CMS.getUserMessage(getLocale(req), - "CMS_LOG_LOAD_CLASS_FAIL", className)) - .toString(), null, resp); + sendResponse(ERROR, + new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), + null, resp); return; } catch (InstantiationException e) { instancesConfig.removeSubStore(id); @@ -823,17 +872,17 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); } - sendResponse( - ERROR, - new ELogException(CMS.getUserMessage(getLocale(req), - "CMS_LOG_LOAD_CLASS_FAIL", className)) - .toString(), null, resp); + sendResponse(ERROR, + new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { instancesConfig.removeSubStore(id); @@ -841,17 +890,17 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); } - sendResponse( - ERROR, - new ELogException(CMS.getUserMessage(getLocale(req), - "CMS_LOG_LOAD_CLASS_FAIL", className)) - .toString(), null, resp); + sendResponse(ERROR, + new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), + null, resp); return; } @@ -865,8 +914,10 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); } @@ -879,8 +930,10 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); } @@ -899,14 +952,17 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); } - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -920,8 +976,10 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); } @@ -929,62 +987,66 @@ public class LogAdminServlet extends AdminServlet { sendResponse(SUCCESS, null, params, resp); return; // } catch( EBaseException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit1; + // // rethrow the specific exception to be handled later + // throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } - private synchronized void listLogPlugins(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + private synchronized void listLogPlugins(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration e = mSys.getLogPlugins().keys(); while (e.hasMoreElements()) { String name = (String) e.nextElement(); - LogPlugin value = (LogPlugin) mSys.getLogPlugins().get(name); + LogPlugin value = (LogPlugin) + mSys.getLogPlugins().get(name); // get Description - String c = value.getClassPath(); + String c = value.getClassPath(); String desc = "unknown"; try { - ILogEventListener lp = (ILogEventListener) Class.forName(c) - .newInstance(); + ILogEventListener lp = (ILogEventListener) + Class.forName(c).newInstance(); desc = lp.getDescription(); } catch (Exception exp) { - sendResponse(ERROR, exp.toString(), null, resp); + sendResponse(ERROR, exp.toString(), null, + resp); return; } params.add(name, value.getClassPath() + "," + desc); @@ -1006,12 +1068,11 @@ public class LogAdminServlet extends AdminServlet { /** * Delete log instance * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when * configuring signedAudit * </ul> - * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of the log's substore @@ -1019,9 +1080,9 @@ public class LogAdminServlet extends AdminServlet { * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void delLogInst(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, - IOException, EBaseException { + private synchronized void delLogInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1040,19 +1101,22 @@ public class LogAdminServlet extends AdminServlet { } if (id == null) { - // System.out.println("SRVLT_NULL_RS_ID"); + //System.out.println("SRVLT_NULL_RS_ID"); // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); } - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -1061,58 +1125,65 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); } - sendResponse( - ERROR, - new ELogNotFound(CMS.getUserMessage(getLocale(req), - "CMS_LOG_INSTANCE_NOT_FOUND", id)).toString(), - null, resp); + sendResponse(ERROR, + new ELogNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_INSTANCE_NOT_FOUND",id)).toString(), + null, resp); return; } // only remove from memory // cannot shutdown because we don't keep track of whether it's - // being used. - ILogEventListener logInst = (ILogEventListener) mSys - .getLogInstance(id); + // being used. + ILogEventListener logInst = (ILogEventListener) + mSys.getLogInstance(id); mSys.getLogInsts().remove((Object) id); // remove the configuration. - IConfigStore destStore = mConfig.getSubStore("log"); - IConfigStore instancesConfig = destStore.getSubStore("instance"); + IConfigStore destStore = + mConfig.getSubStore("log"); + IConfigStore instancesConfig = + destStore.getSubStore("instance"); instancesConfig.removeSubStore(id); // commiting try { mConfig.commit(true); } catch (EBaseException e) { - // System.out.println("SRVLT_FAIL_COMMIT"); + //System.out.println("SRVLT_FAIL_COMMIT"); // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); } - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); } @@ -1120,51 +1191,52 @@ public class LogAdminServlet extends AdminServlet { sendResponse(SUCCESS, null, params, resp); return; // } catch( EBaseException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit1; + // // rethrow the specific exception to be handled later + // throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } /** * Delete log plug-in * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when * configuring signedAudit * </ul> - * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of the log's substore @@ -1172,9 +1244,9 @@ public class LogAdminServlet extends AdminServlet { * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void delLogPlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, - IOException, EBaseException { + private synchronized void delLogPlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1193,19 +1265,22 @@ public class LogAdminServlet extends AdminServlet { } if (id == null) { - // System.out.println("SRVLT_NULL_RS_ID"); + //System.out.println("SRVLT_NULL_RS_ID"); // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); } - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -1213,23 +1288,24 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); } - sendResponse( - ERROR, - new ELogPluginNotFound(CMS.getUserMessage( - getLocale(req), "CMS_LOG_PLUGIN_NOT_FOUND", id)) - .toString(), null, resp); + sendResponse(ERROR, + new ELogPluginNotFound(CMS.getUserMessage(getLocale(req),"CMS_LOG_PLUGIN_NOT_FOUND",id)).toString(), + null, resp); return; } // first check if any instances from this log // DON'T remove log if any instance - for (Enumeration e = mSys.getLogInsts().keys(); e.hasMoreElements();) { + for (Enumeration e = mSys.getLogInsts().keys(); + e.hasMoreElements();) { String name = (String) e.nextElement(); ILogEventListener log = mSys.getLogInstance(name); @@ -1237,24 +1313,28 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); } - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_LOG_SRVLT_IN_USE"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_IN_USE"), + null, resp); return; } } - + // then delete this log mSys.getLogPlugins().remove((Object) id); - IConfigStore destStore = mConfig.getSubStore("log"); - IConfigStore instancesConfig = destStore.getSubStore("impl"); + IConfigStore destStore = + mConfig.getSubStore("log"); + IConfigStore instancesConfig = + destStore.getSubStore("impl"); instancesConfig.removeSubStore(id); // commiting @@ -1264,22 +1344,27 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); } - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); } @@ -1287,52 +1372,55 @@ public class LogAdminServlet extends AdminServlet { sendResponse(SUCCESS, null, params, resp); return; // } catch( EBaseException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit1; + // // rethrow the specific exception to be handled later + // throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } - private synchronized void getLogConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + private synchronized void getLogConfig(HttpServletRequest req, + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String implname = req.getParameter(Constants.RS_ID); if (implname == null) { - // System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + //System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -1346,47 +1434,50 @@ public class LogAdminServlet extends AdminServlet { String kv = (String) configParams.elementAt(i); int index = kv.indexOf('='); - params.add(kv.substring(0, index), kv.substring(index + 1)); + params.add(kv.substring(0, index), + kv.substring(index + 1)); } } sendResponse(0, null, params, resp); return; } - private synchronized void getLogInstConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + private synchronized void getLogInstConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - // System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + //System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // does log instance exist? if (mSys.getLogInsts().containsKey(id) == false) { - sendResponse( - ERROR, - new ELogNotFound(CMS.getUserMessage(getLocale(req), - "CMS_LOG_INSTANCE_NOT_FOUND", id)).toString(), - null, resp); + sendResponse(ERROR, + new ELogNotFound(CMS.getUserMessage(getLocale(req),"CMS_LOG_INSTANCE_NOT_FOUND",id)).toString(), + null, resp); return; } - ILogEventListener logInst = (ILogEventListener) mSys.getLogInstance(id); + ILogEventListener logInst = (ILogEventListener) + mSys.getLogInstance(id); Vector configParams = logInst.getInstanceParams(); NameValuePairs params = new NameValuePairs(); - params.add(Constants.PR_LOG_IMPL_NAME, getLogPluginName(logInst)); + params.add(Constants.PR_LOG_IMPL_NAME, + getLogPluginName(logInst)); // implName is always required so always send it. if (configParams != null) { for (int i = 0; i < configParams.size(); i++) { String kv = (String) configParams.elementAt(i); int index = kv.indexOf('='); - params.add(kv.substring(0, index), kv.substring(index + 1)); + params.add(kv.substring(0, index), + kv.substring(index + 1)); } } @@ -1397,19 +1488,18 @@ public class LogAdminServlet extends AdminServlet { /** * Modify log instance * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when * configuring signedAudit * <li>signed.audit LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE used when log file - * name (including any path changes) for any of audit, system, transaction, + * name (including any path changes) for any of audit, system, transaction, * or other customized log file change is attempted (authorization should * not allow, but make sure it's written after the attempt) * <li>signed.audit LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE used when log * expiration time change is attempted (authorization should not allow, but * make sure it's written after the attempt) * </ul> - * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of the log's substore @@ -1417,17 +1507,17 @@ public class LogAdminServlet extends AdminServlet { * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void modLogInst(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, - IOException, EBaseException { + private synchronized void modLogInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String logType = null; String origLogPath = req.getParameter(Constants.PR_LOG_FILENAME); String newLogPath = origLogPath; - String origExpirationTime = req - .getParameter(Constants.PR_LOG_EXPIRED_TIME); + String origExpirationTime = req.getParameter( + Constants.PR_LOG_EXPIRED_TIME); String newExpirationTime = origExpirationTime; // ensure that any low-level exceptions are reported @@ -1460,19 +1550,22 @@ public class LogAdminServlet extends AdminServlet { } if (id == null) { - // System.out.println("SRVLT_NULL_RS_ID"); + //System.out.println("SRVLT_NULL_RS_ID"); // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); } - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -1481,14 +1574,17 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); } - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_LOG_SRVLT_ILL_INST_ID"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ILL_INST_ID"), + null, resp); return; } @@ -1499,43 +1595,45 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); } - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_LOG_SRVLT_ADD_MISSING_PARAMS"), + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ADD_MISSING_PARAMS"), - null, resp); + null, resp); return; } // get plugin for implementation - LogPlugin plugin = (LogPlugin) mSys.getLogPlugins().get(implname); + LogPlugin plugin = + (LogPlugin) mSys.getLogPlugins().get(implname); if (plugin == null) { // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); } - sendResponse( - ERROR, - new ELogPluginNotFound(CMS.getUserMessage( - getLocale(req), "CMS_LOG_PLUGIN_NOT_FOUND", - implname)).toString(), null, resp); + sendResponse(ERROR, + new ELogPluginNotFound(CMS.getUserMessage(getLocale(req),"CMS_LOG_PLUGIN_NOT_FOUND",implname)).toString(), null, resp); return; } // save old instance substore params in case new one fails. - ILogEventListener oldinst = (ILogEventListener) mSys - .getLogInstance(id); + ILogEventListener oldinst = + (ILogEventListener) mSys.getLogInstance(id); Vector oldConfigParms = oldinst.getInstanceParams(); NameValuePairs saveParams = new NameValuePairs(); @@ -1547,7 +1645,7 @@ public class LogAdminServlet extends AdminServlet { int index = kv.indexOf('='); saveParams.add(kv.substring(0, index), - kv.substring(index + 1)); + kv.substring(index + 1)); } } @@ -1555,26 +1653,28 @@ public class LogAdminServlet extends AdminServlet { // remove old substore. - IConfigStore destStore = mConfig.getSubStore("log"); - IConfigStore instancesConfig = destStore.getSubStore("instance"); + IConfigStore destStore = + mConfig.getSubStore("log"); + IConfigStore instancesConfig = + destStore.getSubStore("instance"); // create new substore. Vector configParams = mSys.getLogInstanceParams(id); - // instancesConfig.removeSubStore(id); + //instancesConfig.removeSubStore(id); IConfigStore substore = instancesConfig.makeSubStore(id); substore.put("pluginName", implname); - // Fix Blackflag Bug #615603: Currently, although expiring log + // Fix Blackflag Bug #615603: Currently, although expiring log // files is no longer supported, it is still a required parameter // that must be present during the creation and modification of // custom log plugins. substore.put("expirationTime", "0"); - // IMPORTANT: save a copy of the original log file path + // IMPORTANT: save a copy of the original log file path origLogPath = substore.getString(Constants.PR_LOG_FILENAME); newLogPath = origLogPath; @@ -1586,9 +1686,9 @@ public class LogAdminServlet extends AdminServlet { newLogPath = ""; } - // IMPORTANT: save a copy of the original log expiration time - origExpirationTime = substore - .getString(Constants.PR_LOG_EXPIRED_TIME); + // IMPORTANT: save a copy of the original log expiration time + origExpirationTime = substore.getString( + Constants.PR_LOG_EXPIRED_TIME); newExpirationTime = origExpirationTime; if (origExpirationTime != null) { @@ -1601,14 +1701,16 @@ public class LogAdminServlet extends AdminServlet { if (configParams != null) { for (int i = 0; i < configParams.size(); i++) { - AUTHZ_RES_NAME = "certServer.log.configuration"; + AUTHZ_RES_NAME = + "certServer.log.configuration"; String kv = (String) configParams.elementAt(i); int index = kv.indexOf('='); String key = kv.substring(0, index); String val = req.getParameter(key); - if (key.equals("level")) { - if (val.equals(ILogger.LL_DEBUG_STRING)) + if + (key.equals("level")) { + if (val.equals(ILogger.LL_DEBUG_STRING)) val = "0"; else if (val.equals(ILogger.LL_INFO_STRING)) val = "1"; @@ -1625,8 +1727,9 @@ public class LogAdminServlet extends AdminServlet { } - if (key.equals("rolloverInterval")) { - if (val.equals("Hourly")) + if + (key.equals("rolloverInterval")) { + if (val.equals("Hourly")) val = Integer.toString(60 * 60); else if (val.equals("Daily")) val = Integer.toString(60 * 60 * 24); @@ -1638,7 +1741,8 @@ public class LogAdminServlet extends AdminServlet { val = Integer.toString(60 * 60 * 24 * 365); } - if (key.equals(Constants.PR_LOG_TYPE)) { + if + (key.equals(Constants.PR_LOG_TYPE)) { type = val; } @@ -1649,18 +1753,19 @@ public class LogAdminServlet extends AdminServlet { val = val.trim(); newLogPath = val; if (!val.equals(origVal.trim())) { - AUTHZ_RES_NAME = "certServer.log.configuration.fileName"; + AUTHZ_RES_NAME = + "certServer.log.configuration.fileName"; mOp = "modify"; if ((mToken = super.authorize(req)) == null) { // store a message in the signed audit log // file (regardless of logType) if (!(newLogPath.equals(origLogPath))) { - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE, - auditSubjectID, - ILogger.FAILURE, - logType, newLogPath); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE, + auditSubjectID, + ILogger.FAILURE, + logType, + newLogPath); audit(auditMessage); } @@ -1668,57 +1773,68 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log // file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); } - sendResponse(ERROR, CMS.getUserMessage( - getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } } } - /* - * if (key.equals("expirationTime")) { String origVal = - * substore.getString(key); - * - * val = val.trim(); newExpirationTime = val; if - * (!val.equals(origVal.trim())) { if - * (id.equals(SIGNED_AUDIT_LOG_TYPE)) { AUTHZ_RES_NAME = - * "certServer.log.configuration.signedAudit.expirationTime" - * ; } mOp = "modify"; if ((mToken = - * super.authorize(req)) == null) { // store a message - * in the signed audit log // file (regardless of - * logType) if - * (!(newExpirationTime.equals(origExpirationTime))) { - * auditMessage = CMS.getLogMessage( - * LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, - * auditSubjectID, ILogger.FAILURE, logType, - * newExpirationTime); - * - * audit(auditMessage); } - * - * // store a message in the signed audit log // file if - * (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { - * auditMessage = CMS.getLogMessage( - * LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - * auditSubjectID, ILogger.FAILURE, auditParams(req)); - * - * audit(auditMessage); } - * - * sendResponse(ERROR, - * CMS.getUserMessage(getLocale(req), - * "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; - * } } } - */ +/* + if (key.equals("expirationTime")) { + String origVal = substore.getString(key); + + val = val.trim(); + newExpirationTime = val; + if (!val.equals(origVal.trim())) { + if (id.equals(SIGNED_AUDIT_LOG_TYPE)) { + AUTHZ_RES_NAME = + "certServer.log.configuration.signedAudit.expirationTime"; + } + mOp = "modify"; + if ((mToken = super.authorize(req)) == null) { + // store a message in the signed audit log + // file (regardless of logType) + if (!(newExpirationTime.equals(origExpirationTime))) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, + auditSubjectID, + ILogger.FAILURE, + logType, + newExpirationTime); + + audit(auditMessage); + } + + // store a message in the signed audit log + // file + if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); + + audit(auditMessage); + } + + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); + return; + } + } + } +*/ substore.put(key, val); } } @@ -1730,8 +1846,8 @@ public class LogAdminServlet extends AdminServlet { ILogEventListener newMgrInst = null; try { - newMgrInst = (ILogEventListener) Class.forName(className) - .newInstance(); + newMgrInst = (ILogEventListener) + Class.forName(className).newInstance(); } catch (ClassNotFoundException e) { // check to see if the log file path parameter was changed newLogPath = auditCheckLogPath(req); @@ -1746,9 +1862,11 @@ public class LogAdminServlet extends AdminServlet { // (regardless of logType) if (!(newLogPath.equals(origLogPath))) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE, - auditSubjectID, ILogger.FAILURE, logType, - newLogPath); + LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE, + auditSubjectID, + ILogger.FAILURE, + logType, + newLogPath); audit(auditMessage); } @@ -1756,35 +1874,38 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file // (regardless of logType) /* - * if (!(newExpirationTime.equals(origExpirationTime))) { - * auditMessage = CMS.getLogMessage( - * LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, auditSubjectID, - * ILogger.FAILURE, logType, newExpirationTime); - * - * audit(auditMessage); } - */ + if (!(newExpirationTime.equals(origExpirationTime))) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, + auditSubjectID, + ILogger.FAILURE, + logType, + newExpirationTime); + + audit(auditMessage); + }*/ // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); } - sendResponse( - ERROR, - new ELogException(CMS.getUserMessage(getLocale(req), - "CMS_LOG_LOAD_CLASS_FAIL", className)) - .toString(), null, resp); + sendResponse(ERROR, + new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), + null, resp); return; } catch (InstantiationException e) { // check to see if the log file path parameter was changed newLogPath = auditCheckLogPath(req); // check to see if the log expiration time parameter was changed - // newExpirationTime = auditCheckLogExpirationTime(req); + //newExpirationTime = auditCheckLogExpirationTime(req); restore(instancesConfig, id, saveParams); @@ -1792,45 +1913,49 @@ public class LogAdminServlet extends AdminServlet { // (regardless of logType) if (!(newLogPath.equals(origLogPath))) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE, - auditSubjectID, ILogger.FAILURE, logType, - newLogPath); + LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE, + auditSubjectID, + ILogger.FAILURE, + logType, + newLogPath); audit(auditMessage); } // store a message in the signed audit log file // (regardless of logType) - /* - * if (!(newExpirationTime.equals(origExpirationTime))) { - * auditMessage = CMS.getLogMessage( - * LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, auditSubjectID, - * ILogger.FAILURE, logType, newExpirationTime); - * - * audit(auditMessage); } - */ + /*if (!(newExpirationTime.equals(origExpirationTime))) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, + auditSubjectID, + ILogger.FAILURE, + logType, + newExpirationTime); + + audit(auditMessage); + }*/ // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); } - sendResponse( - ERROR, - new ELogException(CMS.getUserMessage(getLocale(req), - "CMS_LOG_LOAD_CLASS_FAIL", className)) - .toString(), null, resp); + sendResponse(ERROR, + new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { // check to see if the log file path parameter was changed newLogPath = auditCheckLogPath(req); // check to see if the log expiration time parameter was changed - // newExpirationTime = auditCheckLogExpirationTime(req); + //newExpirationTime = auditCheckLogExpirationTime(req); restore(instancesConfig, id, saveParams); @@ -1838,43 +1963,47 @@ public class LogAdminServlet extends AdminServlet { // (regardless of logType) if (!(newLogPath.equals(origLogPath))) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE, - auditSubjectID, ILogger.FAILURE, logType, - newLogPath); + LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE, + auditSubjectID, + ILogger.FAILURE, + logType, + newLogPath); audit(auditMessage); } // store a message in the signed audit log file // (regardless of logType) - /* - * if (!(newExpirationTime.equals(origExpirationTime))) { - * auditMessage = CMS.getLogMessage( - * LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, auditSubjectID, - * ILogger.FAILURE, logType, newExpirationTime); - * - * audit(auditMessage); } - */ + /* if (!(newExpirationTime.equals(origExpirationTime))) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, + auditSubjectID, + ILogger.FAILURE, + logType, + newExpirationTime); + + audit(auditMessage); + } */ // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); } - sendResponse( - ERROR, - new ELogException(CMS.getUserMessage(getLocale(req), - "CMS_LOG_LOAD_CLASS_FAIL", className)) - .toString(), null, resp); + sendResponse(ERROR, + new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), + null, resp); return; } // initialize the log - // initialized ok. commiting + // initialized ok. commiting try { mConfig.commit(true); } catch (EBaseException e) { @@ -1886,52 +2015,58 @@ public class LogAdminServlet extends AdminServlet { // clean up. restore(instancesConfig, id, saveParams); - // System.out.println("SRVLT_FAIL_COMMIT"); + //System.out.println("SRVLT_FAIL_COMMIT"); // store a message in the signed audit log file // (regardless of logType) if (!(newLogPath.equals(origLogPath))) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE, - auditSubjectID, ILogger.FAILURE, logType, - newLogPath); + LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE, + auditSubjectID, + ILogger.FAILURE, + logType, + newLogPath); audit(auditMessage); } // store a message in the signed audit log file // (regardless of logType) - /* - * if (!(newExpirationTime.equals(origExpirationTime))) { - * auditMessage = CMS.getLogMessage( - * LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, auditSubjectID, - * ILogger.FAILURE, logType, newExpirationTime); - * - * audit(auditMessage); } - */ + /* if (!(newExpirationTime.equals(origExpirationTime))) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, + auditSubjectID, + ILogger.FAILURE, + logType, + newExpirationTime); + + audit(auditMessage); + }*/ // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); } - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } // commited ok. replace instance. - // REMOVED - we didn't do anything to shut off the old instance - // so, it will still be running at this point. You'd have two - // log isntances writing to the same file - this would be a big - // PROBLEM!!! + // REMOVED - we didn't do anything to shut off the old instance + // so, it will still be running at this point. You'd have two + // log isntances writing to the same file - this would be a big PROBLEM!!! - // mSys.getLogInsts().put(id, newMgrInst); + //mSys.getLogInsts().put(id, newMgrInst); NameValuePairs params = new NameValuePairs(); @@ -1939,34 +2074,41 @@ public class LogAdminServlet extends AdminServlet { newLogPath = auditCheckLogPath(req); // check to see if the log expiration time parameter was changed - // newExpirationTime = auditCheckLogExpirationTime(req); + //newExpirationTime = auditCheckLogExpirationTime(req); // store a message in the signed audit log file // (regardless of logType) if (!(newLogPath.equals(origLogPath))) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE, auditSubjectID, - ILogger.SUCCESS, logType, newLogPath); + LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE, + auditSubjectID, + ILogger.SUCCESS, + logType, + newLogPath); audit(auditMessage); } // store a message in the signed audit log file // (regardless of logType) - /* - * if (!(newExpirationTime.equals(origExpirationTime))) { - * auditMessage = CMS.getLogMessage( - * LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, auditSubjectID, - * ILogger.SUCCESS, logType, newExpirationTime); - * - * audit(auditMessage); } - */ + /*if (!(newExpirationTime.equals(origExpirationTime))) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, + auditSubjectID, + ILogger.SUCCESS, + logType, + newExpirationTime); + + audit(auditMessage); + }*/ // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); } @@ -1984,28 +2126,35 @@ public class LogAdminServlet extends AdminServlet { // (regardless of logType) if (!(newLogPath.equals(origLogPath))) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE, auditSubjectID, - ILogger.FAILURE, logType, newLogPath); + LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE, + auditSubjectID, + ILogger.FAILURE, + logType, + newLogPath); audit(auditMessage); } // store a message in the signed audit log file // (regardless of logType) - /* - * if (!(newExpirationTime.equals(origExpirationTime))) { - * auditMessage = CMS.getLogMessage( - * LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, auditSubjectID, - * ILogger.FAILURE, logType, newExpirationTime); - * - * audit(auditMessage); } - */ + /* if (!(newExpirationTime.equals(origExpirationTime))) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, + auditSubjectID, + ILogger.FAILURE, + logType, + newExpirationTime); + + audit(auditMessage); + } */ // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); } @@ -2023,28 +2172,35 @@ public class LogAdminServlet extends AdminServlet { // (regardless of logType) if (!(newLogPath.equals(origLogPath))) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE, auditSubjectID, - ILogger.FAILURE, logType, newLogPath); + LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE, + auditSubjectID, + ILogger.FAILURE, + logType, + newLogPath); audit(auditMessage); } // store a message in the signed audit log file // (regardless of logType) - /* - * if (!(newExpirationTime.equals(origExpirationTime))) { - * auditMessage = CMS.getLogMessage( - * LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, auditSubjectID, - * ILogger.FAILURE, logType, newExpirationTime); - * - * audit(auditMessage); } - */ + /*if (!(newExpirationTime.equals(origExpirationTime))) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, + auditSubjectID, + ILogger.FAILURE, + logType, + newExpirationTime); + + audit(auditMessage); + }*/ // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); } @@ -2052,72 +2208,74 @@ public class LogAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // check to see if the log file path parameter was changed - // newLogPath = auditCheckLogPath( req ); + // // check to see if the log file path parameter was changed + // newLogPath = auditCheckLogPath( req ); // - // // check to see if the log expiration time parameter was changed - // newExpirationTime = auditCheckLogExpirationTime( req ); + // // check to see if the log expiration time parameter was changed + // newExpirationTime = auditCheckLogExpirationTime( req ); // - // // store a message in the signed audit log file - // // (regardless of logType) - // if( !( newLogPath.equals( origLogPath ) ) ) { - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE, - // auditSubjectID, - // ILogger.FAILURE, - // logType, - // newLogPath ); + // // store a message in the signed audit log file + // // (regardless of logType) + // if( !( newLogPath.equals( origLogPath ) ) ) { + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE, + // auditSubjectID, + // ILogger.FAILURE, + // logType, + // newLogPath ); // - // audit( auditMessage ); - // } + // audit( auditMessage ); + // } // - // // store a message in the signed audit log file - // // (regardless of logType) - // if( !( newExpirationTime.equals( origExpirationTime ) ) ) { - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, - // auditSubjectID, - // ILogger.FAILURE, - // logType, - // newExpirationTime ); + // // store a message in the signed audit log file + // // (regardless of logType) + // if( !( newExpirationTime.equals( origExpirationTime ) ) ) { + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, + // auditSubjectID, + // ILogger.FAILURE, + // logType, + // newExpirationTime ); // - // audit( auditMessage ); - // } + // audit( auditMessage ); + // } // - // // store a message in the signed audit log file - // if( logType.equals( SIGNED_AUDIT_LOG_TYPE ) ) { - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // if( logType.equals( SIGNED_AUDIT_LOG_TYPE ) ) { + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); - // } + // audit( auditMessage ); + // } // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } /** - * used for getting the required configuration parameters (with possible - * default values) for a particular plugin implementation name specified in - * the RS_ID. Actually, there is no logic in here to set any default value - * here...there's no default value for any parameter in this log subsystem - * at this point. Later, if we do have one (or some), it can be added. The - * interface remains the same. + * used for getting the required configuration parameters (with + * possible default values) for a particular plugin + * implementation name specified in the RS_ID. Actually, there is + * no logic in here to set any default value here...there's no + * default value for any parameter in this log subsystem + * at this point. Later, if we do have one (or some), it can be + * added. The interface remains the same. */ - private synchronized void getConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + private synchronized void getConfig(HttpServletRequest req, + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String implname = req.getParameter(Constants.RS_ID); if (implname == null) { - // System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + //System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -2134,7 +2292,8 @@ public class LogAdminServlet extends AdminServlet { if (index == -1) { params.add(kv, ""); } else { - params.add(kv.substring(0, index), kv.substring(index + 1)); + params.add(kv.substring(0, index), + kv.substring(index + 1)); } } } @@ -2142,41 +2301,43 @@ public class LogAdminServlet extends AdminServlet { return; } - private synchronized void getInstConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + private synchronized void getInstConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - // System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + //System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // does log instance exist? if (mSys.getLogInsts().containsKey(id) == false) { - sendResponse( - ERROR, - new ELogNotFound(CMS.getUserMessage(getLocale(req), - "CMS_LOG_INSTANCE_NOT_FOUND", id)).toString(), - null, resp); + sendResponse(ERROR, + new ELogNotFound(CMS.getUserMessage(getLocale(req),"CMS_LOG_INSTANCE_NOT_FOUND",id)).toString(), + null, resp); return; } - ILogEventListener logInst = (ILogEventListener) mSys.getLogInstance(id); + ILogEventListener logInst = (ILogEventListener) + mSys.getLogInstance(id); Vector configParams = logInst.getInstanceParams(); NameValuePairs params = new NameValuePairs(); - params.add(Constants.PR_LOG_IMPL_NAME, getLogPluginName(logInst)); + params.add(Constants.PR_LOG_IMPL_NAME, + getLogPluginName(logInst)); // implName is always required so always send it. if (configParams != null) { for (int i = 0; i < configParams.size(); i++) { String kv = (String) configParams.elementAt(i); int index = kv.indexOf('='); - params.add(kv.substring(0, index), kv.substring(index + 1)); + params.add(kv.substring(0, index), + kv.substring(index + 1)); } } @@ -2185,8 +2346,8 @@ public class LogAdminServlet extends AdminServlet { } // convenience routine. - private static void restore(IConfigStore store, String id, - NameValuePairs saveParams) { + private static void restore(IConfigStore store, + String id, NameValuePairs saveParams) { store.removeSubStore(id); IConfigStore rstore = store.makeSubStore(id); @@ -2196,17 +2357,17 @@ public class LogAdminServlet extends AdminServlet { String key = (String) keys.nextElement(); String value = saveParams.getValue(key); - if (value != null) + if (value != null) rstore.put(key, value); } } /** * Signed Audit Check Log Path - * + * * This method is called to extract the log file path. * <P> - * + * * @param req http servlet request * @return a string containing the log file path */ @@ -2225,16 +2386,17 @@ public class LogAdminServlet extends AdminServlet { /** * Signed Audit Check Log Expiration Time - * + * * This method is called to extract the log expiration time. * <P> - * + * * @param req http servlet request * @return a string containing the log expiration time */ private String auditCheckLogExpirationTime(HttpServletRequest req) { // check to see if the log expiration time parameter was changed - String expirationTime = req.getParameter(Constants.PR_LOG_EXPIRED_TIME); + String expirationTime = req.getParameter( + Constants.PR_LOG_EXPIRED_TIME); if (expirationTime == null) { expirationTime = ""; @@ -2246,8 +2408,8 @@ public class LogAdminServlet extends AdminServlet { } private void getGeneralConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String value = "false"; @@ -2262,8 +2424,8 @@ public class LogAdminServlet extends AdminServlet { } private void setGeneralConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { Enumeration enum1 = req.getParameterNames(); boolean restart = false; @@ -2276,22 +2438,18 @@ public class LogAdminServlet extends AdminServlet { if (value.equals("true") || value.equals("false")) { mConfig.putString(Constants.PR_DEBUG_LOG_ENABLE, value); } else { - CMS.debug("setGeneralConfig: Invalid value for " - + Constants.PR_DEBUG_LOG_ENABLE + ": " + value); - throw new EBaseException("Invalid value for " - + Constants.PR_DEBUG_LOG_ENABLE); + CMS.debug("setGeneralConfig: Invalid value for " + Constants.PR_DEBUG_LOG_ENABLE + ": " + value); + throw new EBaseException("Invalid value for " + Constants.PR_DEBUG_LOG_ENABLE); } } else if (key.equals(Constants.PR_DEBUG_LOG_LEVEL)) { try { int number = Integer.parseInt(value); mConfig.putString(Constants.PR_DEBUG_LOG_LEVEL, value); } catch (NumberFormatException e) { - CMS.debug("setGeneralConfig: Invalid value for " - + Constants.PR_DEBUG_LOG_LEVEL + ": " + value); - throw new EBaseException("Invalid value for " - + Constants.PR_DEBUG_LOG_LEVEL); + CMS.debug("setGeneralConfig: Invalid value for " + Constants.PR_DEBUG_LOG_LEVEL + ": " + value); + throw new EBaseException("Invalid value for " + Constants.PR_DEBUG_LOG_LEVEL); } - } + } } mConfig.commit(true); @@ -2303,3 +2461,4 @@ public class LogAdminServlet extends AdminServlet { } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/OCSPAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/OCSPAdminServlet.java index 01b1edd0..9464f48f 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/OCSPAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/OCSPAdminServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; + import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -38,11 +39,13 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.ocsp.IOCSPAuthority; import com.netscape.certsrv.ocsp.IOCSPStore; + /** - * A class representings an administration servlet for Certificate Authority. - * This servlet is responsible to serve OCSP administrative operations such as - * configuration parameter updates. - * + * A class representings an administration servlet for Certificate + * Authority. This servlet is responsible to serve OCSP + * administrative operations such as configuration parameter + * updates. + * * @version $Revision$, $Date$ */ public class OCSPAdminServlet extends AdminServlet { @@ -56,7 +59,8 @@ public class OCSPAdminServlet extends AdminServlet { private final static String INFO = "OCSPAdminServlet"; - private final static String LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE = "LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE_3"; + private final static String LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE = + "LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE_3"; private IOCSPAuthority mOCSP = null; @@ -80,32 +84,33 @@ public class OCSPAdminServlet extends AdminServlet { } /** - * Serves HTTP request. Each request is authenticated to the authenticate - * manager. + * Serves HTTP request. Each request is authenticated to + * the authenticate manager. */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { super.service(req, resp); - - // get all operational flags + + //get all operational flags String op = req.getParameter(Constants.OP_TYPE); String scope = req.getParameter(Constants.OP_SCOPE); - // check operational flags + //check operational flags if ((op == null) || (scope == null)) { sendResponse(1, "Invalid Protocol", null, resp); return; - } + } super.authenticate(req); - + try { AUTHZ_RES_NAME = "certServer.ocsp.configuration"; if (scope.equals(ScopeDef.SC_EXTENDED_PLUGIN_INFO)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } try { @@ -120,8 +125,9 @@ public class OCSPAdminServlet extends AdminServlet { if (op.equals(OpDef.OP_MODIFY)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } setDefaultStore(req, resp); @@ -132,8 +138,9 @@ public class OCSPAdminServlet extends AdminServlet { if (op.equals(OpDef.OP_READ)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_GENERAL)) { @@ -146,8 +153,9 @@ public class OCSPAdminServlet extends AdminServlet { } else if (op.equals(OpDef.OP_MODIFY)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_GENERAL)) { @@ -160,8 +168,9 @@ public class OCSPAdminServlet extends AdminServlet { } else if (op.equals(OpDef.OP_SEARCH)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_OCSPSTORES_RULES)) { @@ -176,26 +185,25 @@ public class OCSPAdminServlet extends AdminServlet { } /** - * retrieve extended plugin info such as brief description, type info from - * CRL extensions + * retrieve extended plugin info such as brief description, + * type info from CRL extensions */ private void getExtendedPluginInfo(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); int colon = id.indexOf(':'); String implType = id.substring(0, colon); String implName = id.substring(colon + 1); - NameValuePairs params = getExtendedPluginInfo(getLocale(req), implType, - implName); + NameValuePairs params = + getExtendedPluginInfo(getLocale(req), implType, implName); sendResponse(SUCCESS, null, params, resp); } - private NameValuePairs getExtendedPluginInfo(Locale locale, - String implType, String implName) { + private NameValuePairs getExtendedPluginInfo(Locale locale, String implType, String implName) { IExtendedPluginInfo ext_info = null; Object impl = null; @@ -211,8 +219,7 @@ public class OCSPAdminServlet extends AdminServlet { if (ext_info == null) { nvps = new NameValuePairs(); } else { - nvps = convertStringArrayToNVPairs(ext_info - .getExtendedPluginInfo(locale)); + nvps = convertStringArrayToNVPairs(ext_info.getExtendedPluginInfo(locale)); } return nvps; @@ -222,13 +229,12 @@ public class OCSPAdminServlet extends AdminServlet { /** * Set default OCSP store * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE used when * configuring OCSP profile (everything under Online Certificate Status * Manager) * </ul> - * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred @@ -236,8 +242,8 @@ public class OCSPAdminServlet extends AdminServlet { * @exception EBaseException an error has occurred */ private void setDefaultStore(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -247,13 +253,15 @@ public class OCSPAdminServlet extends AdminServlet { String id = req.getParameter(Constants.RS_ID); mOCSP.getConfigStore().putString(IOCSPAuthority.PROP_DEF_STORE_ID, - id); + id); commit(true); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, auditSubjectID, - ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); @@ -261,8 +269,10 @@ public class OCSPAdminServlet extends AdminServlet { } catch (EBaseException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -271,31 +281,33 @@ public class OCSPAdminServlet extends AdminServlet { } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } private void getOCSPStoresConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); IOCSPStore store = mOCSP.getOCSPStore(id); @@ -307,13 +319,12 @@ public class OCSPAdminServlet extends AdminServlet { /** * Set OCSP store configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE used when * configuring OCSP profile (everything under Online Certificate Status * Manager) * </ul> - * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred @@ -321,8 +332,8 @@ public class OCSPAdminServlet extends AdminServlet { * @exception EBaseException an error has occurred */ private void setOCSPStoresConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -359,8 +370,10 @@ public class OCSPAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, auditSubjectID, - ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); @@ -368,8 +381,10 @@ public class OCSPAdminServlet extends AdminServlet { } catch (EBaseException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -378,31 +393,33 @@ public class OCSPAdminServlet extends AdminServlet { } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } private void listOCSPStoresConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); IConfigStore config = mOCSP.getConfigStore(); String defStore = config.getString(IOCSPAuthority.PROP_DEF_STORE_ID); @@ -416,15 +433,14 @@ public class OCSPAdminServlet extends AdminServlet { if (storeName.equals(defStore)) { storeEnabled = true; } - params.add(storeName, storeName + ";visible;" - + ((storeEnabled) ? "enabled" : "disabled")); + params.add(storeName, storeName + ";visible;" + ((storeEnabled) ? "enabled" : "disabled")); } sendResponse(SUCCESS, null, params, resp); } private void getGeneralConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -434,7 +450,8 @@ public class OCSPAdminServlet extends AdminServlet { } private void getSigningAlgConfig(NameValuePairs params) { - params.add(Constants.PR_DEFAULT_ALGORITHM, mOCSP.getDefaultAlgorithm()); + params.add(Constants.PR_DEFAULT_ALGORITHM, + mOCSP.getDefaultAlgorithm()); String[] algorithms = mOCSP.getOCSPSigningAlgorithms(); StringBuffer algorStr = new StringBuffer(); @@ -443,7 +460,7 @@ public class OCSPAdminServlet extends AdminServlet { algorStr.append(algorithms[i]); else algorStr.append(":"); - algorStr.append(algorithms[i]); + algorStr.append(algorithms[i]); } params.add(Constants.PR_ALL_ALGORITHMS, algorStr.toString()); } @@ -451,13 +468,12 @@ public class OCSPAdminServlet extends AdminServlet { /** * Set general OCSP configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE used when * configuring OCSP profile (everything under Online Certificate Status * Manager) * </ul> - * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred @@ -465,8 +481,8 @@ public class OCSPAdminServlet extends AdminServlet { * @exception EBaseException an error has occurred */ private void setGeneralConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -490,8 +506,10 @@ public class OCSPAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, auditSubjectID, - ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); @@ -499,8 +517,10 @@ public class OCSPAdminServlet extends AdminServlet { } catch (EBaseException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -509,32 +529,34 @@ public class OCSPAdminServlet extends AdminServlet { } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } private void log(int level, String msg) { if (mLogger == null) return; - mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER, level, - "CAAdminServlet: " + msg); + mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER, + level, "CAAdminServlet: " + msg); } -} +} diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/PolicyAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/PolicyAdminServlet.java index 961d706c..10a768a2 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/PolicyAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/PolicyAdminServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; + import java.io.IOException; import java.util.Enumeration; import java.util.Hashtable; @@ -43,12 +44,14 @@ import com.netscape.certsrv.policy.IPolicyProcessor; import com.netscape.certsrv.policy.IPolicyRule; import com.netscape.certsrv.ra.IRegistrationAuthority; + /** * This class is an administration servlet for policy management. - * - * Each service (CA, KRA, RA) should be responsible for registering an instance - * of this with the remote administration subsystem. - * + * + * Each service (CA, KRA, RA) should be responsible + * for registering an instance of this with the remote + * administration subsystem. + * * @version $Revision$, $Date$ */ public class PolicyAdminServlet extends AdminServlet { @@ -60,7 +63,8 @@ public class PolicyAdminServlet extends AdminServlet { public final static String PROP_AUTHORITY = "authority"; private final static String INFO = "PolicyAdminServlet"; - private final static String PW_PASSWORD_CACHE_ADD = "PASSWORD_CACHE_ADD"; + private final static String PW_PASSWORD_CACHE_ADD = + "PASSWORD_CACHE_ADD"; public final static String PROP_PREDICATE = "predicate"; private IPolicyProcessor mProcessor = null; @@ -80,7 +84,8 @@ public class PolicyAdminServlet extends AdminServlet { public static String COMMA = ","; public static String MISSING_POLICY_ORDERING = "Missing policy ordering"; - private final static String LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY = "LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY_3"; + private final static String LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY = + "LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY_3"; /** * Constructs administration servlet. @@ -97,7 +102,7 @@ public class PolicyAdminServlet extends AdminServlet { String authority = config.getInitParameter(PROP_AUTHORITY); String policyStatus = null; - CMS.debug("PolicyAdminServlet: In Policy Admin Servlet init!"); + CMS.debug( "PolicyAdminServlet: In Policy Admin Servlet init!" ); // CMS 6.1 began utilizing the "Certificate Profiles" framework // instead of the legacy "Certificate Policies" framework. @@ -107,89 +112,89 @@ public class PolicyAdminServlet extends AdminServlet { // that this legacy "Certificate Policies" framework would be // deprecated and disabled by default (see Bugzilla Bug #472597). // - // NOTE: The "Certificate Policies" framework ONLY applied to - // to CA, KRA, and legacy RA (pre-CMS 7.0) subsystems. + // NOTE: The "Certificate Policies" framework ONLY applied to + // to CA, KRA, and legacy RA (pre-CMS 7.0) subsystems. // - // Further, the "PolicyAdminServlet.java" servlet is ONLY used - // by the CA Console for the following: + // Further, the "PolicyAdminServlet.java" servlet is ONLY used + // by the CA Console for the following: // - // SERVLET-NAME URL-PATTERN - // ==================================================== - // capolicy ca/capolicy + // SERVLET-NAME URL-PATTERN + // ==================================================== + // capolicy ca/capolicy // - // Finally, the "PolicyAdminServlet.java" servlet is ONLY used - // by the KRA Console for the following: + // Finally, the "PolicyAdminServlet.java" servlet is ONLY used + // by the KRA Console for the following: // - // SERVLET-NAME URL-PATTERN - // ==================================================== - // krapolicy kra/krapolicy + // SERVLET-NAME URL-PATTERN + // ==================================================== + // krapolicy kra/krapolicy // if (authority != null) mAuthority = (IAuthority) CMS.getSubsystem(authority); if (mAuthority != null) if (mAuthority instanceof ICertificateAuthority) { - mProcessor = ((ICertificateAuthority) mAuthority) - .getPolicyProcessor(); + mProcessor = ((ICertificateAuthority) mAuthority).getPolicyProcessor(); try { - policyStatus = ICertificateAuthority.ID + "." + "Policy" - + "." + IPolicyProcessor.PROP_ENABLE; - if (mConfig.getBoolean(policyStatus, true) == true) { - // NOTE: If "ca.Policy.enable=<boolean>" is missing, - // then the referenced instance existed prior - // to this name=value pair existing in its - // 'CS.cfg' file, and thus we err on the - // side that the user may still need to - // use the policy framework. - CMS.debug("PolicyAdminServlet::init " - + "Certificate Policy Framework (deprecated) " - + "is ENABLED"); + policyStatus = ICertificateAuthority.ID + + "." + "Policy" + + "." + IPolicyProcessor.PROP_ENABLE; + if( mConfig.getBoolean( policyStatus, true ) == true ) { + // NOTE: If "ca.Policy.enable=<boolean>" is missing, + // then the referenced instance existed prior + // to this name=value pair existing in its + // 'CS.cfg' file, and thus we err on the + // side that the user may still need to + // use the policy framework. + CMS.debug( "PolicyAdminServlet::init " + + "Certificate Policy Framework (deprecated) " + + "is ENABLED" ); } else { - // CS 8.1 Default: ca.Policy.enable=false - CMS.debug("PolicyAdminServlet::init " - + "Certificate Policy Framework (deprecated) " - + "is DISABLED"); - return; + // CS 8.1 Default: ca.Policy.enable=false + CMS.debug( "PolicyAdminServlet::init " + + "Certificate Policy Framework (deprecated) " + + "is DISABLED" ); + return; } - } catch (EBaseException e) { - throw new ServletException(authority + " does not have a " - + "master policy switch called '" + policyStatus - + "'"); + } catch( EBaseException e ) { + throw new ServletException( authority + + " does not have a " + + "master policy switch called '" + + policyStatus + "'" ); } } else if (mAuthority instanceof IRegistrationAuthority) { // this refers to the legacy RA (pre-CMS 7.0) - mProcessor = ((IRegistrationAuthority) mAuthority) - .getPolicyProcessor(); + mProcessor = ((IRegistrationAuthority) mAuthority).getPolicyProcessor(); } else if (mAuthority instanceof IKeyRecoveryAuthority) { - mProcessor = ((IKeyRecoveryAuthority) mAuthority) - .getPolicyProcessor(); + mProcessor = ((IKeyRecoveryAuthority) mAuthority).getPolicyProcessor(); try { - policyStatus = IKeyRecoveryAuthority.ID + "." + "Policy" - + "." + IPolicyProcessor.PROP_ENABLE; - if (mConfig.getBoolean(policyStatus, true) == true) { - // NOTE: If "kra.Policy.enable=<boolean>" is missing, - // then the referenced instance existed prior - // to this name=value pair existing in its - // 'CS.cfg' file, and thus we err on the - // side that the user may still need to - // use the policy framework. - CMS.debug("PolicyAdminServlet::init " - + "Certificate Policy Framework (deprecated) " - + "is ENABLED"); + policyStatus = IKeyRecoveryAuthority.ID + + "." + "Policy" + + "." + IPolicyProcessor.PROP_ENABLE; + if( mConfig.getBoolean( policyStatus, true ) == true ) { + // NOTE: If "kra.Policy.enable=<boolean>" is missing, + // then the referenced instance existed prior + // to this name=value pair existing in its + // 'CS.cfg' file, and thus we err on the + // side that the user may still need to + // use the policy framework. + CMS.debug( "PolicyAdminServlet::init " + + "Certificate Policy Framework (deprecated) " + + "is ENABLED" ); } else { - // CS 8.1 Default: kra.Policy.enable=false - CMS.debug("PolicyAdminServlet::init " - + "Certificate Policy Framework (deprecated) " - + "is DISABLED"); - return; + // CS 8.1 Default: kra.Policy.enable=false + CMS.debug( "PolicyAdminServlet::init " + + "Certificate Policy Framework (deprecated) " + + "is DISABLED" ); + return; } - } catch (EBaseException e) { - throw new ServletException(authority + " does not have a " - + "master policy switch called '" + policyStatus - + "'"); + } catch( EBaseException e ) { + throw new ServletException( authority + + " does not have a " + + "master policy switch called '" + + policyStatus + "'" ); } - } else - throw new ServletException(authority - + " does not have policy processor!"); + } else + throw new ServletException(authority + " does not have policy processor!"); } /** @@ -199,15 +204,15 @@ public class PolicyAdminServlet extends AdminServlet { return INFO; } - /** - * retrieve extended plugin info such as brief description, type info from - * policy, authentication, need to add: listener, mapper and publishing - * plugins + /** + * retrieve extended plugin info such as brief description, type info + * from policy, authentication, + * need to add: listener, mapper and publishing plugins */ private void getExtendedPluginInfo(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { - + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { + if (!readAuthorize(req, resp)) return; String id = req.getParameter(Constants.RS_ID); @@ -224,16 +229,14 @@ public class PolicyAdminServlet extends AdminServlet { if (colon > -1) { implName = implName1.substring(0, colon); instName = implName1.substring(colon + 1); - params = getExtendedPluginInfo(getLocale(req), implType, implName, - instName); + params = getExtendedPluginInfo(getLocale(req), implType, implName, instName); } else { params = getExtendedPluginInfo(getLocale(req), implType, implName); } sendResponse(SUCCESS, null, params, resp); } - private NameValuePairs getExtendedPluginInfo(Locale locale, - String implType, String implName) { + private NameValuePairs getExtendedPluginInfo(Locale locale, String implType, String implName) { IExtendedPluginInfo ext_info = null; Object impl = null; IPolicyRule policy = mProcessor.getPolicyImpl(implName); @@ -245,27 +248,27 @@ public class PolicyAdminServlet extends AdminServlet { ext_info = (IExtendedPluginInfo) impl; } } - + NameValuePairs nvps = null; - + if (ext_info == null) { nvps = new NameValuePairs(); } else { - nvps = convertStringArrayToNVPairs(ext_info - .getExtendedPluginInfo(locale)); + nvps = convertStringArrayToNVPairs(ext_info.getExtendedPluginInfo(locale)); } - + return nvps; } - public NameValuePairs getExtendedPluginInfo(Locale locale, - String pluginType, String implName, String instName) { + public NameValuePairs getExtendedPluginInfo(Locale locale, String pluginType, + String implName, + String instName) { IExtendedPluginInfo ext_info = null; Object impl = null; IPolicyRule policy = mProcessor.getPolicyInstance(instName); - + impl = policy; if (impl == null) { impl = mProcessor.getPolicyImpl(implName); @@ -281,8 +284,7 @@ public class PolicyAdminServlet extends AdminServlet { if (ext_info == null) { nvps = new NameValuePairs(); } else { - nvps = convertStringArrayToNVPairs(ext_info - .getExtendedPluginInfo(locale)); + nvps = convertStringArrayToNVPairs(ext_info.getExtendedPluginInfo(locale)); } @@ -299,12 +301,10 @@ public class PolicyAdminServlet extends AdminServlet { if (ext_info instanceof IPolicyRule) { if (nvps.getPair(IPolicyRule.PROP_ENABLE) == null) { - nvps.add(IPolicyRule.PROP_ENABLE, - "boolean;Enable this policy rule"); + nvps.add(IPolicyRule.PROP_ENABLE, "boolean;Enable this policy rule"); } if (nvps.getPair(PROP_PREDICATE) == null) { - nvps.add(PROP_PREDICATE, - "string;Rules describing when this policy should run."); + nvps.add(PROP_PREDICATE, "string;Rules describing when this policy should run."); } } } @@ -312,8 +312,9 @@ public class PolicyAdminServlet extends AdminServlet { /** * Serves HTTP admin request. */ - public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + public void service(HttpServletRequest req, + HttpServletResponse resp) + throws ServletException, IOException { super.service(req, resp); super.authenticate(req); @@ -331,28 +332,30 @@ public class PolicyAdminServlet extends AdminServlet { } catch (EBaseException e) { sendResponse(ERROR, e.toString(getLocale(req)), null, resp); return; - } + } } else sendResponse(ERROR, INVALID_POLICY_SCOPE, null, resp); } - private boolean readAuthorize(HttpServletRequest req, - HttpServletResponse resp) throws IOException { + private boolean readAuthorize(HttpServletRequest req, + HttpServletResponse resp) throws IOException { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return false; } return true; } - private boolean modifyAuthorize(HttpServletRequest req, - HttpServletResponse resp) throws IOException { + private boolean modifyAuthorize(HttpServletRequest req, + HttpServletResponse resp) throws IOException { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return false; } return true; @@ -362,7 +365,8 @@ public class PolicyAdminServlet extends AdminServlet { * Process Policy Implementation Management. */ public void processPolicyImplMgmt(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); @@ -383,11 +387,13 @@ public class PolicyAdminServlet extends AdminServlet { return; addPolicyImpl(req, resp); } else - sendResponse(ERROR, INVALID_POLICY_IMPL_OP, null, resp); + sendResponse(ERROR, INVALID_POLICY_IMPL_OP, + null, resp); } public void processPolicyRuleMgmt(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); @@ -417,15 +423,18 @@ public class PolicyAdminServlet extends AdminServlet { else modifyPolicyInstance(req, resp); } else - sendResponse(ERROR, INVALID_POLICY_IMPL_OP, null, resp); + sendResponse(ERROR, INVALID_POLICY_IMPL_OP, + null, resp); } - public void listPolicyImpls(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + public void listPolicyImpls(HttpServletRequest req, + HttpServletResponse resp) + throws ServletException, IOException { Enumeration policyImplNames = mProcessor.getPolicyImplsInfo(); Enumeration policyImpls = mProcessor.getPolicyImpls(); - if (policyImplNames == null || policyImpls == null) { + if (policyImplNames == null || + policyImpls == null) { sendResponse(ERROR, INVALID_POLICY_IMPL_CONFIG, null, resp); return; } @@ -433,11 +442,13 @@ public class PolicyAdminServlet extends AdminServlet { // Assemble a name value pair; NameValuePairs nvp = new NameValuePairs(); - while (policyImplNames.hasMoreElements() - && policyImpls.hasMoreElements()) { + while (policyImplNames.hasMoreElements() && + policyImpls.hasMoreElements()) { String id = (String) policyImplNames.nextElement(); - IPolicyRule impl = (IPolicyRule) policyImpls.nextElement(); - String className = impl.getClass().getName(); + IPolicyRule impl = (IPolicyRule) + policyImpls.nextElement(); + String className = + impl.getClass().getName(); String desc = impl.getDescription(); nvp.add(id, className + "," + desc); @@ -446,7 +457,8 @@ public class PolicyAdminServlet extends AdminServlet { } public void listPolicyInstances(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { Enumeration instancesInfo = mProcessor.getPolicyInstancesInfo(); if (instancesInfo == null) { @@ -463,7 +475,7 @@ public class PolicyAdminServlet extends AdminServlet { int i = info.indexOf(";"); nvp.add(info.substring(0, i), info.substring(i + 1)); - + } sendResponse(SUCCESS, null, nvp, resp); } @@ -471,19 +483,19 @@ public class PolicyAdminServlet extends AdminServlet { /** * Delete policy implementation * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when * configuring cert policy constraints and extensions * </ul> - * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void deletePolicyImpl(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -496,8 +508,10 @@ public class PolicyAdminServlet extends AdminServlet { if (id == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -510,19 +524,23 @@ public class PolicyAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - auditSubjectID, ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); sendResponse(SUCCESS, null, null, resp); } catch (Exception e) { - // e.printStackTrace(); + //e.printStackTrace(); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -531,30 +549,33 @@ public class PolicyAdminServlet extends AdminServlet { } catch (IOException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } public void getPolicyImplConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get the policy impl id. String id = req.getParameter(Constants.RS_ID); @@ -583,19 +604,19 @@ public class PolicyAdminServlet extends AdminServlet { /** * Add policy implementation * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when * configuring cert policy constraints and extensions * </ul> - * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ - public void addPolicyImpl(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + public void addPolicyImpl(HttpServletRequest req, + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -608,8 +629,10 @@ public class PolicyAdminServlet extends AdminServlet { if (id == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -622,8 +645,10 @@ public class PolicyAdminServlet extends AdminServlet { if (classPath == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -635,8 +660,10 @@ public class PolicyAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - auditSubjectID, ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); @@ -644,8 +671,10 @@ public class PolicyAdminServlet extends AdminServlet { } catch (Exception e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -654,44 +683,46 @@ public class PolicyAdminServlet extends AdminServlet { } catch (IOException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Delete policy instance * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when * configuring cert policy constraints and extensions * </ul> - * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void deletePolicyInstance(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -704,8 +735,10 @@ public class PolicyAdminServlet extends AdminServlet { if (id == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -718,19 +751,23 @@ public class PolicyAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - auditSubjectID, ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); sendResponse(SUCCESS, null, null, resp); } catch (Exception e) { - // e.printStackTrace(); + //e.printStackTrace(); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -739,30 +776,33 @@ public class PolicyAdminServlet extends AdminServlet { } catch (IOException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } public void getPolicyInstanceConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get the policy rule id. String id = req.getParameter(Constants.RS_ID).trim(); @@ -795,7 +835,8 @@ public class PolicyAdminServlet extends AdminServlet { sendResponse(SUCCESS, null, nvp, resp); } - public void putUserPWPair(String combo) { + public void + putUserPWPair(String combo) { int semicolon; semicolon = combo.indexOf(";"); @@ -808,19 +849,19 @@ public class PolicyAdminServlet extends AdminServlet { /** * Add policy instance * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when * configuring cert policy constraints and extensions * </ul> - * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void addPolicyInstance(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -833,8 +874,10 @@ public class PolicyAdminServlet extends AdminServlet { if (id == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -848,8 +891,10 @@ public class PolicyAdminServlet extends AdminServlet { if (implName == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -879,8 +924,10 @@ public class PolicyAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -908,8 +955,10 @@ public class PolicyAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - auditSubjectID, ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); @@ -917,8 +966,10 @@ public class PolicyAdminServlet extends AdminServlet { } catch (Exception e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -927,57 +978,62 @@ public class PolicyAdminServlet extends AdminServlet { } catch (IOException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Change ordering of policy instances * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when * configuring cert policy constraints and extensions * </ul> - * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void changePolicyInstanceOrdering(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); // ensure that any low-level exceptions are reported // to the signed audit log and stored as failures try { - String policyOrder = req.getParameter(Constants.PR_POLICY_ORDER); + String policyOrder = + req.getParameter(Constants.PR_POLICY_ORDER); if (policyOrder == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -989,8 +1045,10 @@ public class PolicyAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - auditSubjectID, ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); @@ -998,8 +1056,10 @@ public class PolicyAdminServlet extends AdminServlet { } catch (Exception e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -1008,44 +1068,46 @@ public class PolicyAdminServlet extends AdminServlet { } catch (IOException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Modify policy instance * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when * configuring cert policy constraints and extensions * </ul> - * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void modifyPolicyInstance(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1058,8 +1120,10 @@ public class PolicyAdminServlet extends AdminServlet { if (id == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -1068,14 +1132,15 @@ public class PolicyAdminServlet extends AdminServlet { } // Get the default config params for the implementation. - String implName = req.getParameter(IPolicyRule.PROP_IMPLNAME) - .trim(); + String implName = req.getParameter(IPolicyRule.PROP_IMPLNAME).trim(); if (implName == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -1104,15 +1169,17 @@ public class PolicyAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); sendResponse(ERROR, INVALID_POLICY_IMPL_ID, null, resp); return; } - // XXX + // XXX for (Enumeration n = req.getParameterNames(); n.hasMoreElements();) { String p = (String) n.nextElement(); String l = (String) req.getParameter(p); @@ -1122,10 +1189,15 @@ public class PolicyAdminServlet extends AdminServlet { } /* - * for(Enumeration e = v.elements(); e.hasMoreElements(); ) { String - * nv = (String)e.nextElement(); int index = nv.indexOf("="); String - * key = nv.substring(0, index); val = req.getParameter(key); if - * (val != null) ht.put(key, val); } + for(Enumeration e = v.elements(); e.hasMoreElements(); ) + { + String nv = (String)e.nextElement(); + int index = nv.indexOf("="); + String key = nv.substring(0, index); + val = req.getParameter(key); + if (val != null) + ht.put(key, val); + } */ try { @@ -1133,8 +1205,10 @@ public class PolicyAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - auditSubjectID, ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); @@ -1142,8 +1216,10 @@ public class PolicyAdminServlet extends AdminServlet { } catch (Exception e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -1152,25 +1228,28 @@ public class PolicyAdminServlet extends AdminServlet { } catch (IOException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java index 1ae8def1..1cfab0b6 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; + import java.io.File; import java.io.IOException; import java.util.Enumeration; @@ -52,12 +53,14 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.registry.IPluginInfo; import com.netscape.certsrv.registry.IPluginRegistry; + /** * This class is an administration servlet for policy management. - * - * Each service (CA, KRA, RA) should be responsible for registering an instance - * of this with the remote administration subsystem. - * + * + * Each service (CA, KRA, RA) should be responsible + * for registering an instance of this with the remote + * administration subsystem. + * * @version $Revision$, $Date$ */ public class ProfileAdminServlet extends AdminServlet { @@ -69,7 +72,8 @@ public class ProfileAdminServlet extends AdminServlet { public final static String PROP_AUTHORITY = "authority"; private final static String INFO = "ProfileAdminServlet"; - private final static String PW_PASSWORD_CACHE_ADD = "PASSWORD_CACHE_ADD"; + private final static String PW_PASSWORD_CACHE_ADD = + "PASSWORD_CACHE_ADD"; public final static String PROP_PREDICATE = "predicate"; private IAuthority mAuthority = null; @@ -92,7 +96,8 @@ public class ProfileAdminServlet extends AdminServlet { public static String MISSING_POLICY_ORDERING = "Missing policy ordering"; public static String BAD_CONFIGURATION_VAL = "Invalid configuration value."; - private final static String LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE = "LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE_3"; + private final static String LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE = + "LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE_3"; /** * Constructs administration servlet. @@ -111,8 +116,7 @@ public class ProfileAdminServlet extends AdminServlet { if (authority != null) mAuthority = (IAuthority) CMS.getSubsystem(authority); mRegistry = (IPluginRegistry) CMS.getSubsystem(CMS.SUBSYSTEM_REGISTRY); - mProfileSub = (IProfileSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_PROFILE); + mProfileSub = (IProfileSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_PROFILE); } /** @@ -128,12 +132,10 @@ public class ProfileAdminServlet extends AdminServlet { if (ext_info instanceof IPolicyRule) { if (nvps.getPair(IPolicyRule.PROP_ENABLE) == null) { - nvps.add(IPolicyRule.PROP_ENABLE, - "boolean;Enable this policy rule"); + nvps.add(IPolicyRule.PROP_ENABLE, "boolean;Enable this policy rule"); } if (nvps.getPair(PROP_PREDICATE) == null) { - nvps.add(PROP_PREDICATE, - "string;Rules describing when this policy should run."); + nvps.add(PROP_PREDICATE, "string;Rules describing when this policy should run."); } } } @@ -141,8 +143,9 @@ public class ProfileAdminServlet extends AdminServlet { /** * Serves HTTP admin request. */ - public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + public void service(HttpServletRequest req, + HttpServletResponse resp) + throws ServletException, IOException { super.service(req, resp); super.authenticate(req); @@ -150,7 +153,7 @@ public class ProfileAdminServlet extends AdminServlet { AUTHZ_RES_NAME = "certServer.profile.configuration"; String scope = req.getParameter(Constants.OP_SCOPE); - CMS.debug("ProfileAdminServlet: service scope: " + scope); + CMS.debug("ProfileAdminServlet: service scope: " + scope); if (scope.equals(ScopeDef.SC_PROFILE_RULES)) { processProfileRuleMgmt(req, resp); } else if (scope.equals(ScopeDef.SC_PROFILE_POLICIES)) { @@ -173,30 +176,33 @@ public class ProfileAdminServlet extends AdminServlet { sendResponse(ERROR, INVALID_POLICY_SCOPE, null, resp); } - private boolean readAuthorize(HttpServletRequest req, - HttpServletResponse resp) throws IOException { + private boolean readAuthorize(HttpServletRequest req, + HttpServletResponse resp) throws IOException { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return false; } return true; } - private boolean modifyAuthorize(HttpServletRequest req, - HttpServletResponse resp) throws IOException { + private boolean modifyAuthorize(HttpServletRequest req, + HttpServletResponse resp) throws IOException { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return false; } return true; } public void processProfilePolicy(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); @@ -216,7 +222,8 @@ public class ProfileAdminServlet extends AdminServlet { } public void processProfileInput(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); String scope = super.getParameter(req, Constants.OP_SCOPE); @@ -237,7 +244,8 @@ public class ProfileAdminServlet extends AdminServlet { } public void processProfileOutput(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); String scope = super.getParameter(req, Constants.OP_SCOPE); @@ -258,7 +266,8 @@ public class ProfileAdminServlet extends AdminServlet { } public void processProfileInputConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); @@ -274,7 +283,8 @@ public class ProfileAdminServlet extends AdminServlet { } public void processProfileOutputConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); @@ -290,7 +300,8 @@ public class ProfileAdminServlet extends AdminServlet { } public void processPolicyDefaultConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); @@ -310,7 +321,8 @@ public class ProfileAdminServlet extends AdminServlet { } public void processPolicyConstraintConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); @@ -334,7 +346,8 @@ public class ProfileAdminServlet extends AdminServlet { * Process Policy Implementation Management. */ public void processPolicyImplMgmt(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); @@ -343,11 +356,13 @@ public class ProfileAdminServlet extends AdminServlet { return; listProfileImpls(req, resp); } else - sendResponse(ERROR, INVALID_POLICY_IMPL_OP, null, resp); + sendResponse(ERROR, INVALID_POLICY_IMPL_OP, + null, resp); } public void processProfileRuleMgmt(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); @@ -372,14 +387,16 @@ public class ProfileAdminServlet extends AdminServlet { return; modifyProfileInstance(req, resp); } else - sendResponse(ERROR, INVALID_POLICY_IMPL_OP, null, resp); + sendResponse(ERROR, INVALID_POLICY_IMPL_OP, + null, resp); } /** * Lists all registered profile impementations */ public void listProfileImpls(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { Enumeration impls = mRegistry.getIds("profile"); NameValuePairs nvp = new NameValuePairs(); @@ -388,30 +405,29 @@ public class ProfileAdminServlet extends AdminServlet { String id = (String) impls.nextElement(); IPluginInfo info = mRegistry.getPluginInfo("profile", id); - nvp.add(id, - info.getClassName() + "," - + info.getDescription(getLocale(req))); - } + nvp.add(id, info.getClassName() + "," + + info.getDescription(getLocale(req))); + } sendResponse(SUCCESS, null, nvp, resp); } /** * Add policy profile * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> - * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void addProfilePolicy(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -436,8 +452,10 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -446,9 +464,11 @@ public class ProfileAdminServlet extends AdminServlet { } if (mProfileSub.isProfileEnable(profileId)) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_PROFILE_CREATE_POLICY_FAILED", - "Profile is currently enabled"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), + "CMS_PROFILE_CREATE_POLICY_FAILED", + "Profile is currently enabled"), + null, resp); return; } @@ -460,42 +480,51 @@ public class ProfileAdminServlet extends AdminServlet { try { if (!isValidId(setId)) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_PROFILE_CREATE_POLICY_FAILED", - "Invalid set id " + setId), null, resp); - return; + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), + "CMS_PROFILE_CREATE_POLICY_FAILED", + "Invalid set id " + setId), + null, resp); + return; } if (!isValidId(pId)) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_PROFILE_CREATE_POLICY_FAILED", - "Invalid policy id " + pId), null, resp); - return; + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), + "CMS_PROFILE_CREATE_POLICY_FAILED", + "Invalid policy id " + pId), + null, resp); + return; } - policy = profile.createProfilePolicy(setId, pId, defImpl, - conImpl); + policy = profile.createProfilePolicy(setId, pId, + defImpl, conImpl); } catch (EBaseException e1) { // error - CMS.debug("ProfileAdminServlet: addProfilePolicy " - + e1.toString()); + CMS.debug("ProfileAdminServlet: addProfilePolicy " + + e1.toString()); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_PROFILE_CREATE_POLICY_FAILED", e1.toString()), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_PROFILE_CREATE_POLICY_FAILED", + e1.toString()), + null, resp); return; } NameValuePairs nvp = new NameValuePairs(); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, - ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); @@ -503,45 +532,47 @@ public class ProfileAdminServlet extends AdminServlet { } catch (IOException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Add profile input * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> - * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ - public void addProfileInput(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + public void addProfileInput(HttpServletRequest req, + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -564,8 +595,10 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -596,13 +629,16 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_PROFILE_CREATE_INPUT_FAILED", e1.toString()), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_PROFILE_CREATE_INPUT_FAILED", + e1.toString()), + null, resp); return; } @@ -611,8 +647,10 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, - ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); @@ -620,45 +658,47 @@ public class ProfileAdminServlet extends AdminServlet { } catch (IOException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Add profile output * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> - * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void addProfileOutput(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -681,8 +721,10 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -707,20 +749,23 @@ public class ProfileAdminServlet extends AdminServlet { } try { - output = profile - .createProfileOutput(outputId, outputImpl, nvps); + output = profile.createProfileOutput(outputId, outputImpl, + nvps); } catch (EBaseException e1) { // error // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_PROFILE_CREATE_OUTPUT_FAILED", e1.toString()), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_PROFILE_CREATE_OUTPUT_FAILED", + e1.toString()), + null, resp); return; } @@ -729,8 +774,10 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, - ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); @@ -738,45 +785,47 @@ public class ProfileAdminServlet extends AdminServlet { } catch (IOException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Delete policy profile * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> - * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void deleteProfilePolicy(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -808,8 +857,10 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -828,8 +879,10 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -841,8 +894,10 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, - ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); @@ -850,45 +905,47 @@ public class ProfileAdminServlet extends AdminServlet { } catch (IOException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Delete profile input * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> - * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void deleteProfileInput(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -911,10 +968,8 @@ public class ProfileAdminServlet extends AdminServlet { if (name.equals("INPUTID")) inputId = req.getParameter(name); } - CMS.debug("ProfileAdminServlet: deleteProfileInput profileId -> " - + profileId); - CMS.debug("ProfileAdminServlet: deleteProfileInput inputId -> " - + inputId); + CMS.debug("ProfileAdminServlet: deleteProfileInput profileId -> " + profileId); + CMS.debug("ProfileAdminServlet: deleteProfileInput inputId -> " + inputId); IProfile profile = null; try { @@ -924,8 +979,10 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -939,8 +996,10 @@ public class ProfileAdminServlet extends AdminServlet { } catch (EBaseException e1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -952,8 +1011,10 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, - ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); @@ -961,45 +1022,47 @@ public class ProfileAdminServlet extends AdminServlet { } catch (IOException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Delete profile output * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> - * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void deleteProfileOutput(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1022,10 +1085,8 @@ public class ProfileAdminServlet extends AdminServlet { if (name.equals("OUTPUTID")) outputId = req.getParameter(name); } - CMS.debug("ProfileAdminServlet: deleteProfileOutput profileId -> " - + profileId); - CMS.debug("ProfileAdminServlet: deleteProfileOutput outputId -> " - + outputId); + CMS.debug("ProfileAdminServlet: deleteProfileOutput profileId -> " + profileId); + CMS.debug("ProfileAdminServlet: deleteProfileOutput outputId -> " + outputId); IProfile profile = null; try { @@ -1035,8 +1096,10 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -1044,15 +1107,16 @@ public class ProfileAdminServlet extends AdminServlet { return; } - CMS.debug("ProfileAdminServlet: deleteProfileOutput profile -> " - + profile); + CMS.debug("ProfileAdminServlet: deleteProfileOutput profile -> " + profile); try { profile.deleteProfileOutput(outputId); } catch (EBaseException e1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -1064,8 +1128,10 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, - ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); @@ -1073,45 +1139,47 @@ public class ProfileAdminServlet extends AdminServlet { } catch (IOException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Add default policy profile configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> - * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void addPolicyDefaultConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1133,14 +1201,16 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); sendResponse(ERROR, null, null, resp); return; - } + } StringTokenizer ss = new StringTokenizer(policyId, ":"); String setId = ss.nextToken(); @@ -1149,7 +1219,7 @@ public class ProfileAdminServlet extends AdminServlet { IProfilePolicy policy = profile.getProfilePolicy(setId, pId); IPolicyDefault def = policy.getDefault(); IConfigStore defConfig = def.getConfigStore(); - + Enumeration names = req.getParameterNames(); while (names.hasMoreElements()) { @@ -1162,28 +1232,28 @@ public class ProfileAdminServlet extends AdminServlet { if (name.equals("RS_ID")) continue; try { - def.setConfig(name, req.getParameter(name)); + def.setConfig(name,req.getParameter(name)); } catch (EPropertyException e) { - CMS.debug("ProfileAdminServlet: modifyPolicyDefConfig setConfig exception."); - try { - profile.deleteProfilePolicy(setId, pId); - } catch (Exception e11) { - } - sendResponse(ERROR, BAD_CONFIGURATION_VAL, null, resp); - return; + CMS.debug("ProfileAdminServlet: modifyPolicyDefConfig setConfig exception."); + try { + profile.deleteProfilePolicy(setId, pId); + } catch (Exception e11) {} + sendResponse(ERROR,BAD_CONFIGURATION_VAL,null,resp); + return; } - // defConfig.putString("params." + name, - // req.getParameter(name)); + // defConfig.putString("params." + name, req.getParameter(name)); } try { profile.getConfigStore().commit(false); } catch (Exception e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -1194,8 +1264,10 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, - ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); @@ -1203,45 +1275,47 @@ public class ProfileAdminServlet extends AdminServlet { } catch (IOException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Add policy constraints profile configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> - * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void addPolicyConstraintConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1263,14 +1337,16 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); sendResponse(ERROR, null, null, resp); return; - } + } StringTokenizer ss = new StringTokenizer(policyId, ":"); String setId = ss.nextToken(); @@ -1293,28 +1369,28 @@ public class ProfileAdminServlet extends AdminServlet { continue; try { - con.setConfig(name, req.getParameter(name)); + con.setConfig(name,req.getParameter(name)); } catch (EPropertyException e) { - CMS.debug("ProfileAdminServlet: addPolicyConstraintsConfig setConfig exception."); - try { - profile.deleteProfilePolicy(setId, pId); - } catch (Exception e11) { - } - sendResponse(ERROR, BAD_CONFIGURATION_VAL, null, resp); - return; + CMS.debug("ProfileAdminServlet: addPolicyConstraintsConfig setConfig exception."); + try { + profile.deleteProfilePolicy(setId, pId); + } catch (Exception e11) {} + sendResponse(ERROR,BAD_CONFIGURATION_VAL,null,resp); + return; } - // conConfig.putString("params." + name, - // req.getParameter(name)); + // conConfig.putString("params." + name, req.getParameter(name)); } try { profile.getConfigStore().commit(false); } catch (Exception e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -1326,8 +1402,10 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, - ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); @@ -1335,45 +1413,47 @@ public class ProfileAdminServlet extends AdminServlet { } catch (IOException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Modify default policy profile configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> - * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void modifyPolicyDefaultConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1395,14 +1475,16 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); sendResponse(ERROR, null, null, resp); return; - } + } StringTokenizer ss = new StringTokenizer(policyId, ":"); String setId = ss.nextToken(); @@ -1410,7 +1492,7 @@ public class ProfileAdminServlet extends AdminServlet { IProfilePolicy policy = profile.getProfilePolicy(setId, pId); IPolicyDefault def = policy.getDefault(); IConfigStore defConfig = def.getConfigStore(); - + Enumeration names = req.getParameterNames(); while (names.hasMoreElements()) { @@ -1423,24 +1505,25 @@ public class ProfileAdminServlet extends AdminServlet { if (name.equals("RS_ID")) continue; try { - def.setConfig(name, req.getParameter(name)); + def.setConfig(name,req.getParameter(name)); } catch (EPropertyException e) { - CMS.debug("ProfileAdminServlet: modifyPolicyDefConfig setConfig exception."); - sendResponse(ERROR, BAD_CONFIGURATION_VAL, null, resp); - return; + CMS.debug("ProfileAdminServlet: modifyPolicyDefConfig setConfig exception."); + sendResponse(ERROR,BAD_CONFIGURATION_VAL,null,resp); + return; } - // defConfig.putString("params." + name, - // req.getParameter(name)); + // defConfig.putString("params." + name, req.getParameter(name)); } try { profile.getConfigStore().commit(false); } catch (Exception e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -1451,8 +1534,10 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, - ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); @@ -1460,45 +1545,47 @@ public class ProfileAdminServlet extends AdminServlet { } catch (IOException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Modify profile input configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> - * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void modifyInputConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1520,8 +1607,10 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -1550,8 +1639,10 @@ public class ProfileAdminServlet extends AdminServlet { } catch (Exception e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -1562,8 +1653,10 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, - ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); @@ -1571,45 +1664,47 @@ public class ProfileAdminServlet extends AdminServlet { } catch (IOException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Modify profile output configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> - * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void modifyOutputConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1631,8 +1726,10 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -1654,16 +1751,18 @@ public class ProfileAdminServlet extends AdminServlet { continue; if (name.equals("RS_ID")) continue; - outputConfig - .putString("params." + name, req.getParameter(name)); + outputConfig.putString("params." + name, + req.getParameter(name)); } try { profile.getConfigStore().commit(false); } catch (Exception e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -1674,8 +1773,10 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, - ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); @@ -1683,45 +1784,47 @@ public class ProfileAdminServlet extends AdminServlet { } catch (IOException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Modify policy constraints profile configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> - * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void modifyPolicyConstraintConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1743,14 +1846,16 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); sendResponse(ERROR, null, null, resp); return; - } + } StringTokenizer ss = new StringTokenizer(policyId, ":"); String setId = ss.nextToken(); @@ -1761,8 +1866,7 @@ public class ProfileAdminServlet extends AdminServlet { Enumeration names = req.getParameterNames(); - CMS.debug("ProfileAdminServlet: modifyPolicyConstraintConfig policy " - + policy + " con " + con); + CMS.debug("ProfileAdminServlet: modifyPolicyConstraintConfig policy " + policy + " con " + con); while (names.hasMoreElements()) { String name = (String) names.nextElement(); @@ -1773,27 +1877,27 @@ public class ProfileAdminServlet extends AdminServlet { if (name.equals("RS_ID")) continue; - // CMS.debug("ProfileAdminServlet: modifyPolicyConstraintConfig name" - // + name + " val " + req.getParameter(name)); + // CMS.debug("ProfileAdminServlet: modifyPolicyConstraintConfig name" + name + " val " + req.getParameter(name)); try { - con.setConfig(name, req.getParameter(name)); + con.setConfig(name,req.getParameter(name)); } catch (EPropertyException e) { - CMS.debug("ProfileAdminServlet: modifyPolicyConstraintsConfig setConfig exception."); - sendResponse(ERROR, BAD_CONFIGURATION_VAL, null, resp); - return; + CMS.debug("ProfileAdminServlet: modifyPolicyConstraintsConfig setConfig exception."); + sendResponse(ERROR,BAD_CONFIGURATION_VAL,null,resp); + return; } - // conConfig.putString("params." + name, - // req.getParameter(name)); + //conConfig.putString("params." + name, req.getParameter(name)); } try { profile.getConfigStore().commit(false); } catch (Exception e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -1805,8 +1909,10 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, - ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); @@ -1814,30 +1920,33 @@ public class ProfileAdminServlet extends AdminServlet { } catch (IOException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } public void getPolicyDefaultConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String id = req.getParameter(Constants.RS_ID); StringTokenizer st = new StringTokenizer(id, ";"); @@ -1849,9 +1958,9 @@ public class ProfileAdminServlet extends AdminServlet { try { profile = mProfileSub.getProfile(profileId); } catch (EBaseException e1) { - CMS.debug("ProfileAdminServlet::getPolicyDefaultConfig() - " - + "profile is null!"); - throw new ServletException(e1.toString()); + CMS.debug( "ProfileAdminServlet::getPolicyDefaultConfig() - " + + "profile is null!" ); + throw new ServletException( e1.toString() ); } IProfilePolicy policy = null; @@ -1874,26 +1983,22 @@ public class ProfileAdminServlet extends AdminServlet { if (desc == null) { nvp.add(name, ";" + ";" + rule.getConfig(name)); } else { - nvp.add(name, - desc.getSyntax() + ";" + ";" - + getNonNull(desc.getConstraint()) + ";" - + desc.getDescription(getLocale(req)) + ";" - + rule.getConfig(name)); + nvp.add(name, desc.getSyntax() + ";" + ";" + getNonNull(desc.getConstraint()) + ";" + desc.getDescription(getLocale(req)) + ";" + rule.getConfig(name)); } } sendResponse(SUCCESS, null, nvp, resp); } public void getPolicyConstraintConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String id = req.getParameter(Constants.RS_ID); - String constraintsList = req - .getParameter(Constants.PR_CONSTRAINTS_LIST); + String constraintsList = req.getParameter(Constants.PR_CONSTRAINTS_LIST); // this one gets called when one of the elements in the default list get // selected, then it returns the list of supported constraintsPolicy if (constraintsList != null) { - + } StringTokenizer st = new StringTokenizer(id, ";"); @@ -1905,9 +2010,9 @@ public class ProfileAdminServlet extends AdminServlet { try { profile = mProfileSub.getProfile(profileId); } catch (EBaseException e1) { - CMS.debug("ProfileAdminServlet::getPolicyConstraintConfig() - " - + "profile is null!"); - throw new ServletException(e1.toString()); + CMS.debug( "ProfileAdminServlet::getPolicyConstraintConfig() - " + + "profile is null!" ); + throw new ServletException( e1.toString() ); } StringTokenizer ss = new StringTokenizer(policyId, ":"); @@ -1926,18 +2031,15 @@ public class ProfileAdminServlet extends AdminServlet { if (desc == null) { nvp.add(name, ";" + rule.getConfig(name)); } else { - nvp.add(name, - desc.getSyntax() + ";" - + getNonNull(desc.getConstraint()) + ";" - + desc.getDescription(getLocale(req)) + ";" - + rule.getConfig(name)); + nvp.add(name, desc.getSyntax() + ";" + getNonNull(desc.getConstraint()) + ";" + desc.getDescription(getLocale(req)) + ";" + rule.getConfig(name)); } } sendResponse(SUCCESS, null, nvp, resp); } public void getProfilePolicy(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String id = req.getParameter(Constants.RS_ID); // only allow profile retrival if it is disabled @@ -1947,9 +2049,9 @@ public class ProfileAdminServlet extends AdminServlet { try { profile = mProfileSub.getProfile(id); } catch (EBaseException e1) { - CMS.debug("ProfileAdminServlet::getProfilePolicy() - " - + "profile is null!"); - throw new ServletException(e1.toString()); + CMS.debug( "ProfileAdminServlet::getProfilePolicy() - " + + "profile is null!" ); + throw new ServletException( e1.toString() ); } NameValuePairs nvp = new NameValuePairs(); @@ -1971,9 +2073,9 @@ public class ProfileAdminServlet extends AdminServlet { IPolicyConstraint con = policy.getConstraint(); IConfigStore conConfig = con.getConfigStore(); - nvp.add(setId + ":" + policy.getId(), - def.getName(getLocale(req)) + ";" - + con.getName(getLocale(req))); + nvp.add(setId + ":" + policy.getId(), + def.getName(getLocale(req)) + ";" + + con.getName(getLocale(req))); } } @@ -1981,16 +2083,17 @@ public class ProfileAdminServlet extends AdminServlet { } public void getProfileOutput(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String id = req.getParameter(Constants.RS_ID); IProfile profile = null; try { profile = mProfileSub.getProfile(id); } catch (EBaseException e1) { - CMS.debug("ProfileAdminServlet::getProfileOutput() - " - + "profile is null!"); - throw new ServletException(e1.toString()); + CMS.debug( "ProfileAdminServlet::getProfileOutput() - " + + "profile is null!" ); + throw new ServletException( e1.toString() ); } NameValuePairs nvp = new NameValuePairs(); @@ -2006,17 +2109,18 @@ public class ProfileAdminServlet extends AdminServlet { sendResponse(SUCCESS, null, nvp, resp); } - public void getProfileInput(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + public void getProfileInput(HttpServletRequest req, + HttpServletResponse resp) + throws ServletException, IOException { String id = req.getParameter(Constants.RS_ID); IProfile profile = null; try { profile = mProfileSub.getProfile(id); } catch (EBaseException e1) { - CMS.debug("ProfileAdminServlet::getProfileInput() - " - + "profile is null!"); - throw new ServletException(e1.toString()); + CMS.debug( "ProfileAdminServlet::getProfileInput() - " + + "profile is null!" ); + throw new ServletException( e1.toString() ); } NameValuePairs nvp = new NameValuePairs(); @@ -2032,9 +2136,10 @@ public class ProfileAdminServlet extends AdminServlet { sendResponse(SUCCESS, null, nvp, resp); } - public void getInputConfig(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { - + public void getInputConfig(HttpServletRequest req, + HttpServletResponse resp) + throws ServletException, IOException { + String id = req.getParameter(Constants.RS_ID); StringTokenizer st = new StringTokenizer(id, ";"); String profileId = st.nextToken(); @@ -2044,9 +2149,9 @@ public class ProfileAdminServlet extends AdminServlet { try { profile = mProfileSub.getProfile(profileId); } catch (EBaseException e1) { - CMS.debug("ProfileAdminServlet::getInputConfig() - " - + "profile is null!"); - throw new ServletException(e1.toString()); + CMS.debug( "ProfileAdminServlet::getInputConfig() - " + + "profile is null!" ); + throw new ServletException( e1.toString() ); } IProfileInput profileInput = null; @@ -2057,24 +2162,24 @@ public class ProfileAdminServlet extends AdminServlet { while (names.hasMoreElements()) { String name = (String) names.nextElement(); - IDescriptor desc = profileInput.getConfigDescriptor(getLocale(req), - name); + IDescriptor desc = profileInput.getConfigDescriptor( + getLocale(req), name); if (desc == null) { nvp.add(name, ";" + ";" + profileInput.getConfig(name)); } else { - nvp.add(name, - desc.getSyntax() + ";" - + getNonNull(desc.getConstraint()) + ";" - + desc.getDescription(getLocale(req)) + ";" - + profileInput.getConfig(name)); + nvp.add(name, desc.getSyntax() + ";" + + getNonNull(desc.getConstraint()) + ";" + + desc.getDescription(getLocale(req)) + ";" + + profileInput.getConfig(name)); } } sendResponse(SUCCESS, null, nvp, resp); } - public void getOutputConfig(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + public void getOutputConfig(HttpServletRequest req, + HttpServletResponse resp) + throws ServletException, IOException { String id = req.getParameter(Constants.RS_ID); StringTokenizer st = new StringTokenizer(id, ";"); @@ -2085,9 +2190,9 @@ public class ProfileAdminServlet extends AdminServlet { try { profile = mProfileSub.getProfile(profileId); } catch (EBaseException e1) { - CMS.debug("ProfileAdminServlet::getOutputConfig() - " - + "profile is null!"); - throw new ServletException(e1.toString()); + CMS.debug( "ProfileAdminServlet::getOutputConfig() - " + + "profile is null!" ); + throw new ServletException( e1.toString() ); } IProfileOutput profileOutput = null; @@ -2099,15 +2204,14 @@ public class ProfileAdminServlet extends AdminServlet { while (names.hasMoreElements()) { String name = (String) names.nextElement(); IDescriptor desc = profileOutput.getConfigDescriptor( - getLocale(req), name); + getLocale(req), name); if (desc == null) { nvp.add(name, ";" + ";" + profileOutput.getConfig(name)); } else { - nvp.add(name, - desc.getSyntax() + ";" - + getNonNull(desc.getConstraint()) + ";" - + desc.getDescription(getLocale(req)) + ";" - + profileOutput.getConfig(name)); + nvp.add(name, desc.getSyntax() + ";" + + getNonNull(desc.getConstraint()) + ";" + + desc.getDescription(getLocale(req)) + ";" + + profileOutput.getConfig(name)); } } @@ -2115,7 +2219,8 @@ public class ProfileAdminServlet extends AdminServlet { } public void listProfileInstances(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { NameValuePairs nvp = new NameValuePairs(); Enumeration e = mProfileSub.getProfileIds(); @@ -2129,7 +2234,7 @@ public class ProfileAdminServlet extends AdminServlet { } catch (EBaseException e1) { // error } - + String status = null; if (mProfileSub.isProfileEnable(profileId)) { @@ -2145,7 +2250,8 @@ public class ProfileAdminServlet extends AdminServlet { } public void getProfileInstanceConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String id = req.getParameter(Constants.RS_ID); IProfile profile = null; @@ -2153,9 +2259,9 @@ public class ProfileAdminServlet extends AdminServlet { try { profile = mProfileSub.getProfile(id); } catch (EBaseException e1) { - CMS.debug("ProfileAdminServlet::getProfileInstanceConfig() - " - + "profile is null!"); - throw new ServletException(e1.toString()); + CMS.debug( "ProfileAdminServlet::getProfileInstanceConfig() - " + + "profile is null!" ); + throw new ServletException( e1.toString() ); } NameValuePairs nvp = new NameValuePairs(); @@ -2163,7 +2269,8 @@ public class ProfileAdminServlet extends AdminServlet { nvp.add("name", profile.getName(getLocale(req))); nvp.add("desc", profile.getDescription(getLocale(req))); nvp.add("visible", Boolean.toString(profile.isVisible())); - nvp.add("enable", Boolean.toString(mProfileSub.isProfileEnable(id))); + nvp.add("enable", Boolean.toString( + mProfileSub.isProfileEnable(id))); String authid = profile.getAuthenticatorId(); @@ -2181,20 +2288,20 @@ public class ProfileAdminServlet extends AdminServlet { /** * Delete profile instance * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> - * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void deleteProfileInstance(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -2207,8 +2314,10 @@ public class ProfileAdminServlet extends AdminServlet { if (id == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -2218,47 +2327,51 @@ public class ProfileAdminServlet extends AdminServlet { String config = null; - ISubsystem subsystem = CMS.getSubsystem("ca"); + ISubsystem subsystem = CMS.getSubsystem("ca"); String subname = "ca"; - if (subsystem == null) - subname = "ra"; + if (subsystem == null) + subname = "ra"; try { - config = CMS.getConfigStore().getString("instanceRoot") - + "/profiles/" + subname + "/" + id + ".cfg"; + config = CMS.getConfigStore().getString("instanceRoot") + + "/profiles/" + subname + "/" + id + ".cfg"; } catch (EBaseException e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); sendResponse(ERROR, null, null, resp); return; } - + try { mProfileSub.deleteProfile(id, config); } catch (EProfileException e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), e.toString(), id), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), e.toString(), id), null, resp); return; } // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, - ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); @@ -2266,29 +2379,32 @@ public class ProfileAdminServlet extends AdminServlet { } catch (IOException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } - public void putUserPWPair(String combo) { + public void + putUserPWPair(String combo) { int semicolon; semicolon = combo.indexOf(";"); @@ -2298,11 +2414,12 @@ public class ProfileAdminServlet extends AdminServlet { CMS.putPasswordCache(user, pw); } - public boolean isValidId(String id) { + public boolean isValidId(String id) + { for (int i = 0; i < id.length(); i++) { - char c = id.charAt(i); - if (!Character.isLetterOrDigit(c)) - return false; + char c = id.charAt(i); + if (!Character.isLetterOrDigit(c)) + return false; } return true; } @@ -2310,20 +2427,20 @@ public class ProfileAdminServlet extends AdminServlet { /** * Add profile instance * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> - * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void addProfileInstance(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -2336,8 +2453,10 @@ public class ProfileAdminServlet extends AdminServlet { if (id == null || id.trim().equals("") || !isValidId(id)) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -2349,14 +2468,14 @@ public class ProfileAdminServlet extends AdminServlet { IProfile p = null; try { - p = mProfileSub.getProfile(id); + p = mProfileSub.getProfile(id); } catch (EProfileException e1) { } if (p != null) { sendResponse(ERROR, POLICY_INST_ID_ALREADY_USED, null, resp); return; } - + String impl = req.getParameter("impl"); String name = req.getParameter("name"); String desc = req.getParameter("desc"); @@ -2371,13 +2490,14 @@ public class ProfileAdminServlet extends AdminServlet { subname = "ra"; try { - config = CMS.getConfigStore().getString("instanceRoot") - + "/profiles/" + subname + "/" + id + ".cfg"; + config = CMS.getConfigStore().getString("instanceRoot") + "/profiles/" + subname + "/" + id + ".cfg"; } catch (EBaseException e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -2397,9 +2517,10 @@ public class ProfileAdminServlet extends AdminServlet { // create profile try { profile = mProfileSub.createProfile(id, impl, - info.getClassName(), config); - profile.setName(getLocale(req), name); - profile.setDescription(getLocale(req), name); + info.getClassName(), + config); + profile.setName(getLocale(req), name); + profile.setDescription(getLocale(req), name); if (visible != null && visible.equals("true")) { profile.setVisible(true); } else { @@ -2410,17 +2531,19 @@ public class ProfileAdminServlet extends AdminServlet { mProfileSub.createProfileConfig(id, impl, config); if (profile instanceof IProfileEx) { - // populates profile specific plugins such as - // policies, inputs and outputs - ((IProfileEx) profile).populate(); - } + // populates profile specific plugins such as + // policies, inputs and outputs + ((IProfileEx)profile).populate(); + } } catch (Exception e) { CMS.debug("ProfileAdminServlet: " + e.toString()); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -2430,8 +2553,10 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, - ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); @@ -2439,45 +2564,47 @@ public class ProfileAdminServlet extends AdminServlet { } catch (IOException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Modify profile instance * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> - * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void modifyProfileInstance(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -2496,8 +2623,10 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -2522,13 +2651,15 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, - ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); try { - profile.getConfigStore().commit(false); + profile.getConfigStore().commit(false); } catch (Exception e) { } @@ -2536,32 +2667,35 @@ public class ProfileAdminServlet extends AdminServlet { } catch (IOException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } - protected String getNonNull(String s) { - if (s == null) - return ""; - return s; - } + protected String getNonNull(String s) { + if (s == null) + return ""; + return s; + } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java index 32e610fa..2842542e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; + import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -67,11 +68,12 @@ import com.netscape.certsrv.publish.RulePlugin; import com.netscape.certsrv.security.ICryptoSubsystem; import com.netscape.cmsutil.password.IPasswordStore; + /** - * A class representing an publishing servlet for the Publishing subsystem. This - * servlet is responsible to serve configuration requests for the Publishing - * subsystem. - * + * A class representing an publishing servlet for the + * Publishing subsystem. This servlet is responsible + * to serve configuration requests for the Publishing subsystem. + * * @version $Revision$, $Date$ */ public class PublisherAdminServlet extends AdminServlet { @@ -83,7 +85,8 @@ public class PublisherAdminServlet extends AdminServlet { public final static String PROP_AUTHORITY = "authority"; private final static String INFO = "PublisherAdminServlet"; - private final static String PW_TAG_CA_LDAP_PUBLISHING = "CA LDAP Publishing"; + private final static String PW_TAG_CA_LDAP_PUBLISHING = + "CA LDAP Publishing"; public final static String NOMAPPER = "<NONE>"; private IPublisherProcessor mProcessor = null; private IAuthority mAuth = null; @@ -106,25 +109,23 @@ public class PublisherAdminServlet extends AdminServlet { mAuth = (IAuthority) CMS.getSubsystem(authority); if (mAuth != null) if (mAuth instanceof ICertificateAuthority) { - mProcessor = ((ICertificateAuthority) mAuth) - .getPublisherProcessor(); - } else - throw new ServletException(authority - + " does not have publishing processor!"); + mProcessor = ((ICertificateAuthority) mAuth).getPublisherProcessor(); + } else + throw new ServletException(authority + " does not have publishing processor!"); } /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** * Serves HTTP admin request. */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { super.service(req, resp); CMS.debug("PublisherAdminServlet: in service"); @@ -132,13 +133,14 @@ public class PublisherAdminServlet extends AdminServlet { String op = req.getParameter(Constants.OP_TYPE); if (op == null) { - // System.out.println("SRVLT_INVALID_PROTOCOL"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), null, resp); + //System.out.println("SRVLT_INVALID_PROTOCOL"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), + null, resp); return; } - // for the rest + // for the rest try { super.authenticate(req); @@ -147,8 +149,8 @@ public class PublisherAdminServlet extends AdminServlet { return; } } catch (IOException e) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHS_FAILED"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req),"CMS_ADMIN_SRVLT_AUTHS_FAILED"), + null, resp); return; } try { @@ -157,8 +159,9 @@ public class PublisherAdminServlet extends AdminServlet { if (op.equals(OpDef.OP_READ)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_LDAP)) { @@ -185,12 +188,13 @@ public class PublisherAdminServlet extends AdminServlet { } else if (scope.equals(ScopeDef.SC_RULE_RULES)) { getRuleInstConfig(req, resp); return; - } + } } else if (op.equals(OpDef.OP_MODIFY)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_LDAP)) { @@ -209,19 +213,21 @@ public class PublisherAdminServlet extends AdminServlet { } else if (op.equals(OpDef.OP_PROCESS)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_LDAP)) { testSetLDAPDest(req, resp); return; - } + } } else if (op.equals(OpDef.OP_SEARCH)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_PUBLISHER_IMPLS)) { @@ -236,7 +242,7 @@ public class PublisherAdminServlet extends AdminServlet { } else if (scope.equals(ScopeDef.SC_MAPPER_RULES)) { listMapperInsts(req, resp); return; - } else if (scope.equals(ScopeDef.SC_RULE_IMPLS)) { + } else if (scope.equals(ScopeDef.SC_RULE_IMPLS)) { listRulePlugins(req, resp); return; } else if (scope.equals(ScopeDef.SC_RULE_RULES)) { @@ -246,8 +252,9 @@ public class PublisherAdminServlet extends AdminServlet { } else if (op.equals(OpDef.OP_ADD)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_PUBLISHER_IMPLS)) { @@ -268,12 +275,13 @@ public class PublisherAdminServlet extends AdminServlet { } else if (scope.equals(ScopeDef.SC_RULE_RULES)) { addRuleInst(req, resp, scope); return; - } + } } else if (op.equals(OpDef.OP_DELETE)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_PUBLISHER_IMPLS)) { @@ -296,27 +304,31 @@ public class PublisherAdminServlet extends AdminServlet { return; } } else { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), + null, resp); return; } } else { - // System.out.println("SRVLT_INVALID_OP_SCOPE"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp); + //System.out.println("SRVLT_INVALID_OP_SCOPE"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } catch (EBaseException e) { sendResponse(ERROR, e.toString(getLocale(req)), null, resp); return; - } - // System.out.println("SRVLT_FAIL_PERFORM 2"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_PERFORM_FAILED"), null, resp); + } + //System.out.println("SRVLT_FAIL_PERFORM 2"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"), + null, resp); return; } - private IExtendedPluginInfo getExtendedPluginInfo(IPublisherProcessor p) { + private IExtendedPluginInfo getExtendedPluginInfo(IPublisherProcessor + p) { Enumeration mappers = p.getMapperInsts().keys(); Enumeration publishers = p.getPublisherInsts().keys(); @@ -325,11 +337,11 @@ public class PublisherAdminServlet extends AdminServlet { for (; mappers.hasMoreElements();) { String name = (String) mappers.nextElement(); - if (map.length() == 0) { - map.append(name); + if (map.length()== 0) { + map.append(name); } else { - map.append(","); - map.append(name); + map.append(","); + map.append(name); } } StringBuffer publish = new StringBuffer(); @@ -343,19 +355,16 @@ public class PublisherAdminServlet extends AdminServlet { String epi[] = new String[] { "type;choice(cacert,crl,certs,xcert);The certType of the request", - "mapper;choice(" - + map.toString() - + ");Use the mapper to find the ldap dn to publish the certificate or crl", - "publisher;choice(" - + publish.toString() - + ");Use the publisher to publish the certificate or crl a directory etc", - "enable;boolean;", "predicate;string;" }; + "mapper;choice(" + map.toString() + ");Use the mapper to find the ldap dn to publish the certificate or crl", + "publisher;choice(" + publish.toString() + ");Use the publisher to publish the certificate or crl a directory etc", + "enable;boolean;", + "predicate;string;" + }; return new ExtendedPluginInfo(epi); } - private NameValuePairs getExtendedPluginInfo(Locale locale, - String implType, String implName) { + private NameValuePairs getExtendedPluginInfo(Locale locale, String implType, String implName) { IExtendedPluginInfo ext_info = null; Object impl = null; @@ -365,20 +374,19 @@ public class PublisherAdminServlet extends AdminServlet { // Should get the registered rules from processor // instead of plugin - // OLD: impl = - // getClassByNameAsExtendedPluginInfo(plugin.getClassPath()); + // OLD: impl = getClassByNameAsExtendedPluginInfo(plugin.getClassPath()); impl = getExtendedPluginInfo(p_processor); } else if (implType.equals(Constants.PR_EXT_PLUGIN_IMPLTYPE_MAPPER)) { IPublisherProcessor p_processor = mProcessor; - Plugin plugin = (Plugin) p_processor.getMapperPlugins().get( - implName); + Plugin plugin = (Plugin) p_processor.getMapperPlugins().get(implName + ); impl = getClassByNameAsExtendedPluginInfo(plugin.getClassPath()); - } else if (implType.equals(Constants.PR_EXT_PLUGIN_IMPLTYPE_PUBLISHER)) { + } else if (implType.equals(Constants.PR_EXT_PLUGIN_IMPLTYPE_PUBLISHER) + ) { IPublisherProcessor p_processor = mProcessor; - Plugin plugin = (Plugin) p_processor.getPublisherPlugins().get( - implName); + Plugin plugin = (Plugin) p_processor.getPublisherPlugins().get(implName); impl = getClassByNameAsExtendedPluginInfo(plugin.getClassPath()); } @@ -393,22 +401,21 @@ public class PublisherAdminServlet extends AdminServlet { if (ext_info == null) { nvps = new NameValuePairs(); } else { - nvps = convertStringArrayToNVPairs(ext_info - .getExtendedPluginInfo(locale)); + nvps = convertStringArrayToNVPairs(ext_info.getExtendedPluginInfo(locale)); } return nvps; } - /** - * retrieve extended plugin info such as brief description, type info from - * policy, authentication, need to add: listener, mapper and publishing - * plugins + /** + * retrieve extended plugin info such as brief description, type info + * from policy, authentication, + * need to add: listener, mapper and publishing plugins */ private void getExtendedPluginInfo(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); int colon = id.indexOf(':'); @@ -416,20 +423,19 @@ public class PublisherAdminServlet extends AdminServlet { String implType = id.substring(0, colon); String implName = id.substring(colon + 1); - NameValuePairs params = getExtendedPluginInfo(getLocale(req), implType, - implName); + NameValuePairs params = + getExtendedPluginInfo(getLocale(req), implType, implName); sendResponse(SUCCESS, null, params, resp); } - - private void getLDAPDest(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + + private void getLDAPDest(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); IConfigStore config = mAuth.getConfigStore(); - IConfigStore publishcfg = config - .getSubStore(IPublisherProcessor.PROP_PUBLISH_SUBSTORE); - IConfigStore ldapcfg = publishcfg - .getSubStore(IPublisherProcessor.PROP_LDAP_PUBLISH_SUBSTORE); + IConfigStore publishcfg = config.getSubStore(IPublisherProcessor.PROP_PUBLISH_SUBSTORE); + IConfigStore ldapcfg = publishcfg.getSubStore(IPublisherProcessor.PROP_LDAP_PUBLISH_SUBSTORE); IConfigStore ldap = ldapcfg.getSubStore(IPublisherProcessor.PROP_LDAP); Enumeration e = req.getParameterNames(); @@ -458,63 +464,53 @@ public class PublisherAdminServlet extends AdminServlet { if (name.equals(Constants.PR_PUBLISHING_QUEUE_STATUS)) continue; if (name.equals(Constants.PR_CERT_NAMES)) { - ICryptoSubsystem jss = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jss = (ICryptoSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); params.add(name, jss.getAllCerts()); } else { String value = ldap.getString(name, ""); if (value == null || value.equals("")) { - if (name.equals(ILdapBoundConnFactory.PROP_LDAPCONNINFO - + "." + ILdapConnInfo.PROP_HOST)) { - value = mConfig.getString( - ConfigConstants.PR_MACHINE_NAME, null); - } else if (name - .equals(ILdapBoundConnFactory.PROP_LDAPCONNINFO - + "." + ILdapConnInfo.PROP_PORT)) { + if (name.equals(ILdapBoundConnFactory.PROP_LDAPCONNINFO + "." + ILdapConnInfo.PROP_HOST)) { + value = mConfig.getString(ConfigConstants.PR_MACHINE_NAME, null); + } else if (name.equals(ILdapBoundConnFactory.PROP_LDAPCONNINFO + "." + ILdapConnInfo.PROP_PORT)) { value = ILdapConnInfo.PROP_PORT_DEFAULT; - } else if (name - .equals(ILdapBoundConnFactory.PROP_LDAPAUTHINFO - + "." + ILdapAuthInfo.PROP_BINDDN)) { + } else if (name.equals(ILdapBoundConnFactory.PROP_LDAPAUTHINFO + "." + ILdapAuthInfo.PROP_BINDDN)) { value = ILdapAuthInfo.PROP_BINDDN_DEFAULT; } } params.add(name, value); } } - params.add(Constants.PR_PUBLISHING_ENABLE, publishcfg.getString( - IPublisherProcessor.PROP_ENABLE, Constants.FALSE)); - params.add(Constants.PR_PUBLISHING_QUEUE_ENABLE, publishcfg.getString( - Constants.PR_PUBLISHING_QUEUE_ENABLE, Constants.TRUE)); - params.add(Constants.PR_PUBLISHING_QUEUE_THREADS, publishcfg.getString( - Constants.PR_PUBLISHING_QUEUE_THREADS, "3")); - params.add(Constants.PR_PUBLISHING_QUEUE_PAGE_SIZE, publishcfg - .getString(Constants.PR_PUBLISHING_QUEUE_PAGE_SIZE, "40")); - params.add(Constants.PR_PUBLISHING_QUEUE_PRIORITY, publishcfg - .getString(Constants.PR_PUBLISHING_QUEUE_PRIORITY, "0")); - params.add(Constants.PR_PUBLISHING_QUEUE_STATUS, publishcfg.getString( - Constants.PR_PUBLISHING_QUEUE_STATUS, "200")); - params.add(Constants.PR_ENABLE, ldapcfg.getString( - IPublisherProcessor.PROP_ENABLE, Constants.FALSE)); + params.add(Constants.PR_PUBLISHING_ENABLE, + publishcfg.getString(IPublisherProcessor.PROP_ENABLE, Constants.FALSE)); + params.add(Constants.PR_PUBLISHING_QUEUE_ENABLE, + publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_ENABLE, Constants.TRUE)); + params.add(Constants.PR_PUBLISHING_QUEUE_THREADS, + publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_THREADS, "3")); + params.add(Constants.PR_PUBLISHING_QUEUE_PAGE_SIZE, + publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_PAGE_SIZE, "40")); + params.add(Constants.PR_PUBLISHING_QUEUE_PRIORITY, + publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_PRIORITY, "0")); + params.add(Constants.PR_PUBLISHING_QUEUE_STATUS, + publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_STATUS, "200")); + params.add(Constants.PR_ENABLE, + ldapcfg.getString(IPublisherProcessor.PROP_ENABLE, Constants.FALSE)); sendResponse(SUCCESS, null, params, resp); } private void setLDAPDest(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); - // Save New Settings to the config file + //Save New Settings to the config file IConfigStore config = mAuth.getConfigStore(); - IConfigStore publishcfg = config - .getSubStore(IPublisherProcessor.PROP_PUBLISH_SUBSTORE); - IConfigStore ldapcfg = publishcfg - .getSubStore(IPublisherProcessor.PROP_LDAP_PUBLISH_SUBSTORE); + IConfigStore publishcfg = config.getSubStore(IPublisherProcessor.PROP_PUBLISH_SUBSTORE); + IConfigStore ldapcfg = publishcfg.getSubStore(IPublisherProcessor.PROP_LDAP_PUBLISH_SUBSTORE); IConfigStore ldap = ldapcfg.getSubStore(IPublisherProcessor.PROP_LDAP); - // set enable flag - publishcfg.putString(IPublisherProcessor.PROP_ENABLE, - req.getParameter(Constants.PR_PUBLISHING_ENABLE)); + //set enable flag + publishcfg.putString(IPublisherProcessor.PROP_ENABLE, req.getParameter(Constants.PR_PUBLISHING_ENABLE)); String enable = req.getParameter(Constants.PR_ENABLE); ldapcfg.putString(IPublisherProcessor.PROP_ENABLE, enable); @@ -522,8 +518,8 @@ public class PublisherAdminServlet extends AdminServlet { // need to disable the ldap module here mProcessor.setLdapConnModule(null); } - - // set reset of the parameters + + //set reset of the parameters Enumeration e = req.getParameterNames(); String pwd = null; @@ -540,9 +536,9 @@ public class PublisherAdminServlet extends AdminServlet { continue; if (name.equals(Constants.PR_PUBLISHING_ENABLE)) continue; - // don't store password in the config file. - if (name.equals(Constants.PR_BIND_PASSWD)) - continue; // old style password read from config. + // don't store password in the config file. + if (name.equals(Constants.PR_BIND_PASSWD)) + continue; // old style password read from config. if (name.equals(Constants.PR_DIRECTORY_MANAGER_PWD)) { pwd = req.getParameter(name); continue; @@ -571,37 +567,40 @@ public class PublisherAdminServlet extends AdminServlet { /* Don't enter the publishing pw into the config store */ ldap.putString(name, req.getParameter(name)); } - + commit(true); - /* - * Do a "PUT" of the new pw to the watchdog"* do not remove - cfu if - * (pwd != null) CMS.putPasswordCache(PW_TAG_CA_LDAP_PUBLISHING, pwd); + /* Do a "PUT" of the new pw to the watchdog" + ** do not remove - cfu + if (pwd != null) + CMS.putPasswordCache(PW_TAG_CA_LDAP_PUBLISHING, pwd); */ // support publishing dirsrv with different pwd than internaldb // update passwordFile String prompt = ldap.getString(Constants.PR_BINDPWD_PROMPT); IPasswordStore pwdStore = CMS.getPasswordStore(); - CMS.debug("PublisherAdminServlet: setLDAPDest(): saving password for " - + prompt + " to password file"); + CMS.debug("PublisherAdminServlet: setLDAPDest(): saving password for "+ prompt + " to password file"); pwdStore.putPassword(prompt, pwd); pwdStore.commit(); CMS.debug("PublisherAdminServlet: setLDAPDest(): password saved"); - /* - * we'll shut down and restart the PublisherProcessor instead // what a - * hack to do this without require restart server // ILdapAuthInfo - * authInfo = CMS.getLdapAuthInfo(); ILdapConnModule connModule = - * mProcessor.getLdapConnModule(); ILdapAuthInfo authInfo = null; if - * (connModule != null) { authInfo = connModule.getLdapAuthInfo(); } - * - * // authInfo.addPassword(PW_TAG_CA_LDAP_PUBLISHING, pwd); if (authInfo - * != null) { CMS.debug( - * "PublisherAdminServlet: setLDAPDest(): adding password to memory cache" - * ); authInfo.addPassword(prompt, pwd); } else - * CMS.debug("PublisherAdminServlet: setLDAPDest(): authInfo null"); - */ +/* we'll shut down and restart the PublisherProcessor instead + // what a hack to do this without require restart server +// ILdapAuthInfo authInfo = CMS.getLdapAuthInfo(); + ILdapConnModule connModule = mProcessor.getLdapConnModule(); + ILdapAuthInfo authInfo = null; + if (connModule != null) { + authInfo = connModule.getLdapAuthInfo(); + } + +// authInfo.addPassword(PW_TAG_CA_LDAP_PUBLISHING, pwd); + if (authInfo != null) { + CMS.debug("PublisherAdminServlet: setLDAPDest(): adding password to memory cache"); + authInfo.addPassword(prompt, pwd); + } else + CMS.debug("PublisherAdminServlet: setLDAPDest(): authInfo null"); +*/ try { CMS.debug("PublisherAdminServlet: setLDAPDest(): restarting publishing processor"); @@ -611,32 +610,27 @@ public class PublisherAdminServlet extends AdminServlet { } catch (Exception ex) { // force to save the config even there is error // ignore any exception - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_FAIL_RES_LDAP", - ex.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_RES_LDAP", ex.toString())); } - // XXX See if we can dynamically in B2 + //XXX See if we can dynamically in B2 sendResponse(SUCCESS, null, null, resp); } - private void testSetLDAPDest(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + private void testSetLDAPDest(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); CMS.debug("PublisherAdmineServlet: in testSetLDAPDest"); - // Save New Settings to the config file + //Save New Settings to the config file IConfigStore config = mAuth.getConfigStore(); - IConfigStore publishcfg = config - .getSubStore(IPublisherProcessor.PROP_PUBLISH_SUBSTORE); - IConfigStore ldapcfg = publishcfg - .getSubStore(IPublisherProcessor.PROP_LDAP_PUBLISH_SUBSTORE); + IConfigStore publishcfg = config.getSubStore(IPublisherProcessor.PROP_PUBLISH_SUBSTORE); + IConfigStore ldapcfg = publishcfg.getSubStore(IPublisherProcessor.PROP_LDAP_PUBLISH_SUBSTORE); IConfigStore ldap = ldapcfg.getSubStore(IPublisherProcessor.PROP_LDAP); - // set enable flag - publishcfg.putString(IPublisherProcessor.PROP_ENABLE, - req.getParameter(Constants.PR_PUBLISHING_ENABLE)); + //set enable flag + publishcfg.putString(IPublisherProcessor.PROP_ENABLE, + req.getParameter(Constants.PR_PUBLISHING_ENABLE)); String ldapPublish = req.getParameter(Constants.PR_ENABLE); ldapcfg.putString(IPublisherProcessor.PROP_ENABLE, ldapPublish); @@ -645,7 +639,7 @@ public class PublisherAdminServlet extends AdminServlet { mProcessor.setLdapConnModule(null); } - // set reset of the parameters + //set reset of the parameters Enumeration e = req.getParameterNames(); String pwd = null; @@ -662,9 +656,9 @@ public class PublisherAdminServlet extends AdminServlet { continue; if (name.equals(Constants.PR_PUBLISHING_ENABLE)) continue; - // don't store password in the config file. - if (name.equals(Constants.PR_BIND_PASSWD)) - continue; // old style password read from config. + // don't store password in the config file. + if (name.equals(Constants.PR_BIND_PASSWD)) + continue; // old style password read from config. if (name.equals(Constants.PR_DIRECTORY_MANAGER_PWD)) { pwd = req.getParameter(name); continue; @@ -693,112 +687,84 @@ public class PublisherAdminServlet extends AdminServlet { /* Don't enter the publishing pw into the config store */ ldap.putString(name, req.getParameter(name)); } - + // test before commit - if (publishcfg.getBoolean(IPublisherProcessor.PROP_ENABLE) - && ldapcfg.getBoolean(IPublisherProcessor.PROP_ENABLE)) { - params.add("title", "You've attempted to configure CMS to connect" - + " to a LDAP directory. The connection status is" - + " as follows:\n \n"); + if (publishcfg.getBoolean(IPublisherProcessor.PROP_ENABLE) && + ldapcfg.getBoolean(IPublisherProcessor.PROP_ENABLE)) { + params.add("title", + "You've attempted to configure CMS to connect" + + " to a LDAP directory. The connection status is" + + " as follows:\n \n"); LDAPConnection conn = null; - ILdapConnInfo connInfo = CMS.getLdapConnInfo(ldap - .getSubStore(ILdapBoundConnFactory.PROP_LDAPCONNINFO)); - // LdapAuthInfo authInfo = - // new LdapAuthInfo(ldap.getSubStore( - // ILdapBoundConnFactory.PROP_LDAPAUTHINFO)); - String host = connInfo.getHost(); + ILdapConnInfo connInfo = + CMS.getLdapConnInfo(ldap.getSubStore( + ILdapBoundConnFactory.PROP_LDAPCONNINFO)); + //LdapAuthInfo authInfo = + //new LdapAuthInfo(ldap.getSubStore( + // ILdapBoundConnFactory.PROP_LDAPAUTHINFO)); + String host = connInfo.getHost(); int port = connInfo.getPort(); boolean secure = connInfo.getSecure(); - // int authType = authInfo.getAuthType(); + //int authType = authInfo.getAuthType(); String authType = ldap.getSubStore( - ILdapBoundConnFactory.PROP_LDAPAUTHINFO).getString( - ILdapAuthInfo.PROP_LDAPAUTHTYPE); + ILdapBoundConnFactory.PROP_LDAPAUTHINFO).getString(ILdapAuthInfo.PROP_LDAPAUTHTYPE); int version = connInfo.getVersion(); String bindAs = null; String certNickName = null; if (authType.equals(ILdapAuthInfo.LDAP_SSLCLIENTAUTH_STR)) { try { - // certNickName = authInfo.getParms()[0]; + //certNickName = authInfo.getParms()[0]; certNickName = ldap.getSubStore( - ILdapBoundConnFactory.PROP_LDAPAUTHINFO).getString( - ILdapAuthInfo.PROP_CLIENTCERTNICKNAME); - conn = new LDAPConnection( - CMS.getLdapJssSSLSocketFactory(certNickName)); + ILdapBoundConnFactory.PROP_LDAPAUTHINFO).getString(ILdapAuthInfo.PROP_CLIENTCERTNICKNAME); + conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory( + certNickName)); CMS.debug("Publishing Test certNickName=" + certNickName); - params.add(Constants.PR_CONN_INITED, - "Create ssl LDAPConnection with certificate: " - + certNickName - + dashes(70 - 44 - certNickName.length()) - + " Success"); + params.add(Constants.PR_CONN_INITED, + "Create ssl LDAPConnection with certificate: " + + certNickName + dashes(70 - 44 - certNickName.length()) + " Success"); } catch (Exception ex) { - params.add(Constants.PR_CONN_INIT_FAIL, - "Create ssl LDAPConnection with certificate: " - + certNickName - + dashes(70 - 44 - certNickName.length()) - + " failure\n" + " exception: " + ex); - params.add( - Constants.PR_SAVE_NOT, - "\n \nIf the problem is not fixed then LDAP publishing will fail.\n" - + "Do you want to save the configuration anyway?"); + params.add(Constants.PR_CONN_INIT_FAIL, + "Create ssl LDAPConnection with certificate: " + + certNickName + dashes(70 - 44 - certNickName.length()) + " failure\n" + " exception: " + ex); + params.add(Constants.PR_SAVE_NOT, + "\n \nIf the problem is not fixed then LDAP publishing will fail.\n" + + "Do you want to save the configuration anyway?"); sendResponse(SUCCESS, null, params, resp); return; } try { conn.connect(host, port); - params.add( - Constants.PR_CONN_OK, - "Connect to directory server " - + host - + " at port " - + port - + dashes(70 - - 37 - - host.length() - - (Integer.valueOf(port)) - .toString().length()) - + " Success"); - params.add(Constants.PR_AUTH_OK, - "Authentication: SSL client authentication" - + dashes(70 - 41) + " Success" - + "\nBind to the directory as: " - + certNickName - + dashes(70 - 26 - certNickName.length()) - + " Success"); + params.add(Constants.PR_CONN_OK, + "Connect to directory server " + + host + " at port " + port + + dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Success"); + params.add(Constants.PR_AUTH_OK, + "Authentication: SSL client authentication" + + dashes(70 - 41) + " Success" + + "\nBind to the directory as: " + certNickName + + dashes(70 - 26 - certNickName.length()) + " Success"); } catch (LDAPException ex) { if (ex.getLDAPResultCode() == LDAPException.UNAVAILABLE) { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. - params.add(Constants.PR_CONN_FAIL, - "Connect to directory server " - + host - + " at port " - + port - + dashes(70 - - 37 - - host.length() - - (Integer.valueOf(port)) - .toString().length()) - + " Failure\n" - + " error: server unavailable"); + params.add(Constants.PR_CONN_FAIL, + "Connect to directory server " + + host + " at port " + port + + dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + + " Failure\n" + + " error: server unavailable"); } else { - params.add(Constants.PR_CONN_FAIL, - "Connect to directory server " - + host - + " at port " - + port - + dashes(70 - - 37 - - host.length() - - (Integer.valueOf(port)) - .toString().length()) - + " Failure"); + params.add(Constants.PR_CONN_FAIL, + "Connect to directory server " + + host + " at port " + port + + dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + + " Failure"); } - params.add( - Constants.PR_SAVE_NOT, - "\n \nIf the problem is not fixed then " - + "LDAP publishing will fail.\n" - + "Do you want to save the configuration anyway?"); + params.add(Constants.PR_SAVE_NOT, + "\n \nIf the problem is not fixed then " + + "LDAP publishing will fail.\n" + + "Do you want to save the configuration anyway?"); sendResponse(SUCCESS, null, params, resp); return; } @@ -806,133 +772,100 @@ public class PublisherAdminServlet extends AdminServlet { try { if (secure) { conn = new LDAPConnection( - CMS.getLdapJssSSLSocketFactory()); - params.add(Constants.PR_CONN_INITED, - "Create ssl LDAPConnection" + dashes(70 - 25) - + " Success"); + CMS.getLdapJssSSLSocketFactory()); + params.add(Constants.PR_CONN_INITED, + "Create ssl LDAPConnection" + + dashes(70 - 25) + " Success"); } else { conn = new LDAPConnection(); - params.add(Constants.PR_CONN_INITED, - "Create LDAPConnection" + dashes(70 - 21) - + " Success"); + params.add(Constants.PR_CONN_INITED, + "Create LDAPConnection" + + dashes(70 - 21) + " Success"); } } catch (Exception ex) { - params.add(Constants.PR_CONN_INIT_FAIL, - "Create LDAPConnection" + dashes(70 - 21) - + " Failure\n" + "exception: " + ex); - params.add( - Constants.PR_SAVE_NOT, - "\n \nIf the problem is not fixed then " - + "LDAP publishing will fail.\n" - + "Do you want to save the configuration anyway?"); + params.add(Constants.PR_CONN_INIT_FAIL, + "Create LDAPConnection" + + dashes(70 - 21) + " Failure\n" + + "exception: " + ex); + params.add(Constants.PR_SAVE_NOT, + "\n \nIf the problem is not fixed then " + + "LDAP publishing will fail.\n" + + "Do you want to save the configuration anyway?"); sendResponse(SUCCESS, null, params, resp); return; } try { conn.connect(host, port); - params.add( - Constants.PR_CONN_OK, - "Connect to directory server " - + host - + " at port " - + port - + dashes(70 - - 37 - - host.length() - - (Integer.valueOf(port)) - .toString().length()) - + " Success"); + params.add(Constants.PR_CONN_OK, + "Connect to directory server " + + host + " at port " + port + + dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Success"); } catch (LDAPException ex) { if (ex.getLDAPResultCode() == LDAPException.UNAVAILABLE) { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. - params.add(Constants.PR_CONN_FAIL, - "Connect to directory server " - + host - + " at port " - + port - + dashes(70 - - 37 - - host.length() - - (Integer.valueOf(port)) - .toString().length()) - + " Failure" - + "\nerror: server unavailable"); + params.add(Constants.PR_CONN_FAIL, + "Connect to directory server " + + host + " at port " + port + + dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Failure" + + "\nerror: server unavailable"); } else { - params.add(Constants.PR_CONN_FAIL, - "Connect to directory server " - + host - + " at port " - + port - + dashes(70 - - 37 - - host.length() - - (Integer.valueOf(port)) - .toString().length()) - + " Failure" + "\nexception: " + ex); + params.add(Constants.PR_CONN_FAIL, + "Connect to directory server " + + host + " at port " + port + + dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Failure" + + "\nexception: " + ex); } - params.add( - Constants.PR_SAVE_NOT, - "\n \nIf the problem is not fixed then " - + "LDAP publishing will fail.\n" - + "Do you want to save the configuration anyway?"); + params.add(Constants.PR_SAVE_NOT, + "\n \nIf the problem is not fixed then " + + "LDAP publishing will fail.\n" + + "Do you want to save the configuration anyway?"); sendResponse(SUCCESS, null, params, resp); return; } try { - // bindAs = authInfo.getParms()[0]; + //bindAs = authInfo.getParms()[0]; bindAs = ldap.getSubStore( - ILdapBoundConnFactory.PROP_LDAPAUTHINFO).getString( - ILdapAuthInfo.PROP_BINDDN); + ILdapBoundConnFactory.PROP_LDAPAUTHINFO).getString(ILdapAuthInfo.PROP_BINDDN); conn.authenticate(version, bindAs, pwd); - params.add(Constants.PR_AUTH_OK, - "Authentication: Basic authentication" - + dashes(70 - 36) + " Success" - + "\nBind to the directory as: " + bindAs - + dashes(70 - 26 - bindAs.length()) - + " Success"); + params.add(Constants.PR_AUTH_OK, + "Authentication: Basic authentication" + + dashes(70 - 36) + " Success" + + "\nBind to the directory as: " + bindAs + + dashes(70 - 26 - bindAs.length()) + " Success"); } catch (LDAPException ex) { - if (ex.getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT) { - params.add( - Constants.PR_AUTH_FAIL, - "Authentication: Basic authentication" - + dashes(70 - 36) - + "Failure" - + "\nBind to the directory as: " - + bindAs - + dashes(70 - 26 - bindAs.length()) - + "Failure" - + "\nThe object doesn't exist. " - + "Please correct the value assigned in the" - + " \"Directory manager DN\" field."); - } else if (ex.getLDAPResultCode() == LDAPException.INVALID_CREDENTIALS) { - params.add( - Constants.PR_AUTH_FAIL, - "Authentication: Basic authentication" - + dashes(70 - 36) - + " Failure" - + "\nBind to the directory as: " - + bindAs - + dashes(70 - 26 - bindAs.length()) - + " Failure" - + "\nInvalid password. " - + "Please correct the value assigned in the" - + " \"Password\" field."); + if (ex.getLDAPResultCode() == + LDAPException.NO_SUCH_OBJECT) { + params.add(Constants.PR_AUTH_FAIL, + "Authentication: Basic authentication" + + dashes(70 - 36) + "Failure" + + "\nBind to the directory as: " + bindAs + + dashes(70 - 26 - bindAs.length()) + + "Failure" + "\nThe object doesn't exist. " + + "Please correct the value assigned in the" + + " \"Directory manager DN\" field."); + } else if (ex.getLDAPResultCode() == + LDAPException.INVALID_CREDENTIALS) { + params.add(Constants.PR_AUTH_FAIL, + "Authentication: Basic authentication" + + dashes(70 - 36) + " Failure" + + "\nBind to the directory as: " + bindAs + + dashes(70 - 26 - bindAs.length()) + + " Failure" + "\nInvalid password. " + + "Please correct the value assigned in the" + + " \"Password\" field."); } else { - params.add( - Constants.PR_AUTH_FAIL, - "Authentication: Basic authentication" - + dashes(70 - 36) + " Failure" - + "\nBind to the directory as: " - + bindAs - + dashes(70 - 26 - bindAs.length()) - + " Failure"); + params.add(Constants.PR_AUTH_FAIL, + "Authentication: Basic authentication" + + dashes(70 - 36) + " Failure" + + "\nBind to the directory as: " + bindAs + + dashes(70 - 26 - bindAs.length()) + + " Failure"); } - params.add( - Constants.PR_SAVE_NOT, - "\n \nIf the problem is not fixed then " - + "LDAP publishing will fail.\n" - + "Do you want to save the configuration anyway?"); + params.add(Constants.PR_SAVE_NOT, + "\n \nIf the problem is not fixed then " + + "LDAP publishing will fail.\n" + + "Do you want to save the configuration anyway?"); sendResponse(SUCCESS, null, params, resp); return; } @@ -940,83 +873,82 @@ public class PublisherAdminServlet extends AdminServlet { } - // commit(true); - if (ldapcfg.getBoolean(IPublisherProcessor.PROP_ENABLE) && pwd != null) { + //commit(true); + if (ldapcfg.getBoolean(IPublisherProcessor.PROP_ENABLE) && + pwd != null) { - /* - * Do a "PUT" of the new pw to the watchdog"* do not remove - cfu - * CMS.putPasswordCache(PW_TAG_CA_LDAP_PUBLISHING, pwd); + /* Do a "PUT" of the new pw to the watchdog" + ** do not remove - cfu + CMS.putPasswordCache(PW_TAG_CA_LDAP_PUBLISHING, pwd); */ // support publishing dirsrv with different pwd than internaldb // update passwordFile String prompt = ldap.getString(Constants.PR_BINDPWD_PROMPT); IPasswordStore pwdStore = CMS.getPasswordStore(); - CMS.debug("PublisherAdminServlet: testSetLDAPDest(): saving password for " - + prompt + " to password file"); + CMS.debug("PublisherAdminServlet: testSetLDAPDest(): saving password for "+ + prompt + " to password file"); pwdStore.putPassword(prompt, pwd); pwdStore.commit(); CMS.debug("PublisherAdminServlet: testSetLDAPDest(): password saved"); - /* - * we'll shut down and restart the PublisherProcessor instead // - * what a hack to do this without require restart server // - * ILdapAuthInfo authInfo = CMS.getLdapAuthInfo(); ILdapConnModule - * connModule = mProcessor.getLdapConnModule(); ILdapAuthInfo - * authInfo = null; if (connModule != null) { authInfo = - * connModule.getLdapAuthInfo(); } else - * CMS.debug("PublisherAdminServlet: testSetLDAPDest(): connModule null" - * ); - * - * // authInfo.addPassword(PW_TAG_CA_LDAP_PUBLISHING, pwd); if - * (authInfo != null) { CMS.debug( - * "PublisherAdminServlet: testSetLDAPDest(): adding password to memory cache" - * ); authInfo.addPassword(prompt, pwd); } else - * CMS.debug("PublisherAdminServlet: testSetLDAPDest(): authInfo null" - * ); - */ +/* we'll shut down and restart the PublisherProcessor instead + // what a hack to do this without require restart server +// ILdapAuthInfo authInfo = CMS.getLdapAuthInfo(); + ILdapConnModule connModule = mProcessor.getLdapConnModule(); + ILdapAuthInfo authInfo = null; + if (connModule != null) { + authInfo = connModule.getLdapAuthInfo(); + } else + CMS.debug("PublisherAdminServlet: testSetLDAPDest(): connModule null"); + +// authInfo.addPassword(PW_TAG_CA_LDAP_PUBLISHING, pwd); + if (authInfo != null) { + CMS.debug("PublisherAdminServlet: testSetLDAPDest(): adding password to memory cache"); + authInfo.addPassword(prompt, pwd); + } else + CMS.debug("PublisherAdminServlet: testSetLDAPDest(): authInfo null"); +*/ } - // params.add(Constants.PR_SAVE_OK, - // "\n \nConfiguration changes are now committed."); + //params.add(Constants.PR_SAVE_OK, + // "\n \nConfiguration changes are now committed."); mProcessor.shutdown(); if (publishcfg.getBoolean(IPublisherProcessor.PROP_ENABLE)) { mProcessor.startup(); - // params.add("restarted", "Publishing is restarted."); + //params.add("restarted", "Publishing is restarted."); if (ldapcfg.getBoolean(IPublisherProcessor.PROP_ENABLE)) { - ICertAuthority authority = (ICertAuthority) mProcessor - .getAuthority(); + ICertAuthority authority = (ICertAuthority) mProcessor.getAuthority(); - if (!(authority instanceof ICertificateAuthority)) + if (!(authority instanceof ICertificateAuthority)) return; ICertificateAuthority ca = (ICertificateAuthority) authority; // publish ca cert try { mProcessor.publishCACert(ca.getCACert()); - CMS.debug("PublisherAdminServlet: " - + CMS.getLogMessage("ADMIN_SRVLT_PUB_CA_CERT")); - params.add("publishCA", "CA certificate is published."); + CMS.debug("PublisherAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_PUB_CA_CERT")); + params.add("publishCA", + "CA certificate is published."); } catch (Exception ex) { // exception not thrown - not seen as a fatal error. - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_NO_PUB_CA_CERT", - ex.toString())); - params.add("publishCA", "Failed to publish CA certificate."); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_NO_PUB_CA_CERT", ex.toString())); + params.add("publishCA", + "Failed to publish CA certificate."); int index = ex.toString().indexOf("Failed to create CA"); if (index > -1) { - params.add("createError", ex.toString() - .substring(index)); + params.add("createError", + ex.toString().substring(index)); } mProcessor.shutdown(); // Do you want to enable LDAP publishing anyway - params.add( - Constants.PR_SAVE_NOT, - "\n \nIf the problem is not fixed then " - + "the CA certificate won't be published.\n" - + "Do you want to enable LDAP publishing anyway?"); + params.add(Constants.PR_SAVE_NOT, + "\n \nIf the problem is not fixed then " + + "the CA certificate won't be published.\n" + + "Do you want to enable LDAP publishing anyway?"); sendResponse(SUCCESS, null, params, resp); return; @@ -1026,65 +958,65 @@ public class PublisherAdminServlet extends AdminServlet { CMS.debug("PublisherAdminServlet: about to update CRL"); ca.publishCRLNow(); CMS.debug(CMS.getLogMessage("ADMIN_SRVLT_PUB_CRL")); - params.add("publishCRL", "CRL is published."); + params.add("publishCRL", + "CRL is published."); } catch (Exception ex) { // exception not thrown - not seen as a fatal error. - log(ILogger.LL_FAILURE, - "Could not publish crl " + ex.toString()); - params.add("publishCRL", "Failed to publish CRL."); + log(ILogger.LL_FAILURE, + "Could not publish crl " + ex.toString()); + params.add("publishCRL", + "Failed to publish CRL."); mProcessor.shutdown(); // Do you want to enable LDAP publishing anyway - params.add( - Constants.PR_SAVE_NOT, - "\n \nIf the problem is not fixed then " - + "the CRL won't be published.\n" - + "Do you want to enable LDAP publishing anyway?"); + params.add(Constants.PR_SAVE_NOT, + "\n \nIf the problem is not fixed then " + + "the CRL won't be published.\n" + + "Do you want to enable LDAP publishing anyway?"); sendResponse(SUCCESS, null, params, resp); return; } } commit(true); - params.add(Constants.PR_SAVE_OK, - "\n \nConfiguration changes are now committed."); + params.add(Constants.PR_SAVE_OK, + "\n \nConfiguration changes are now committed."); params.add("restarted", "Publishing is restarted."); } else { commit(true); - params.add(Constants.PR_SAVE_OK, - "\n \nConfiguration changes are now committed."); - params.add("stopped", "Publishing is stopped."); + params.add(Constants.PR_SAVE_OK, + "\n \nConfiguration changes are now committed."); + params.add("stopped", + "Publishing is stopped."); } - // XXX See if we can dynamically in B2 + //XXX See if we can dynamically in B2 sendResponse(SUCCESS, null, params, resp); } - private synchronized void addMapperPlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, - IOException, EBaseException { + private synchronized void addMapperPlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - // System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + //System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // is the manager id unique? if (mProcessor.getMapperPlugins().containsKey((Object) id)) { - sendResponse( - ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), - "CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(), - null, resp); + sendResponse(ERROR, + new ELdapException(CMS.getUserMessage(getLocale(req),"CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(), + null, resp); return; } String classPath = req.getParameter(Constants.PR_MAPPER_CLASS); if (classPath == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_LDAP_SRVLT_NULL_CLASS"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req),"CMS_LDAP_SRVLT_NULL_CLASS"), null, resp); return; } @@ -1099,25 +1031,21 @@ public class PublisherAdminServlet extends AdminServlet { try { newImpl = Class.forName(classPath); } catch (ClassNotFoundException e) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_LDAP_SRVLT_NO_CLASS"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_NO_CLASS"), null, resp); return; } catch (IllegalArgumentException e) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_LDAP_SRVLT_NO_CLASS"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_NO_CLASS"), null, resp); return; } // is the class an ILdapMapper? try { if (ILdapMapper.class.isAssignableFrom(newImpl) == false) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_LDAP_SRVLT_ILL_CLASS", classPath), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_CLASS", classPath), null, resp); return; } } catch (NullPointerException e) { // unlikely, only if newImpl null. - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_LDAP_SRVLT_ILL_CLASS", classPath), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_CLASS", classPath), null, resp); return; } @@ -1129,9 +1057,10 @@ public class PublisherAdminServlet extends AdminServlet { try { mConfig.commit(true); } catch (EBaseException e) { - // System.out.println("SRVLT_FAIL_COMMIT"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); + //System.out.println("SRVLT_FAIL_COMMIT"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -1139,8 +1068,8 @@ public class PublisherAdminServlet extends AdminServlet { MapperPlugin plugin = new MapperPlugin(id, classPath); mProcessor.getMapperPlugins().put(id, plugin); - mProcessor.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_MAPPER_ADDED", "")); + mProcessor.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_MAPPER_ADDED", "")); NameValuePairs params = new NameValuePairs(); @@ -1158,54 +1087,54 @@ public class PublisherAdminServlet extends AdminServlet { return true; } - private synchronized void addMapperInst(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, - IOException, EBaseException { + private synchronized void addMapperInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } if (!isValidID(id)) { - sendResponse(ERROR, "Invalid ID '" + id + "'", null, resp); + sendResponse(ERROR, "Invalid ID '" + id + "'", + null, resp); return; } if (mProcessor.getMapperInsts().containsKey((Object) id)) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_LDAP_SRVLT_ILL_INST_ID", id), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id), + null, resp); return; } // get required parameters - String implname = req.getParameter(Constants.PR_MAPPER_IMPL_NAME); + String implname = req.getParameter( + Constants.PR_MAPPER_IMPL_NAME); if (implname == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_LDAP_SRVLT_ADD_MISSING_PARAMS"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ADD_MISSING_PARAMS"), null, resp); return; } // check if implementation exists. - MapperPlugin plugin = (MapperPlugin) mProcessor.getMapperPlugins().get( + MapperPlugin plugin = + (MapperPlugin) mProcessor.getMapperPlugins().get( implname); if (plugin == null) { - sendResponse( - ERROR, - new EMapperPluginNotFound(CMS.getUserMessage( - getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", - implname)).toString(), null, resp); + sendResponse(ERROR, + new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", implname)).toString(), + null, resp); return; } Vector configParams = mProcessor.getMapperDefaultParams(implname); - IConfigStore destStore = mConfig.getSubStore(mAuth.getId() - + ".publish.mapper"); + IConfigStore destStore = mConfig.getSubStore(mAuth.getId() + ".publish.mapper"); IConfigStore instancesConfig = destStore.getSubStore("instance"); IConfigStore substore = instancesConfig.makeSubStore(id); @@ -1216,10 +1145,11 @@ public class PublisherAdminServlet extends AdminServlet { String val = req.getParameter(kv.substring(0, index)); if (val == null) { - substore.put(kv.substring(0, index), - kv.substring(index + 1)); + substore.put(kv.substring(0, index), + kv.substring(index + 1)); } else { - substore.put(kv.substring(0, index), val); + substore.put(kv.substring(0, index), + val); } } } @@ -1234,27 +1164,21 @@ public class PublisherAdminServlet extends AdminServlet { } catch (ClassNotFoundException e) { // cleanup instancesConfig.removeSubStore(id); - sendResponse( - ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), - "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + sendResponse(ERROR, + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (InstantiationException e) { instancesConfig.removeSubStore(id); - sendResponse( - ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), - "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + sendResponse(ERROR, + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { instancesConfig.removeSubStore(id); - sendResponse( - ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), - "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + sendResponse(ERROR, + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } @@ -1278,44 +1202,47 @@ public class PublisherAdminServlet extends AdminServlet { } catch (EBaseException e) { // clean up. instancesConfig.removeSubStore(id); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } // inited and commited ok. now add mapper instance to list. mProcessor.getMapperInsts().put(id, new MapperProxy(true, mapperInst)); - mProcessor.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_MAPPER_INST_ADDED", id)); + mProcessor.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_MAPPER_INST_ADDED", id)); NameValuePairs params = new NameValuePairs(); params.add(Constants.PR_MAPPER_IMPL_NAME, implname); sendResponse(SUCCESS, null, params, resp); return; - } + } - private synchronized void listMapperPlugins(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + private synchronized void listMapperPlugins(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration e = mProcessor.getMapperPlugins().keys(); while (e.hasMoreElements()) { String name = (String) e.nextElement(); - MapperPlugin value = (MapperPlugin) mProcessor.getMapperPlugins() - .get(name); + MapperPlugin value = (MapperPlugin) + mProcessor.getMapperPlugins().get(name); // get Description - String c = value.getClassPath(); + String c = value.getClassPath(); String desc = "unknown"; try { - ILdapMapper lp = (ILdapMapper) Class.forName(c).newInstance(); + ILdapMapper lp = (ILdapMapper) + Class.forName(c).newInstance(); desc = lp.getDescription(); } catch (Exception exp) { - sendResponse(ERROR, exp.toString(), null, resp); + sendResponse(ERROR, exp.toString(), null, + resp); return; } params.add(name, value.getClassPath() + "," + desc); @@ -1334,9 +1261,9 @@ public class PublisherAdminServlet extends AdminServlet { } } - private synchronized void listMapperInsts(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + private synchronized void listMapperInsts(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration e = mProcessor.getMapperInsts().keys(); @@ -1351,39 +1278,40 @@ public class PublisherAdminServlet extends AdminServlet { return; } - private synchronized void delMapperInst(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, - IOException, EBaseException { + private synchronized void delMapperInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String id = req.getParameter(Constants.RS_ID); if (id == null) { - // System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + //System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // does a`mapper instance exist? if (mProcessor.getMapperInsts().containsKey(id) == false) { - sendResponse( - ERROR, - new EMapperNotFound(CMS.getUserMessage(getLocale(req), - "CMS_LDAP_MAPPER_NOT_FOUND", id)).toString(), null, - resp); + sendResponse(ERROR, + new EMapperNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_NOT_FOUND", id)).toString(), + null, resp); return; } // only remove from memory // cannot shutdown because we don't keep track of whether it's - // being used. - ILdapMapper mapperInst = (ILdapMapper) mProcessor.getMapperInstance(id); + // being used. + ILdapMapper mapperInst = (ILdapMapper) + mProcessor.getMapperInstance(id); mProcessor.getMapperInsts().remove((Object) id); // remove the configuration. - IConfigStore destStore = mConfig.getSubStore(mAuth.getId() - + ".publish.mapper"); + IConfigStore destStore = + mConfig.getSubStore( + mAuth.getId() + ".publish.mapper"); IConfigStore instancesConfig = destStore.getSubStore("instance"); instancesConfig.removeSubStore(id); @@ -1391,82 +1319,85 @@ public class PublisherAdminServlet extends AdminServlet { try { mConfig.commit(true); } catch (EBaseException e) { - // System.out.println("SRVLT_FAIL_COMMIT"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); + //System.out.println("SRVLT_FAIL_COMMIT"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } sendResponse(SUCCESS, null, params, resp); return; - } + } - private synchronized void delMapperPlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, - IOException, EBaseException { + private synchronized void delMapperPlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String id = req.getParameter(Constants.RS_ID); if (id == null) { - // System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + //System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } if (mProcessor.getMapperPlugins().containsKey(id) == false) { - sendResponse( - ERROR, - new EMapperPluginNotFound(CMS.getUserMessage( - getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", - id)).toString(), null, resp); + sendResponse(ERROR, + new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", id)).toString(), + null, resp); return; } // first check if any instances from this mapper // DON'T remove mapper if any instance - for (Enumeration e = mProcessor.getMapperInsts().keys(); e - .hasMoreElements();) { + for (Enumeration e = mProcessor.getMapperInsts().keys(); + e.hasMoreElements();) { String name = (String) e.nextElement(); ILdapMapper mapper = mProcessor.getMapperInstance(name); if (id.equals(getMapperPluginName(mapper))) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_LDAP_SRVLT_IN_USE"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_IN_USE"), null, resp); return; } } - + // then delete this mapper mProcessor.getMapperPlugins().remove((Object) id); - IConfigStore destStore = mConfig.getSubStore(mAuth.getId() - + ".publish.mapper"); - IConfigStore instancesConfig = destStore.getSubStore("impl"); + IConfigStore destStore = + mConfig.getSubStore( + mAuth.getId() + ".publish.mapper"); + IConfigStore instancesConfig = + destStore.getSubStore("impl"); instancesConfig.removeSubStore(id); // commiting try { mConfig.commit(true); } catch (EBaseException e) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } sendResponse(SUCCESS, null, params, resp); return; - } + } - private synchronized void getMapperConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + private synchronized void getMapperConfig(HttpServletRequest req, + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String implname = req.getParameter(Constants.RS_ID); if (implname == null) { - // System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + //System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -1480,48 +1411,50 @@ public class PublisherAdminServlet extends AdminServlet { String kv = (String) configParams.elementAt(i); int index = kv.indexOf('='); - params.add(kv.substring(0, index), kv.substring(index + 1)); + params.add(kv.substring(0, index), + kv.substring(index + 1)); } } sendResponse(0, null, params, resp); return; } - private synchronized void getMapperInstConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + private synchronized void getMapperInstConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - // System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + //System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // does mapper instance exist? if (mProcessor.getMapperInsts().containsKey(id) == false) { - sendResponse( - ERROR, - new EMapperNotFound(CMS.getUserMessage(getLocale(req), - "CMS_LDAP_MAPPER_NOT_FOUND", id)).toString(), null, - resp); + sendResponse(ERROR, + new EMapperNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_NOT_FOUND", id)).toString(), + null, resp); return; } - ILdapMapper mapperInst = (ILdapMapper) mProcessor.getMapperInstance(id); + ILdapMapper mapperInst = (ILdapMapper) + mProcessor.getMapperInstance(id); Vector configParams = mapperInst.getInstanceParams(); NameValuePairs params = new NameValuePairs(); - params.add(Constants.PR_MAPPER_IMPL_NAME, - getMapperPluginName(mapperInst)); + params.add(Constants.PR_MAPPER_IMPL_NAME, + getMapperPluginName(mapperInst)); // implName is always required so always send it. if (configParams != null) { for (int i = 0; i < configParams.size(); i++) { String kv = (String) configParams.elementAt(i); int index = kv.indexOf('='); - params.add(kv.substring(0, index), kv.substring(index + 1)); + params.add(kv.substring(0, index), + kv.substring(index + 1)); } } @@ -1529,23 +1462,24 @@ public class PublisherAdminServlet extends AdminServlet { return; } - private synchronized void modMapperInst(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, - IOException, EBaseException { + private synchronized void modMapperInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - // System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + //System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // Does the manager instance exist? if (!mProcessor.getMapperInsts().containsKey((Object) id)) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_LDAP_SRVLT_ILL_INST_ID", id), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id), + null, resp); return; } @@ -1553,26 +1487,24 @@ public class PublisherAdminServlet extends AdminServlet { String implname = req.getParameter(Constants.PR_MAPPER_IMPL_NAME); if (implname == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_LDAP_SRVLT_ADD_MISSING_PARAMS"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ADD_MISSING_PARAMS"), null, resp); return; } // get plugin for implementation - MapperPlugin plugin = (MapperPlugin) mProcessor.getMapperPlugins().get( - implname); + MapperPlugin plugin = + (MapperPlugin) mProcessor.getMapperPlugins().get(implname); if (plugin == null) { - sendResponse( - ERROR, - new EMapperPluginNotFound(CMS.getUserMessage( - getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", - implname)).toString(), null, resp); + sendResponse(ERROR, + new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", implname)).toString(), + null, resp); return; } // save old instance substore params in case new one fails. - ILdapMapper oldinst = (ILdapMapper) mProcessor.getMapperInstance(id); + ILdapMapper oldinst = + (ILdapMapper) mProcessor.getMapperInstance(id); Vector oldConfigParms = oldinst.getInstanceParams(); NameValuePairs saveParams = new NameValuePairs(); @@ -1583,7 +1515,8 @@ public class PublisherAdminServlet extends AdminServlet { String kv = (String) oldConfigParms.elementAt(i); int index = kv.indexOf('='); - saveParams.add(kv.substring(0, index), kv.substring(index + 1)); + saveParams.add(kv.substring(0, index), + kv.substring(index + 1)); } } @@ -1591,8 +1524,9 @@ public class PublisherAdminServlet extends AdminServlet { // remove old substore. - IConfigStore destStore = mConfig.getSubStore(mAuth.getId() - + ".publish.mapper"); + IConfigStore destStore = + mConfig.getSubStore(mAuth.getId() + + ".publish.mapper"); IConfigStore instancesConfig = destStore.getSubStore("instance"); // create new substore. @@ -1623,31 +1557,26 @@ public class PublisherAdminServlet extends AdminServlet { ILdapMapper newMgrInst = null; try { - newMgrInst = (ILdapMapper) Class.forName(className).newInstance(); + newMgrInst = (ILdapMapper) + Class.forName(className).newInstance(); } catch (ClassNotFoundException e) { // cleanup restore(instancesConfig, id, saveParams); - sendResponse( - ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), - "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + sendResponse(ERROR, + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (InstantiationException e) { restore(instancesConfig, id, saveParams); - sendResponse( - ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), - "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + sendResponse(ERROR, + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { restore(instancesConfig, id, saveParams); - sendResponse( - ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), - "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + sendResponse(ERROR, + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } // initialize the mapper @@ -1657,23 +1586,26 @@ public class PublisherAdminServlet extends AdminServlet { } catch (EBaseException e) { // don't commit in this case and cleanup the new substore. restore(instancesConfig, id, saveParams); - sendResponse(ERROR, e.toString(getLocale(req)), null, resp); + sendResponse(ERROR, e.toString(getLocale(req)), null, + resp); return; } catch (Throwable e) { restore(instancesConfig, id, saveParams); - sendResponse(ERROR, e.toString(), null, resp); + sendResponse(ERROR, e.toString(), null, + resp); return; } - // initialized ok. commiting + // initialized ok. commiting try { mConfig.commit(true); } catch (EBaseException e) { // clean up. restore(instancesConfig, id, saveParams); - // System.out.println("SRVLT_FAIL_COMMIT"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); + //System.out.println("SRVLT_FAIL_COMMIT"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -1682,46 +1614,45 @@ public class PublisherAdminServlet extends AdminServlet { mProcessor.getMapperInsts().put(id, new MapperProxy(true, newMgrInst)); mProcessor.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_MAPPER_REPLACED", id)); + CMS.getLogMessage("ADMIN_SRVLT_MAPPER_REPLACED", id)); NameValuePairs params = new NameValuePairs(); sendResponse(SUCCESS, null, params, resp); return; } - private synchronized void addRulePlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, - IOException, EBaseException { + private synchronized void addRulePlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - // System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + //System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // is the rule id unique? if (mProcessor.getRulePlugins().containsKey((Object) id)) { - sendResponse( - ERROR, - new ELdapException(CMS.getUserMessage( - "CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)) - .toString(getLocale(req)), null, resp); + sendResponse(ERROR, + new ELdapException(CMS.getUserMessage("CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(getLocale(req)), + null, resp); return; } String classPath = req.getParameter(Constants.PR_RULE_CLASS); if (classPath == null) { - sendResponse(ERROR, - CMS.getUserMessage("CMS_LDAP_SRVLT_NULL_CLASS"), null, resp); + sendResponse(ERROR, CMS.getUserMessage("CMS_LDAP_SRVLT_NULL_CLASS"), null, resp); return; } IConfigStore destStore = null; - destStore = mConfig.getSubStore(mAuth.getId() + ".publish.rule"); + destStore = mConfig.getSubStore( + mAuth.getId() + ".publish.rule"); IConfigStore instancesConfig = destStore.getSubStore("impl"); // Does the class exist? @@ -1730,25 +1661,21 @@ public class PublisherAdminServlet extends AdminServlet { try { newImpl = Class.forName(classPath); } catch (ClassNotFoundException e) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_LDAP_SRVLT_NO_CLASS"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_NO_CLASS"), null, resp); return; } catch (IllegalArgumentException e) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_LDAP_SRVLT_NO_CLASS"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_NO_CLASS"), null, resp); return; } // is the class an ILdapRule? try { if (ILdapRule.class.isAssignableFrom(newImpl) == false) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_LDAP_SRVLT_ILL_CLASS", classPath), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_CLASS", classPath), null, resp); return; } } catch (NullPointerException e) { // unlikely, only if newImpl null. - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_LDAP_SRVLT_ILL_CLASS", classPath), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_CLASS", classPath), null, resp); return; } @@ -1760,9 +1687,10 @@ public class PublisherAdminServlet extends AdminServlet { try { mConfig.commit(true); } catch (EBaseException e) { - // System.out.println("SRVLT_FAIL_COMMIT"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); + //System.out.println("SRVLT_FAIL_COMMIT"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -1770,8 +1698,8 @@ public class PublisherAdminServlet extends AdminServlet { RulePlugin plugin = new RulePlugin(id, classPath); mProcessor.getRulePlugins().put(id, plugin); - mProcessor.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_RULE_PLUG_ADDED", id)); + mProcessor.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_RULE_PLUG_ADDED", id)); NameValuePairs params = new NameValuePairs(); @@ -1779,55 +1707,57 @@ public class PublisherAdminServlet extends AdminServlet { return; } - private synchronized void addRuleInst(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, - IOException, EBaseException { + private synchronized void addRuleInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } if (!isValidID(id)) { - sendResponse(ERROR, "Invalid ID '" + id + "'", null, resp); + sendResponse(ERROR, "Invalid ID '" + id + "'", + null, resp); return; } if (mProcessor.getRuleInsts().containsKey((Object) id)) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_LDAP_SRVLT_ILL_INST_ID", id), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id), + null, resp); return; } // get required parameters - String implname = req.getParameter(Constants.PR_RULE_IMPL_NAME); + String implname = req.getParameter( + Constants.PR_RULE_IMPL_NAME); if (implname == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_LDAP_SRVLT_ADD_MISSING_PARAMS"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ADD_MISSING_PARAMS"), null, resp); return; } // check if implementation exists. - RulePlugin plugin = (RulePlugin) mProcessor.getRulePlugins().get( + RulePlugin plugin = + (RulePlugin) mProcessor.getRulePlugins().get( implname); if (plugin == null) { - sendResponse( - ERROR, - new EPublisherPluginNotFound(CMS.getUserMessage( - getLocale(req), - "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)) - .toString(), null, resp); + sendResponse(ERROR, + new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(), + null, resp); return; } Vector configParams = mProcessor.getRuleDefaultParams(implname); - IConfigStore destStore = mConfig.getSubStore(mAuth.getId() + IConfigStore destStore = + mConfig.getSubStore(mAuth.getId() + ".publish.rule"); - IConfigStore instancesConfig = destStore.getSubStore("instance"); + IConfigStore instancesConfig = + destStore.getSubStore("instance"); IConfigStore substore = instancesConfig.makeSubStore(id); if (configParams != null) { @@ -1837,12 +1767,13 @@ public class PublisherAdminServlet extends AdminServlet { String val = req.getParameter(kv.substring(0, index)); if (val == null) { - substore.put(kv.substring(0, index), - kv.substring(index + 1)); + substore.put(kv.substring(0, index), + kv.substring(index + 1)); } else { if (val.equals(NOMAPPER)) val = ""; - substore.put(kv.substring(0, index), val); + substore.put(kv.substring(0, index), + val); } } } @@ -1857,27 +1788,21 @@ public class PublisherAdminServlet extends AdminServlet { } catch (ClassNotFoundException e) { // cleanup instancesConfig.removeSubStore(id); - sendResponse( - ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), - "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + sendResponse(ERROR, + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (InstantiationException e) { instancesConfig.removeSubStore(id); - sendResponse( - ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), - "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + sendResponse(ERROR, + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { instancesConfig.removeSubStore(id); - sendResponse( - ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), - "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + sendResponse(ERROR, + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } @@ -1902,39 +1827,41 @@ public class PublisherAdminServlet extends AdminServlet { } catch (EBaseException e) { // clean up. instancesConfig.removeSubStore(id); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } // inited and commited ok. now add manager instance to list. mProcessor.getRuleInsts().put(id, ruleInst); - mProcessor.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_RULE_INST_ADDED", id)); + mProcessor.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_RULE_INST_ADDED", id)); NameValuePairs params = new NameValuePairs(); params.add(Constants.PR_RULE_IMPL_NAME, implname); sendResponse(SUCCESS, null, params, resp); return; - } + } - private synchronized void listRulePlugins(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + private synchronized void listRulePlugins(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration e = mProcessor.getRulePlugins().keys(); while (e.hasMoreElements()) { String name = (String) e.nextElement(); - RulePlugin value = (RulePlugin) mProcessor.getRulePlugins().get( - name); + RulePlugin value = (RulePlugin) + mProcessor.getRulePlugins().get(name); // get Description - String c = value.getClassPath(); + String c = value.getClassPath(); String desc = "unknown"; try { - ILdapRule lp = (ILdapRule) Class.forName(c).newInstance(); + ILdapRule lp = (ILdapRule) + Class.forName(c).newInstance(); desc = lp.getDescription(); } catch (Exception exp) { @@ -1945,17 +1872,17 @@ public class PublisherAdminServlet extends AdminServlet { return; } - private synchronized void listRuleInsts(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + private synchronized void listRuleInsts(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String insts = null; Enumeration e = mProcessor.getRuleInsts().keys(); for (; e.hasMoreElements();) { String name = (String) e.nextElement(); - ILdapRule value = (ILdapRule) mProcessor.getRuleInsts().get( - (Object) name); + ILdapRule value = (ILdapRule) + mProcessor.getRuleInsts().get((Object) name); String enabled = value.enabled() ? "enabled" : "disabled"; params.add(name, value.getInstanceName() + ";visible;" + enabled); @@ -1974,46 +1901,47 @@ public class PublisherAdminServlet extends AdminServlet { } } - private synchronized void delRulePlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, - IOException, EBaseException { + private synchronized void delRulePlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String id = req.getParameter(Constants.RS_ID); if (id == null) { - // System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + //System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // does rule exist? if (mProcessor.getRulePlugins().containsKey(id) == false) { - sendResponse( - ERROR, - new ERulePluginNotFound(CMS.getUserMessage(getLocale(req), - "CMS_LDAP_RULE_PLUGIN_NOT_FOUND", id)).toString(), - null, resp); + sendResponse(ERROR, + new ERulePluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_RULE_PLUGIN_NOT_FOUND", id)).toString(), + null, resp); return; } // first check if any instances from this rule // DON'T remove rule if any instance - for (Enumeration e = mProcessor.getRuleInsts().elements(); e - .hasMoreElements();) { - ILdapRule rule = (ILdapRule) e.nextElement(); + for (Enumeration e = mProcessor.getRuleInsts().elements(); + e.hasMoreElements();) { + ILdapRule rule = (ILdapRule) + e.nextElement(); if (id.equals(getRulePluginName(rule))) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_LDAP_SRVLT_IN_USE"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_IN_USE"), null, resp); return; } } - + // then delete this rule mProcessor.getRulePlugins().remove((Object) id); - IConfigStore destStore = mConfig.getSubStore(mAuth.getId() + ".rule"); + IConfigStore destStore = + mConfig.getSubStore( + mAuth.getId() + ".rule"); IConfigStore instancesConfig = destStore.getSubStore("impl"); instancesConfig.removeSubStore(id); @@ -2021,25 +1949,27 @@ public class PublisherAdminServlet extends AdminServlet { try { mConfig.commit(true); } catch (EBaseException e) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } sendResponse(SUCCESS, null, params, resp); return; - } + } - private synchronized void delRuleInst(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, - IOException, EBaseException { + private synchronized void delRuleInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String id = req.getParameter(Constants.RS_ID); if (id == null) { - // System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + //System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -2047,24 +1977,24 @@ public class PublisherAdminServlet extends AdminServlet { // does rule instance exist? if (mProcessor.getRuleInsts().containsKey(id) == false) { - sendResponse( - ERROR, - new ERuleNotFound(CMS.getUserMessage(getLocale(req), - "CMS_LDAP_RULE_NOT_FOUND", id)).toString(), null, - resp); + sendResponse(ERROR, + new ERuleNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_RULE_NOT_FOUND", id)).toString(), + null, resp); return; } // only remove from memory // cannot shutdown because we don't keep track of whether it's - // being used. - ILdapRule ruleInst = (ILdapRule) mProcessor.getRuleInsts().get(id); + // being used. + ILdapRule ruleInst = (ILdapRule) + mProcessor.getRuleInsts().get(id); mProcessor.getRuleInsts().remove((Object) id); // remove the configuration. - IConfigStore destStore = mConfig.getSubStore(mAuth.getId() - + ".publish.rule"); + IConfigStore destStore = + mConfig.getSubStore( + mAuth.getId() + ".publish.rule"); IConfigStore instancesConfig = destStore.getSubStore("instance"); instancesConfig.removeSubStore(id); @@ -2072,24 +2002,26 @@ public class PublisherAdminServlet extends AdminServlet { try { mConfig.commit(true); } catch (EBaseException e) { - // System.out.println("SRVLT_FAIL_COMMIT"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); + //System.out.println("SRVLT_FAIL_COMMIT"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } sendResponse(SUCCESS, null, params, resp); return; - } + } - private synchronized void getRuleConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + private synchronized void getRuleConfig(HttpServletRequest req, + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String implname = req.getParameter(Constants.RS_ID); if (implname == null) { - // System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + //System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -2103,47 +2035,50 @@ public class PublisherAdminServlet extends AdminServlet { String kv = (String) configParams.elementAt(i); int index = kv.indexOf('='); - params.add(kv.substring(0, index), kv.substring(index + 1)); + params.add(kv.substring(0, index), + kv.substring(index + 1)); } } sendResponse(0, null, params, resp); return; } - private synchronized void getRuleInstConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + private synchronized void getRuleInstConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - // System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + //System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // does rule instance exist? if (mProcessor.getRuleInsts().containsKey(id) == false) { - sendResponse( - ERROR, - new ERuleNotFound(CMS.getUserMessage(getLocale(req), - "CMS_LDAP_RULE_NOT_FOUND", id)).toString(), null, - resp); + sendResponse(ERROR, + new ERuleNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_RULE_NOT_FOUND", id)).toString(), + null, resp); return; } - ILdapRule ruleInst = (ILdapRule) mProcessor.getRuleInsts().get(id); + ILdapRule ruleInst = (ILdapRule) + mProcessor.getRuleInsts().get(id); Vector configParams = ruleInst.getInstanceParams(); NameValuePairs params = new NameValuePairs(); - params.add(Constants.PR_RULE_IMPL_NAME, getRulePluginName(ruleInst)); + params.add(Constants.PR_RULE_IMPL_NAME, + getRulePluginName(ruleInst)); // implName is always required so always send it. if (configParams != null) { for (int i = 0; i < configParams.size(); i++) { String kv = (String) configParams.elementAt(i); int index = kv.indexOf('='); - params.add(kv.substring(0, index), kv.substring(index + 1)); + params.add(kv.substring(0, index), + kv.substring(index + 1)); } } @@ -2151,22 +2086,23 @@ public class PublisherAdminServlet extends AdminServlet { return; } - private synchronized void modRuleInst(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, - IOException, EBaseException { + private synchronized void modRuleInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - // System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + //System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // Does the manager instance exist? if (!mProcessor.getRuleInsts().containsKey((Object) id)) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_LDAP_SRVLT_ILL_INST_ID", id), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id), + null, resp); return; } @@ -2174,26 +2110,26 @@ public class PublisherAdminServlet extends AdminServlet { String implname = req.getParameter(Constants.PR_RULE_IMPL_NAME); if (implname == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_LDAP_SRVLT_ADD_MISSING_PARAMS"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ADD_MISSING_PARAMS"), null, resp); return; } - // get plugin for implementation - RulePlugin plugin = (RulePlugin) mProcessor.getRulePlugins().get( - implname); + // get plugin for implementation + RulePlugin plugin = + (RulePlugin) mProcessor.getRulePlugins().get(implname); if (plugin == null) { sendResponse(ERROR, - // new ERulePluginNotFound(implname).toString(getLocale(req)), - "", null, resp); + //new ERulePluginNotFound(implname).toString(getLocale(req)), + "", + null, resp); return; } - // save old instance substore params in case new one fails. + // save old instance substore params in case new one fails. - ILdapRule oldinst = (ILdapRule) mProcessor.getRuleInsts().get( - (Object) id); + ILdapRule oldinst = + (ILdapRule) mProcessor.getRuleInsts().get((Object) id); Vector oldConfigParms = oldinst.getInstanceParams(); NameValuePairs saveParams = new NameValuePairs(); @@ -2204,7 +2140,8 @@ public class PublisherAdminServlet extends AdminServlet { String kv = (String) oldConfigParms.elementAt(i); int index = kv.indexOf('='); - saveParams.add(kv.substring(0, index), kv.substring(index + 1)); + saveParams.add(kv.substring(0, index), + kv.substring(index + 1)); } } @@ -2212,8 +2149,9 @@ public class PublisherAdminServlet extends AdminServlet { // remove old substore. - IConfigStore destStore = mConfig.getSubStore(mAuth.getId() - + ".publish.rule"); + IConfigStore destStore = + mConfig.getSubStore( + mAuth.getId() + ".publish.rule"); IConfigStore instancesConfig = destStore.getSubStore("instance"); // create new substore. @@ -2233,7 +2171,8 @@ public class PublisherAdminServlet extends AdminServlet { String val = req.getParameter(key); if (val == null) { - substore.put(key, kv.substring(index + 1)); + substore.put(key, + kv.substring(index + 1)); } else { if (val.equals(NOMAPPER)) val = ""; @@ -2252,27 +2191,21 @@ public class PublisherAdminServlet extends AdminServlet { } catch (ClassNotFoundException e) { // cleanup restore(instancesConfig, id, saveParams); - sendResponse( - ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), - "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + sendResponse(ERROR, + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (InstantiationException e) { restore(instancesConfig, id, saveParams); - sendResponse( - ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), - "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + sendResponse(ERROR, + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { restore(instancesConfig, id, saveParams); - sendResponse( - ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), - "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + sendResponse(ERROR, + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } @@ -2291,15 +2224,16 @@ public class PublisherAdminServlet extends AdminServlet { return; } - // initialized ok. commiting + // initialized ok. commiting try { mConfig.commit(true); } catch (EBaseException e) { // clean up. restore(instancesConfig, id, saveParams); - // System.out.println("SRVLT_FAIL_COMMIT"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); + //System.out.println("SRVLT_FAIL_COMMIT"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -2307,48 +2241,47 @@ public class PublisherAdminServlet extends AdminServlet { mProcessor.getRuleInsts().put(id, newRuleInst); - mProcessor.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_RULE_INST_REP", id)); + mProcessor.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_RULE_INST_REP", id)); NameValuePairs params = new NameValuePairs(); sendResponse(SUCCESS, null, params, resp); return; } - private synchronized void addPublisherPlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, - IOException, EBaseException { + private synchronized void addPublisherPlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - // System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + //System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // is the manager id unique? if (mProcessor.getPublisherPlugins().containsKey((Object) id)) { - sendResponse( - ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), - "CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(), - null, resp); + sendResponse(ERROR, + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(), + null, resp); return; } String classPath = req.getParameter(Constants.PR_PUBLISHER_CLASS); if (classPath == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_LDAP_SRVLT_NULL_CLASS"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req),"CMS_LDAP_SRVLT_NULL_CLASS"), null, resp); return; } IConfigStore destStore = null; - destStore = mConfig.getSubStore(mAuth.getId() + ".publish.publisher"); + destStore = mConfig.getSubStore( + mAuth.getId() + ".publish.publisher"); IConfigStore instancesConfig = destStore.getSubStore("impl"); // Does the class exist? @@ -2357,25 +2290,21 @@ public class PublisherAdminServlet extends AdminServlet { try { newImpl = Class.forName(classPath); } catch (ClassNotFoundException e) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_LDAP_SRVLT_NO_CLASS"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_NO_CLASS"), null, resp); return; } catch (IllegalArgumentException e) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_LDAP_SRVLT_NO_CLASS"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_NO_CLASS"), null, resp); return; } // is the class an ILdapPublisher? try { if (ILdapPublisher.class.isAssignableFrom(newImpl) == false) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_LDAP_SRVLT_ILL_CLASS", classPath), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_CLASS", classPath), null, resp); return; } } catch (NullPointerException e) { // unlikely, only if newImpl null. - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_LDAP_SRVLT_ILL_CLASS", classPath), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_CLASS", classPath), null, resp); return; } @@ -2387,9 +2316,10 @@ public class PublisherAdminServlet extends AdminServlet { try { mConfig.commit(true); } catch (EBaseException e) { - // System.out.println("SRVLT_FAIL_COMMIT"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); + //System.out.println("SRVLT_FAIL_COMMIT"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -2397,8 +2327,8 @@ public class PublisherAdminServlet extends AdminServlet { PublisherPlugin plugin = new PublisherPlugin(id, classPath); mProcessor.getPublisherPlugins().put(id, plugin); - mProcessor.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_PUB_PLUG_ADDED", id)); + mProcessor.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_PUB_PLUG_ADDED", id)); NameValuePairs params = new NameValuePairs(); @@ -2406,56 +2336,56 @@ public class PublisherAdminServlet extends AdminServlet { return; } - private synchronized void addPublisherInst(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, - IOException, EBaseException { + private synchronized void addPublisherInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } if (!isValidID(id)) { - sendResponse(ERROR, "Invalid ID '" + id + "'", null, resp); + sendResponse(ERROR, "Invalid ID '" + id + "'", + null, resp); return; } if (mProcessor.getPublisherInsts().containsKey((Object) id)) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_LDAP_SRVLT_ILL_INST_ID", id), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id), + null, resp); return; } // get required parameters - String implname = req.getParameter(Constants.PR_PUBLISHER_IMPL_NAME); + String implname = req.getParameter( + Constants.PR_PUBLISHER_IMPL_NAME); if (implname == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_LDAP_SRVLT_ADD_MISSING_PARAMS"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ADD_MISSING_PARAMS"), null, resp); return; } // check if implementation exists. - PublisherPlugin plugin = (PublisherPlugin) mProcessor - .getPublisherPlugins().get(implname); + PublisherPlugin plugin = + (PublisherPlugin) mProcessor.getPublisherPlugins().get( + implname); if (plugin == null) { - sendResponse( - ERROR, - new EPublisherPluginNotFound(CMS.getUserMessage( - getLocale(req), - "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)) - .toString(), null, resp); + sendResponse(ERROR, + new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(), + null, resp); return; } Vector configParams = mProcessor.getPublisherDefaultParams(implname); - IConfigStore destStore = mConfig.getSubStore(mAuth.getId() - + ".publish.publisher"); + IConfigStore destStore = + mConfig.getSubStore(mAuth.getId() + ".publish.publisher"); IConfigStore instancesConfig = destStore.getSubStore("instance"); IConfigStore substore = instancesConfig.makeSubStore(id); @@ -2474,14 +2404,15 @@ public class PublisherAdminServlet extends AdminServlet { if (index == -1) { substore.put(kv, ""); } else { - substore.put(kv.substring(0, index), - kv.substring(index + 1)); + substore.put(kv.substring(0, index), + kv.substring(index + 1)); } } else { if (index == -1) { substore.put(kv, val); } else { - substore.put(kv.substring(0, index), val); + substore.put(kv.substring(0, index), + val); } } } @@ -2493,32 +2424,25 @@ public class PublisherAdminServlet extends AdminServlet { ILdapPublisher publisherInst = null; try { - publisherInst = (ILdapPublisher) Class.forName(className) - .newInstance(); + publisherInst = (ILdapPublisher) Class.forName(className).newInstance(); } catch (ClassNotFoundException e) { // cleanup instancesConfig.removeSubStore(id); - sendResponse( - ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), - "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + sendResponse(ERROR, + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (InstantiationException e) { instancesConfig.removeSubStore(id); - sendResponse( - ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), - "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + sendResponse(ERROR, + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { instancesConfig.removeSubStore(id); - sendResponse( - ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), - "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + sendResponse(ERROR, + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } @@ -2542,17 +2466,17 @@ public class PublisherAdminServlet extends AdminServlet { } catch (EBaseException e) { // clean up. instancesConfig.removeSubStore(id); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } // inited and commited ok. now add manager instance to list. - mProcessor.getPublisherInsts().put(id, - new PublisherProxy(true, publisherInst)); + mProcessor.getPublisherInsts().put(id, new PublisherProxy(true, publisherInst)); - mProcessor.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_PUB_INST_ADDED", id)); + mProcessor.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_PUB_INST_ADDED", id)); NameValuePairs params = new NameValuePairs(); @@ -2561,24 +2485,24 @@ public class PublisherAdminServlet extends AdminServlet { return; } - private synchronized void listPublisherPlugins(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + private synchronized void listPublisherPlugins(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration e = mProcessor.getPublisherPlugins().keys(); while (e.hasMoreElements()) { String name = (String) e.nextElement(); - PublisherPlugin value = (PublisherPlugin) mProcessor - .getPublisherPlugins().get(name); + PublisherPlugin value = (PublisherPlugin) + mProcessor.getPublisherPlugins().get(name); // get Description - String c = value.getClassPath(); + String c = value.getClassPath(); String desc = "unknown"; try { - ILdapPublisher lp = (ILdapPublisher) Class.forName(c) - .newInstance(); + ILdapPublisher lp = (ILdapPublisher) + Class.forName(c).newInstance(); desc = lp.getDescription(); } catch (Exception exp) { @@ -2599,9 +2523,9 @@ public class PublisherAdminServlet extends AdminServlet { } } - private synchronized void listPublisherInsts(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + private synchronized void listPublisherInsts(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String insts = null; @@ -2619,50 +2543,48 @@ public class PublisherAdminServlet extends AdminServlet { return; } - private synchronized void delPublisherPlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, + private synchronized void delPublisherPlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String id = req.getParameter(Constants.RS_ID); if (id == null) { - // System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + //System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // does publisher exist? if (mProcessor.getPublisherPlugins().containsKey(id) == false) { - sendResponse( - ERROR, - new EPublisherPluginNotFound(CMS.getUserMessage( - getLocale(req), - "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", id)) - .toString(), null, resp); + sendResponse(ERROR, + new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", id)).toString(), + null, resp); return; } // first check if any instances from this publisher // DON'T remove publisher if any instance - for (Enumeration e = mProcessor.getPublisherInsts().keys(); e - .hasMoreElements();) { + for (Enumeration e = mProcessor.getPublisherInsts().keys(); + e.hasMoreElements();) { String name = (String) e.nextElement(); - ILdapPublisher publisher = mProcessor.getPublisherInstance(name); + ILdapPublisher publisher = + mProcessor.getPublisherInstance(name); if (id.equals(getPublisherPluginName(publisher))) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_LDAP_SRVLT_IN_USE"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_IN_USE"), null, resp); return; } } - + // then delete this publisher mProcessor.getPublisherPlugins().remove((Object) id); - IConfigStore destStore = mConfig.getSubStore(mAuth.getId() - + ".publish.publisher"); + IConfigStore destStore = + mConfig.getSubStore(mAuth.getId() + ".publish.publisher"); IConfigStore instancesConfig = destStore.getSubStore("impl"); instancesConfig.removeSubStore(id); @@ -2670,8 +2592,9 @@ public class PublisherAdminServlet extends AdminServlet { try { mConfig.commit(true); } catch (EBaseException e) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -2679,17 +2602,18 @@ public class PublisherAdminServlet extends AdminServlet { return; } - private synchronized void delPublisherInst(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, + private synchronized void delPublisherInst(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String id = req.getParameter(Constants.RS_ID); if (id == null) { - // System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + //System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -2697,24 +2621,22 @@ public class PublisherAdminServlet extends AdminServlet { // does publisher instance exist? if (mProcessor.getPublisherInsts().containsKey(id) == false) { - sendResponse( - ERROR, - new EPublisherNotFound(CMS.getUserMessage(getLocale(req), - "CMS_LDAP_PUBLISHER_NOT_FOUND", id)).toString(), - null, resp); + sendResponse(ERROR, + new EPublisherNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_NOT_FOUND", id)).toString(), + null, resp); return; } // only remove from memory // cannot shutdown because we don't keep track of whether it's - // being used. + // being used. ILdapPublisher publisherInst = mProcessor.getPublisherInstance(id); mProcessor.getPublisherInsts().remove((Object) id); // remove the configuration. - IConfigStore destStore = mConfig.getSubStore(mAuth.getId() - + ".publish.publisher"); + IConfigStore destStore = + mConfig.getSubStore(mAuth.getId() + ".publish.publisher"); IConfigStore instancesConfig = destStore.getSubStore("instance"); instancesConfig.removeSubStore(id); @@ -2722,9 +2644,10 @@ public class PublisherAdminServlet extends AdminServlet { try { mConfig.commit(true); } catch (EBaseException e) { - // System.out.println("SRVLT_FAIL_COMMIT"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); + //System.out.println("SRVLT_FAIL_COMMIT"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } sendResponse(SUCCESS, null, params, resp); @@ -2732,23 +2655,25 @@ public class PublisherAdminServlet extends AdminServlet { } /** - * used for getting the required configuration parameters (with possible - * default values) for a particular plugin implementation name specified in - * the RS_ID. Actually, there is no logic in here to set any default value - * here...there's no default value for any parameter in this publishing - * subsystem at this point. Later, if we do have one (or some), it can be - * added. The interface remains the same. + * used for getting the required configuration parameters (with + * possible default values) for a particular plugin + * implementation name specified in the RS_ID. Actually, there is + * no logic in here to set any default value here...there's no + * default value for any parameter in this publishing subsystem + * at this point. Later, if we do have one (or some), it can be + * added. The interface remains the same. */ - private synchronized void getConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + private synchronized void getConfig(HttpServletRequest req, + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String implname = req.getParameter(Constants.RS_ID); if (implname == null) { - // System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + //System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -2765,7 +2690,8 @@ public class PublisherAdminServlet extends AdminServlet { if (index == -1) { params.add(kv, ""); } else { - params.add(kv.substring(0, index), kv.substring(index + 1)); + params.add(kv.substring(0, index), + kv.substring(index + 1)); } } } @@ -2773,43 +2699,43 @@ public class PublisherAdminServlet extends AdminServlet { return; } - private synchronized void getInstConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + private synchronized void getInstConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - // System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + //System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // does publisher instance exist? if (mProcessor.getPublisherInsts().containsKey(id) == false) { - sendResponse( - ERROR, - new EPublisherNotFound(CMS.getUserMessage(getLocale(req), - "CMS_LDAP_PUBLISHER_NOT_FOUND", id)).toString(), - null, resp); + sendResponse(ERROR, + new EPublisherNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_NOT_FOUND", id)).toString(), + null, resp); return; } - ILdapPublisher publisherInst = (ILdapPublisher) mProcessor - .getPublisherInstance(id); + ILdapPublisher publisherInst = (ILdapPublisher) + mProcessor.getPublisherInstance(id); Vector configParams = publisherInst.getInstanceParams(); NameValuePairs params = new NameValuePairs(); - params.add(Constants.PR_PUBLISHER_IMPL_NAME, - getPublisherPluginName(publisherInst)); + params.add(Constants.PR_PUBLISHER_IMPL_NAME, + getPublisherPluginName(publisherInst)); // implName is always required so always send it. if (configParams != null) { for (int i = 0; i < configParams.size(); i++) { String kv = (String) configParams.elementAt(i); int index = kv.indexOf('='); - params.add(kv.substring(0, index), kv.substring(index + 1)); + params.add(kv.substring(0, index), + kv.substring(index + 1)); } } @@ -2818,30 +2744,33 @@ public class PublisherAdminServlet extends AdminServlet { } /** - * Modify publisher instance. This will actually create a new instance with - * new configuration parameters and replace the old instance, if the new - * instance created and initialized successfully. The old instance is left - * running. so this is very expensive. Restart of server recommended. + * Modify publisher instance. + * This will actually create a new instance with new configuration + * parameters and replace the old instance, if the new instance + * created and initialized successfully. + * The old instance is left running. so this is very expensive. + * Restart of server recommended. */ - private synchronized void modPublisherInst(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, - IOException, EBaseException { + private synchronized void modPublisherInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { // expensive operation. String id = req.getParameter(Constants.RS_ID); if (id == null) { - // System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + //System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // Does the manager instance exist? if (!mProcessor.getPublisherInsts().containsKey((Object) id)) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_LDAP_SRVLT_ILL_INST_ID", id), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id), + null, resp); return; } @@ -2849,26 +2778,22 @@ public class PublisherAdminServlet extends AdminServlet { String implname = req.getParameter(Constants.PR_PUBLISHER_IMPL_NAME); if (implname == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_LDAP_SRVLT_ADD_MISSING_PARAMS"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ADD_MISSING_PARAMS"), null, resp); return; } - // get plugin for implementation - PublisherPlugin plugin = (PublisherPlugin) mProcessor - .getPublisherPlugins().get(implname); + // get plugin for implementation + PublisherPlugin plugin = + (PublisherPlugin) mProcessor.getPublisherPlugins().get(implname); if (plugin == null) { - sendResponse( - ERROR, - new EPublisherPluginNotFound(CMS.getUserMessage( - getLocale(req), - "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)) - .toString(), null, resp); + sendResponse(ERROR, + new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(), + null, resp); return; } - // save old instance substore params in case new one fails. + // save old instance substore params in case new one fails. ILdapPublisher oldinst = mProcessor.getPublisherInstance(id); Vector oldConfigParms = oldinst.getInstanceParams(); @@ -2882,16 +2807,14 @@ public class PublisherAdminServlet extends AdminServlet { String kv = (String) oldConfigParms.elementAt(i); int index = kv.indexOf('='); if (index > -1) { - if (kv.substring(0, index) - .equalsIgnoreCase("caObjectClass")) { + if (kv.substring(0, index).equalsIgnoreCase("caObjectClass")) { pubType = "cacert"; - } else if (kv.substring(0, index).equalsIgnoreCase( - "crlObjectClass")) { + } else if (kv.substring(0, index).equalsIgnoreCase("crlObjectClass")) { pubType = "crl"; } - saveParams.add(kv.substring(0, index), - kv.substring(index + 1)); + saveParams.add(kv.substring(0, index), + kv.substring(index + 1)); } } } @@ -2900,23 +2823,17 @@ public class PublisherAdminServlet extends AdminServlet { // remove old substore. - IConfigStore destStore = mConfig.getSubStore(mAuth.getId() - + ".publish.publisher"); + IConfigStore destStore = + mConfig.getSubStore(mAuth.getId() + ".publish.publisher"); IConfigStore instancesConfig = destStore.getSubStore("instance"); // get objects added and deleted if (pubType.equals("cacert")) { - saveParams.add("caObjectClassAdded", - instancesConfig.getString(id + ".caObjectClassAdded", "")); - saveParams - .add("caObjectClassDeleted", - instancesConfig.getString(id - + ".caObjectClassDeleted", "")); + saveParams.add("caObjectClassAdded", instancesConfig.getString(id + ".caObjectClassAdded", "")); + saveParams.add("caObjectClassDeleted", instancesConfig.getString(id + ".caObjectClassDeleted", "")); } else if (pubType.equals("crl")) { - saveParams.add("crlObjectClassAdded", - instancesConfig.getString(id + ".crlObjectClassAdded", "")); - saveParams.add("crlObjectClassDeleted", instancesConfig.getString( - id + ".crlObjectClassDeleted", "")); + saveParams.add("crlObjectClassAdded", instancesConfig.getString(id + ".crlObjectClassAdded", "")); + saveParams.add("crlObjectClassDeleted", instancesConfig.getString(id + ".crlObjectClassDeleted", "")); } // create new substore. @@ -2942,9 +2859,9 @@ public class PublisherAdminServlet extends AdminServlet { } // process any changes to the ldap object class definitions - if (pubType.equals("cacert")) { + if (pubType.equals("cacert")) { processChangedOC(saveParams, substore, "caObjectClass"); - substore.put("pubtype", "cacert"); + substore.put("pubtype", "cacert"); } if (pubType.equals("crl")) { @@ -2958,32 +2875,25 @@ public class PublisherAdminServlet extends AdminServlet { ILdapPublisher newMgrInst = null; try { - newMgrInst = (ILdapPublisher) Class.forName(className) - .newInstance(); + newMgrInst = (ILdapPublisher) Class.forName(className).newInstance(); } catch (ClassNotFoundException e) { // cleanup restore(instancesConfig, id, saveParams); - sendResponse( - ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), - "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + sendResponse(ERROR, + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (InstantiationException e) { restore(instancesConfig, id, saveParams); - sendResponse( - ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), - "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + sendResponse(ERROR, + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { restore(instancesConfig, id, saveParams); - sendResponse( - ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), - "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + sendResponse(ERROR, + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } @@ -3002,25 +2912,25 @@ public class PublisherAdminServlet extends AdminServlet { return; } - // initialized ok. commiting + // initialized ok. commiting try { mConfig.commit(true); } catch (EBaseException e) { // clean up. restore(instancesConfig, id, saveParams); - // System.out.println("SRVLT_FAIL_COMMIT"); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); + //System.out.println("SRVLT_FAIL_COMMIT"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } // commited ok. replace instance. - mProcessor.getPublisherInsts().put(id, - new PublisherProxy(true, newMgrInst)); + mProcessor.getPublisherInsts().put(id, new PublisherProxy(true, newMgrInst)); - mProcessor.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_PUB_INST_REP", id)); + mProcessor.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_PUB_INST_REP", id)); NameValuePairs params = new NameValuePairs(); @@ -3028,65 +2938,61 @@ public class PublisherAdminServlet extends AdminServlet { return; } - // convenience function - takes list1, list2. Returns what is in list1 + // convenience function - takes list1, list2. Returns what is in list1 // but not in list2 private String[] getExtras(String[] list1, String[] list2) { - Vector<String> extras = new Vector<String>(); - for (int i = 0; i < list1.length; i++) { - boolean match = false; - for (int j = 0; j < list2.length; j++) { - if ((list1[i].trim()).equalsIgnoreCase(list2[j].trim())) { - match = true; - break; - } - } - if (!match) - extras.add(list1[i].trim()); - } - - return (String[]) extras.toArray(new String[extras.size()]); + Vector <String> extras = new Vector<String>(); + for (int i=0; i< list1.length; i++) { + boolean match=false; + for (int j=0; j < list2.length; j++) { + if ((list1[i].trim()).equalsIgnoreCase(list2[j].trim())) { + match = true; + break; + } + } + if (!match) extras.add(list1[i].trim()); + } + + return (String[])extras.toArray(new String[extras.size()]); } - // convenience function - takes list1, list2. Concatenates the two + // convenience function - takes list1, list2. Concatenates the two // lists removing duplicates private String[] joinLists(String[] list1, String[] list2) { - Vector<String> sum = new Vector<String>(); - for (int i = 0; i < list1.length; i++) { - sum.add(list1[i]); - } - - for (int i = 0; i < list2.length; i++) { - boolean match = false; - for (int j = 0; j < list1.length; j++) { - if ((list2[i].trim()).equalsIgnoreCase(list1[j].trim())) { - match = true; - break; - } - } - if (!match) - sum.add(list2[i].trim()); - } - - return (String[]) sum.toArray(new String[sum.size()]); + Vector <String> sum = new Vector<String>(); + for (int i=0; i< list1.length; i++) { + sum.add(list1[i]); + } + + for (int i=0; i < list2.length; i++) { + boolean match=false; + for (int j=0; j < list1.length; j++) { + if ((list2[i].trim()).equalsIgnoreCase(list1[j].trim())) { + match = true; + break; + } + } + if (!match) sum.add(list2[i].trim()); + } + + return (String[])sum.toArray(new String[sum.size()]); } // convenience funtion. Takes a string array and delimiter // and returns a String with the concatenation private static String join(String[] s, String delimiter) { - if (s.length == 0) - return ""; + if (s.length == 0) return ""; StringBuffer buffer = new StringBuffer(s[0]); if (s.length > 1) { - for (int i = 1; i < s.length; i++) { + for (int i=1; i< s.length; i++) { buffer.append(delimiter).append(s[i].trim()); } } return buffer.toString(); } - private void processChangedOC(NameValuePairs saveParams, - IConfigStore newstore, String objName) { + private void processChangedOC(NameValuePairs saveParams, IConfigStore newstore, String objName) { String newOC = null, oldOC = null; String oldAdded = null, oldDeleted = null; @@ -3099,38 +3005,36 @@ public class PublisherAdminServlet extends AdminServlet { oldAdded = saveParams.getValue(objName + "Added"); oldDeleted = saveParams.getValue(objName + "Deleted"); - if ((oldOC == null) || (newOC == null)) - return; - if (oldOC.equalsIgnoreCase(newOC)) - return; + if ((oldOC == null) || (newOC == null)) return; + if (oldOC.equalsIgnoreCase(newOC)) return; - String[] oldList = oldOC.split(","); - String[] newList = newOC.split(","); - String[] deletedList = getExtras(oldList, newList); - String[] addedList = getExtras(newList, oldList); + String [] oldList = oldOC.split(","); + String [] newList = newOC.split(","); + String [] deletedList = getExtras(oldList, newList); + String [] addedList = getExtras(newList, oldList); // CMS.debug("addedList = " + join(addedList, ",")); // CMS.debug("deletedList = " + join(deletedList, ",")); - if ((addedList.length == 0) && (deletedList.length == 0)) - return; // no changes + if ((addedList.length ==0) && (deletedList.length == 0)) + return; // no changes if (oldAdded != null) { // CMS.debug("oldAdded is " + oldAdded); - String[] oldAddedList = oldAdded.split(","); + String [] oldAddedList = oldAdded.split(","); addedList = joinLists(addedList, oldAddedList); } if (oldDeleted != null) { // CMS.debug("oldDeleted is " + oldDeleted); - String[] oldDeletedList = oldDeleted.split(","); + String [] oldDeletedList = oldDeleted.split(","); deletedList = joinLists(deletedList, oldDeletedList); } String[] addedList1 = getExtras(addedList, deletedList); String[] deletedList1 = getExtras(deletedList, addedList); - // create the final strings and write to config + //create the final strings and write to config String addedListStr = join(addedList1, ","); String deletedListStr = join(deletedList1, ","); @@ -3142,8 +3046,8 @@ public class PublisherAdminServlet extends AdminServlet { } // convenience routine. - private static void restore(IConfigStore store, String id, - NameValuePairs saveParams) { + private static void restore(IConfigStore store, + String id, NameValuePairs saveParams) { store.removeSubStore(id); IConfigStore rstore = store.makeSubStore(id); @@ -3153,7 +3057,7 @@ public class PublisherAdminServlet extends AdminServlet { String key = (String) keys.nextElement(); String value = saveParams.getValue(key); - if (value != null) + if (value != null) rstore.put(key, value); } } @@ -3174,7 +3078,7 @@ public class PublisherAdminServlet extends AdminServlet { public void log(int level, String msg) { if (mLogger == null) return; - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, - "PublishingAdminServlet: " + msg); + mLogger.log(ILogger.EV_SYSTEM, + ILogger.S_LDAP, level, "PublishingAdminServlet: " + msg); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/RAAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/RAAdminServlet.java index 97590e0b..35bbb91a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/RAAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/RAAdminServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; + import java.io.IOException; import java.util.Enumeration; @@ -35,11 +36,13 @@ import com.netscape.certsrv.common.ScopeDef; import com.netscape.certsrv.ra.IRegistrationAuthority; import com.netscape.certsrv.request.IRequestListener; + /** - * A class representings an administration servlet for Registration Authority. - * This servlet is responsible to serve RA administrative operations such as - * configuration parameter updates. - * + * A class representings an administration servlet for Registration + * Authority. This servlet is responsible to serve RA + * administrative operations such as configuration parameter + * updates. + * * @version $Revision$, $Date$ */ public class RAAdminServlet extends AdminServlet { @@ -50,17 +53,15 @@ public class RAAdminServlet extends AdminServlet { protected static final String PROP_ENABLED = "enabled"; - /* - * ========================================================== variables - * ========================================================== - */ + /*========================================================== + * variables + *==========================================================*/ private final static String INFO = "RAAdminServlet"; private IRegistrationAuthority mRA = null; - /* - * ========================================================== constructors - * ========================================================== - */ + /*========================================================== + * constructors + *==========================================================*/ /** * Constructs RA servlet. @@ -69,10 +70,9 @@ public class RAAdminServlet extends AdminServlet { super(); } - /* - * ========================================================== public methods - * ========================================================== - */ + /*========================================================== + * public methods + *==========================================================*/ /** * Initializes this servlet. @@ -90,34 +90,35 @@ public class RAAdminServlet extends AdminServlet { } /** - * Serves HTTP request. Each request is authenticated to the authenticate - * manager. + * Serves HTTP request. Each request is authenticated to + * the authenticate manager. */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { super.service(req, resp); - // get all operational flags + //get all operational flags String op = req.getParameter(Constants.OP_TYPE); String scope = req.getParameter(Constants.OP_SCOPE); - // check operational flags + //check operational flags if ((op == null) || (scope == null)) { sendResponse(1, "Invalid Protocol", null, resp); return; } - // authenticate the user + //authenticate the user super.authenticate(req); - // perform services + //perform services try { AUTHZ_RES_NAME = "certServer.ra.configuration"; if (op.equals(OpDef.OP_READ)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_GENERAL)) { @@ -142,8 +143,9 @@ public class RAAdminServlet extends AdminServlet { } else if (op.equals(OpDef.OP_MODIFY)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_GENERAL)) { @@ -155,7 +157,7 @@ public class RAAdminServlet extends AdminServlet { } else if (scope.equals(ScopeDef.SC_NOTIFICATION_REQ_COMP)) { setNotificationReqCompConfig(req, resp); return; - } else if (scope.equals(ScopeDef.SC_NOTIFICATION_REV_COMP)) { + }else if (scope.equals(ScopeDef.SC_NOTIFICATION_REV_COMP)) { setNotificationRevCompConfig(req, resp); return; } else if (scope.equals(ScopeDef.SC_NOTIFICATION_RIQ)) { @@ -167,23 +169,22 @@ public class RAAdminServlet extends AdminServlet { } } } catch (Exception e) { - // System.out.println("XXX >>>" + e.toString() + "<<<"); + //System.out.println("XXX >>>" + e.toString() + "<<<"); sendResponse(1, "Unknown operation", null, resp); } return; } - /* - * ========================================================== private - * methods========================================================== - */ - + /*========================================================== + * private methods + *==========================================================*/ + /* * handle getting completion (cert issued) notification config info */ private void getNotificationCompConfig(HttpServletRequest req, - HttpServletResponse resp, IConfigStore rc) throws ServletException, + HttpServletResponse resp, IConfigStore rc) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration e = req.getParameterNames(); @@ -202,37 +203,35 @@ public class RAAdminServlet extends AdminServlet { params.add(name, rc.getString(name, "")); } - params.add(Constants.PR_ENABLE, - rc.getString(PROP_ENABLED, Constants.FALSE)); - // System.out.println("Send: "+params.toString()); + params.add(Constants.PR_ENABLE, + rc.getString(PROP_ENABLED, Constants.FALSE)); + //System.out.println("Send: "+params.toString()); sendResponse(SUCCESS, null, params, resp); } private void getNotificationReqCompConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { IConfigStore config = mRA.getConfigStore(); - IConfigStore nc = config - .getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); + IConfigStore nc = + config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); - IConfigStore rc = nc - .getSubStore(IRegistrationAuthority.PROP_CERT_ISSUED_SUBSTORE); + IConfigStore rc = nc.getSubStore(IRegistrationAuthority.PROP_CERT_ISSUED_SUBSTORE); getNotificationCompConfig(req, resp, rc); } private void getNotificationRevCompConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { IConfigStore config = mRA.getConfigStore(); - IConfigStore nc = config - .getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); + IConfigStore nc = + config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); - IConfigStore rc = nc - .getSubStore(IRegistrationAuthority.PROP_CERT_REVOKED_SUBSTORE); + IConfigStore rc = nc.getSubStore(IRegistrationAuthority.PROP_CERT_REVOKED_SUBSTORE); getNotificationCompConfig(req, resp, rc); @@ -242,17 +241,16 @@ public class RAAdminServlet extends AdminServlet { * handle getting request in queue notification config info */ private void getNotificationRIQConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); IConfigStore config = mRA.getConfigStore(); - IConfigStore nc = config - .getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); + IConfigStore nc = + config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); - IConfigStore riq = nc - .getSubStore(IRegistrationAuthority.PROP_REQ_IN_Q_SUBSTORE); + IConfigStore riq = nc.getSubStore(IRegistrationAuthority.PROP_REQ_IN_Q_SUBSTORE); Enumeration e = req.getParameterNames(); @@ -270,9 +268,9 @@ public class RAAdminServlet extends AdminServlet { params.add(name, riq.getString(name, "")); } - params.add(Constants.PR_ENABLE, - riq.getString(PROP_ENABLED, Constants.FALSE)); - // System.out.println("Send: "+params.toString()); + params.add(Constants.PR_ENABLE, + riq.getString(PROP_ENABLED, Constants.FALSE)); + //System.out.println("Send: "+params.toString()); sendResponse(SUCCESS, null, params, resp); } @@ -280,16 +278,15 @@ public class RAAdminServlet extends AdminServlet { * handle setting request in queue notification config info */ private void setNotificationRIQConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { IConfigStore config = mRA.getConfigStore(); - IConfigStore nc = config - .getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); + IConfigStore nc = + config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); - IConfigStore riq = nc - .getSubStore(IRegistrationAuthority.PROP_REQ_IN_Q_SUBSTORE); + IConfigStore riq = nc.getSubStore(IRegistrationAuthority.PROP_REQ_IN_Q_SUBSTORE); - // set rest of the parameters + //set rest of the parameters Enumeration e = req.getParameterNames(); while (e.hasMoreElements()) { @@ -324,10 +321,9 @@ public class RAAdminServlet extends AdminServlet { * handle setting request complete notification config info */ private void setNotificationCompConfig(HttpServletRequest req, - HttpServletResponse resp, IConfigStore rc, - IRequestListener thisListener) throws ServletException, + HttpServletResponse resp, IConfigStore rc, IRequestListener thisListener) throws ServletException, IOException, EBaseException { - // set rest of the parameters + //set rest of the parameters Enumeration e = req.getParameterNames(); while (e.hasMoreElements()) { @@ -359,35 +355,33 @@ public class RAAdminServlet extends AdminServlet { } private void setNotificationReqCompConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { IConfigStore config = mRA.getConfigStore(); - IConfigStore nc = config - .getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); + IConfigStore nc = + config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); - IConfigStore rc = nc - .getSubStore(IRegistrationAuthority.PROP_CERT_ISSUED_SUBSTORE); + IConfigStore rc = nc.getSubStore(IRegistrationAuthority.PROP_CERT_ISSUED_SUBSTORE); setNotificationCompConfig(req, resp, rc, mRA.getCertIssuedListener()); - + } private void setNotificationRevCompConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { IConfigStore config = mRA.getConfigStore(); - IConfigStore nc = config - .getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); + IConfigStore nc = + config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); - IConfigStore rc = nc - .getSubStore(IRegistrationAuthority.PROP_CERT_REVOKED_SUBSTORE); + IConfigStore rc = nc.getSubStore(IRegistrationAuthority.PROP_CERT_REVOKED_SUBSTORE); setNotificationCompConfig(req, resp, rc, mRA.getCertRevokedListener()); } private void getConnectorConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { IConfigStore raConfig = mRA.getConfigStore(); IConfigStore connectorConfig = raConfig.getSubStore("connector"); IConfigStore caConnectorConfig = null; @@ -401,10 +395,15 @@ public class RAAdminServlet extends AdminServlet { } /* - * Enumeration enum = req.getParameterNames(); NameValuePairs params = - * new NameValuePairs(); while (enum.hasMoreElements()) { String key = - * (String)enum.nextElement(); if (key.equals("RS_ID")) { String val = - * req.getParameter(key); if (val.equals("CA Connector")) } } + Enumeration enum = req.getParameterNames(); + NameValuePairs params = new NameValuePairs(); + while (enum.hasMoreElements()) { + String key = (String)enum.nextElement(); + if (key.equals("RS_ID")) { + String val = req.getParameter(key); + if (val.equals("CA Connector")) + } + } */ Enumeration enum1 = req.getParameterNames(); @@ -428,13 +427,13 @@ public class RAAdminServlet extends AdminServlet { } private void setConnectorConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { IConfigStore raConfig = mRA.getConfigStore(); IConfigStore connectorConfig = raConfig.getSubStore("connector"); IConfigStore caConnectorConfig = null; - // String nickname = raConfig.getString("certNickname", ""); + // String nickname = raConfig.getString("certNickname", ""); if (isCAConnector(req)) { caConnectorConfig = connectorConfig.getSubStore("CA"); @@ -456,10 +455,12 @@ public class RAAdminServlet extends AdminServlet { continue; if (name.equals(Constants.OP_SCOPE)) continue; - /* - * if (name.equals("nickName")) { - * caConnectorConfig.putString(name, nickname); continue; } - */ +/* + if (name.equals("nickName")) { + caConnectorConfig.putString(name, nickname); + continue; + } +*/ caConnectorConfig.putString(name, req.getParameter(name)); } } @@ -525,41 +526,50 @@ public class RAAdminServlet extends AdminServlet { return false; } - // reading the RA general information + //reading the RA general information private void readGeneralConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); /* - * ISubsystem eeGateway = - * SubsystemRegistry.getInstance().get("eeGateway"); String value = - * "false"; if (eeGateway != null) { IConfigStore eeConfig = - * eeGateway.getConfigStore(); if (eeConfig != null) value = - * eeConfig.getString("enabled", "true"); } - * params.add(Constants.PR_EE_ENABLED, value); + ISubsystem eeGateway = + SubsystemRegistry.getInstance().get("eeGateway"); + String value = "false"; + if (eeGateway != null) { + IConfigStore eeConfig = eeGateway.getConfigStore(); + if (eeConfig != null) + value = eeConfig.getString("enabled", "true"); + } + params.add(Constants.PR_EE_ENABLED, value); */ - + sendResponse(SUCCESS, null, params, resp); } - // mdify RA General Information + //mdify RA General Information private void modifyGeneralConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { /* - * ISubsystem eeGateway = - * SubsystemRegistry.getInstance().get("eeGateway"); IConfigStore - * eeConfig = null; if (eeGateway != null) eeConfig = - * eeGateway.getConfigStore(); - * - * Enumeration enum = req.getParameterNames(); while - * (enum.hasMoreElements()) { String key = (String)enum.nextElement(); - * if (key.equals(Constants.PR_EE_ENABLED)) { if (eeConfig != null) - * eeConfig.putString("enabled", - * req.getParameter(Constants.PR_EE_ENABLED)); } } + ISubsystem eeGateway = + SubsystemRegistry.getInstance().get("eeGateway"); + IConfigStore eeConfig = null; + if (eeGateway != null) + eeConfig = eeGateway.getConfigStore(); + + Enumeration enum = req.getParameterNames(); + while (enum.hasMoreElements()) { + String key = (String)enum.nextElement(); + if (key.equals(Constants.PR_EE_ENABLED)) { + if (eeConfig != null) + eeConfig.putString("enabled", + req.getParameter(Constants.PR_EE_ENABLED)); + } + } + */ sendResponse(RESTART, null, null, resp); commit(true); diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/RegistryAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/RegistryAdminServlet.java index 39f6b6f9..be9eb456 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/RegistryAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/RegistryAdminServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; + import java.io.IOException; import java.util.Enumeration; @@ -40,7 +41,7 @@ import com.netscape.certsrv.registry.IPluginRegistry; /** * This implements the administration servlet for registry subsystem. - * + * * @version $Revision$, $Date$ */ public class RegistryAdminServlet extends AdminServlet { @@ -52,7 +53,8 @@ public class RegistryAdminServlet extends AdminServlet { public final static String PROP_AUTHORITY = "authority"; private final static String INFO = "RegistryAdminServlet"; - private final static String PW_PASSWORD_CACHE_ADD = "PASSWORD_CACHE_ADD"; + private final static String PW_PASSWORD_CACHE_ADD = + "PASSWORD_CACHE_ADD"; public final static String PROP_PREDICATE = "predicate"; private IAuthority mAuthority = null; @@ -101,8 +103,9 @@ public class RegistryAdminServlet extends AdminServlet { /** * Serves HTTP admin request. */ - public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + public void service(HttpServletRequest req, + HttpServletResponse resp) + throws ServletException, IOException { super.service(req, resp); super.authenticate(req); @@ -110,7 +113,7 @@ public class RegistryAdminServlet extends AdminServlet { AUTHZ_RES_NAME = "certServer.registry.configuration"; String scope = req.getParameter(Constants.OP_SCOPE); String op = req.getParameter(Constants.OP_TYPE); - + if (scope.equals(ScopeDef.SC_SUPPORTED_CONSTRAINTPOLICIES)) { if (op.equals(OpDef.OP_READ)) if (!readAuthorize(req, resp)) @@ -121,23 +124,25 @@ public class RegistryAdminServlet extends AdminServlet { } } - private boolean readAuthorize(HttpServletRequest req, - HttpServletResponse resp) throws IOException { + private boolean readAuthorize(HttpServletRequest req, + HttpServletResponse resp) throws IOException { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return false; } return true; } - private boolean modifyAuthorize(HttpServletRequest req, - HttpServletResponse resp) throws IOException { + private boolean modifyAuthorize(HttpServletRequest req, + HttpServletResponse resp) throws IOException { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return false; } return true; @@ -146,8 +151,9 @@ public class RegistryAdminServlet extends AdminServlet { /** * Process Policy Implementation Management. */ - public void processImplMgmt(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + public void processImplMgmt(HttpServletRequest req, + HttpServletResponse resp) + throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); String scope = req.getParameter(Constants.OP_SCOPE); @@ -169,15 +175,17 @@ public class RegistryAdminServlet extends AdminServlet { return; addImpl(req, resp); } else - sendResponse(ERROR, INVALID_POLICY_IMPL_OP, null, resp); + sendResponse(ERROR, INVALID_POLICY_IMPL_OP, + null, resp); } - public void addImpl(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + public void addImpl(HttpServletRequest req, + HttpServletResponse resp) + throws ServletException, IOException { // Get the policy impl id. String id = req.getParameter(Constants.RS_ID); - String scope = req.getParameter(Constants.OP_SCOPE); + String scope = req.getParameter(Constants.OP_SCOPE); String classPath = req.getParameter(Constants.PR_POLICY_CLASS); String desc = req.getParameter(Constants.PR_POLICY_DESC); @@ -190,16 +198,17 @@ public class RegistryAdminServlet extends AdminServlet { IPluginInfo info = mRegistry.createPluginInfo(id, desc, classPath); try { - mRegistry.addPluginInfo(scope, id, info); + mRegistry.addPluginInfo(scope, id, info); } catch (Exception e) { - CMS.debug(e.toString()); + CMS.debug(e.toString()); } sendResponse(SUCCESS, null, nvp, resp); } - public void deleteImpl(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + public void deleteImpl(HttpServletRequest req, + HttpServletResponse resp) + throws ServletException, IOException { // Get the policy impl id. String id = req.getParameter(Constants.RS_ID); @@ -216,13 +225,13 @@ public class RegistryAdminServlet extends AdminServlet { sendResponse(ERROR, MISSING_POLICY_IMPL_ID, null, resp); return; } - + NameValuePairs nvp = new NameValuePairs(); try { - mRegistry.removePluginInfo(scope, id); + mRegistry.removePluginInfo(scope, id); } catch (Exception e) { - CMS.debug(e.toString()); + CMS.debug(e.toString()); } sendResponse(SUCCESS, null, nvp, resp); @@ -231,8 +240,9 @@ public class RegistryAdminServlet extends AdminServlet { /** * Lists all registered profile impementations */ - public void listImpls(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + public void listImpls(HttpServletRequest req, + HttpServletResponse resp) + throws ServletException, IOException { String scope = req.getParameter(Constants.OP_SCOPE); Enumeration impls = mRegistry.getIds(scope); @@ -242,17 +252,15 @@ public class RegistryAdminServlet extends AdminServlet { String id = (String) impls.nextElement(); IPluginInfo info = mRegistry.getPluginInfo(scope, id); - nvp.add(id, - info.getClassName() + "," - + info.getDescription(getLocale(req)) + "," - + info.getName(getLocale(req))); - } + nvp.add(id, info.getClassName() + "," + + info.getDescription(getLocale(req)) + "," + info.getName(getLocale(req))); + } sendResponse(SUCCESS, null, nvp, resp); } - public void getSupportedConstraintPolicies(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException { + public void getSupportedConstraintPolicies(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException { String id = req.getParameter(Constants.RS_ID); if (id == null) { @@ -264,8 +272,8 @@ public class RegistryAdminServlet extends AdminServlet { try { IPluginInfo info = mRegistry.getPluginInfo("defaultPolicy", id); String className = info.getClassName(); - IPolicyDefault policyDefaultClass = (IPolicyDefault) Class.forName( - className).newInstance(); + IPolicyDefault policyDefaultClass = (IPolicyDefault) + Class.forName(className).newInstance(); if (policyDefaultClass != null) { Enumeration impls = mRegistry.getIds("constraintPolicy"); @@ -274,37 +282,28 @@ public class RegistryAdminServlet extends AdminServlet { String constraintID = (String) impls.nextElement(); IPluginInfo constraintInfo = mRegistry.getPluginInfo( "constraintPolicy", constraintID); - IPolicyConstraint policyConstraintClass = (IPolicyConstraint) Class - .forName(constraintInfo.getClassName()) - .newInstance(); + IPolicyConstraint policyConstraintClass = (IPolicyConstraint) + Class.forName(constraintInfo.getClassName()).newInstance(); - CMS.debug("RegistryAdminServlet: getSUpportedConstraint " - + constraintInfo.getClassName()); + CMS.debug("RegistryAdminServlet: getSUpportedConstraint " + constraintInfo.getClassName()); if (policyConstraintClass.isApplicable(policyDefaultClass)) { - CMS.debug("RegistryAdminServlet: getSUpportedConstraint isApplicable " - + constraintInfo.getClassName()); - nvp.add(constraintID, - constraintInfo.getClassName() - + "," - + constraintInfo - .getDescription(getLocale(req)) - + "," - + constraintInfo - .getName(getLocale(req))); + CMS.debug("RegistryAdminServlet: getSUpportedConstraint isApplicable " + constraintInfo.getClassName()); + nvp.add(constraintID, constraintInfo.getClassName() + "," + + constraintInfo.getDescription(getLocale(req)) + "," + constraintInfo.getName(getLocale(req))); } } } } catch (Exception ex) { - CMS.debug("RegistyAdminServlet: getSupportConstraintPolicies: " - + ex.toString()); + CMS.debug("RegistyAdminServlet: getSupportConstraintPolicies: " + ex.toString()); CMS.debug(ex); } sendResponse(SUCCESS, null, nvp, resp); } public void getProfileImplConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get the policy impl id. String id = req.getParameter(Constants.RS_ID); @@ -321,14 +320,15 @@ public class RegistryAdminServlet extends AdminServlet { sendResponse(ERROR, MISSING_POLICY_IMPL_ID, null, resp); return; } - + NameValuePairs nvp = new NameValuePairs(); String className = info.getClassName(); IConfigTemplate template = null; try { - template = (IConfigTemplate) Class.forName(className).newInstance(); + template = (IConfigTemplate) + Class.forName(className).newInstance(); } catch (Exception e) { } if (template != null) { @@ -336,30 +336,22 @@ public class RegistryAdminServlet extends AdminServlet { if (names != null) { while (names.hasMoreElements()) { - String name = (String) names.nextElement(); - CMS.debug("RegistryAdminServlet: getProfileImpl descriptor " - + name); - IDescriptor desc = template.getConfigDescriptor( - getLocale(req), name); + String name = (String) names.nextElement(); + CMS.debug("RegistryAdminServlet: getProfileImpl descriptor " + name); + IDescriptor desc = template.getConfigDescriptor(getLocale(req), name); if (desc != null) { - try { - String value = getNonNull(desc.getSyntax()) + ";" - + getNonNull(desc.getConstraint()) + ";" - + desc.getDescription(getLocale(req)) + ";" - + getNonNull(desc.getDefaultValue()); - - CMS.debug("RegistryAdminServlet: getProfileImpl " - + value); - nvp.add(name, value); - } catch (Exception e) { - - CMS.debug("RegistryAdminServlet: getProfileImpl skipped descriptor for " - + name); - } + try { + String value = getNonNull(desc.getSyntax()) + ";" + getNonNull(desc.getConstraint()) + ";" + desc.getDescription(getLocale(req)) + ";" + getNonNull(desc.getDefaultValue()); + + CMS.debug("RegistryAdminServlet: getProfileImpl " + value); + nvp.add(name, value); + } catch (Exception e) { + + CMS.debug("RegistryAdminServlet: getProfileImpl skipped descriptor for " + name); + } } else { - CMS.debug("RegistryAdminServlet: getProfileImpl cannot find descriptor for " - + name); + CMS.debug("RegistryAdminServlet: getProfileImpl cannot find descriptor for " + name); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java index 2ef01b24..bd96bbec 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; + import java.io.IOException; import java.security.cert.CertificateException; import java.security.cert.CertificateExpiredException; @@ -57,14 +58,16 @@ import com.netscape.certsrv.usrgrp.IUGSubsystem; import com.netscape.certsrv.usrgrp.IUser; import com.netscape.cmsutil.util.Cert; + /** - * A class representing an administration servlet for User/Group Manager. It - * communicates with client SDK to allow remote administration of User/Group + * A class representing an administration servlet for + * User/Group Manager. It communicates with client + * SDK to allow remote administration of User/Group * manager. - * - * This servlet will be registered to remote administration subsystem by usrgrp - * manager. - * + * + * This servlet will be registered to remote + * administration subsystem by usrgrp manager. + * * @version $Revision$, $Date$ */ public class UsrGrpAdminServlet extends AdminServlet { @@ -80,20 +83,22 @@ public class UsrGrpAdminServlet extends AdminServlet { private final static String RES_OCSP_GROUP = "certServer.ocsp.group"; private final static String RES_TKS_GROUP = "certServer.tks.group"; private final static String SYSTEM_USER = "$System$"; - // private final static String RES_GROUP = "root.common.goldfish"; + // private final static String RES_GROUP = "root.common.goldfish"; private final static String BACK_SLASH = "\\"; - private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE = "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; + private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE = + "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; private IUGSubsystem mMgr = null; private IAuthzSubsystem mAuthz = null; - private static String[] mMultiRoleGroupEnforceList = null; - private final static String MULTI_ROLE_ENABLE = "multiroles.enable"; + private static String [] mMultiRoleGroupEnforceList = null; + private final static String MULTI_ROLE_ENABLE= "multiroles.enable"; private final static String MULTI_ROLE_ENFORCE_GROUP_LIST = "multiroles.false.groupEnforceList"; + /** * Constructs User/Group manager servlet. */ @@ -121,17 +126,17 @@ public class UsrGrpAdminServlet extends AdminServlet { * Serves incoming User/Group management request. */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { super.service(req, resp); String scope = super.getParameter(req, Constants.OP_SCOPE); String op = super.getParameter(req, Constants.OP_TYPE); if (op == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_INVALID_PROTOCOL")); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), null, resp); + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_INVALID_PROTOCOL")); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), + null, resp); return; } @@ -142,57 +147,64 @@ public class UsrGrpAdminServlet extends AdminServlet { } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_AUTHS")); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHS_FAILED"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"), + null, resp); return; } // authorization // temporary test before servlets are exposed with authtoken /* - * SessionContext sc = SessionContext.getContext(); AuthToken authToken - * = (AuthToken) sc.get(SessionContext.AUTH_TOKEN); - * - * AuthzToken authzTok = null; CMS.debug("UserGrpAdminServlet: " + - * CMS.getLogMessage("ADMIN_SRVLT_CHECK_AUTHZ_SUB")); // hardcoded for - * now .. just testing try { authzTok = mAuthz.authorize("DirAclAuthz", - * authToken, RES_GROUP, "read"); } catch (EBaseException e) { - * log(ILogger.LL_FAILURE, - * CMS.getLogMessage("ADMIN_SRVLT_AUTH_CALL_FAIL",e.toString())); } if - * (AuthzToken - * .AUTHZ_STATUS_FAIL.equals(authzTok.get(AuthzToken.TOKEN_AUTHZ_STATUS - * ))) { // audit would have been needed here if this weren't just a - * test... - * - * log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_AUTHS")); - * - * sendResponse(ERROR, MessageFormatter.getLocalizedString( - * getLocale(req), AdminResources.class.getName(), - * AdminResources.SRVLT_FAIL_AUTHS), null, resp); return; } + SessionContext sc = SessionContext.getContext(); + AuthToken authToken = (AuthToken) sc.get(SessionContext.AUTH_TOKEN); + + AuthzToken authzTok = null; + CMS.debug("UserGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_CHECK_AUTHZ_SUB")); + // hardcoded for now .. just testing + try { + authzTok = mAuthz.authorize("DirAclAuthz", authToken, RES_GROUP, "read"); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTH_CALL_FAIL",e.toString())); + } + if (AuthzToken.AUTHZ_STATUS_FAIL.equals(authzTok.get(AuthzToken.TOKEN_AUTHZ_STATUS))) { + // audit would have been needed here if this weren't just a test... + + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_AUTHS")); + + sendResponse(ERROR, + MessageFormatter.getLocalizedString( + getLocale(req), + AdminResources.class.getName(), + AdminResources.SRVLT_FAIL_AUTHS), + null, resp); + return; + } */ + try { ISubsystem subsystem = CMS.getSubsystem("ca"); - if (subsystem != null) + if (subsystem != null) AUTHZ_RES_NAME = RES_CA_GROUP; subsystem = CMS.getSubsystem("ra"); - if (subsystem != null) + if (subsystem != null) AUTHZ_RES_NAME = RES_RA_GROUP; subsystem = CMS.getSubsystem("kra"); - if (subsystem != null) + if (subsystem != null) AUTHZ_RES_NAME = RES_KRA_GROUP; subsystem = CMS.getSubsystem("ocsp"); - if (subsystem != null) + if (subsystem != null) AUTHZ_RES_NAME = RES_OCSP_GROUP; subsystem = CMS.getSubsystem("tks"); - if (subsystem != null) + if (subsystem != null) AUTHZ_RES_NAME = RES_TKS_GROUP; if (scope != null) { if (scope.equals(ScopeDef.SC_USER_TYPE)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } @@ -203,8 +215,9 @@ public class UsrGrpAdminServlet extends AdminServlet { if (op.equals(OpDef.OP_READ)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_GROUPS)) { @@ -220,8 +233,9 @@ public class UsrGrpAdminServlet extends AdminServlet { } else if (op.equals(OpDef.OP_MODIFY)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_GROUPS)) { @@ -237,8 +251,9 @@ public class UsrGrpAdminServlet extends AdminServlet { } else if (op.equals(OpDef.OP_ADD)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_GROUPS)) { @@ -254,8 +269,9 @@ public class UsrGrpAdminServlet extends AdminServlet { } else if (op.equals(OpDef.OP_DELETE)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_GROUPS)) { @@ -268,8 +284,9 @@ public class UsrGrpAdminServlet extends AdminServlet { } else if (op.equals(OpDef.OP_SEARCH)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_GROUPS)) { @@ -279,30 +296,33 @@ public class UsrGrpAdminServlet extends AdminServlet { findUsers(req, resp); return; } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_INVALID_OP_SCOPE")); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_INVALID_OP_SCOPE")); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } } // if } catch (EBaseException e) { log(ILogger.LL_FAILURE, e.toString()); - sendResponse(ERROR, e.toString(getLocale(req)), null, resp); + sendResponse(ERROR, e.toString(getLocale(req)), + null, resp); return; } catch (Exception e) { log(ILogger.LL_FAILURE, e.toString()); - log(ILogger.LL_FAILURE, - CMS.getLogMessage(" ADMIN_SRVLT_FAIL_PERFORM")); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_PERFORM_FAILED"), null, resp); + log(ILogger.LL_FAILURE, CMS.getLogMessage(" ADMIN_SRVLT_FAIL_PERFORM")); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"), + null, resp); return; } } - private void getUserType(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private void getUserType(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { String id = super.getParameter(req, Constants.RS_ID); IUser user = mMgr.getUser(id); @@ -317,42 +337,44 @@ public class UsrGrpAdminServlet extends AdminServlet { } /** - * Retrieves configuration parameters of authentication manager. + * Retrieves configuration parameters of + * authentication manager. */ - private synchronized void getConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + private synchronized void getConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { super.getConfig(mMgr.getConfigStore(), req, resp); } /** - * Sets configuration parameters of User/Group manager. + * Sets configuration parameters of + * User/Group manager. */ - private synchronized void setConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + private synchronized void setConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { super.setConfig(mMgr.getConfigStore(), req, resp); } /** * Lists configuration parameters. */ - private synchronized void listConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + private synchronized void listConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { super.listConfig(mMgr.getConfigStore(), req, resp); } /** - * Searches for users in LDAP directory. List uids only - * + * Searches for users in LDAP directory. List uids only + * * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#user-admin + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#user-admin */ - private synchronized void findUsers(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + private synchronized void findUsers(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -362,8 +384,7 @@ public class UsrGrpAdminServlet extends AdminServlet { e = mMgr.listUsers("*"); } catch (Exception ex) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp); return; } @@ -391,25 +412,27 @@ public class UsrGrpAdminServlet extends AdminServlet { } /** - * List user information. Certificates covered in a separate protocol for - * findUserCerts(). List of group memberships are also provided. - * + * List user information. Certificates covered in a separate + * protocol for findUserCerts(). List of group memberships are + * also provided. + * * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#user-admin + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#user-admin */ - private synchronized void findUser(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + private synchronized void findUser(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { - // get id first + //get id first String id = super.getParameter(req, Constants.RS_ID); if (id == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -422,8 +445,7 @@ public class UsrGrpAdminServlet extends AdminServlet { } catch (Exception e) { e.printStackTrace(); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp); return; } @@ -434,15 +456,15 @@ public class UsrGrpAdminServlet extends AdminServlet { params.add(Constants.PR_USER_STATE, user.getState()); // get list of groups, and get a list of those that this - // uid belongs to + // uid belongs to Enumeration e = null; try { e = mMgr.findGroups("*"); } catch (Exception ex) { ex.printStackTrace(); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_INTERNAL_ERROR"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp); return; } @@ -452,7 +474,7 @@ public class UsrGrpAdminServlet extends AdminServlet { IGroup group = (IGroup) e.nextElement(); if (group.isMember(id) == true) { - if (grpString.length() != 0) { + if (grpString.length()!=0) { grpString.append(","); } grpString.append(group.getGroupID()); @@ -465,33 +487,34 @@ public class UsrGrpAdminServlet extends AdminServlet { return; } - log(ILogger.LL_FAILURE, - CMS.getLogMessage("USRGRP_SRVLT_USER_NOT_EXIST")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_USER_NOT_EXIST")); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp); return; } /** * List user certificate(s) - * + * * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#user-admin + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#user-admin */ - private synchronized void findUserCerts(HttpServletRequest req, - HttpServletResponse resp, Locale clientLocale) - throws ServletException, IOException, EBaseException { + private synchronized void findUserCerts(HttpServletRequest req, + HttpServletResponse resp, Locale clientLocale) + throws ServletException, + IOException, EBaseException { - // get id first + //get id first String id = super.getParameter(req, Constants.RS_ID); if (id == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -503,33 +526,32 @@ public class UsrGrpAdminServlet extends AdminServlet { user = mMgr.getUser(id); } catch (Exception e) { e.printStackTrace(); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp); return; } if (user == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("USRGRP_SRVLT_USER_NOT_EXIST")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_USER_NOT_EXIST")); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp); return; } - X509Certificate[] certs = (X509Certificate[]) user - .getX509Certificates(); + X509Certificate[] certs = + (X509Certificate[]) user.getX509Certificates(); if (certs != null) { for (int i = 0; i < certs.length; i++) { ICertPrettyPrint print = CMS.getCertPrettyPrint(certs[i]); - // add base64 encoding - String base64 = CMS.getEncodedCert(certs[i]); - + // add base64 encoding + String base64 = CMS.getEncodedCert(certs[i]); + // pretty print certs params.add(getCertificateString(certs[i]), - print.toString(clientLocale) + "\n" + base64); + print.toString(clientLocale) + "\n" + base64); } sendResponse(SUCCESS, null, params, resp); return; @@ -548,20 +570,20 @@ public class UsrGrpAdminServlet extends AdminServlet { } // note that it did not represent a certificate fully - return cert.getVersion() + ";" + cert.getSerialNumber().toString() - + ";" + cert.getIssuerDN() + ";" + cert.getSubjectDN(); + return cert.getVersion() + ";" + cert.getSerialNumber().toString() + + ";" + cert.getIssuerDN() + ";" + cert.getSubjectDN(); } /** * Searchess for groups in LDAP server - * + * * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#group + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#group */ - private synchronized void findGroups(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + private synchronized void findGroups(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration e = null; @@ -570,9 +592,7 @@ public class UsrGrpAdminServlet extends AdminServlet { e = mMgr.listGroups("*"); } catch (Exception ex) { ex.printStackTrace(); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp); return; } @@ -591,23 +611,25 @@ public class UsrGrpAdminServlet extends AdminServlet { } /** - * finds a group Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#user-admin + * finds a group + * Request/Response Syntax: + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#user-admin */ - private synchronized void findGroup(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + private synchronized void findGroup(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); - // get id first + //get id first String id = super.getParameter(req, Constants.RS_ID); if (id == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -617,9 +639,7 @@ public class UsrGrpAdminServlet extends AdminServlet { e = mMgr.findGroups(id); } catch (Exception ex) { ex.printStackTrace(); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp); return; } @@ -627,14 +647,15 @@ public class UsrGrpAdminServlet extends AdminServlet { IGroup group = (IGroup) e.nextElement(); params.add(Constants.PR_GROUP_GROUP, group.getGroupID()); - params.add(Constants.PR_GROUP_DESC, group.getDescription()); + params.add(Constants.PR_GROUP_DESC, + group.getDescription()); Enumeration members = group.getMemberNames(); StringBuffer membersString = new StringBuffer(); if (members != null) { while (members.hasMoreElements()) { - if (membersString.length() != 0) { + if (membersString.length()!=0) { membersString.append(", "); } @@ -649,11 +670,10 @@ public class UsrGrpAdminServlet extends AdminServlet { sendResponse(SUCCESS, null, params, resp); return; } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST")); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_USRGRP_SRVLT_GROUP_NOT_EXIST"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_GROUP_NOT_EXIST"), null, resp); return; } @@ -662,26 +682,25 @@ public class UsrGrpAdminServlet extends AdminServlet { /** * Adds a new user to LDAP server * <P> - * + * * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#user-admin + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#user-admin * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring * role information (anything under users/groups) * </ul> - * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void addUser(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + private synchronized void addUser(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -692,52 +711,58 @@ public class UsrGrpAdminServlet extends AdminServlet { String id = super.getParameter(req, Constants.RS_ID); if (id == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } if (id.indexOf(BACK_SLASH) != -1) { // backslashes (BS) are not allowed - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_RS_ID_BS")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_RS_ID_BS")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_RS_ID_BS"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_RS_ID_BS"), + null, resp); return; } if (id.equals(SYSTEM_USER)) { // backslashes (BS) are not allowed - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_SPECIAL_ID", id)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_SPECIAL_ID", id)); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_SPECIAL_ID", id), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_SPECIAL_ID", id), + null, resp); return; } @@ -745,21 +770,22 @@ public class UsrGrpAdminServlet extends AdminServlet { String fname = super.getParameter(req, Constants.PR_USER_FULLNAME); if ((fname == null) || (fname.length() == 0)) { - String msg = CMS.getUserMessage(getLocale(req), - "CMS_USRGRP_USER_ADD_FAILED_1", "full name"); + String msg = CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED_1", "full name"); log(ILogger.LL_FAILURE, msg); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); sendResponse(ERROR, msg, null, resp); return; - } else + } else user.setFullName(fname); String email = super.getParameter(req, Constants.PR_USER_EMAIL); @@ -777,14 +803,16 @@ public class UsrGrpAdminServlet extends AdminServlet { if (!passwdCheck.isGoodPassword(pword)) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); throw new EUsrGrpException(passwdCheck.getReason(pword)); - // UsrGrpResources.BAD_PASSWD); + //UsrGrpResources.BAD_PASSWD); } user.setPassword(pword); @@ -828,17 +856,18 @@ public class UsrGrpAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_USRGRP_USER_ADD_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp); return; } - + if (e.hasMoreElements()) { IGroup group = (IGroup) e.nextElement(); @@ -850,34 +879,36 @@ public class UsrGrpAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, CMS.getUserMessage( - getLocale(req), - "CMS_USRGRP_USER_ADD_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp); return; } } // for audit log SessionContext sContext = SessionContext.getContext(); - String adminId = (String) sContext - .get(SessionContext.USER_ID); - + String adminId = (String) sContext.get(SessionContext.USER_ID); + mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP, - AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT, - new Object[] { adminId, id, groupName }); + AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT, + new Object[] {adminId, id, groupName} + ); } NameValuePairs params = new NameValuePairs(); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, - ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); @@ -888,54 +919,61 @@ public class UsrGrpAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); if (user.getUserID() == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_USRGRP_USER_ADD_FAILED_1", "uid"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED_1", "uid"), null, resp); } else { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_USRGRP_USER_ADD_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp); } return; } catch (LDAPException e) { String errMsg = "addUser()" + e.toString(); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ADD_USER_FAIL", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_ADD_USER_FAIL", e.toString())); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_USRGRP_USER_ADD_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp); return; } catch (Exception e) { log(ILogger.LL_FAILURE, e.toString()); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_USRGRP_USER_ADD_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp); return; } } catch (EBaseException eAudit1) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -943,51 +981,53 @@ public class UsrGrpAdminServlet extends AdminServlet { throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } /** * Adds a certificate to a user * <P> - * + * * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#user-admin + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#user-admin * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring * role information (anything under users/groups) * </ul> - * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void addUserCert(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + private synchronized void addUserCert(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -998,18 +1038,20 @@ public class UsrGrpAdminServlet extends AdminServlet { String id = super.getParameter(req, Constants.RS_ID); if (id == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -1023,8 +1065,10 @@ public class UsrGrpAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, - ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); @@ -1038,8 +1082,7 @@ public class UsrGrpAdminServlet extends AdminServlet { // Base64 decode cert try { - byte bCert[] = (byte[]) (com.netscape.osutil.OSUtil - .AtoB(certsString)); + byte bCert[] = (byte[]) (com.netscape.osutil.OSUtil.AtoB(certsString)); X509Certificate cert = new X509CertImpl(bCert); certs = new X509Certificate[1]; @@ -1049,14 +1092,12 @@ public class UsrGrpAdminServlet extends AdminServlet { boolean assending = true; // could it be a pkcs7 blob? - CMS.debug("UsrGrpAdminServlet: " - + CMS.getLogMessage("ADMIN_SRVLT_IS_PK_BLOB")); - byte p7Cert[] = (byte[]) (com.netscape.osutil.OSUtil - .AtoB(certsString)); + CMS.debug("UsrGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_IS_PK_BLOB")); + byte p7Cert[] = (byte[]) (com.netscape.osutil.OSUtil.AtoB(certsString)); try { CryptoManager manager = CryptoManager.getInstance(); - + PKCS7 pkcs7 = new PKCS7(p7Cert); X509Certificate p7certs[] = pkcs7.getCertificates(); @@ -1064,14 +1105,15 @@ public class UsrGrpAdminServlet extends AdminServlet { if (p7certs.length == 0) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp); return; } // fix for 370099 - cert ordering can not be assumed @@ -1080,44 +1122,37 @@ public class UsrGrpAdminServlet extends AdminServlet { // self-signed and alone? take it. otherwise test // the ordering - if (p7certs[0].getSubjectDN().toString() - .equals(p7certs[0].getIssuerDN().toString()) - && (p7certs.length == 1)) { + if (p7certs[0].getSubjectDN().toString().equals( + p7certs[0].getIssuerDN().toString()) && + (p7certs.length == 1)) { certs[0] = p7certs[0]; - CMS.debug("UsrGrpAdminServlet: " - + CMS.getLogMessage("ADMIN_SRVLT_SINGLE_CERT_IMPORT")); - } else if (p7certs[0].getIssuerDN().toString() - .equals(p7certs[1].getSubjectDN().toString())) { + CMS.debug("UsrGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_SINGLE_CERT_IMPORT")); + } else if (p7certs[0].getIssuerDN().toString().equals(p7certs[1].getSubjectDN().toString())) { certs[0] = p7certs[0]; - CMS.debug("UsrGrpAdminServlet: " - + CMS.getLogMessage("ADMIN_SRVLT_CERT_CHAIN_ACEND_ORD")); - } else if (p7certs[1].getIssuerDN().toString() - .equals(p7certs[0].getSubjectDN().toString())) { + CMS.debug("UsrGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_CERT_CHAIN_ACEND_ORD")); + } else if (p7certs[1].getIssuerDN().toString().equals(p7certs[0].getSubjectDN().toString())) { assending = false; - CMS.debug("UsrGrpAdminServlet: " - + CMS.getLogMessage("ADMIN_SRVLT_CERT_CHAIN_DESC_ORD")); + CMS.debug("UsrGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_CERT_CHAIN_DESC_ORD")); certs[0] = p7certs[p7certs.length - 1]; } else { // not a chain, or in random order - CMS.debug("UsrGrpAdminServlet: " - + CMS.getLogMessage("ADMIN_SRVLT_CERT_BAD_CHAIN")); + CMS.debug("UsrGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_CERT_BAD_CHAIN")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp); return; } - CMS.debug("UsrGrpAdminServlet: " - + CMS.getLogMessage("ADMIN_SRVLT_CHAIN_STORED_DB", - String.valueOf(p7certs.length))); + CMS.debug("UsrGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_CHAIN_STORED_DB", String.valueOf(p7certs.length))); int j = 0; int jBegin = 0; @@ -1132,82 +1167,72 @@ public class UsrGrpAdminServlet extends AdminServlet { } // store the chain into cert db, except for the user cert for (j = jBegin; j < jEnd; j++) { - CMS.debug("UsrGrpAdminServlet: " - + CMS.getLogMessage( - "ADMIN_SRVLT_CERT_IN_CHAIN", String - .valueOf(j), String - .valueOf(p7certs[j] - .getSubjectDN()))); - org.mozilla.jss.crypto.X509Certificate leafCert = null; - - leafCert = manager.importCACertPackage(p7certs[j] - .getEncoded()); + CMS.debug("UsrGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_CERT_IN_CHAIN", String.valueOf(j), String.valueOf(p7certs[j].getSubjectDN()))); + org.mozilla.jss.crypto.X509Certificate leafCert = + null; + + leafCert = + manager.importCACertPackage(p7certs[j].getEncoded()); if (leafCert == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_LEAF_CERT_NULL")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_LEAF_CERT_NULL")); } else { - CMS.debug("UsrGrpAdminServlet: " - + CMS.getLogMessage("ADMIN_SRVLT_LEAF_CERT_NON_NULL")); + CMS.debug("UsrGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_LEAF_CERT_NON_NULL")); } if (leafCert instanceof InternalCertificate) { - ((InternalCertificate) leafCert) - .setSSLTrust(InternalCertificate.VALID_CA - | InternalCertificate.TRUSTED_CA - | InternalCertificate.TRUSTED_CLIENT_CA); + ((InternalCertificate) leafCert).setSSLTrust( + InternalCertificate.VALID_CA | + InternalCertificate.TRUSTED_CA | + InternalCertificate.TRUSTED_CLIENT_CA); } else { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "ADMIN_SRVLT_NOT_INTERNAL_CERT", + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NOT_INTERNAL_CERT", String.valueOf(p7certs[j].getSubjectDN()))); } } /* - * } catch (CryptoManager.UserCertConflictException ex) { // - * got a "user cert" in the chain, most likely the CA // - * cert of this instance, which has a private key. Ignore - * log(ILogger.LL_FAILURE, - * CMS.getLogMessage("ADMIN_SRVLT_PKS7_IGNORED", - * ex.toString())); - */ + } catch (CryptoManager.UserCertConflictException ex) { + // got a "user cert" in the chain, most likely the CA + // cert of this instance, which has a private key. Ignore + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_PKS7_IGNORED", ex.toString())); + */ } catch (Exception ex) { - // ----- - log(ILogger.LL_FAILURE, - CMS.getLogMessage("USRGRP_SRVLT_CERT_ERROR", - ex.toString())); + //----- + log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_CERT_ERROR", ex.toString())); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp); return; } } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("USRGRP_SRVLT_CERT_O_ERROR", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_CERT_O_ERROR", e.toString())); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_USRGRP_SRVLT_CERT_O_ERROR"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_O_ERROR"), null, resp); return; } try { - CMS.debug("UsrGrpAdminServlet: " - + CMS.getLogMessage("ADMIN_SRVLT_BEFORE_VALIDITY")); + CMS.debug("UsrGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_BEFORE_VALIDITY")); certs[0].checkValidity(); // throw exception if fails user.setX509Certificates(certs); @@ -1216,8 +1241,10 @@ public class UsrGrpAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, - ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); @@ -1225,50 +1252,55 @@ public class UsrGrpAdminServlet extends AdminServlet { return; } catch (CertificateExpiredException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "ADMIN_SRVLT_ADD_CERT_EXPIRED", + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_ADD_CERT_EXPIRED", String.valueOf(certs[0].getSubjectDN()))); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_USRGRP_SRVLT_CERT_EXPIRED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_EXPIRED"), null, resp); return; } catch (CertificateNotYetValidException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "USRGRP_SRVLT_CERT_NOT_YET_VALID", + log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_CERT_NOT_YET_VALID", String.valueOf(certs[0].getSubjectDN()))); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_USRGRP_SRVLT_CERT_NOT_YET_VALID"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_NOT_YET_VALID"), null, resp); return; } catch (LDAPException e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - if (e.getLDAPResultCode() == LDAPException.ATTRIBUTE_OR_VALUE_EXISTS) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_USRGRP_SRVLT_USER_CERT_EXISTS"), null, resp); + if (e.getLDAPResultCode() == + LDAPException.ATTRIBUTE_OR_VALUE_EXISTS) { + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_CERT_EXISTS"), null, resp); } else { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_USRGRP_USER_MOD_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp); } return; } catch (Exception e) { @@ -1276,78 +1308,82 @@ public class UsrGrpAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_USRGRP_USER_MOD_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp); return; } // } catch( EBaseException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit1; + // // rethrow the specific exception to be handled later + // throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } /** * Removes a certificate for a user * <P> - * + * * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#user-admin + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#user-admin * <P> - * + * * In this method, "certDN" is actually a combination of version, - * serialNumber, issuerDN, and SubjectDN. + * serialNumber, issuerDN, and SubjectDN. * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring * role information (anything under users/groups) * </ul> - * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void modifyUserCert(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + private synchronized void modifyUserCert(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1358,18 +1394,20 @@ public class UsrGrpAdminServlet extends AdminServlet { String id = super.getParameter(req, Constants.RS_ID); if (id == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -1382,8 +1420,10 @@ public class UsrGrpAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, - ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); @@ -1398,8 +1438,10 @@ public class UsrGrpAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, - ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); @@ -1410,76 +1452,81 @@ public class UsrGrpAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_USRGRP_USER_MOD_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp); return; } // } catch( EBaseException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit1; + // // rethrow the specific exception to be handled later + // throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } /** - * removes a user. user not removed if belongs to any group (Administrators - * should remove the user from "uniquemember" of any group he/she belongs to - * before trying to remove the user itself. + * removes a user. user not removed if belongs to any group + * (Administrators should remove the user from "uniquemember" of + * any group he/she belongs to before trying to remove the user + * itself. * <P> - * + * * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#user-admin + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#user-admin * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring * role information (anything under users/groups) * </ul> - * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void removeUser(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + private synchronized void removeUser(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1487,7 +1534,7 @@ public class UsrGrpAdminServlet extends AdminServlet { // ensure that any low-level exceptions are reported // to the signed audit log and stored as failures try { - // get id first + //get id first String id = super.getParameter(req, Constants.RS_ID); boolean mustDelete = false; int index = 0; @@ -1498,18 +1545,20 @@ public class UsrGrpAdminServlet extends AdminServlet { } if (id == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // get list of groups, and see if uid belongs to any @@ -1522,13 +1571,14 @@ public class UsrGrpAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_INTERNAL_ERROR"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp); return; } @@ -1541,14 +1591,16 @@ public class UsrGrpAdminServlet extends AdminServlet { } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_USRGRP_SRVLT_FAIL_USER_RMV_G"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_FAIL_USER_RMV_G"), + null, resp); return; } } @@ -1561,8 +1613,10 @@ public class UsrGrpAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, - ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); @@ -1571,19 +1625,24 @@ public class UsrGrpAdminServlet extends AdminServlet { } catch (Exception ex) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_USRGRP_SRVLT_FAIL_USER_RMV"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_FAIL_USER_RMV"), null, resp); return; } } catch (EBaseException eAudit1) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -1591,51 +1650,53 @@ public class UsrGrpAdminServlet extends AdminServlet { throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } /** * Adds a new group in local scope. * <P> - * + * * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#group + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#group * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring * role information (anything under users/groups) * </ul> - * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void addGroup(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + private synchronized void addGroup(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1643,28 +1704,32 @@ public class UsrGrpAdminServlet extends AdminServlet { // ensure that any low-level exceptions are reported // to the signed audit log and stored as failures try { - // get id first + //get id first String id = super.getParameter(req, Constants.RS_ID); if (id == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } IGroup group = mMgr.createGroup(id); - String members = super.getParameter(req, Constants.PR_GROUP_USER); - String desc = super.getParameter(req, Constants.PR_GROUP_DESC); + String members = super.getParameter(req, + Constants.PR_GROUP_USER); + String desc = super.getParameter(req, + Constants.PR_GROUP_DESC); if (desc != null) { group.set("description", (Object) desc); @@ -1687,8 +1752,10 @@ public class UsrGrpAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, - ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); @@ -1697,19 +1764,25 @@ public class UsrGrpAdminServlet extends AdminServlet { } catch (Exception e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_USRGRP_GROUP_ADD_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_GROUP_ADD_FAILED"), + null, resp); return; } } catch (EBaseException eAudit1) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -1717,51 +1790,53 @@ public class UsrGrpAdminServlet extends AdminServlet { throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } /** * removes a group * <P> - * + * * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#group + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#group * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring * role information (anything under users/groups) * </ul> - * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void removeGroup(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + private synchronized void removeGroup(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1769,22 +1844,24 @@ public class UsrGrpAdminServlet extends AdminServlet { // ensure that any low-level exceptions are reported // to the signed audit log and stored as failures try { - // get id first + //get id first String id = super.getParameter(req, Constants.RS_ID); if (id == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -1793,16 +1870,22 @@ public class UsrGrpAdminServlet extends AdminServlet { NameValuePairs params = new NameValuePairs(); // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, ILogger.SUCCESS, auditParams(req)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); sendResponse(SUCCESS, null, params, resp); } catch (EBaseException eAudit1) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -1810,54 +1893,56 @@ public class UsrGrpAdminServlet extends AdminServlet { throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } /** * modifies a group * <P> - * - * last person of the super power group "Certificate Server Administrators" - * can never be removed. + * + * last person of the super power group "Certificate + * Server Administrators" can never be removed. * <P> - * - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#group + * + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#group * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring * role information (anything under users/groups) * </ul> - * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void modifyGroup(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + private synchronized void modifyGroup(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1865,28 +1950,31 @@ public class UsrGrpAdminServlet extends AdminServlet { // ensure that any low-level exceptions are reported // to the signed audit log and stored as failures try { - // get id first + //get id first String id = super.getParameter(req, Constants.RS_ID); if (id == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } IGroup group = mMgr.createGroup(id); - String desc = super.getParameter(req, Constants.PR_GROUP_DESC); + String desc = super.getParameter(req, + Constants.PR_GROUP_DESC); if (desc != null) { group.set("description", (Object) desc); @@ -1909,20 +1997,20 @@ public class UsrGrpAdminServlet extends AdminServlet { if (multiRole) { group.addMemberName(memberName); } else { - if (isGroupInMultiRoleEnforceList(groupName)) { + if( isGroupInMultiRoleEnforceList(groupName)) { if (!isDuplicate(groupName, memberName)) { group.addMemberName(memberName); } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_DUPLICATE_ROLES", memberName)); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_DUPLICATE_ROLES", memberName)); } } else { group.addMemberName(memberName); @@ -1939,8 +2027,10 @@ public class UsrGrpAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, - ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); @@ -1950,19 +2040,25 @@ public class UsrGrpAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_USRGRP_GROUP_MODIFY_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_GROUP_MODIFY_FAILED"), + null, resp); return; } } catch (EBaseException eAudit1) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -1970,58 +2066,61 @@ public class UsrGrpAdminServlet extends AdminServlet { throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } - private boolean isGroupInMultiRoleEnforceList(String groupName) { + private boolean isGroupInMultiRoleEnforceList(String groupName) + { String groupList = null; if (groupName == null || groupName.equals("")) { return true; } if (mMultiRoleGroupEnforceList == null) { - try { - groupList = mConfig.getString(MULTI_ROLE_ENFORCE_GROUP_LIST); - } catch (Exception e) { - } - - if (groupList != null && !groupList.equals("")) { - mMultiRoleGroupEnforceList = groupList.split(","); - for (int j = 0; j < mMultiRoleGroupEnforceList.length; j++) { - mMultiRoleGroupEnforceList[j] = mMultiRoleGroupEnforceList[j] - .trim(); - } - } - } - - if (mMultiRoleGroupEnforceList == null) - return true; - - for (int i = 0; i < mMultiRoleGroupEnforceList.length; i++) { - if (groupName.equals(mMultiRoleGroupEnforceList[i])) { - return true; - } - } - return false; + try { + groupList = mConfig.getString(MULTI_ROLE_ENFORCE_GROUP_LIST); + } catch (Exception e) { + } + + if (groupList != null && !groupList.equals("")) { + mMultiRoleGroupEnforceList = groupList.split(","); + for (int j = 0 ; j < mMultiRoleGroupEnforceList.length; j++) { + mMultiRoleGroupEnforceList[j] = mMultiRoleGroupEnforceList[j].trim(); + } + } + } + + if (mMultiRoleGroupEnforceList == null) + return true; + + for (int i = 0; i < mMultiRoleGroupEnforceList.length; i++) { + if (groupName.equals(mMultiRoleGroupEnforceList[i])) { + return true; + } + } + return false; } private boolean isDuplicate(String groupName, String memberName) { @@ -2030,7 +2129,7 @@ public class UsrGrpAdminServlet extends AdminServlet { // Let's not mess with users that are already a member of this group boolean isMember = false; try { - isMember = mMgr.isMemberOf(memberName, groupName); + isMember = mMgr.isMemberOf(memberName,groupName); } catch (Exception e) { } @@ -2064,26 +2163,25 @@ public class UsrGrpAdminServlet extends AdminServlet { /** * Modifies an existing user in local scope. * <P> - * + * * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#user-admin + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#user-admin * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring * role information (anything under users/groups) * </ul> - * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void modifyUser(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + private synchronized void modifyUser(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -2091,22 +2189,24 @@ public class UsrGrpAdminServlet extends AdminServlet { // ensure that any low-level exceptions are reported // to the signed audit log and stored as failures try { - // get id first + //get id first String id = super.getParameter(req, Constants.RS_ID); if (id == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -2114,15 +2214,17 @@ public class UsrGrpAdminServlet extends AdminServlet { String fname = super.getParameter(req, Constants.PR_USER_FULLNAME); if ((fname == null) || (fname.length() == 0)) { - String msg = CMS.getUserMessage(getLocale(req), - "CMS_USRGRP_USER_MOD_FAILED", "full name"); + String msg = + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED", "full name"); log(ILogger.LL_FAILURE, msg); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -2144,14 +2246,16 @@ public class UsrGrpAdminServlet extends AdminServlet { if (!passwdCheck.isGoodPassword(pword)) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); throw new EUsrGrpException(passwdCheck.getReason(pword)); - // UsrGrpResources.BAD_PASSWD); + //UsrGrpResources.BAD_PASSWD); } user.setPassword(pword); @@ -2173,8 +2277,10 @@ public class UsrGrpAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, - ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); @@ -2185,19 +2291,24 @@ public class UsrGrpAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_USRGRP_USER_MOD_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp); return; } } catch (EBaseException eAudit1) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -2205,32 +2316,35 @@ public class UsrGrpAdminServlet extends AdminServlet { throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } private void log(int level, String msg) { if (mLogger == null) return; - mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_USRGRP, level, - "UsrGrpAdminServlet: " + msg); + mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_USRGRP, + level, "UsrGrpAdminServlet: " + msg); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java index 55b1449a..f5f06bec 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java @@ -99,9 +99,10 @@ import com.netscape.cms.servlet.common.ICMSTemplateFiller; import com.netscape.cms.servlet.common.Utils; import com.netscape.cmsutil.xml.XMLObject; + /** * This is the base class of all CS servlet. - * + * * @version $Revision$, $Date$ */ public abstract class CMSServlet extends HttpServlet { @@ -126,49 +127,76 @@ public abstract class CMSServlet extends HttpServlet { public final static String AUTHZ_CONFIG_STORE = "authz"; public final static String AUTHZ_SRC_XML = "web.xml"; public final static String PROP_AUTHZ_MGR = "AuthzMgr"; - public final static String PROP_ACL = "ACLinfo"; + public final static String PROP_ACL = "ACLinfo"; public final static String AUTHZ_MGR_BASIC = "BasicAclAuthz"; public final static String AUTHZ_MGR_LDAP = "DirAclAuthz"; private final static String FAILED = "1"; private final static String HDR_LANG = "accept-language"; - - // final error message - if error and exception templates don't work + + // final error message - if error and exception templates don't work // send out this text string directly to output. public final static String PROP_FINAL_ERROR_MSG = "finalErrorMsg"; public final static String ERROR_MSG_TOKEN = "$ERROR_MSG"; - public final static String FINAL_ERROR_MSG = "<HTML>\n" - + "<BODY BGCOLOR=white>\n" + "<P>\n" - + "The Certificate System has encountered " - + "an unrecoverable error.\n" + "<P>\n" + "Error Message:<BR>\n" - + "<I>$ERROR_MSG</I>\n" + "<P>\n" - + "Please contact your local administrator for assistance.\n" - + "</BODY>\n" + "</HTML>\n"; + public final static String FINAL_ERROR_MSG = + "<HTML>\n" + + "<BODY BGCOLOR=white>\n" + + "<P>\n" + + "The Certificate System has encountered " + + "an unrecoverable error.\n" + + "<P>\n" + + "Error Message:<BR>\n" + + "<I>$ERROR_MSG</I>\n" + + "<P>\n" + + "Please contact your local administrator for assistance.\n" + + "</BODY>\n" + + "</HTML>\n"; // properties from configuration. - protected final static String PROP_UNAUTHORIZED_TEMPLATE = "unauthorizedTemplate"; - protected final static String UNAUTHORIZED_TEMPLATE = "/GenUnauthorized.template"; - protected final static String PROP_SUCCESS_TEMPLATE = "successTemplate"; - protected final static String SUCCESS_TEMPLATE = "/GenSuccess.template"; - protected final static String PROP_PENDING_TEMPLATE = "pendingTemplate"; - protected final static String PENDING_TEMPLATE = "/GenPending.template"; - protected final static String PROP_SVC_PENDING_TEMPLATE = "svcpendingTemplate"; - protected final static String SVC_PENDING_TEMPLATE = "/GenSvcPending.template"; - protected final static String PROP_REJECTED_TEMPLATE = "rejectedTemplate"; - protected final static String REJECTED_TEMPLATE = "/GenRejected.template"; - protected final static String PROP_ERROR_TEMPLATE = "errorTemplate"; - protected final static String ERROR_TEMPLATE = "/GenError.template"; - protected final static String PROP_EXCEPTION_TEMPLATE = "unexpectedErrorTemplate"; - protected final static String EXCEPTION_TEMPLATE = "/GenUnexpectedError.template"; - - private final static String PROP_UNAUTHOR_TEMPLATE_FILLER = "unauthorizedTemplateFiller"; - protected final static String PROP_SUCCESS_TEMPLATE_FILLER = "successTemplateFiller"; - private final static String PROP_ERROR_TEMPLATE_FILLER = "errorTemplateFiller"; - private final static String PROP_PENDING_TEMPLATE_FILLER = "pendingTemplateFiller"; - private final static String PROP_SVC_PENDING_TEMPLATE_FILLER = "svcpendingTemplateFiller"; - private final static String PROP_REJECTED_TEMPLATE_FILLER = "rejectedTemplateFiller"; - private final static String PROP_EXCEPTION_TEMPLATE_FILLER = "exceptionTemplateFiller"; + protected final static String + PROP_UNAUTHORIZED_TEMPLATE = "unauthorizedTemplate"; + protected final static String + UNAUTHORIZED_TEMPLATE = "/GenUnauthorized.template"; + protected final static String + PROP_SUCCESS_TEMPLATE = "successTemplate"; + protected final static String + SUCCESS_TEMPLATE = "/GenSuccess.template"; + protected final static String + PROP_PENDING_TEMPLATE = "pendingTemplate"; + protected final static String + PENDING_TEMPLATE = "/GenPending.template"; + protected final static String + PROP_SVC_PENDING_TEMPLATE = "svcpendingTemplate"; + protected final static String + SVC_PENDING_TEMPLATE = "/GenSvcPending.template"; + protected final static String + PROP_REJECTED_TEMPLATE = "rejectedTemplate"; + protected final static String + REJECTED_TEMPLATE = "/GenRejected.template"; + protected final static String + PROP_ERROR_TEMPLATE = "errorTemplate"; + protected final static String + ERROR_TEMPLATE = "/GenError.template"; + protected final static String + PROP_EXCEPTION_TEMPLATE = "unexpectedErrorTemplate"; + protected final static String + EXCEPTION_TEMPLATE = "/GenUnexpectedError.template"; + + private final static String + PROP_UNAUTHOR_TEMPLATE_FILLER = "unauthorizedTemplateFiller"; + protected final static String + PROP_SUCCESS_TEMPLATE_FILLER = "successTemplateFiller"; + private final static String + PROP_ERROR_TEMPLATE_FILLER = "errorTemplateFiller"; + private final static String + PROP_PENDING_TEMPLATE_FILLER = "pendingTemplateFiller"; + private final static String + PROP_SVC_PENDING_TEMPLATE_FILLER = "svcpendingTemplateFiller"; + private final static String + PROP_REJECTED_TEMPLATE_FILLER = "rejectedTemplateFiller"; + private final static String + PROP_EXCEPTION_TEMPLATE_FILLER = "exceptionTemplateFiller"; protected final static String RA_AGENT_GROUP = "Registration Manager Agents"; protected final static String CA_AGENT_GROUP = "Certificate Manager Agents"; @@ -178,19 +206,25 @@ public abstract class CMSServlet extends HttpServlet { protected final static String ADMIN_GROUP = "Administrators"; // default http params NOT to save in request.(config values added to list ) - private static final String PROP_DONT_SAVE_HTTP_PARAMS = "dontSaveHttpParams"; - private static final String[] DONT_SAVE_HTTP_PARAMS = { "pwd", "password", - "passwd", "challengePassword", "confirmChallengePassword" }; + private static final String + PROP_DONT_SAVE_HTTP_PARAMS = "dontSaveHttpParams"; + private static final String[] + DONT_SAVE_HTTP_PARAMS = { "pwd", "password", "passwd", + "challengePassword", "confirmChallengePassword" }; // default http headers to save in request. (config values added to list) - private static final String PROP_SAVE_HTTP_HEADERS = "saveHttpHeaders"; - private static final String[] SAVE_HTTP_HEADERS = { "accept-language", - "user-agent", }; + private static final String + PROP_SAVE_HTTP_HEADERS = "saveHttpHeaders"; + private static final String[] + SAVE_HTTP_HEADERS = { "accept-language", "user-agent", }; // request prefixes to distinguish from other request attributes. - public static final String PFX_HTTP_HEADER = "HTTP_HEADER"; - public static final String PFX_HTTP_PARAM = "HTTP_PARAM"; - public static final String PFX_AUTH_TOKEN = "AUTH_TOKEN"; + public static final String + PFX_HTTP_HEADER = "HTTP_HEADER"; + public static final String + PFX_HTTP_PARAM = "HTTP_PARAM"; + public static final String + PFX_AUTH_TOKEN = "AUTH_TOKEN"; /* input http params */ protected final static String AUTHMGR_PARAM = "authenticator"; @@ -198,9 +232,10 @@ public abstract class CMSServlet extends HttpServlet { /* fixed credential passed to auth managers */ protected final static String CERT_AUTH_CRED = "sslClientCert"; - public static final String CERT_ATTR = "javax.servlet.request.X509Certificate"; + public static final String CERT_ATTR = + "javax.servlet.request.X509Certificate"; - // members. + // members. protected boolean mRenderResult = true; protected String mFinalErrorMsg = FINAL_ERROR_MSG; @@ -208,7 +243,7 @@ public abstract class CMSServlet extends HttpServlet { protected ServletConfig mServletConfig = null; protected ServletContext mServletContext = null; - private CMSFileLoader mFileLoader = null; + private CMSFileLoader mFileLoader = null; protected Vector mDontSaveHttpParams = new Vector(); protected Vector mSaveHttpHeaders = new Vector(); @@ -216,14 +251,14 @@ public abstract class CMSServlet extends HttpServlet { protected String mId = null; protected IConfigStore mConfig = null; - // the authority, RA, CA, KRA this servlet is serving. + // the authority, RA, CA, KRA this servlet is serving. protected IAuthority mAuthority = null; protected IRequestQueue mRequestQueue = null; // system logger. protected ILogger mLogger = CMS.getLogger(); protected int mLogCategory = ILogger.S_OTHER; - private MessageDigest mSHADigest = null; + private MessageDigest mSHADigest = null; protected String mGetClientCert = "false"; protected String mAuthMgr = null; @@ -234,14 +269,19 @@ public abstract class CMSServlet extends HttpServlet { protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); protected String mOutputTemplatePath = null; - private IUGSubsystem mUG = (IUGSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_UG); - - private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL = "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4"; - private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS = "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3"; - private final static String LOGGING_SIGNED_AUDIT_AUTHZ_FAIL = "LOGGING_SIGNED_AUDIT_AUTHZ_FAIL_4"; - private final static String LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS = "LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS_4"; - private final static String LOGGING_SIGNED_AUDIT_ROLE_ASSUME = "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3"; + private IUGSubsystem mUG = (IUGSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_UG); + + private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL = + "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4"; + private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS = + "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3"; + private final static String LOGGING_SIGNED_AUDIT_AUTHZ_FAIL = + "LOGGING_SIGNED_AUDIT_AUTHZ_FAIL_4"; + private final static String LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS = + "LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS_4"; + private final static String LOGGING_SIGNED_AUDIT_ROLE_ASSUME = + "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3"; public CMSServlet() { } @@ -283,36 +323,38 @@ public abstract class CMSServlet extends HttpServlet { String authority = sc.getInitParameter(PROP_AUTHORITY); if (authority != null) - mAuthority = (IAuthority) CMS.getSubsystem(authority); + mAuthority = (IAuthority) + CMS.getSubsystem(authority); if (mAuthority != null) mRequestQueue = mAuthority.getRequestQueue(); - // set default templates. + // set default templates. setDefaultTemplates(sc); // for logging to the right authority category. if (mAuthority == null) { mLogCategory = ILogger.S_OTHER; } else { - if (mAuthority instanceof ICertificateAuthority) + if (mAuthority instanceof ICertificateAuthority) mLogCategory = ILogger.S_CA; - else if (mAuthority instanceof IRegistrationAuthority) + else if (mAuthority instanceof IRegistrationAuthority) mLogCategory = ILogger.S_RA; - else if (mAuthority instanceof IKeyRecoveryAuthority) + else if (mAuthority instanceof IKeyRecoveryAuthority) mLogCategory = ILogger.S_KRA; - else + else mLogCategory = ILogger.S_OTHER; } try { - // get final error message. + // get final error message. // used when templates can't even be loaded. - String eMsg = sc.getInitParameter(PROP_FINAL_ERROR_MSG); + String eMsg = + sc.getInitParameter(PROP_FINAL_ERROR_MSG); if (eMsg != null) mFinalErrorMsg = eMsg; - // get any configured templates. + // get any configured templates. Enumeration templs = mTemplates.elements(); while (templs.hasMoreElements()) { @@ -321,11 +363,13 @@ public abstract class CMSServlet extends HttpServlet { if (templ == null || templ.mPropName == null) { continue; } - String tName = sc.getInitParameter(templ.mPropName); + String tName = + sc.getInitParameter(templ.mPropName); if (tName != null) templ.mTemplateName = tName; - String fillerName = sc.getInitParameter(templ.mFillerPropName); + String fillerName = + sc.getInitParameter(templ.mFillerPropName); if (fillerName != null) { ICMSTemplateFiller filler = newFillerObject(fillerName); @@ -335,32 +379,32 @@ public abstract class CMSServlet extends HttpServlet { } } - // get http params NOT to store in a IRequest and - // get http headers TO store in a IRequest. + // get http params NOT to store in a IRequest and + // get http headers TO store in a IRequest. getDontSaveHttpParams(sc); getSaveHttpHeaders(sc); } catch (Exception e) { - // should never occur since we provide defaults above. - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_CONF_TEMP_PARAMS", - e.toString())); + // should never occur since we provide defaults above. + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_CONF_TEMP_PARAMS", + e.toString())); throw new ServletException(e.toString()); } try { mSHADigest = MessageDigest.getInstance("SHA1"); } catch (NoSuchAlgorithmException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_CONF_TEMP_PARAMS", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_CONF_TEMP_PARAMS", + e.toString())); throw new ServletException(e.toString()); } } - + public String getId() { return mId; } - + public String getAuthMgr() { return mAuthMgr; } @@ -372,51 +416,56 @@ public abstract class CMSServlet extends HttpServlet { return false; } - public void outputHttpParameters(HttpServletRequest httpReq) { - CMS.debug("CMSServlet:service() uri = " + httpReq.getRequestURI()); + public void outputHttpParameters(HttpServletRequest httpReq) + { + CMS.debug("CMSServlet:service() uri = " + httpReq.getRequestURI()); Enumeration paramNames = httpReq.getParameterNames(); while (paramNames.hasMoreElements()) { - String pn = (String) paramNames.nextElement(); + String pn = (String)paramNames.nextElement(); // added this facility so that password can be hidden, - // all sensitive parameters should be prefixed with + // all sensitive parameters should be prefixed with // __ (double underscores); however, in the event that // a security parameter slips through, we perform multiple // additional checks to insure that it is NOT displayed - if (pn.startsWith("__") || pn.endsWith("password") - || pn.endsWith("passwd") || pn.endsWith("pwd") - || pn.equalsIgnoreCase("admin_password_again") - || pn.equalsIgnoreCase("directoryManagerPwd") - || pn.equalsIgnoreCase("bindpassword") - || pn.equalsIgnoreCase("bindpwd") - || pn.equalsIgnoreCase("passwd") - || pn.equalsIgnoreCase("password") - || pn.equalsIgnoreCase("pin") || pn.equalsIgnoreCase("pwd") - || pn.equalsIgnoreCase("pwdagain") - || pn.startsWith("p12Password") - || pn.equalsIgnoreCase("uPasswd")) { - CMS.debug("CMSServlet::service() param name='" + pn - + "' value='(sensitive)'"); + if( pn.startsWith("__") || + pn.endsWith("password") || + pn.endsWith("passwd") || + pn.endsWith("pwd") || + pn.equalsIgnoreCase("admin_password_again") || + pn.equalsIgnoreCase("directoryManagerPwd") || + pn.equalsIgnoreCase("bindpassword") || + pn.equalsIgnoreCase("bindpwd") || + pn.equalsIgnoreCase("passwd") || + pn.equalsIgnoreCase("password") || + pn.equalsIgnoreCase("pin") || + pn.equalsIgnoreCase("pwd") || + pn.equalsIgnoreCase("pwdagain") || + pn.startsWith("p12Password") || + pn.equalsIgnoreCase("uPasswd") ) { + CMS.debug("CMSServlet::service() param name='" + pn + + "' value='(sensitive)'" ); } else { - CMS.debug("CMSServlet::service() param name='" + pn - + "' value='" + httpReq.getParameter(pn) + "'"); + CMS.debug("CMSServlet::service() param name='" + pn + + "' value='" + httpReq.getParameter(pn) + "'" ); } } } - public void service(HttpServletRequest httpReq, HttpServletResponse httpResp) - throws ServletException, IOException { + public void service(HttpServletRequest httpReq, + HttpServletResponse httpResp) + throws ServletException, IOException { boolean running_state = CMS.isInRunningState(); if (!running_state) - throw new IOException("CS server is not ready to serve."); + throw new IOException( + "CS server is not ready to serve."); try { if (CMS.getConfigStore().getBoolean("useThreadNaming", false)) { String currentName = Thread.currentThread().getName(); - Thread.currentThread().setName( - currentName + "-" + httpReq.getServletPath()); + Thread.currentThread().setName(currentName + "-" + httpReq.getServletPath()); } } catch (Exception e) { } @@ -424,17 +473,16 @@ public abstract class CMSServlet extends HttpServlet { httpReq.setCharacterEncoding("UTF-8"); if (CMS.debugOn()) { - outputHttpParameters(httpReq); + outputHttpParameters(httpReq); } CMS.debug("CMSServlet: " + mId + " start to service."); String className = this.getClass().getName(); - // get a cms request + // get a cms request CMSRequest cmsRequest = newCMSRequest(); - // set argblock - cmsRequest.setHttpParams(CMS.createArgBlock("http-request-params", - toHashtable(httpReq))); + // set argblock + cmsRequest.setHttpParams(CMS.createArgBlock("http-request-params",toHashtable(httpReq))); // set http request cmsRequest.setHttpReq(httpReq); @@ -463,36 +511,30 @@ public abstract class CMSServlet extends HttpServlet { ICommandQueue iCommandQueue = CMS.getCommandQueue(); try { - if (iCommandQueue.registerProcess((Object) cmsRequest, - (Object) this) == false) { + if (iCommandQueue.registerProcess((Object) cmsRequest, (Object) this) == false) { cmsRequest.setStatus(CMSRequest.ERROR); renderResult(cmsRequest); SessionContext.releaseContext(); return; - } + } long startTime = CMS.getCurrentDate().getTime(); process(cmsRequest); renderResult(cmsRequest); Date endDate = CMS.getCurrentDate(); long endTime = endDate.getTime(); if (CMS.debugOn()) { - CMS.debug(CMS.DEBUG_INFORM, "CMSServlet: curDate=" + endDate - + " id=" + mId + " time=" + (endTime - startTime)); + CMS.debug(CMS.DEBUG_INFORM, "CMSServlet: curDate=" + endDate + " id=" + mId + " time=" + (endTime - startTime)); } - iCommandQueue - .unRegisterProccess((Object) cmsRequest, (Object) this); + iCommandQueue.unRegisterProccess((Object) cmsRequest, (Object) this); } catch (EBaseException e) { - iCommandQueue - .unRegisterProccess((Object) cmsRequest, (Object) this); - // ByteArrayOutputStream os = new ByteArrayOutputStream(); for - // debugging only + iCommandQueue.unRegisterProccess((Object) cmsRequest, (Object) this); + // ByteArrayOutputStream os = new ByteArrayOutputStream(); for debugging only // PrintStream ps = new PrintStream(os); - // e.printStackTrace(ps); + //e.printStackTrace(ps); log(e.toString()); renderException(cmsRequest, e); } catch (Exception ex) { - iCommandQueue - .unRegisterProccess((Object) cmsRequest, (Object) this); + iCommandQueue.unRegisterProccess((Object) cmsRequest, (Object) this); ByteArrayOutputStream os = new ByteArrayOutputStream(); PrintStream ps = new PrintStream(os); @@ -509,36 +551,39 @@ public abstract class CMSServlet extends HttpServlet { /** * Create a new CMSRequest object. This should be overriden by servlets - * implementing different types of request - * - * @return a new CMSRequest object + * implementing different types of request + * @return a new CMSRequest object */ protected CMSRequest newCMSRequest() { return new CMSRequest(); } /** - * process an HTTP request. Servlets must override this with their own - * implementation - * - * @throws EBaseException if the servlet was unable to satisfactorily - * process the request + * process an HTTP request. Servlets must override this with their + * own implementation + * @throws EBaseException if the servlet was unable to satisfactorily + * process the request */ - protected void process(CMSRequest cmsRequest) throws EBaseException { + protected void process(CMSRequest cmsRequest) + throws EBaseException + { } + /** - * Output a template. If an error occurs while outputing the template the - * exception template is used to display the error. + * Output a template. + * If an error occurs while outputing the template the exception template + * is used to display the error. * * @param cmsReq the CS request */ - protected void renderResult(CMSRequest cmsReq) throws IOException { + protected void renderResult(CMSRequest cmsReq) + throws IOException { if (!mRenderResult) return; Integer status = cmsReq.getStatus(); - + CMSLoadTemplate ltempl = (CMSLoadTemplate) mTemplates.get(status); if (ltempl == null || ltempl.mTemplateName == null) { @@ -549,12 +594,13 @@ public abstract class CMSServlet extends HttpServlet { renderTemplate(cmsReq, ltempl.mTemplateName, filler); } - + private static final String PRESERVED = "preserved"; public static final String TEMPLATE_NAME = "templateName"; - + protected void outputArgBlockAsXML(XMLObject xmlObj, Node parent, - String argBlockName, IArgBlock argBlock) { + String argBlockName, IArgBlock argBlock) + { Node argBlockContainer = xmlObj.createContainer(parent, argBlockName); if (argBlock != null) { @@ -568,15 +614,15 @@ public abstract class CMSServlet extends HttpServlet { } } - protected void outputXML(HttpServletResponse httpResp, - CMSTemplateParams params) { + protected void outputXML(HttpServletResponse httpResp, CMSTemplateParams params) + { XMLObject xmlObj = null; try { xmlObj = new XMLObject(); Node root = xmlObj.createRoot("xml"); outputArgBlockAsXML(xmlObj, root, "header", params.getHeader()); - outputArgBlockAsXML(xmlObj, root, "fixed", params.getFixed()); + outputArgBlockAsXML(xmlObj, root, "fixed", params.getFixed()); Enumeration records = params.queryRecords(); Node recordsNode = xmlObj.createContainer(root, "records"); @@ -598,19 +644,20 @@ public abstract class CMSServlet extends HttpServlet { } } - protected void renderTemplate(CMSRequest cmsReq, String templateName, - ICMSTemplateFiller filler) throws IOException { + protected void renderTemplate( + CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) + throws IOException { try { IArgBlock httpParams = cmsReq.getHttpParams(); Locale[] locale = new Locale[1]; - CMSTemplate template = getTemplate(templateName, - cmsReq.getHttpReq(), locale); + CMSTemplate template = + getTemplate(templateName, cmsReq.getHttpReq(), locale); CMSTemplateParams templateParams = null; if (filler != null) { - templateParams = filler.getTemplateParams(cmsReq, mAuthority, - locale[0], null); + templateParams = filler.getTemplateParams( + cmsReq, mAuthority, locale[0], null); } // just output arg blocks as XML @@ -623,7 +670,8 @@ public abstract class CMSServlet extends HttpServlet { } if (httpParams != null) { - String httpTemplateName = httpParams.getValueAsString( + String httpTemplateName = + httpParams.getValueAsString( TEMPLATE_NAME, null); if (httpTemplateName != null) { @@ -631,13 +679,14 @@ public abstract class CMSServlet extends HttpServlet { } } - if (templateParams == null) + if (templateParams == null) templateParams = new CMSTemplateParams(null, null); - // #359630 - // inject preserved http parameter into the template + // #359630 + // inject preserved http parameter into the template if (httpParams != null) { - String preserved = httpParams.getValueAsString(PRESERVED, null); + String preserved = httpParams.getValueAsString( + PRESERVED, null); if (preserved != null) { IArgBlock fixed = templateParams.getFixed(); @@ -655,56 +704,52 @@ public abstract class CMSServlet extends HttpServlet { cmsReq.getHttpResp().setContentLength(bos.size()); bos.writeTo(cmsReq.getHttpResp().getOutputStream()); } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_TEMPLATE", templateName, - e.toString())); - renderException( - cmsReq, - new ECMSGWException(CMS - .getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_TEMPLATE", templateName, e.toString())); + renderException(cmsReq, + new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"))); return; } } /** - * Output exception (unexpected error) template This is different from other - * templates in that if an exception occurs while rendering the exception a - * message is printed out directly. If the message gets an error an - * IOException is thrown. In others if an exception occurs while rendering - * the template the exception template (this) is called. + * Output exception (unexpected error) template + * This is different from other templates in that if an exception occurs + * while rendering the exception a message is printed out directly. + * If the message gets an error an IOException is thrown. + * In others if an exception occurs while rendering the template the + * exception template (this) is called. * <p> - * * @param cmsReq the CS request to pass to template filler if any. * @param e the unexpected exception */ - protected void renderException(CMSRequest cmsReq, EBaseException e) - throws IOException { + protected void renderException(CMSRequest cmsReq, EBaseException e) + throws IOException { try { Locale[] locale = new Locale[1]; - CMSLoadTemplate loadTempl = (CMSLoadTemplate) mTemplates - .get(CMSRequest.EXCEPTION); - CMSTemplate template = getTemplate(loadTempl.mTemplateName, + CMSLoadTemplate loadTempl = + (CMSLoadTemplate) mTemplates.get(CMSRequest.EXCEPTION); + CMSTemplate template = getTemplate(loadTempl.mTemplateName, cmsReq.getHttpReq(), locale); ICMSTemplateFiller filler = loadTempl.mFiller; CMSTemplateParams templateParams = null; // When an exception occurs the exit is non-local which probably // will leave the requestStatus value set to something other - // than CMSRequest.EXCEPTION, so force the requestStatus to - // EXCEPTION since it must be that if we're here. + // than CMSRequest.EXCEPTION, so force the requestStatus to + // EXCEPTION since it must be that if we're here. cmsReq.setStatus(CMSRequest.EXCEPTION); if (filler != null) { - templateParams = filler.getTemplateParams(cmsReq, mAuthority, - locale[0], e); + templateParams = filler.getTemplateParams( + cmsReq, mAuthority, locale[0], e); } if (templateParams == null) { - templateParams = new CMSTemplateParams(null, - CMS.createArgBlock()); + templateParams = new CMSTemplateParams(null, CMS.createArgBlock()); } if (e != null) { - templateParams.getFixed().set(ICMSTemplateFiller.EXCEPTION, - e.toString(locale[0])); + templateParams.getFixed().set( + ICMSTemplateFiller.EXCEPTION, e.toString(locale[0])); } // just output arg blocks as XML @@ -727,24 +772,25 @@ public abstract class CMSServlet extends HttpServlet { } } - public void renderFinalError(CMSRequest cmsReq, Exception ex) - throws IOException { - // this template is the last resort for all other unexpected - // errors in other templates so we can only output text. + public void renderFinalError(CMSRequest cmsReq, Exception ex) + throws IOException { + // this template is the last resort for all other unexpected + // errors in other templates so we can only output text. HttpServletResponse httpResp = cmsReq.getHttpResp(); httpResp.setContentType("text/html"); ServletOutputStream out = httpResp.getOutputStream(); - - // replace $ERRORMSG with exception message if included. + + // replace $ERRORMSG with exception message if included. String finalErrMsg = mFinalErrorMsg; int tokenIdx = mFinalErrorMsg.indexOf(ERROR_MSG_TOKEN); if (tokenIdx != -1) { - finalErrMsg = mFinalErrorMsg.substring(0, tokenIdx) - + ex.toString() - + mFinalErrorMsg.substring(tokenIdx - + ERROR_MSG_TOKEN.length()); + finalErrMsg = + mFinalErrorMsg.substring(0, tokenIdx) + + ex.toString() + + mFinalErrorMsg.substring( + tokenIdx + ERROR_MSG_TOKEN.length()); } out.println(finalErrMsg); return; @@ -757,23 +803,31 @@ public abstract class CMSServlet extends HttpServlet { SSLSocket s = null; /* - * try { s = (SSLSocket) ((HTTPRequest) - * httpReq).getConnection().getSocket(); } catch (ClassCastException e) - * { CMS.getLogger().log( ILogger.EV_SYSTEM, ILogger.S_OTHER, - * ILogger.LL_WARN, CMS.getLogMessage("CMSGW_SSL_NO_INVALIDATE")); // - * ignore. return; } try { s.invalidateSession(); s.resetHandshake(); - * }catch (SocketException se) { } + try { + s = (SSLSocket) ((HTTPRequest) httpReq).getConnection().getSocket(); + } catch (ClassCastException e) { + CMS.getLogger().log( + ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_SSL_NO_INVALIDATE")); + // ignore. + return; + } + try { + s.invalidateSession(); + s.resetHandshake(); + }catch (SocketException se) { + } */ return; } /** - * construct a authentication credentials to pass into authentication + * construct a authentication credentials to pass into authentication * manager. */ - public static AuthCredentials getAuthCreds(IAuthManager authMgr, - IArgBlock argBlock, X509Certificate clientCert) - throws EBaseException { + public static AuthCredentials getAuthCreds( + IAuthManager authMgr, IArgBlock argBlock, X509Certificate clientCert) + throws EBaseException { // get credentials from http parameters. String[] reqCreds = authMgr.getRequiredCreds(); AuthCredentials creds = new AuthCredentials(); @@ -783,7 +837,8 @@ public abstract class CMSServlet extends HttpServlet { if (reqCred.equals(IAuthManager.CRED_SSL_CLIENT_CERT)) { // cert could be null; - creds.set(reqCred, new X509Certificate[] { clientCert }); + creds.set(reqCred, new X509Certificate[] { clientCert} + ); } else { String value = argBlock.getValueAsString(reqCred); @@ -799,33 +854,32 @@ public abstract class CMSServlet extends HttpServlet { /** * get ssl client authenticated certificate */ - protected X509Certificate getSSLClientCertificate(HttpServletRequest httpReq) - throws EBaseException { + protected X509Certificate + getSSLClientCertificate(HttpServletRequest httpReq) + throws EBaseException { X509Certificate cert = null; - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_INFO, - CMS.getLogMessage("CMSGW_GETTING_SSL_CLIENT_CERT")); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_INFO, + CMS.getLogMessage("CMSGW_GETTING_SSL_CLIENT_CERT")); - // iws60 support Java Servlet Spec V2.2, attribute + // iws60 support Java Servlet Spec V2.2, attribute // javax.servlet.request.X509Certificate now contains array // of X509Certificates instead of one X509Certificate object - X509Certificate[] allCerts = (X509Certificate[]) httpReq - .getAttribute(CERT_ATTR); + X509Certificate[] allCerts = (X509Certificate[]) httpReq.getAttribute(CERT_ATTR); if (allCerts == null || allCerts.length == 0) { - throw new EBaseException( - "You did not provide a valid certificate for this operation"); + throw new EBaseException("You did not provide a valid certificate for this operation"); } cert = allCerts[0]; if (cert == null) { // just don't have a cert. - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL")); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL")); return null; - } + } // convert to sun's x509 cert interface. try { @@ -834,58 +888,53 @@ public abstract class CMSServlet extends HttpServlet { cert = new X509CertImpl(certEncoded); } catch (CertificateEncodingException e) { mLogger.log( - ILogger.EV_SYSTEM, - ILogger.S_OTHER, - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL_ENCODE", - e.getMessage())); + ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL_ENCODE", e.getMessage())); return null; } catch (CertificateException e) { mLogger.log( - ILogger.EV_SYSTEM, - ILogger.S_OTHER, - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL_DECODE", - e.getMessage())); + ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL_DECODE", e.getMessage())); return null; } - return cert; + return cert; } /** * get a template based on result status. */ - protected CMSTemplate getTemplate(String templateName, - HttpServletRequest httpReq, Locale[] locale) throws EBaseException, - IOException { + protected CMSTemplate getTemplate( + String templateName, HttpServletRequest httpReq, Locale[] locale) + throws EBaseException, IOException { // this converts to system dependent file seperator char. if (mServletConfig == null) { - CMS.debug("CMSServlet:getTemplate() - mServletConfig is null!"); + CMS.debug( "CMSServlet:getTemplate() - mServletConfig is null!" ); return null; } if (mServletConfig.getServletContext() == null) { } if (templateName == null) { } - String realpath = mServletConfig.getServletContext().getRealPath( - "/" + templateName); + String realpath = + mServletConfig.getServletContext().getRealPath("/" + templateName); if (realpath == null) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_FIND_TEMPLATE", templateName)); - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + mLogger.log( + ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NO_FIND_TEMPLATE", templateName)); + throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } File realpathFile = new File(realpath); - File templateFile = getLangFile(httpReq, realpathFile, locale); + File templateFile = + getLangFile(httpReq, realpathFile, locale); String charSet = httpReq.getCharacterEncoding(); if (charSet == null) { charSet = "UTF8"; } - CMSTemplate template = (CMSTemplate) mFileLoader.getCMSFile( - templateFile, charSet); + CMSTemplate template = + (CMSTemplate) mFileLoader.getCMSFile(templateFile, charSet); return template; } @@ -894,12 +943,13 @@ public abstract class CMSServlet extends HttpServlet { * log according to authority category. */ protected void log(int event, int level, String msg) { - mLogger.log(event, mLogCategory, level, "Servlet " + mId + ": " + msg); + mLogger.log(event, mLogCategory, level, + "Servlet " + mId + ": " + msg); } protected void log(int level, String msg) { - mLogger.log(ILogger.EV_SYSTEM, mLogCategory, level, "Servlet " + mId - + ": " + msg); + mLogger.log(ILogger.EV_SYSTEM, mLogCategory, level, + "Servlet " + mId + ": " + msg); } /** @@ -912,10 +962,11 @@ public abstract class CMSServlet extends HttpServlet { for (int i = 0; i < DONT_SAVE_HTTP_PARAMS.length; i++) { mDontSaveHttpParams.addElement(DONT_SAVE_HTTP_PARAMS[i]); } - dontSaveParams = sc.getInitParameter(PROP_DONT_SAVE_HTTP_PARAMS); + dontSaveParams = sc.getInitParameter( + PROP_DONT_SAVE_HTTP_PARAMS); if (dontSaveParams != null) { - StringTokenizer params = new StringTokenizer(dontSaveParams, - ","); + StringTokenizer params = + new StringTokenizer(dontSaveParams, ","); while (params.hasMoreTokens()) { String param = params.nextToken(); @@ -925,8 +976,8 @@ public abstract class CMSServlet extends HttpServlet { } } catch (Exception e) { // should never happen - log(ILogger.LL_WARN, CMS.getLogMessage("CMSGW_NO_CONFIG_VALUE", - PROP_DONT_SAVE_HTTP_PARAMS, e.toString())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_NO_CONFIG_VALUE", PROP_DONT_SAVE_HTTP_PARAMS, e.toString())); // default just in case. for (int i = 0; i < DONT_SAVE_HTTP_PARAMS.length; i++) { mDontSaveHttpParams.addElement(DONT_SAVE_HTTP_PARAMS[i]); @@ -946,10 +997,12 @@ public abstract class CMSServlet extends HttpServlet { } // now get from config file if there's more. - String saveHeaders = sc.getInitParameter(PROP_SAVE_HTTP_HEADERS); + String saveHeaders = + sc.getInitParameter(PROP_SAVE_HTTP_HEADERS); - if (saveHeaders != null) { - StringTokenizer headers = new StringTokenizer(saveHeaders, ","); + if (saveHeaders != null) { + StringTokenizer headers = + new StringTokenizer(saveHeaders, ","); while (headers.hasMoreTokens()) { String hdr = headers.nextToken(); @@ -959,8 +1012,7 @@ public abstract class CMSServlet extends HttpServlet { } } catch (Exception e) { // should never happen - log(ILogger.LL_WARN, CMS.getLogMessage("CMSGW_NO_CONFIG_VALUE", - PROP_SAVE_HTTP_HEADERS, e.toString())); + log(ILogger.LL_WARN, CMS.getLogMessage("CMSGW_NO_CONFIG_VALUE", PROP_SAVE_HTTP_HEADERS, e.toString())); return; } } @@ -968,8 +1020,9 @@ public abstract class CMSServlet extends HttpServlet { /** * save http headers in a IRequest. */ - protected void saveHttpHeaders(HttpServletRequest httpReq, IRequest req) - throws EBaseException { + protected void saveHttpHeaders( + HttpServletRequest httpReq, IRequest req) + throws EBaseException { Hashtable headers = new Hashtable(); Enumeration hdrs = mSaveHttpHeaders.elements(); @@ -987,7 +1040,8 @@ public abstract class CMSServlet extends HttpServlet { /** * save http headers in a IRequest. */ - protected void saveHttpParams(IArgBlock httpParams, IRequest req) { + protected void saveHttpParams( + IArgBlock httpParams, IRequest req) { Hashtable saveParams = new Hashtable(); Enumeration names = httpParams.elements(); @@ -1021,18 +1075,17 @@ public abstract class CMSServlet extends HttpServlet { * handy routine for getting a cert record given a serial number. */ protected ICertRecord getCertRecord(BigInteger serialNo) { - if (mAuthority == null - || !(mAuthority instanceof ICertificateAuthority)) { - log(ILogger.LL_WARN, CMS.getLogMessage("CMSGW_NON_CERT_AUTH")); + if (mAuthority == null || + !(mAuthority instanceof ICertificateAuthority)) { + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_NON_CERT_AUTH")); return null; } - ICertificateRepository certdb = (ICertificateRepository) ((ICertificateAuthority) mAuthority) - .getCertificateRepository(); + ICertificateRepository certdb = + (ICertificateRepository) ((ICertificateAuthority) mAuthority).getCertificateRepository(); if (certdb == null) { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_CERT_DB_NULL", - mAuthority.toString())); + log(ILogger.LL_WARN, CMS.getLogMessage("CMSGW_CERT_DB_NULL", mAuthority.toString())); return null; } ICertRecord certRecord = null; @@ -1040,17 +1093,16 @@ public abstract class CMSServlet extends HttpServlet { try { certRecord = certdb.readCertificateRecord(serialNo); } catch (EBaseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_CERT_REC", - serialNo.toString(16), e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NO_CERT_REC", serialNo.toString(16), e.toString())); return null; } return certRecord; } /** - * handy routine for validating if a cert is from this CA. mAuthority must - * be a CA. + * handy routine for validating if a cert is from this CA. + * mAuthority must be a CA. */ protected boolean isCertFromCA(X509Certificate cert) { BigInteger serialno = cert.getSerialNumber(); @@ -1062,8 +1114,8 @@ public abstract class CMSServlet extends HttpServlet { } /** - * handy routine for checking if a list of certs is from this CA. mAuthortiy - * must be a CA. + * handy routine for checking if a list of certs is from this CA. + * mAuthortiy must be a CA. */ protected boolean areCertsFromCA(X509Certificate[] certs) { for (int i = certs.length - 1; i >= 0; i--) { @@ -1074,22 +1126,21 @@ public abstract class CMSServlet extends HttpServlet { } /** - * handy routine for getting a certificate from the certificate repository. - * mAuthority must be a CA. + * handy routine for getting a certificate from the certificate + * repository. mAuthority must be a CA. */ protected X509Certificate getX509Certificate(BigInteger serialNo) { - if (mAuthority == null - || !(mAuthority instanceof ICertificateAuthority)) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NOT_CERT_AUTH")); + if (mAuthority == null || + !(mAuthority instanceof ICertificateAuthority)) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NOT_CERT_AUTH")); return null; } - ICertificateRepository certdb = (ICertificateRepository) ((ICertificateAuthority) mAuthority) - .getCertificateRepository(); + ICertificateRepository certdb = + (ICertificateRepository) ((ICertificateAuthority) mAuthority).getCertificateRepository(); if (certdb == null) { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_CERT_DB_NULL", - mAuthority.toString())); + log(ILogger.LL_WARN, CMS.getLogMessage("CMSGW_CERT_DB_NULL", mAuthority.toString())); return null; } X509Certificate cert = null; @@ -1097,31 +1148,29 @@ public abstract class CMSServlet extends HttpServlet { try { cert = certdb.getX509Certificate(serialNo); } catch (EBaseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_CERT_REC", - serialNo.toString(16), e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NO_CERT_REC", serialNo.toString(16), e.toString())); return null; } return cert; } /** - * instantiate a new filler from a class name, - * + * instantiate a new filler from a class name, * @return null if can't be instantiated, new instance otherwise. */ protected ICMSTemplateFiller newFillerObject(String fillerClass) { ICMSTemplateFiller filler = null; try { - filler = (ICMSTemplateFiller) Class.forName(fillerClass) - .newInstance(); + filler = (ICMSTemplateFiller) + Class.forName(fillerClass).newInstance(); } catch (Exception e) { if ((e instanceof RuntimeException)) { throw (RuntimeException) e; } else { - log(ILogger.LL_WARN, CMS.getLogMessage( - "CMSGW_CANT_LOAD_FILLER", fillerClass, e.toString())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_CANT_LOAD_FILLER", fillerClass, e.toString())); return null; } } @@ -1129,17 +1178,18 @@ public abstract class CMSServlet extends HttpServlet { } /** - * set default templates. subclasses can override, and should override at - * least the success template + * set default templates. + * subclasses can override, and should override at least the success + * template */ protected void setDefaultTemplates(ServletConfig sc) { // Subclasses should override these for diff templates and params in - // their constructors. - // Set a template name to null to not use these standard ones. - // When template name is set to null nothing will be displayed. + // their constructors. + // Set a template name to null to not use these standard ones. + // When template name is set to null nothing will be displayed. // Servlet is assumed to have rendered its own output. - // The only exception is the unexpected error template where the - // default one will always be used if template name is null. + // The only exception is the unexpected error template where the + // default one will always be used if template name is null. String successTemplate = null; String errorTemplate = null; String unauthorizedTemplate = null; @@ -1155,94 +1205,110 @@ public abstract class CMSServlet extends HttpServlet { } try { - successTemplate = sc.getInitParameter(PROP_SUCCESS_TEMPLATE); + successTemplate = sc.getInitParameter( + PROP_SUCCESS_TEMPLATE); if (successTemplate == null) { successTemplate = SUCCESS_TEMPLATE; if (gateway != null) - // successTemplate = "/"+gateway+successTemplate; - successTemplate = "/" + gateway + successTemplate; + //successTemplate = "/"+gateway+successTemplate; + successTemplate = "/"+gateway+successTemplate; } - errorTemplate = sc.getInitParameter(PROP_ERROR_TEMPLATE); + errorTemplate = sc.getInitParameter( + PROP_ERROR_TEMPLATE); if (errorTemplate == null) { errorTemplate = ERROR_TEMPLATE; - if (gateway != null) - // errorTemplate = "/"+gateway+errorTemplate; - errorTemplate = "/" + gateway + errorTemplate; + if (gateway != null) + //errorTemplate = "/"+gateway+errorTemplate; + errorTemplate = "/"+gateway+errorTemplate; } - unauthorizedTemplate = sc - .getInitParameter(PROP_UNAUTHORIZED_TEMPLATE); + unauthorizedTemplate = sc.getInitParameter( + PROP_UNAUTHORIZED_TEMPLATE); if (unauthorizedTemplate == null) { unauthorizedTemplate = UNAUTHORIZED_TEMPLATE; if (gateway != null) - // unauthorizedTemplate = "/"+gateway+unauthorizedTemplate; - unauthorizedTemplate = "/" + gateway + unauthorizedTemplate; + //unauthorizedTemplate = "/"+gateway+unauthorizedTemplate; + unauthorizedTemplate = "/"+gateway+unauthorizedTemplate; } - pendingTemplate = sc.getInitParameter(PROP_PENDING_TEMPLATE); + pendingTemplate = sc.getInitParameter( + PROP_PENDING_TEMPLATE); if (pendingTemplate == null) { pendingTemplate = PENDING_TEMPLATE; if (gateway != null) - // pendingTemplate = "/"+gateway+pendingTemplate; - pendingTemplate = "/" + gateway + pendingTemplate; + //pendingTemplate = "/"+gateway+pendingTemplate; + pendingTemplate = "/"+gateway+pendingTemplate; } - svcpendingTemplate = sc.getInitParameter(PROP_SVC_PENDING_TEMPLATE); + svcpendingTemplate = sc.getInitParameter( + PROP_SVC_PENDING_TEMPLATE); if (svcpendingTemplate == null) { svcpendingTemplate = SVC_PENDING_TEMPLATE; if (gateway != null) - // svcpendingTemplate = "/"+gateway+svcpendingTemplate; - svcpendingTemplate = "/" + gateway + svcpendingTemplate; + //svcpendingTemplate = "/"+gateway+svcpendingTemplate; + svcpendingTemplate = "/"+gateway+svcpendingTemplate; } - rejectedTemplate = sc.getInitParameter(PROP_REJECTED_TEMPLATE); + rejectedTemplate = sc.getInitParameter( + PROP_REJECTED_TEMPLATE); if (rejectedTemplate == null) { rejectedTemplate = REJECTED_TEMPLATE; if (gateway != null) - // rejectedTemplate = "/"+gateway+rejectedTemplate; - rejectedTemplate = "/" + gateway + rejectedTemplate; + //rejectedTemplate = "/"+gateway+rejectedTemplate; + rejectedTemplate = "/"+gateway+rejectedTemplate; } - unexpectedErrorTemplate = sc - .getInitParameter(PROP_EXCEPTION_TEMPLATE); + unexpectedErrorTemplate = sc.getInitParameter( + PROP_EXCEPTION_TEMPLATE); if (unexpectedErrorTemplate == null) { unexpectedErrorTemplate = EXCEPTION_TEMPLATE; if (gateway != null) - // unexpectedErrorTemplate = - // "/"+gateway+unexpectedErrorTemplate; - unexpectedErrorTemplate = "/" + gateway - + unexpectedErrorTemplate; + //unexpectedErrorTemplate = "/"+gateway+unexpectedErrorTemplate; + unexpectedErrorTemplate = "/"+gateway+unexpectedErrorTemplate; } } catch (Exception e) { - // this should never happen. - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_IMP_INIT_SERV_ERR", e.toString(), mId)); + // this should never happen. + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(), + mId)); } - mTemplates.put(CMSRequest.UNAUTHORIZED, new CMSLoadTemplate( + mTemplates.put( + CMSRequest.UNAUTHORIZED, + new CMSLoadTemplate( PROP_UNAUTHORIZED_TEMPLATE, PROP_UNAUTHOR_TEMPLATE_FILLER, - unauthorizedTemplate, null)); - mTemplates.put(CMSRequest.SUCCESS, new CMSLoadTemplate( + unauthorizedTemplate, null)); + mTemplates.put( + CMSRequest.SUCCESS, + new CMSLoadTemplate( PROP_SUCCESS_TEMPLATE, PROP_SUCCESS_TEMPLATE_FILLER, - successTemplate, new GenSuccessTemplateFiller())); - mTemplates.put(CMSRequest.PENDING, new CMSLoadTemplate( + successTemplate, new GenSuccessTemplateFiller())); + mTemplates.put( + CMSRequest.PENDING, + new CMSLoadTemplate( PROP_PENDING_TEMPLATE, PROP_PENDING_TEMPLATE_FILLER, pendingTemplate, new GenPendingTemplateFiller())); - mTemplates.put(CMSRequest.SVC_PENDING, new CMSLoadTemplate( + mTemplates.put( + CMSRequest.SVC_PENDING, + new CMSLoadTemplate( PROP_SVC_PENDING_TEMPLATE, PROP_SVC_PENDING_TEMPLATE_FILLER, svcpendingTemplate, new GenSvcPendingTemplateFiller())); - mTemplates.put(CMSRequest.REJECTED, new CMSLoadTemplate( + mTemplates.put( + CMSRequest.REJECTED, + new CMSLoadTemplate( PROP_REJECTED_TEMPLATE, PROP_REJECTED_TEMPLATE_FILLER, rejectedTemplate, new GenRejectedTemplateFiller())); - mTemplates.put(CMSRequest.ERROR, new CMSLoadTemplate( - PROP_ERROR_TEMPLATE, PROP_ERROR_TEMPLATE_FILLER, errorTemplate, - new GenErrorTemplateFiller())); - mTemplates.put(CMSRequest.EXCEPTION, - new CMSLoadTemplate(PROP_EXCEPTION_TEMPLATE, - PROP_EXCEPTION_TEMPLATE_FILLER, - unexpectedErrorTemplate, - new GenUnexpectedErrorTemplateFiller())); + mTemplates.put( + CMSRequest.ERROR, + new CMSLoadTemplate( + PROP_ERROR_TEMPLATE, PROP_ERROR_TEMPLATE_FILLER, + errorTemplate, new GenErrorTemplateFiller())); + mTemplates.put( + CMSRequest.EXCEPTION, + new CMSLoadTemplate( + PROP_EXCEPTION_TEMPLATE, PROP_EXCEPTION_TEMPLATE_FILLER, + unexpectedErrorTemplate, new GenUnexpectedErrorTemplateFiller())); } /** @@ -1251,7 +1317,8 @@ public abstract class CMSServlet extends HttpServlet { public static boolean clientIsNav(HttpServletRequest httpReq) { String useragent = httpReq.getHeader("user-agent"); - if (useragent.startsWith("Mozilla") && useragent.indexOf("MSIE") == -1) + if (useragent.startsWith("Mozilla") && + useragent.indexOf("MSIE") == -1) return true; return false; } @@ -1272,36 +1339,40 @@ public abstract class CMSServlet extends HttpServlet { * set using cartman JS. (no other way to tell) */ private static String CMMF_RESPONSE = "cmmfResponse"; - public static boolean doCMMFResponse(IArgBlock httpParams) { if (httpParams.getValueAsBoolean(CMMF_RESPONSE, false)) return true; - else + else return false; } private static final String IMPORT_CERT = "importCert"; private static final String IMPORT_CHAIN = "importCAChain"; private static final String IMPORT_CERT_MIME_TYPE = "importCertMimeType"; - // default mime type - private static final String NS_X509_USER_CERT = "application/x-x509-user-cert"; - private static final String NS_X509_EMAIL_CERT = "application/x-x509-email-cert"; + // default mime type + private static final String + NS_X509_USER_CERT = "application/x-x509-user-cert"; + private static final String + NS_X509_EMAIL_CERT = "application/x-x509-email-cert"; // CMC mime types - public static final String SIMPLE_ENROLLMENT_REQUEST = "application/pkcs10"; - public static final String SIMPLE_ENROLLMENT_RESPONSE = "application/pkcs7-mime"; - public static final String FULL_ENROLLMENT_REQUEST = "application/pkcs7-mime"; - public static final String FULL_ENROLLMENT_RESPONSE = "application/pkcs7-mime"; + public static final String + SIMPLE_ENROLLMENT_REQUEST = "application/pkcs10"; + public static final String + SIMPLE_ENROLLMENT_RESPONSE = "application/pkcs7-mime"; + public static final String + FULL_ENROLLMENT_REQUEST = "application/pkcs7-mime"; + public static final String + FULL_ENROLLMENT_RESPONSE = "application/pkcs7-mime"; /** * handy routine to check if client want full enrollment response */ public static String FULL_RESPONSE = "fullResponse"; - public static boolean doFullResponse(IArgBlock httpParams) { if (httpParams.getValueAsBoolean(FULL_RESPONSE, false)) return true; - else + else return false; } @@ -1309,22 +1380,24 @@ public abstract class CMSServlet extends HttpServlet { * @return false if import cert directly set to false. * @return true if import cert directly is true and import cert. */ - protected boolean checkImportCertToNav(HttpServletResponse httpResp, - IArgBlock httpParams, X509CertImpl cert) throws EBaseException { + protected boolean checkImportCertToNav( + HttpServletResponse httpResp, IArgBlock httpParams, X509CertImpl cert) + throws EBaseException { if (!httpParams.getValueAsBoolean(IMPORT_CERT, false)) { return false; } - boolean importCAChain = httpParams - .getValueAsBoolean(IMPORT_CHAIN, true); + boolean importCAChain = + httpParams.getValueAsBoolean(IMPORT_CHAIN, true); // XXX Temporary workaround because of problem with passing Mime type - boolean emailCert = httpParams.getValueAsBoolean("emailCert", false); - String importMimeType = (emailCert) ? httpParams.getValueAsString( - IMPORT_CERT_MIME_TYPE, NS_X509_EMAIL_CERT) : httpParams - .getValueAsString(IMPORT_CERT_MIME_TYPE, NS_X509_USER_CERT); - - // String importMimeType = - // httpParams.getValueAsString( - // IMPORT_CERT_MIME_TYPE, NS_X509_USER_CERT); + boolean emailCert = + httpParams.getValueAsBoolean("emailCert", false); + String importMimeType = (emailCert) ? + httpParams.getValueAsString(IMPORT_CERT_MIME_TYPE, NS_X509_EMAIL_CERT) : + httpParams.getValueAsString(IMPORT_CERT_MIME_TYPE, NS_X509_USER_CERT); + + // String importMimeType = + // httpParams.getValueAsString( + // IMPORT_CERT_MIME_TYPE, NS_X509_USER_CERT); importCertToNav(httpResp, cert, importMimeType, importCAChain); return true; } @@ -1332,16 +1405,18 @@ public abstract class CMSServlet extends HttpServlet { /** * handy routine to import cert to old navigator in nav mime type. */ - public void importCertToNav(HttpServletResponse httpResp, - X509CertImpl cert, String contentType, boolean importCAChain) - throws EBaseException { + public void importCertToNav( + HttpServletResponse httpResp, X509CertImpl cert, + String contentType, boolean importCAChain) + throws EBaseException { ServletOutputStream out = null; byte[] encoding = null; - CMS.debug("CMSServlet: importCertToNav " + "contentType=" + contentType - + " " + "importCAChain=" + importCAChain); - try { - out = httpResp.getOutputStream(); + CMS.debug("CMSServlet: importCertToNav " + + "contentType=" + contentType + " " + + "importCAChain=" + importCAChain); + try { + out = httpResp.getOutputStream(); // CA chain. if (importCAChain) { CertificateChain caChain = null; @@ -1351,8 +1426,9 @@ public abstract class CMSServlet extends HttpServlet { caChain = ((ICertAuthority) mAuthority).getCACertChain(); caCerts = caChain.getChain(); - // set user + CA cert chain in pkcs7 - X509CertImpl[] userChain = new X509CertImpl[caCerts.length + 1]; + // set user + CA cert chain in pkcs7 + X509CertImpl[] userChain = + new X509CertImpl[caCerts.length + 1]; userChain[0] = cert; int m = 1, n = 0; @@ -1361,13 +1437,14 @@ public abstract class CMSServlet extends HttpServlet { userChain[m] = (X509CertImpl) caCerts[n]; /* - * System.out.println( - * m+"th Cert "+userChain[m].toString()); + System.out.println( + m+"th Cert "+userChain[m].toString()); */ } p7 = new PKCS7(new AlgorithmId[0], - new ContentInfo(new byte[0]), userChain, - new SignerInfo[0]); + new ContentInfo(new byte[0]), + userChain, + new SignerInfo[0]); ByteArrayOutputStream bos = new ByteArrayOutputStream(); p7.encodeSignedData(bos, false); @@ -1379,20 +1456,16 @@ public abstract class CMSServlet extends HttpServlet { } httpResp.setContentType(contentType); out.write(encoding); - } catch (IOException e) { - mLogger.log( - ILogger.EV_SYSTEM, - ILogger.S_OTHER, - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_RET_CERT_IMPORT_ERR", e.toString())); + } catch (IOException e) { + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_RET_CERT_IMPORT_ERR", e.toString())); throw new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_RETURNING_CERT")); } catch (CertificateEncodingException e) { - mLogger.log( - ILogger.EV_SYSTEM, - ILogger.S_OTHER, - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_ENCODED_IMP_CERT", e.toString())); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NO_ENCODED_IMP_CERT", e.toString())); throw new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT")); } @@ -1410,16 +1483,15 @@ public abstract class CMSServlet extends HttpServlet { String[] x1 = token.getInStringArray(n); if (x1 != null) { for (int i = 0; i < x1.length; i++) { - CMS.debug("Setting " + IRequest.AUTH_TOKEN + "-" + n - + "(" + i + ")=" + x1[i]); - req.setExtData(IRequest.AUTH_TOKEN + "-" + n + "(" + i - + ")", x1[i]); + CMS.debug("Setting " + IRequest.AUTH_TOKEN + "-" + n + + "(" + i + ")=" + x1[i]); + req.setExtData(IRequest.AUTH_TOKEN + "-" + n + "(" + i + ")", + x1[i]); } } else { String x = token.getInString(n); if (x != null) { - CMS.debug("Setting " + IRequest.AUTH_TOKEN + "-" + n - + "=" + x); + CMS.debug("Setting " + IRequest.AUTH_TOKEN + "-" + n + "=" + x); req.setExtData(IRequest.AUTH_TOKEN + "-" + n, x); } } @@ -1439,76 +1511,77 @@ public abstract class CMSServlet extends HttpServlet { * handy routine for getting agent's relative path */ protected String getRelPath(IAuthority authority) { - if (authority instanceof ICertificateAuthority) + if (authority instanceof ICertificateAuthority) return "ca/"; - else if (authority instanceof IRegistrationAuthority) + else if (authority instanceof IRegistrationAuthority) return "ra/"; - else if (authority instanceof IKeyRecoveryAuthority) + else if (authority instanceof IKeyRecoveryAuthority) return "kra/"; - else + else return "/"; } /** - * A system certificate such as the CA signing certificate should not be - * allowed to delete. The main purpose is to avoid revoking the self signed + * A system certificate such as the CA signing certificate + * should not be allowed to delete. + * The main purpose is to avoid revoking the self signed * CA certificate accidentially. */ protected boolean isSystemCertificate(BigInteger serialNo) { if (!(mAuthority instanceof ICertificateAuthority)) { return false; } - X509Certificate caCert = ((ICertificateAuthority) mAuthority) - .getCACert(); + X509Certificate caCert = + ((ICertificateAuthority)mAuthority).getCACert(); if (caCert != null) { - /* only check this if we are self-signed */ - if (caCert.getSubjectDN().equals(caCert.getIssuerDN())) { - if (caCert.getSerialNumber().equals(serialNo)) { - return true; - } + /* only check this if we are self-signed */ + if (caCert.getSubjectDN().equals(caCert.getIssuerDN())) { + if (caCert.getSerialNumber().equals(serialNo)) { + return true; } + } } return false; } /** * make a CRL entry from a serial number and revocation reason. - * * @return a RevokedCertImpl that can be entered in a CRL. */ - protected RevokedCertImpl formCRLEntry(BigInteger serialNo, - RevocationReason reason) throws EBaseException { + protected RevokedCertImpl formCRLEntry( + BigInteger serialNo, RevocationReason reason) + throws EBaseException { CRLReasonExtension reasonExt = new CRLReasonExtension(reason); CRLExtensions crlentryexts = new CRLExtensions(); try { crlentryexts.set(CRLReasonExtension.NAME, reasonExt); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_CRL_REASON", - reason.toString(), e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_CRL_REASON", reason.toString(), e.toString())); throw new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_SETTING_CRLREASON")); } - RevokedCertImpl crlentry = new RevokedCertImpl(serialNo, - CMS.getCurrentDate(), crlentryexts); + RevokedCertImpl crlentry = + new RevokedCertImpl(serialNo, CMS.getCurrentDate(), crlentryexts); return crlentry; } /** * check if a certificate (serial number) is revoked on a CA. - * * @return true if cert is marked revoked in the CA's database. - * @return false if cert is not marked revoked. + * @return false if cert is not marked revoked. */ - protected boolean certIsRevoked(BigInteger serialNum) throws EBaseException { + protected boolean certIsRevoked(BigInteger serialNum) + throws EBaseException { ICertRecord certRecord = getCertRecord(serialNum); if (certRecord == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_BAD_CERT_SER_NUM", - String.valueOf(serialNum))); - throw new ECMSGWException(CMS.getLogMessage("CMSGW_INVALID_CERT")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_BAD_CERT_SER_NUM", String.valueOf(serialNum))); + throw new ECMSGWException( + CMS.getLogMessage("CMSGW_INVALID_CERT")); } if (certRecord.getStatus().equals(ICertRecord.STATUS_REVOKED)) return true; @@ -1517,7 +1590,7 @@ public abstract class CMSServlet extends HttpServlet { public static String generateSalt() { Random rnd = new Random(); - String salt = new Integer(rnd.nextInt()).toString(); + String salt = new Integer( rnd.nextInt() ).toString(); return salt; } @@ -1534,8 +1607,9 @@ public abstract class CMSServlet extends HttpServlet { * @param realpathFile the file to get. * @param locale array of at least one to be filled with locale found. */ - public static File getLangFile(HttpServletRequest req, File realpathFile, - Locale[] locale) throws IOException { + public static File getLangFile( + HttpServletRequest req, File realpathFile, Locale[] locale) + throws IOException { File file = null; String acceptLang = req.getHeader("accept-language"); @@ -1552,7 +1626,7 @@ public abstract class CMSServlet extends HttpServlet { } String name = realpathFile.getName(); - if (name == null) { // filename should never be null. + if (name == null) { // filename should never be null. throw new IOException("file has no name"); } int i; @@ -1580,8 +1654,9 @@ public abstract class CMSServlet extends HttpServlet { break; } - String langfilepath = parent + File.separatorChar + lang - + File.separatorChar + name; + String langfilepath = + parent + File.separatorChar + + lang + File.separatorChar + name; file = new File(langfilepath); if (file.exists()) { @@ -1612,18 +1687,20 @@ public abstract class CMSServlet extends HttpServlet { return new Locale(lang.substring(0, dash), lang.substring(dash + 1)); } - public IAuthToken authenticate(CMSRequest req) throws EBaseException { + public IAuthToken authenticate(CMSRequest req) + throws EBaseException { return authenticate(req, mAuthMgr); } public IAuthToken authenticate(HttpServletRequest httpReq) - throws EBaseException { + throws EBaseException { return authenticate(httpReq, mAuthMgr); } - public IAuthToken authenticate(CMSRequest req, String authMgrName) - throws EBaseException { - IAuthToken authToken = authenticate(req.getHttpReq(), authMgrName); + public IAuthToken authenticate(CMSRequest req, String authMgrName) + throws EBaseException { + IAuthToken authToken = authenticate(req.getHttpReq(), + authMgrName); saveAuthToken(authToken, req.getIRequest()); return authToken; @@ -1632,19 +1709,19 @@ public abstract class CMSServlet extends HttpServlet { /** * Authentication * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_FAIL used when authentication - * fails (in case of SSL-client auth, only webserver env can pick up the SSL - * violation; CS authMgr can pick up cert mis-match, so this event is used) - * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_SUCCESS used when - * authentication succeeded + * fails (in case of SSL-client auth, only webserver env can pick up the + * SSL violation; CS authMgr can pick up cert mis-match, so this event + * is used) + * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_SUCCESS used when authentication + * succeeded * </ul> - * * @exception EBaseException an error has occurred */ - public IAuthToken authenticate(HttpServletRequest httpReq, - String authMgrName) throws EBaseException { + public IAuthToken authenticate(HttpServletRequest httpReq, String authMgrName) + throws EBaseException { String auditMessage = null; String auditSubjectID = ILogger.UNIDENTIFIED; String auditAuthMgrID = ILogger.UNIDENTIFIED; @@ -1673,19 +1750,19 @@ public abstract class CMSServlet extends HttpServlet { // // check ssl client authentication if specified. // - X509Certificate clientCert = null; + X509Certificate clientCert = null; - if (getClientCert != null && getClientCert.equals("true")) { + if (getClientCert != null && getClientCert.equals("true")) { CMS.debug("CMSServlet: retrieving SSL certificate"); clientCert = getSSLClientCertificate(httpReq); } // // check authentication by auth manager if any. - // + // if (authMgrName == null) { - // Fixed Blackflag Bug #613900: Since this code block does + // Fixed Blackflag Bug #613900: Since this code block does // NOT actually constitute an authentication failure, but // rather the case in which a given servlet has been correctly // configured to NOT require an authentication manager, the @@ -1717,9 +1794,11 @@ public abstract class CMSServlet extends HttpServlet { auditAuthMgrID = authMgrName; } AuthToken authToken = CMSGateway.checkAuthManager(httpReq, - httpArgs, clientCert, authMgrName); + httpArgs, + clientCert, + authMgrName); if (authToken == null) { - return null; + return null; } String userid = authToken.getInString(IAuthToken.USER_ID); @@ -1728,21 +1807,28 @@ public abstract class CMSServlet extends HttpServlet { if (userid != null) { ctx.put(SessionContext.USER_ID, userid); } - + // reset the "auditSubjectID" auditSubjectID = auditSubjectID(); // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_AUTH_SUCCESS, - auditSubjectID, ILogger.SUCCESS, auditAuthMgrID); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_AUTH_SUCCESS, + auditSubjectID, + ILogger.SUCCESS, + auditAuthMgrID); audit(auditMessage); return authToken; } catch (EBaseException eAudit1) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_AUTH_FAIL, - auditSubjectID, ILogger.FAILURE, auditAuthMgrID, auditUID); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_AUTH_FAIL, + auditSubjectID, + ILogger.FAILURE, + auditAuthMgrID, + auditUID); audit(auditMessage); // rethrow the specific exception to be handled later @@ -1750,8 +1836,8 @@ public abstract class CMSServlet extends HttpServlet { } } - public AuthzToken authorize(String authzMgrName, String resource, - IAuthToken authToken, String exp) throws EBaseException { + public AuthzToken authorize(String authzMgrName, String resource, IAuthToken authToken, + String exp) throws EBaseException { AuthzToken authzToken = null; String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1766,40 +1852,56 @@ public abstract class CMSServlet extends HttpServlet { authzToken = mAuthz.authorize(authzMgrName, authToken, exp); if (authzToken != null) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS, auditSubjectID, - ILogger.SUCCESS, auditACLResource, auditOperation); + LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS, + auditSubjectID, + ILogger.SUCCESS, + auditACLResource, + auditOperation); audit(auditMessage); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_ROLE_ASSUME, auditSubjectID, - ILogger.SUCCESS, auditGroupID); + LOGGING_SIGNED_AUDIT_ROLE_ASSUME, + auditSubjectID, + ILogger.SUCCESS, + auditGroupID); audit(auditMessage); } else { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, auditSubjectID, - ILogger.FAILURE, auditACLResource, auditOperation); + LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, + auditSubjectID, + ILogger.FAILURE, + auditACLResource, + auditOperation); audit(auditMessage); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_ROLE_ASSUME, auditSubjectID, - ILogger.FAILURE, auditGroupID); + LOGGING_SIGNED_AUDIT_ROLE_ASSUME, + auditSubjectID, + ILogger.FAILURE, + auditGroupID); audit(auditMessage); } return authzToken; } catch (Exception e) { - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, - auditSubjectID, ILogger.FAILURE, auditACLResource, - auditOperation); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, + auditSubjectID, + ILogger.FAILURE, + auditACLResource, + auditOperation); audit(auditMessage); - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_ROLE_ASSUME, - auditSubjectID, ILogger.FAILURE, auditGroupID); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_ROLE_ASSUME, + auditSubjectID, + ILogger.FAILURE, + auditGroupID); audit(auditMessage); throw new EBaseException(e.toString()); @@ -1809,29 +1911,29 @@ public abstract class CMSServlet extends HttpServlet { /** * Authorize must occur after Authenticate * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_FAIL used when authorization * has failed - * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS used when - * authorization is successful - * <li>signed.audit LOGGING_SIGNED_AUDIT_ROLE_ASSUME used when user assumes - * a role (in current CS that's when one accesses a role port) + * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS used when authorization + * is successful + * <li>signed.audit LOGGING_SIGNED_AUDIT_ROLE_ASSUME used when user assumes a + * role (in current CS that's when one accesses a role port) * </ul> - * * @param authzMgrName string representing the name of the authorization - * manager + * manager * @param authToken the authentication token * @param resource a string representing the ACL resource id as defined in - * the ACL resource list + * the ACL resource list * @param operation a string representing one of the operations as defined - * within the ACL statement (e. g. - "read" for an ACL statement - * containing "(read,write)") + * within the ACL statement (e. g. - "read" for an ACL statement containing + * "(read,write)") * @exception EBaseException an error has occurred * @return the authorization token */ public AuthzToken authorize(String authzMgrName, IAuthToken authToken, - String resource, String operation) throws EBaseException { + String resource, String operation) + throws EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditGroupID = auditGroupID(); @@ -1839,19 +1941,19 @@ public abstract class CMSServlet extends HttpServlet { String auditACLResource = resource; String auditOperation = operation; + SessionContext auditContext = SessionContext.getExistingContext(); String authManagerId = null; - if (auditContext != null) { - authManagerId = (String) auditContext - .get(SessionContext.AUTH_MANAGER_ID); - - if (authManagerId != null && authManagerId.equals("TokenAuth")) { - if (auditSubjectID.equals(ILogger.NONROLEUSER) - || auditSubjectID.equals(ILogger.UNIDENTIFIED)) { - CMS.debug("CMSServlet: in authorize... TokenAuth auditSubjectID unavailable, changing to auditGroupID"); - auditID = auditGroupID; - } + if(auditContext != null) { + authManagerId = (String) auditContext.get(SessionContext.AUTH_MANAGER_ID); + + if(authManagerId != null && authManagerId.equals("TokenAuth")) { + if (auditSubjectID.equals(ILogger.NONROLEUSER) || + auditSubjectID.equals(ILogger.UNIDENTIFIED)) { + CMS.debug("CMSServlet: in authorize... TokenAuth auditSubjectID unavailable, changing to auditGroupID"); + auditID = auditGroupID; + } } } @@ -1866,7 +1968,7 @@ public abstract class CMSServlet extends HttpServlet { } if (authzMgrName == null) { - // Fixed Blackflag Bug #613900: Since this code block does + // Fixed Blackflag Bug #613900: Since this code block does // NOT actually constitute an authorization failure, but // rather the case in which a given servlet has been correctly // configured to NOT require an authorization manager, the @@ -1878,35 +1980,47 @@ public abstract class CMSServlet extends HttpServlet { } try { - AuthzToken authzTok = mAuthz.authorize(authzMgrName, authToken, - resource, operation); + AuthzToken authzTok = mAuthz.authorize(authzMgrName, + authToken, + resource, + operation); if (authzTok != null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS, auditSubjectID, - ILogger.SUCCESS, auditACLResource, auditOperation); + LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS, + auditSubjectID, + ILogger.SUCCESS, + auditACLResource, + auditOperation); audit(auditMessage); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_ROLE_ASSUME, auditID, - ILogger.SUCCESS, auditGroups(auditSubjectID)); + LOGGING_SIGNED_AUDIT_ROLE_ASSUME, + auditID, + ILogger.SUCCESS, + auditGroups(auditSubjectID)); audit(auditMessage); } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, auditSubjectID, - ILogger.FAILURE, auditACLResource, auditOperation); + LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, + auditSubjectID, + ILogger.FAILURE, + auditACLResource, + auditOperation); audit(auditMessage); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_ROLE_ASSUME, auditID, - ILogger.FAILURE, auditGroups(auditSubjectID)); + LOGGING_SIGNED_AUDIT_ROLE_ASSUME, + auditID, + ILogger.FAILURE, + auditGroups(auditSubjectID)); audit(auditMessage); } @@ -1914,31 +2028,42 @@ public abstract class CMSServlet extends HttpServlet { return authzTok; } catch (EBaseException eAudit1) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, - auditSubjectID, ILogger.FAILURE, auditACLResource, - auditOperation); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, + auditSubjectID, + ILogger.FAILURE, + auditACLResource, + auditOperation); audit(auditMessage); // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_ROLE_ASSUME, - auditID, ILogger.FAILURE, auditGroups(auditSubjectID)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_ROLE_ASSUME, + auditID, + ILogger.FAILURE, + auditGroups(auditSubjectID)); audit(auditMessage); return null; } catch (Exception eAudit1) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, - auditSubjectID, ILogger.FAILURE, auditACLResource, - auditOperation); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, + auditSubjectID, + ILogger.FAILURE, + auditACLResource, + auditOperation); audit(auditMessage); // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_ROLE_ASSUME, - auditSubjectID, ILogger.FAILURE, - auditGroups(auditSubjectID)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_ROLE_ASSUME, + auditSubjectID, + ILogger.FAILURE, + auditGroups(auditSubjectID)); audit(auditMessage); @@ -1948,11 +2073,11 @@ public abstract class CMSServlet extends HttpServlet { /** * Signed Audit Log - * - * This method is inherited by all extended "CMSServlet"s, and is called to - * store messages to the signed audit log. + * + * This method is inherited by all extended "CMSServlet"s, + * and is called to store messages to the signed audit log. * <P> - * + * * @param msg signed audit log message */ protected void audit(String msg) { @@ -1963,17 +2088,21 @@ public abstract class CMSServlet extends HttpServlet { return; } - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, null, - ILogger.S_SIGNED_AUDIT, ILogger.LL_SECURITY, msg); + mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, + null, + ILogger.S_SIGNED_AUDIT, + ILogger.LL_SECURITY, + msg); } /** * Signed Audit Log Subject ID - * - * This method is inherited by all extended "CMSServlet"s, and is called to - * obtain the "SubjectID" for a signed audit log message. + * + * This method is inherited by all extended "CMSServlet"s, + * and is called to obtain the "SubjectID" for + * a signed audit log message. * <P> - * + * * @return id string containing the signed audit log message SubjectID */ protected String auditSubjectID() { @@ -1990,7 +2119,8 @@ public abstract class CMSServlet extends HttpServlet { CMS.debug("CMSServlet: auditSubjectID auditContext " + auditContext); if (auditContext != null) { - subjectID = (String) auditContext.get(SessionContext.USER_ID); + subjectID = (String) + auditContext.get(SessionContext.USER_ID); CMS.debug("CMSServlet auditSubjectID: subjectID: " + subjectID); if (subjectID != null) { @@ -2007,11 +2137,12 @@ public abstract class CMSServlet extends HttpServlet { /** * Signed Audit Log Group ID - * - * This method is inherited by all extended "CMSServlet"s, and is called to - * obtain the "gid" for a signed audit log message. + * + * This method is inherited by all extended "CMSServlet"s, + * and is called to obtain the "gid" for + * a signed audit log message. * <P> - * + * * @return id string containing the signed audit log message SubjectID */ protected String auditGroupID() { @@ -2028,7 +2159,8 @@ public abstract class CMSServlet extends HttpServlet { CMS.debug("CMSServlet: auditGroupID auditContext " + auditContext); if (auditContext != null) { - groupID = (String) auditContext.get(SessionContext.GROUP_ID); + groupID = (String) + auditContext.get(SessionContext.GROUP_ID); CMS.debug("CMSServlet auditGroupID: groupID: " + groupID); if (groupID != null) { @@ -2045,14 +2177,14 @@ public abstract class CMSServlet extends HttpServlet { /** * Signed Audit Groups - * - * This method is called to extract all "groups" associated with the - * "auditSubjectID()". + * + * This method is called to extract all "groups" associated + * with the "auditSubjectID()". * <P> - * + * * @param id string containing the signed audit log message SubjectID - * @return a delimited string of groups associated with the - * "auditSubjectID()" + * @return a delimited string of groups associated + * with the "auditSubjectID()" */ private String auditGroups(String SubjectID) { // if no signed audit object exists, bail @@ -2060,7 +2192,8 @@ public abstract class CMSServlet extends HttpServlet { return null; } - if ((SubjectID == null) || (SubjectID.equals(ILogger.UNIDENTIFIED))) { + if ((SubjectID == null) || + (SubjectID.equals(ILogger.UNIDENTIFIED))) { return ILogger.SIGNED_AUDIT_EMPTY_VALUE; } @@ -2078,7 +2211,7 @@ public abstract class CMSServlet extends HttpServlet { IGroup group = (IGroup) groups.nextElement(); if (group.isMember(SubjectID) == true) { - if (membersString.length() != 0) { + if (membersString.length()!= 0) { membersString.append(", "); } @@ -2086,7 +2219,7 @@ public abstract class CMSServlet extends HttpServlet { } } - if (membersString.length() != 0) { + if (membersString.length()!=0) { return membersString.toString(); } else { return ILogger.SIGNED_AUDIT_EMPTY_VALUE; @@ -2105,24 +2238,23 @@ public abstract class CMSServlet extends HttpServlet { locale = Locale.getDefault(); } else { locale = new Locale(UserInfo.getUserLanguage(lang), - UserInfo.getUserCountry(lang)); + UserInfo.getUserCountry(lang)); } return locale; } - protected void outputResult(HttpServletResponse httpResp, - String contentType, byte[] content) { + protected void outputResult(HttpServletResponse httpResp, + String contentType, byte[] content) { try { OutputStream os = httpResp.getOutputStream(); - + httpResp.setContentType(contentType); httpResp.setContentLength(content.length); os.write(content); os.flush(); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", - e.toString())); + CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", e.toString())); return; } } @@ -2131,13 +2263,11 @@ public abstract class CMSServlet extends HttpServlet { outputError(httpResp, FAILURE, errorString, null); } - protected void outputError(HttpServletResponse httpResp, - String errorString, String requestId) { + protected void outputError(HttpServletResponse httpResp, String errorString, String requestId) { outputError(httpResp, FAILURE, errorString, null); } - protected void outputError(HttpServletResponse httpResp, String status, - String errorString, String requestId) { + protected void outputError(HttpServletResponse httpResp, String status, String errorString, String requestId) { XMLObject xmlObj = null; try { xmlObj = new XMLObject(); @@ -2158,39 +2288,34 @@ public abstract class CMSServlet extends HttpServlet { } catch (Exception ee) { CMS.debug("Failed to send XML output to the server."); log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", - ee.toString())); + CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", ee.toString())); } } - protected StringBuffer escapeValueRfc1779(String v, boolean doubleEscape) { + protected StringBuffer escapeValueRfc1779(String v, boolean doubleEscape) + { StringBuffer result = new StringBuffer(); // Do we need to escape any characters for (int i = 0; i < v.length(); i++) { int c = v.charAt(i); - if (c == ',' || c == '=' || c == '+' || c == '<' || c == '>' - || c == '#' || c == ';' || c == '\r' || c == '\n' - || c == '\\' || c == '"') { - if ((c == 0x5c) && ((i + 1) < v.length())) { - int nextC = v.charAt(i + 1); - if ((c == 0x5c) - && (nextC == ',' || nextC == '=' || nextC == '+' - || nextC == '<' || nextC == '>' - || nextC == '#' || nextC == ';' - || nextC == '\r' || nextC == '\n' - || nextC == '\\' || nextC == '"')) { - if (doubleEscape) - result.append('\\'); + if (c == ',' || c == '=' || c == '+' || c == '<' || + c == '>' || c == '#' || c == ';' || c == '\r' || + c == '\n' || c == '\\' || c == '"') { + if ((c == 0x5c) && ((i+1) < v.length())) { + int nextC = v.charAt(i+1); + if ((c == 0x5c) && (nextC == ',' || nextC == '=' || nextC == '+' || + nextC == '<' || nextC == '>' || nextC == '#' || + nextC == ';' || nextC == '\r' || nextC == '\n' || + nextC == '\\' || nextC == '"')) { + if (doubleEscape) result.append('\\'); } else { result.append('\\'); - if (doubleEscape) - result.append('\\'); + if (doubleEscape) result.append('\\'); } } else { result.append('\\'); - if (doubleEscape) - result.append('\\'); + if (doubleEscape) result.append('\\'); } } if (c == '\r') { @@ -2198,10 +2323,11 @@ public abstract class CMSServlet extends HttpServlet { } else if (c == '\n') { result.append("0A"); } else { - result.append((char) c); + result.append((char)c); } } return result; } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java index c68a1755..64c59c5a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.base; + import java.io.File; import java.io.IOException; import java.io.PrintWriter; @@ -31,10 +32,11 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.EBaseException; import com.netscape.cmsutil.util.Utils; + /** - * This servlet is started by the web server at startup, and it starts the CMS - * framework. - * + * This servlet is started by the web server at startup, and + * it starts the CMS framework. + * * @version $Revision$, $Date$ */ public class CMSStartServlet extends HttpServlet { @@ -53,33 +55,34 @@ public class CMSStartServlet extends HttpServlet { if (!f.exists()) { int index = path.lastIndexOf("CS.cfg"); if (index != -1) { - old_path = path.substring(0, index) + "CMS.cfg"; + old_path = path.substring(0, index)+"CMS.cfg"; } File f1 = new File(old_path); if (f1.exists()) { // The following block of code moves "CMS.cfg" to "CS.cfg". try { - if (Utils.isNT()) { + if( Utils.isNT() ) { // NT is very picky on the path - Utils.exec("copy " - + f1.getAbsolutePath().replace('/', '\\') + " " - + f.getAbsolutePath().replace('/', '\\')); + Utils.exec( "copy " + + f1.getAbsolutePath().replace( '/', '\\' ) + + " " + + f.getAbsolutePath().replace( '/', '\\' ) ); } else { // Create a copy of the original file which // preserves the original file permissions. - Utils.exec("cp -p " + f1.getAbsolutePath() + " " - + f.getAbsolutePath()); + Utils.exec( "cp -p " + f1.getAbsolutePath() + " " + + f.getAbsolutePath() ); } // Remove the original file if and only if // the backup copy was successful. - if (f.exists()) { + if( f.exists() ) { f1.delete(); // Make certain that the new file has // the correct permissions. - if (!Utils.isNT()) { - Utils.exec("chmod 00660 " + f.getAbsolutePath()); + if( !Utils.isNT() ) { + Utils.exec( "chmod 00660 " + f.getAbsolutePath() ); } } } catch (Exception e) { @@ -93,7 +96,7 @@ public class CMSStartServlet extends HttpServlet { } public void doGet(HttpServletRequest req, HttpServletResponse res) - throws ServletException, IOException { + throws ServletException, IOException { res.setContentType("text/html"); PrintWriter out = res.getWriter(); diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/DisplayHtmlServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/DisplayHtmlServlet.java index c53d6c52..8d853f0b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/DisplayHtmlServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/DisplayHtmlServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.base; + import java.io.ByteArrayOutputStream; import java.io.File; import java.io.FileInputStream; @@ -32,10 +33,10 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ECMSGWException; + /** - * This is the servlet that displays the html page for the corresponding input - * id. - * + * This is the servlet that displays the html page for the corresponding input id. + * * @version $Revision$, $Date$ */ public class DisplayHtmlServlet extends CMSServlet { @@ -54,7 +55,7 @@ public class DisplayHtmlServlet extends CMSServlet { public void init(ServletConfig sc) throws ServletException { super.init(sc); - mHTMLPath = sc.getInitParameter(PROP_HTML_PATH); + mHTMLPath = sc.getInitParameter(PROP_HTML_PATH); mTemplates.remove(CMSRequest.SUCCESS); } @@ -67,19 +68,18 @@ public class DisplayHtmlServlet extends CMSServlet { IAuthToken authToken = authenticate(cmsReq); try { - String realpath = mServletConfig.getServletContext().getRealPath( - "/" + mHTMLPath); + String realpath = + mServletConfig.getServletContext().getRealPath("/" + mHTMLPath); if (realpath == null) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_FIND_TEMPLATE", mHTMLPath)); - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + mLogger.log( + ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NO_FIND_TEMPLATE", mHTMLPath)); + throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")) ; } File file = new File(realpath); long flen = file.length(); - byte[] bin = new byte[(int) flen]; + byte[] bin = new byte[(int)flen]; FileInputStream ins = new FileInputStream(file); int len = 0; @@ -92,11 +92,9 @@ public class DisplayHtmlServlet extends CMSServlet { ins.close(); bos.close(); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_TEMPLATE", mHTMLPath, - e.toString())); - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_TEMPLATE", mHTMLPath, e.toString())); + throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/DynamicVariablesServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/DynamicVariablesServlet.java index 45a404c5..9607fbe2 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/DynamicVariablesServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/DynamicVariablesServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.base; + import java.io.IOException; import java.util.Date; import java.util.Enumeration; @@ -38,13 +39,14 @@ import com.netscape.certsrv.authentication.IAuthToken; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; + /** - * Return some javascript to the request which contains the list of dynamic data - * in the CMS system. + * Return some javascript to the request which contains the list of + * dynamic data in the CMS system. * <p> - * This allows the requestor (browser) to make decisions about what to present - * in the UI, depending on how CMS is configured - * + * This allows the requestor (browser) to make decisions about what + * to present in the UI, depending on how CMS is configured + * * @version $Revision$, $Date$ */ public class DynamicVariablesServlet extends CMSServlet { @@ -81,10 +83,10 @@ public class DynamicVariablesServlet extends CMSServlet { private static final String VAR_CLA_CRL_URL_STRING = "clacrlurl()"; private static final Integer VAR_CLA_CRL_URL = Integer.valueOf(6); private String VAR_CLA_CRL_URL_VALUE = null; - + private String mAuthMgrCacheString = ""; - private long mAuthMgrCacheTime = 0; - private final int AUTHMGRCACHE = 10; // number of seconds to cache list of + private long mAuthMgrCacheTime = 0; + private final int AUTHMGRCACHE = 10; //number of seconds to cache list of // authmanagers for private Hashtable dynvars = null; private String mGetClientCert = "false"; @@ -97,7 +99,8 @@ public class DynamicVariablesServlet extends CMSServlet { IConfigStore config = CMS.getConfigStore().getSubStore(PROP_CLONING); try { - mCrlurl = config.getString(PROP_CRLURL, ""); + mCrlurl = + config.getString(PROP_CRLURL, ""); } catch (EBaseException e) { } } @@ -116,38 +119,33 @@ public class DynamicVariablesServlet extends CMSServlet { /** * Reads the following variables from the servlet config: * <ul> - * <li><strong>AuthMgr</strong> - the authentication manager to use to - * authenticate the request - * <li><strong>GetClientCert</strong> - whether to request client auth for - * this request - * <li><strong>authority</strong> - the authority (ca, ra, drm) to return to - * the client - * <li><strong>dynamicVariables</strong> - a string of the form: - * serverdate=serverdate(),subsystemname=subsystemname(), - * http=http(),authmgrs=authmgrs(),clacrlurl=clacrlurl() + * <li><strong>AuthMgr</strong> - the authentication manager to use to authenticate the request + * <li><strong>GetClientCert</strong> - whether to request client auth for this request + * <li><strong>authority</strong> - the authority (ca, ra, drm) to return to the client + * <li><strong>dynamicVariables</strong> - a string of the form: + * serverdate=serverdate(),subsystemname=subsystemname(), + * http=http(),authmgrs=authmgrs(),clacrlurl=clacrlurl() * </ul> - * The dynamicVariables string is parsed by splitting on commas. When - * services, the HTTP request provides a piece of javascript code as - * follows. + * The dynamicVariables string is parsed by splitting on commas. + * When services, the HTTP request provides a piece of javascript + * code as follows. * <p> * Each sub expression "lhs=rhs()" forms a javascript statement of the form - * <i>lhs=xxx;</i> Where lhs is xxx is the result of 'evaluating' the rhs. - * The possible values for the rhs() function are: + * <i>lhs=xxx;</i> Where lhs is xxx is the result of 'evaluating' the + * rhs. The possible values for the rhs() function are: * <ul> - * <li><strong>serverdate()</strong> - the timestamp of the server (used to - * ensure that the client clock is set correctly) + * <li><strong>serverdate()</strong> - the timestamp of the server (used to ensure that the client + * clock is set correctly) * <li><strong>subsystemname()</strong> - * <li><strong>http()</strong> - "true" or "false" - is this an http - * connection (as opposed to https) + * <li><strong>http()</strong> - "true" or "false" - is this an http connection (as opposed to https) * <li>authmgrs() - a comma separated list of authentication managers - * <li>clacrlurl() - the URL to get the CRL from, in the case of a Clone CA. - * This is defined in the CMS configuration parameter - * 'cloning.cloneMasterCrlUrl' + * <li>clacrlurl() - the URL to get the CRL from, in the case of a Clone CA. This is + * defined in the CMS configuration parameter 'cloning.cloneMasterCrlUrl' * </ul> - * * @see javax.servlet.Servlet#init(ServletConfig) */ + public void init(ServletConfig sc) throws ServletException { super.init(sc); mAuthMgr = sc.getInitParameter(PROP_AUTHMGR); @@ -184,8 +182,7 @@ public class DynamicVariablesServlet extends CMSServlet { } else if (varvalue.equalsIgnoreCase(VAR_CLA_CRL_URL_STRING)) { varcode = VAR_CLA_CRL_URL; } else { - throw new ServletException( - "bad configuration parameter in " + PROP_DYNVAR); + throw new ServletException("bad configuration parameter in " + PROP_DYNVAR); } if (varcode != null) { dynvars.put(varcode, (Object) varname); @@ -196,19 +193,20 @@ public class DynamicVariablesServlet extends CMSServlet { } } - public void service(HttpServletRequest httpReq, HttpServletResponse httpResp) - throws ServletException, IOException { + public void service(HttpServletRequest httpReq, + HttpServletResponse httpResp) + throws ServletException, IOException { boolean running_state = CMS.isInRunningState(); if (!running_state) - throw new IOException("CMS server is not ready to serve."); + throw new IOException( + "CMS server is not ready to serve."); if (mAuthMgr != null) { try { IAuthToken token = authenticate(httpReq); } catch (EBaseException e) { - mServletCtx.log(CMS.getLogMessage("CMSGW_FILE_NO_ACCESS", - e.toString())); + mServletCtx.log(CMS.getLogMessage("CMSGW_FILE_NO_ACCESS", e.toString())); httpResp.sendError(HttpServletResponse.SC_FORBIDDEN); return; } @@ -216,7 +214,7 @@ public class DynamicVariablesServlet extends CMSServlet { httpResp.setContentType("application/x-javascript"); httpResp.setHeader("Pragma", "no-cache"); - + try { ServletOutputStream os = httpResp.getOutputStream(); @@ -229,40 +227,47 @@ public class DynamicVariablesServlet extends CMSServlet { Integer varcode = (Integer) k.nextElement(); if (varcode.equals(VAR_SERVERDATE)) { - toBeWritten = dynvars.get(varcode) + "=" - + getServerDate() + ";\n"; + toBeWritten = dynvars.get(varcode) + + "=" + + getServerDate() + + ";\n"; os.print(toBeWritten); } if (varcode.equals(VAR_SUBSYSTEMNAME)) { if (getSubsystemName() != null) { - toBeWritten = dynvars.get(varcode) + "=" + "\"" - + getSubsystemName() + "\"" + ";\n"; + toBeWritten = dynvars.get(varcode) + + "=" + "\"" + + getSubsystemName() + "\"" + + ";\n"; os.print(toBeWritten); } } if (varcode.equals(VAR_HTTP)) { if (getHttp(httpReq) != null) { - toBeWritten = dynvars.get(varcode) + "=" + "\"" - + getHttp(httpReq) + "\"" + ";\n"; + toBeWritten = dynvars.get(varcode) + + "=" + "\"" + + getHttp(httpReq) + "\"" + + ";\n"; os.print(toBeWritten); } } if (varcode.equals(VAR_CLA_CRL_URL)) { if (getImportCrlUrl() != null) { - toBeWritten = dynvars.get(varcode) + "=" + "\"" - + getImportCrlUrl() + "\"" + ";\n"; + toBeWritten = dynvars.get(varcode) + + "=" + "\"" + + getImportCrlUrl() + "\"" + + ";\n"; os.print(toBeWritten); } } if (varcode.equals(VAR_AUTHMGRS)) { toBeWritten = ""; - IAuthSubsystem as = (IAuthSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_AUTH); + IAuthSubsystem as = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); Enumeration ame = as.getAuthManagers(); Date d = CMS.getCurrentDate(); @@ -273,12 +278,10 @@ public class DynamicVariablesServlet extends CMSServlet { StringBuffer sb = new StringBuffer(); while (ame.hasMoreElements()) { - IAuthManager am = (IAuthManager) ame - .nextElement(); + IAuthManager am = (IAuthManager) ame.nextElement(); String amName = am.getImplName(); - AuthMgrPlugin ap = as - .getAuthManagerPluginImpl(amName); + AuthMgrPlugin ap = as.getAuthManagerPluginImpl(amName); if (ap.isVisible()) { sb.append("authmanager["); diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/GetStats.java b/pki/base/common/src/com/netscape/cms/servlet/base/GetStats.java index 784ba40f..3b8f8bd4 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/GetStats.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/GetStats.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.base; + import java.io.IOException; import java.util.Date; import java.util.Enumeration; @@ -42,9 +43,10 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; + /** * Retrieve information. - * + * * @version $Revision$, $Date$ */ public class GetStats extends CMSServlet { @@ -60,9 +62,9 @@ public class GetStats extends CMSServlet { } /** - * initialize the servlet. This servlet uses the template file - * "getOCSPInfo.template" to render the result page. - * + * initialize the servlet. This servlet uses the template + * file "getOCSPInfo.template" to render the result page. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -77,12 +79,14 @@ public class GetStats extends CMSServlet { mTemplates.remove(CMSRequest.SUCCESS); } + /** - * Process the HTTP request. - * + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information */ - protected void process(CMSRequest cmsReq) throws EBaseException { + protected void process(CMSRequest cmsReq) + throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -90,14 +94,14 @@ public class GetStats extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "read"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -114,11 +118,10 @@ public class GetStats extends CMSServlet { try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, - e.toString())); - cmsReq.setError(new ECMSGWException(CMS - .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + cmsReq.setError(new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -127,12 +130,12 @@ public class GetStats extends CMSServlet { IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams argSet = new CMSTemplateParams(header, fixed); - IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats"); + IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats"); StatsEvent st = statsSub.getMainStatsEvent(); String op = httpReq.getParameter("op"); if (op != null && op.equals("clear")) { - statsSub.resetCounters(); + statsSub.resetCounters(); } header.addStringValue("startTime", statsSub.getStartTime().toString()); @@ -146,42 +149,43 @@ public class GetStats extends CMSServlet { form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); - cmsReq.setError(new ECMSGWException(CMS - .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + cmsReq.setError(new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); } cmsReq.setStatus(CMSRequest.SUCCESS); return; } - public String getSep(int level) { - StringBuffer s = new StringBuffer(); - for (int i = 0; i < level; i++) { - s.append("-"); - } - return s.toString(); + public String getSep(int level) + { + StringBuffer s = new StringBuffer(); + for (int i = 0; i < level; i++) { + s.append("-"); + } + return s.toString(); } public void parse(CMSTemplateParams argSet, StatsEvent st, int level) { Enumeration names = st.getSubEventNames(); while (names.hasMoreElements()) { - String name = (String) names.nextElement(); - StatsEvent subSt = st.getSubEvent(name); - - IArgBlock rarg = CMS.createArgBlock(); - rarg.addStringValue("name", getSep(level) + " " + subSt.getName()); - rarg.addLongValue("noOfOp", subSt.getNoOfOperations()); - rarg.addLongValue("timeTaken", subSt.getTimeTaken()); - rarg.addLongValue("max", subSt.getMax()); - rarg.addLongValue("min", subSt.getMin()); - rarg.addLongValue("percentage", subSt.getPercentage()); - rarg.addLongValue("avg", subSt.getAvg()); - rarg.addLongValue("stddev", subSt.getStdDev()); - argSet.addRepeatRecord(rarg); - - parse(argSet, subSt, level + 1); + String name = (String)names.nextElement(); + StatsEvent subSt = st.getSubEvent(name); + + IArgBlock rarg = CMS.createArgBlock(); + rarg.addStringValue("name", getSep(level) + " " + subSt.getName()); + rarg.addLongValue("noOfOp", subSt.getNoOfOperations()); + rarg.addLongValue("timeTaken", subSt.getTimeTaken()); + rarg.addLongValue("max", subSt.getMax()); + rarg.addLongValue("min", subSt.getMin()); + rarg.addLongValue("percentage", subSt.getPercentage()); + rarg.addLongValue("avg", subSt.getAvg()); + rarg.addLongValue("stddev", subSt.getStdDev()); + argSet.addRepeatRecord(rarg); + + parse(argSet, subSt, level+1); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/IndexServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/IndexServlet.java index 60e80f1e..89179b57 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/IndexServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/IndexServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.base; + import java.io.IOException; import javax.servlet.ServletConfig; @@ -31,9 +32,11 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ECMSGWException; import com.netscape.cms.servlet.common.IndexTemplateFiller; + /** - * This is the servlet that builds the index page in various ports. - * + * This is the servlet that builds the index page in + * various ports. + * * @version $Revision$, $Date$ */ public class IndexServlet extends CMSServlet { @@ -65,9 +68,10 @@ public class IndexServlet extends CMSServlet { mTemplateName = sc.getInitParameter(PROP_TEMPLATE); /* - * mTemplates.put(CMSRequest.SUCCESS, new CMSLoadTemplate( - * PROP_SUCCESS_TEMPLATE, PROP_SUCCESS_TEMPLATE_FILLER, mTemplateName, - * new IndexTemplateFiller())); + mTemplates.put(CMSRequest.SUCCESS, + new CMSLoadTemplate( + PROP_SUCCESS_TEMPLATE, PROP_SUCCESS_TEMPLATE_FILLER, + mTemplateName, new IndexTemplateFiller())); */ mTemplates.remove(CMSRequest.SUCCESS); } @@ -87,25 +91,26 @@ public class IndexServlet extends CMSServlet { * Serves HTTP request. */ public void process(CMSRequest cmsReq) throws EBaseException { - if (CMSGateway.getEnableAdminEnroll() && mAuthority != null - && mAuthority instanceof ICertificateAuthority) { + if (CMSGateway.getEnableAdminEnroll() && + mAuthority != null && + mAuthority instanceof ICertificateAuthority) { try { cmsReq.getHttpResp().sendRedirect("/ca/adminEnroll.html"); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAIL_REDIRECT_ADMIN_ENROLL", - e.toString())); - throw new ECMSGWException(CMS.getLogMessage( - "CMSGW_ERROR_REDIRECTING_ADMINENROLL1", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_FAIL_REDIRECT_ADMIN_ENROLL", e.toString())); + throw new ECMSGWException( + CMS.getLogMessage("CMSGW_ERROR_REDIRECTING_ADMINENROLL1", + e.toString())); } return; } else { try { - renderTemplate(cmsReq, mTemplateName, new IndexTemplateFiller()); + renderTemplate( + cmsReq, mTemplateName, new IndexTemplateFiller()); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_FAIL_RENDER_TEMPLATE", mTemplateName, - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_FAIL_RENDER_TEMPLATE", mTemplateName, e.toString())); throw new ECMSGWException( CMS.getLogMessage("CMSG_ERROR_DISPLAY_TEMPLATE")); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/PortsServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/PortsServlet.java index 6c84b88d..4c3dec80 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/PortsServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/PortsServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.base; + import java.io.IOException; import javax.servlet.ServletConfig; @@ -33,7 +34,7 @@ import com.netscape.cmsutil.xml.XMLObject; /** * This servlet returns port information. - * + * * @version $Revision$, $Date$ */ public class PortsServlet extends CMSServlet { @@ -49,7 +50,7 @@ public class PortsServlet extends CMSServlet { public void init(ServletConfig sc) throws ServletException { super.init(sc); - // override these to output directly ourselves. + // override these to output directly ourselves. mTemplates.remove(CMSRequest.SUCCESS); mTemplates.remove(CMSRequest.ERROR); } @@ -66,10 +67,10 @@ public class PortsServlet extends CMSServlet { String port = null; if (secure.equals("true")) - port = CMS.getEESSLPort(); + port = CMS.getEESSLPort(); else port = CMS.getEENonSSLPort(); - + try { XMLObject xmlObj = null; xmlObj = new XMLObject(); diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/ProxyServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/ProxyServlet.java index b8e19534..15bfb306 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/ProxyServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/ProxyServlet.java @@ -2,6 +2,7 @@ package com.netscape.cms.servlet.base; + import java.io.IOException; import java.util.HashMap; import java.util.Iterator; @@ -20,29 +21,34 @@ import javax.servlet.http.HttpServletResponse; import com.netscape.certsrv.apps.CMS; + /** * This is a servlet that proxies request to another servlet. + * + * SERVLET REDIRECTION + * Specify the URL of a servlet to forward the request to + * destServlet: /ee/ca/newservlet + * + * PARAMETER MAPPING + * In the servlet configuration (as an init-param in web.xml) you + * can optionally specify a value for the parameter 'parameterMap' + * which contains a list of HTTP parameters which should be + * translated to new names. * - * SERVLET REDIRECTION Specify the URL of a servlet to forward the request to - * destServlet: /ee/ca/newservlet - * - * PARAMETER MAPPING In the servlet configuration (as an init-param in web.xml) - * you can optionally specify a value for the parameter 'parameterMap' which - * contains a list of HTTP parameters which should be translated to new names. - * - * parameterMap: name1->newname1,name2->newname2 - * + * parameterMap: name1->newname1,name2->newname2 + * * Optionally, names can be set to static values: + * + * parameterMap: name1->name2=value + * + * Examples: + * Consider the following HTTP input parameters: + * vehicle:car make:ford model:explorer * - * parameterMap: name1->name2=value - * - * Examples: Consider the following HTTP input parameters: vehicle:car make:ford - * model:explorer - * - * The following config strings will have this effect: parameterMap: - * make->manufacturer,model->name=expedition,->suv=true output: vehicle:car - * manufactuer:ford model:expedition suv:true - * + * The following config strings will have this effect: + * parameterMap: make->manufacturer,model->name=expedition,->suv=true + * output: vehicle:car manufactuer:ford model:expedition suv:true + * * @version $Revision$, $Date$ */ public class ProxyServlet extends HttpServlet { @@ -58,41 +64,40 @@ public class ProxyServlet extends HttpServlet { private Vector mMatchStrings = new Vector(); private String mDestServletOnNoMatch = null; private String mAppendPathInfoOnNoMatch = null; - private Map mParamMap = new HashMap(); - private Map mParamValue = new HashMap(); + private Map mParamMap = new HashMap(); + private Map mParamValue = new HashMap(); public ProxyServlet() { } - private void parseParamTable(String s) { - if (s == null) - return; - - String[] params = s.split(","); - for (int i = 0; i < params.length; i++) { - String p = params[i]; - if (p != null) { - String[] paramNames = p.split("->"); - if (paramNames.length != 2) { - } - String from = paramNames[0]; - String to = paramNames[1]; - if (from != null && to != null) { - String[] splitTo = to.split("="); - String toName = splitTo[0]; - if (from.length() > 0) { - mParamMap.put(from, toName); - } - if (splitTo.length == 2) { - String toValue = splitTo[1]; - String toValues[] = new String[1]; - toValues[0] = toValue; - mParamValue.put(toName, toValues); - } - } - } - } - } + private void parseParamTable(String s) { + if (s == null) return; + + String[] params = s.split(","); + for (int i=0;i<params.length;i++) { + String p = params[i]; + if (p != null) { + String[] paramNames = p.split("->"); + if (paramNames.length != 2) { + } + String from = paramNames[0]; + String to = paramNames[1]; + if (from != null && to != null) { + String[] splitTo = to.split("="); + String toName = splitTo[0]; + if (from.length() >0) { + mParamMap.put(from,toName); + } + if (splitTo.length == 2) { + String toValue = splitTo[1]; + String toValues[] = new String[1]; + toValues[0] = toValue; + mParamValue.put(toName,toValues); + } + } + } + } + } public void init(ServletConfig sc) throws ServletException { super.init(sc); @@ -108,16 +113,16 @@ public class ProxyServlet extends HttpServlet { mDest = sc.getInitParameter("destServlet"); mSrcContext = sc.getInitParameter("srcContext"); mAppendPathInfo = sc.getInitParameter("appendPathInfo"); - mAppendPathInfoOnNoMatch = sc - .getInitParameter("appendPathInfoOnNoMatch"); + mAppendPathInfoOnNoMatch = sc.getInitParameter("appendPathInfoOnNoMatch"); String map = sc.getInitParameter("parameterMap"); - if (map != null) { - parseParamTable(map); - } + if (map != null) { + parseParamTable(map); + } } - public void service(HttpServletRequest req, HttpServletResponse res) - throws IOException, ServletException { + public void service(HttpServletRequest req, HttpServletResponse res) throws + IOException, ServletException + { RequestDispatcher dispatcher = null; String dest = mDest; String uri = req.getRequestURI(); @@ -127,120 +132,120 @@ public class ProxyServlet extends HttpServlet { if (mMatchStrings.size() != 0) { boolean matched = false; for (int i = 0; i < mMatchStrings.size(); i++) { - String t = (String) mMatchStrings.elementAt(i); - if (uri.indexOf(t) != -1) { + String t = (String)mMatchStrings.elementAt(i); + if (uri.indexOf(t) != -1) { matched = true; } } if (!matched) { dest = mDestServletOnNoMatch; // append Path info for OCSP request in Get method - if (mAppendPathInfoOnNoMatch != null - && !mAppendPathInfoOnNoMatch.equals("")) { + if (mAppendPathInfoOnNoMatch != null && + !mAppendPathInfoOnNoMatch.equals("")) { dest = dest + uri.replace(mAppendPathInfoOnNoMatch, ""); } } } if (dest == null || dest.equals("")) { - // mapping everything - dest = uri; - dest = dest.replaceFirst(mSrcContext, ""); + // mapping everything + dest = uri; + dest = dest.replaceFirst(mSrcContext, ""); } if (mAppendPathInfo != null && !mAppendPathInfo.equals("")) { - dest = dest + uri.replace(mAppendPathInfo, ""); + dest = dest + uri.replace(mAppendPathInfo, ""); } if (mDestContext != null && !mDestContext.equals("")) { - dispatcher = getServletContext().getContext(mDestContext) - .getRequestDispatcher(dest); + dispatcher = getServletContext().getContext(mDestContext).getRequestDispatcher(dest); } else { - dispatcher = req.getRequestDispatcher(dest); + dispatcher = req.getRequestDispatcher(dest); } - // If a parameter map was specified - if (mParamMap != null && !mParamMap.isEmpty()) { - // Make a new wrapper with the new parameters - ProxyWrapper r = new ProxyWrapper(req); - r.setParameterMapAndValue(mParamMap, mParamValue); - req = r; - } - - dispatcher.forward(req, res); + // If a parameter map was specified + if (mParamMap != null && !mParamMap.isEmpty()) { + // Make a new wrapper with the new parameters + ProxyWrapper r = new ProxyWrapper(req); + r.setParameterMapAndValue(mParamMap,mParamValue); + req = r; + } + + dispatcher.forward(req, res); } } -class ProxyWrapper extends HttpServletRequestWrapper { - private Map mMap = null; - private Map mValueMap = null; - - public ProxyWrapper(HttpServletRequest req) { - super(req); - } - - public void setParameterMapAndValue(Map m, Map v) { - if (m != null) - mMap = m; - if (v != null) - mValueMap = v; - } - - public Map getParameterMap() { - try { - // If we haven't specified any parameter mapping, just - // use the regular implementation - if (mMap == null) - return super.getParameterMap(); - else { - // Make a new Map for us to put stuff in - Map n = new HashMap(); - // get the HTTP parameters the user supplied. - Map m = super.getParameterMap(); - Set s = m.entrySet(); - Iterator i = s.iterator(); - while (i.hasNext()) { - Map.Entry me = (Map.Entry) i.next(); - String name = (String) me.getKey(); - String[] values = (String[]) (me.getValue()); - String newname = null; - if (name != null) { - newname = (String) mMap.get(name); - } - - // No mapping specified, just use existing name/value - if (newname == null || mValueMap == null) { - n.put(name, values); - } else { // new name specified - Object o = mValueMap.get(newname); - // check if new (static) value specified - if (o == null) { - n.put(newname, values); - } else { - String newvalues[] = (String[]) mValueMap - .get(newname); - n.put(newname, newvalues); - } - } - } - // Now, deal with static values set in the config - // which weren't set in the HTTP request - Set s2 = mValueMap.entrySet(); - Iterator i2 = s2.iterator(); - // Cycle through all the static values - while (i2.hasNext()) { - Map.Entry me2 = (Map.Entry) i2.next(); - String name2 = (String) me2.getKey(); - if (n.get(name2) == null) { - String[] values2 = (String[]) me2.getValue(); - // If the parameter is not set in the map - // Set it now - n.put(name2, values2); - } - } - - return n; - } - } catch (NullPointerException npe) { - CMS.debug(npe); - return null; - } - } +class ProxyWrapper extends HttpServletRequestWrapper +{ + private Map mMap = null; + private Map mValueMap = null; + + public ProxyWrapper(HttpServletRequest req) + { + super(req); + } + + public void setParameterMapAndValue(Map m,Map v) + { + if (m != null) mMap = m; + if (v != null) mValueMap = v; + } + + public Map getParameterMap() + { + try { + // If we haven't specified any parameter mapping, just + // use the regular implementation + if (mMap == null) return super.getParameterMap(); + else { + // Make a new Map for us to put stuff in + Map n = new HashMap(); + // get the HTTP parameters the user supplied. + Map m = super.getParameterMap(); + Set s = m.entrySet(); + Iterator i = s.iterator(); + while (i.hasNext()) { + Map.Entry me = (Map.Entry) i.next(); + String name = (String) me.getKey(); + String[] values = (String[])(me.getValue()); + String newname = null; + if (name != null) { + newname = (String) mMap.get(name); + } + + // No mapping specified, just use existing name/value + if (newname == null || mValueMap == null) { + n.put(name,values); + } else { // new name specified + Object o = mValueMap.get(newname); + // check if new (static) value specified + if (o==null) { + n.put(newname,values); + } else { + String newvalues[] = (String[])mValueMap.get(newname); + n.put(newname,newvalues); + } + } + } + // Now, deal with static values set in the config + // which weren't set in the HTTP request + Set s2 = mValueMap.entrySet(); + Iterator i2 = s2.iterator(); + // Cycle through all the static values + while (i2.hasNext()) { + Map.Entry me2 = (Map.Entry) i2.next(); + String name2 = (String) me2.getKey(); + if (n.get(name2) == null) { + String[] values2 = (String[])me2.getValue(); + // If the parameter is not set in the map + // Set it now + n.put(name2,values2); + } + } + + return n; + } + } catch (NullPointerException npe) { + CMS.debug(npe); + return null; + } + } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/SystemInfoServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/SystemInfoServlet.java index 625a69ed..5daac065 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/SystemInfoServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/SystemInfoServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.base; + import java.io.IOException; import java.util.Date; @@ -29,14 +30,15 @@ import javax.servlet.http.HttpServletResponse; import com.netscape.certsrv.apps.CMS; /** - * Displays detailed information about java VM internals, including current JVM - * memory usage, and detailed information about each thread. + * Displays detailed information about java VM internals, including + * current JVM memory usage, and detailed information about each + * thread. * <p> * Also allows user to trigger a new garbage collection - * + * * @version $Revision$, $Date$ */ -public class SystemInfoServlet extends HttpServlet { +public class SystemInfoServlet extends HttpServlet { /** * @@ -51,23 +53,21 @@ public class SystemInfoServlet extends HttpServlet { } /** - * service the request, returning HTML to the client. This method has - * different behaviour depending on the value of the 'op' HTTP parameter. + * service the request, returning HTML to the client. + * This method has different behaviour depending on the + * value of the 'op' HTTP parameter. * <UL> - * <LI>op = <i>undefined</i> - display a menu with links to the other - * functionality of this servlet - * <li>op = gc - tell the JVM that we want to do a garbage collection and to - * run finalizers (@see java.lang.Runtime.getRuntime#gc() ) - * <li>op = general - display information about memory, and other JVM - * informatino - * <li>op = thread - display details about each thread. + * <LI>op = <i>undefined</i> - display a menu with links to the other functionality of this servlet + * <li>op = gc - tell the JVM that we want to do a garbage collection and to run finalizers + * (@see java.lang.Runtime.getRuntime#gc() ) + * <li>op = general - display information about memory, and other JVM informatino + * <li>op = thread - display details about each thread. * </UL> - * - * @see javax.servlet.http.HttpServlet#service(HttpServletRequest, - * HttpServletResponse) + * @see javax.servlet.http.HttpServlet#service(HttpServletRequest, HttpServletResponse) */ - public void service(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { + public void service(HttpServletRequest request, + HttpServletResponse response) + throws ServletException, IOException { boolean collect = false; String op = request.getParameter("op"); @@ -83,12 +83,12 @@ public class SystemInfoServlet extends HttpServlet { } } - private void mainMenu(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { + private void mainMenu(HttpServletRequest request, + HttpServletResponse response) + throws ServletException, IOException { response.getWriter().println("<HTML>"); response.getWriter().println("<H1>"); - response.getWriter().println( - "<a href=" + request.getServletPath() + ">"); + response.getWriter().println("<a href=" + request.getServletPath() + ">"); response.getWriter().println("Main"); response.getWriter().println("</a>"); response.getWriter().println("</H1>"); @@ -97,8 +97,7 @@ public class SystemInfoServlet extends HttpServlet { response.getWriter().println("<tr>"); response.getWriter().println("<td>"); response.getWriter().println("<li>"); - response.getWriter().println( - "<a href=" + request.getServletPath() + "?op=general>"); + response.getWriter().println("<a href=" + request.getServletPath() + "?op=general>"); response.getWriter().println("General"); response.getWriter().println("</a>"); response.getWriter().println("</td>"); @@ -106,8 +105,7 @@ public class SystemInfoServlet extends HttpServlet { response.getWriter().println("<tr>"); response.getWriter().println("<td>"); response.getWriter().println("<li>"); - response.getWriter().println( - "<a href=" + request.getServletPath() + "?op=gc>"); + response.getWriter().println("<a href=" + request.getServletPath() + "?op=gc>"); response.getWriter().println("Garbage Collection"); response.getWriter().println("</a>"); response.getWriter().println("</td>"); @@ -115,8 +113,7 @@ public class SystemInfoServlet extends HttpServlet { response.getWriter().println("<tr>"); response.getWriter().println("<td>"); response.getWriter().println("<li>"); - response.getWriter().println( - "<a href=" + request.getServletPath() + "?op=thread>"); + response.getWriter().println("<a href=" + request.getServletPath() + "?op=thread>"); response.getWriter().println("Thread Listing"); response.getWriter().println("</a>"); response.getWriter().println("</td>"); @@ -125,31 +122,30 @@ public class SystemInfoServlet extends HttpServlet { response.getWriter().println("</HTML>"); } - private void gc(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { + private void gc(HttpServletRequest request, + HttpServletResponse response) + throws ServletException, IOException { java.lang.Runtime.getRuntime().gc(); java.lang.Runtime.getRuntime().runFinalization(); response.getWriter().println("<HTML>"); response.getWriter().println("<H1>"); - response.getWriter().println( - "<a href=" + request.getServletPath() + ">"); + response.getWriter().println("<a href=" + request.getServletPath() + ">"); response.getWriter().println("Main"); response.getWriter().println("</a>"); response.getWriter().println(" : "); response.getWriter().println("Garbage Collection"); response.getWriter().println("</H1>"); response.getWriter().println("<p>"); - response.getWriter() - .println("The garbage collector has been executed."); + response.getWriter().println("The garbage collector has been executed."); response.getWriter().println("</HTML>"); } - private void general(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { + private void general(HttpServletRequest request, + HttpServletResponse response) + throws ServletException, IOException { response.getWriter().println("<HTML>"); response.getWriter().println("<H1>"); - response.getWriter().println( - "<a href=" + request.getServletPath() + ">"); + response.getWriter().println("<a href=" + request.getServletPath() + ">"); response.getWriter().println("Main"); response.getWriter().println("</a>"); response.getWriter().println(" : "); @@ -178,8 +174,7 @@ public class SystemInfoServlet extends HttpServlet { response.getWriter().println("Available Processors:"); response.getWriter().println("</td>"); response.getWriter().println("<td>"); - response.getWriter() - .println(Runtime.getRuntime().availableProcessors()); + response.getWriter().println(Runtime.getRuntime().availableProcessors()); response.getWriter().println("</td>"); response.getWriter().println("</tr>"); response.getWriter().println("<tr>"); @@ -219,22 +214,20 @@ public class SystemInfoServlet extends HttpServlet { response.getWriter().println("Free Memory / Total Memory:"); response.getWriter().println("</td>"); response.getWriter().println("<td>"); - response.getWriter().println( - (Runtime.getRuntime().freeMemory() * 100) - / Runtime.getRuntime().totalMemory() + "%"); + response.getWriter().println((Runtime.getRuntime().freeMemory() * 100) / Runtime.getRuntime().totalMemory() + "%"); response.getWriter().println("</td>"); response.getWriter().println("</tr>"); response.getWriter().println("</table>"); response.getWriter().println("</HTML>"); } - private void thread(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { + private void thread(HttpServletRequest request, + HttpServletResponse response) + throws ServletException, IOException { response.getWriter().println("</table>"); response.getWriter().println("<HTML>"); response.getWriter().println("<H1>"); - response.getWriter().println( - "<a href=" + request.getServletPath() + ">"); + response.getWriter().println("<a href=" + request.getServletPath() + ">"); response.getWriter().println("Main"); response.getWriter().println("</a>"); response.getWriter().println(" : "); diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/UserInfo.java b/pki/base/common/src/com/netscape/cms/servlet/base/UserInfo.java index ca829561..02ab5b52 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/UserInfo.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/UserInfo.java @@ -17,10 +17,11 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.base; + /** - * This class represents information about the client e.g. version, langauge, - * vendor. - * + * This class represents information about the client e.g. version, + * langauge, vendor. + * * @version $Revision$, $Date$ */ public class UserInfo { @@ -35,7 +36,7 @@ public class UserInfo { /** * Returns the user language. - * + * * @param s user language info from the browser * @return user language */ @@ -52,7 +53,7 @@ public class UserInfo { /** * Returns the user country. - * + * * @param s user language info from the browser * @return user country */ @@ -66,10 +67,10 @@ public class UserInfo { } return ""; } - + /** * Returns the users agent. - * + * * @param s user language info from the browser * @return user agent */ @@ -78,7 +79,7 @@ public class UserInfo { if (s.indexOf(MSIE) != -1) { return MSIE; } - + // Check for Netscape i.e. Mozilla if (s.indexOf(MOZILLA) != -1) { return MOZILLA; @@ -86,5 +87,5 @@ public class UserInfo { // Don't know agent. Return empty string. return ""; - } + } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java index 63ac96e1..47b3c9f1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; + import java.io.IOException; import java.math.BigInteger; import java.security.cert.CertificateException; @@ -67,9 +68,10 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; + /** * Revoke a certificate with a CMC-formatted revocation request - * + * * @version $Revision$, $Date$ */ public class CMCRevReqServlet extends CMSServlet { @@ -82,7 +84,7 @@ public class CMCRevReqServlet extends CMSServlet { // revocation templates. private final static String TPL_FILE = "revocationResult.template"; public static final String CRED_CMC = "cmcRequest"; - + private ICertificateRepository mCertDB = null; private String mFormPath = null; private IRequestQueue mQueue = null; @@ -91,26 +93,29 @@ public class CMCRevReqServlet extends CMSServlet { private final static String REVOKE = "revoke"; private final static String ON_HOLD = "on-hold"; private final static int ON_HOLD_REASON = 6; - private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; - private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; - - // http params + private final static String + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = + "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; + private final static String + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = + "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; + + // http params public static final String SERIAL_NO = TOKEN_CERT_SERIAL; public static final String REASON_CODE = "reasonCode"; public static final String CHALLENGE_PHRASE = "challengePhrase"; // request attributes public static final String SERIALNO_ARRAY = "serialNoArray"; - + public CMCRevReqServlet() { super(); } - /** + /** * initialize the servlet. - * - * @param sc servlet configuration, read from the web.xml file - */ + * @param sc servlet configuration, read from the web.xml file + */ public void init(ServletConfig sc) throws ServletException { super.init(sc); @@ -121,65 +126,61 @@ public class CMCRevReqServlet extends CMSServlet { mTemplates.remove(CMSRequest.SUCCESS); if (mAuthority instanceof ICertificateAuthority) { - mCertDB = ((ICertificateAuthority) mAuthority) - .getCertificateRepository(); + mCertDB = ((ICertificateAuthority) mAuthority).getCertificateRepository(); } if (mAuthority instanceof ICertAuthority) { - mPublisherProcessor = ((ICertAuthority) mAuthority) - .getPublisherProcessor(); + mPublisherProcessor = ((ICertAuthority) mAuthority).getPublisherProcessor(); } mQueue = mAuthority.getRequestQueue(); if (mOutputTemplatePath != null) mFormPath = mOutputTemplatePath; } - /** - * Process the HTTP request. - * - * <ul> - * <li>http.param cmcRequest the base-64 encoded CMC request - * </ul> - * - * @param cmsReq the object holding the request and response information + + /** + * Process the HTTP request. + * + * <ul> + * <li>http.param cmcRequest the base-64 encoded CMC request + * </ul> + * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { String cmcAgentSerialNumber = null; IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest req = cmsReq.getHttpReq(); - HttpServletResponse resp = cmsReq.getHttpResp(); - + HttpServletResponse resp = cmsReq.getHttpResp(); + CMSTemplate form = null; Locale[] locale = new Locale[1]; - CMS.debug("**** mFormPath = " + mFormPath); +CMS.debug("**** mFormPath = "+mFormPath); try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } EBaseException error = null; IArgBlock header = CMS.createArgBlock(); IArgBlock ctx = CMS.createArgBlock(); CMSTemplateParams argSet = new CMSTemplateParams(header, ctx); + String cmc = (String) httpParams.get(CRED_CMC); if (cmc == null) { - throw new EMissingCredential(CMS.getUserMessage( - "CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_CMC)); + throw new EMissingCredential( + CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_CMC)); } IAuthToken authToken = authenticate(cmsReq); AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "revoke"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, "revoke"); } catch (Exception e) { // do nothing for now } @@ -189,10 +190,10 @@ public class CMCRevReqServlet extends CMSServlet { return; } - // IAuthToken authToken = getAuthToken(cmsReq); - // Object subject = authToken.get(CMCAuth.TOKEN_CERT_SERIAL); - // Object uid = authToken.get("uid"); - // =========================== + //IAuthToken authToken = getAuthToken(cmsReq); + //Object subject = authToken.get(CMCAuth.TOKEN_CERT_SERIAL); + //Object uid = authToken.get("uid"); + //=========================== String authMgr = AuditFormat.NOAUTH; BigInteger[] serialNoArray = null; @@ -200,38 +201,36 @@ public class CMCRevReqServlet extends CMSServlet { serialNoArray = authToken.getInBigIntegerArray(TOKEN_CERT_SERIAL); } - Integer reasonCode = Integer.valueOf(0); - if (authToken != null) { + Integer reasonCode = Integer.valueOf(0); + if (authToken != null) { reasonCode = authToken.getInInteger(REASON_CODE); } - RevocationReason reason = RevocationReason.fromInt(reasonCode - .intValue()); + RevocationReason reason = RevocationReason.fromInt(reasonCode.intValue()); String comments = ""; Date invalidityDate = null; String revokeAll = null; int verifiedRecordCount = 0; int totalRecordCount = 0; - + if (serialNoArray != null) { totalRecordCount = serialNoArray.length; verifiedRecordCount = serialNoArray.length; } - + X509CertImpl[] certs = null; - // for audit log. + //for audit log. String initiative = null; if (mAuthMgr != null && mAuthMgr.equals("CMCAuth")) { // request is from agent if (authToken != null) { - authMgr = authToken - .getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); + authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); String agentID = authToken.getInString("userid"); - initiative = AuditFormat.FROMAGENT + " agentID: " + agentID - + " authenticated by " + authMgr; + initiative = AuditFormat.FROMAGENT + " agentID: " + agentID + + " authenticated by " + authMgr; } } else { initiative = AuditFormat.FROMUSER; @@ -242,29 +241,24 @@ public class CMCRevReqServlet extends CMSServlet { certs = new X509CertImpl[serialNoArray.length]; for (int i = 0; i < serialNoArray.length; i++) { - certs[i] = ((ICertificateAuthority) mAuthority) - .getCertificateRepository().getX509Certificate( - serialNoArray[i]); + certs[i] = ((ICertificateAuthority) mAuthority).getCertificateRepository().getX509Certificate(serialNoArray[i]); } } else if (mAuthority instanceof IRegistrationAuthority) { IRequest getCertsChallengeReq = null; - getCertsChallengeReq = mQueue - .newRequest(GETCERTS_FOR_CHALLENGE_REQUEST); + getCertsChallengeReq = mQueue.newRequest( + GETCERTS_FOR_CHALLENGE_REQUEST); getCertsChallengeReq.setExtData(SERIALNO_ARRAY, serialNoArray); mQueue.processRequest(getCertsChallengeReq); RequestStatus status = getCertsChallengeReq.getRequestStatus(); if (status == RequestStatus.COMPLETE) { - certs = getCertsChallengeReq - .getExtDataInCertArray(IRequest.OLD_CERTS); - header.addStringValue("request", getCertsChallengeReq - .getRequestId().toString()); + certs = getCertsChallengeReq.getExtDataInCertArray(IRequest.OLD_CERTS); + header.addStringValue("request", getCertsChallengeReq.getRequestId().toString()); mRequestID = getCertsChallengeReq.getRequestId().toString(); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_FAIL_GET_CERT_CHALL_PWRD")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_GET_CERT_CHALL_PWRD")); } } @@ -274,23 +268,23 @@ public class CMCRevReqServlet extends CMSServlet { for (int i = 0; i < serialNoArray.length; i++) { IArgBlock rarg = CMS.createArgBlock(); - rarg.addBigIntegerValue("serialNumber", serialNoArray[i], 16); - rarg.addStringValue("subject", certs[i].getSubjectDN() - .toString()); - rarg.addLongValue("validNotBefore", certs[i].getNotBefore() - .getTime() / 1000); - rarg.addLongValue("validNotAfter", certs[i].getNotAfter() - .getTime() / 1000); - // argSet.addRepeatRecord(rarg); + rarg.addBigIntegerValue("serialNumber", + serialNoArray[i], 16); + rarg.addStringValue("subject", + certs[i].getSubjectDN().toString()); + rarg.addLongValue("validNotBefore", + certs[i].getNotBefore().getTime() / 1000); + rarg.addLongValue("validNotAfter", + certs[i].getNotAfter().getTime() / 1000); + //argSet.addRepeatRecord(rarg); } revokeAll = "(|(certRecordId=" + serialNoArray[0].toString() + "))"; - cmcAgentSerialNumber = authToken - .getInString(IAuthManager.CRED_SSL_CLIENT_CERT); - process(argSet, header, reasonCode.intValue(), invalidityDate, - initiative, req, resp, verifiedRecordCount, revokeAll, - totalRecordCount, comments, locale[0], cmcAgentSerialNumber); - + cmcAgentSerialNumber= authToken.getInString(IAuthManager.CRED_SSL_CLIENT_CERT); + process(argSet, header, reasonCode.intValue(), invalidityDate, initiative, req, resp, + verifiedRecordCount, revokeAll, totalRecordCount, + comments, locale[0],cmcAgentSerialNumber); + } else { header.addIntegerValue("totalRecordCount", 0); header.addIntegerValue("verifiedRecordCount", 0); @@ -299,56 +293,54 @@ public class CMCRevReqServlet extends CMSServlet { try { ServletOutputStream out = resp.getOutputStream(); - if ((serialNoArray == null) || (serialNoArray.length == 0)) { + if ((serialNoArray== null) || (serialNoArray.length == 0)) { cmsReq.setStatus(CMSRequest.ERROR); - EBaseException ee = new EBaseException( - "No matched certificate is found"); + EBaseException ee = new EBaseException("No matched certificate is found"); cmsReq.setError(ee); } else { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", - e.toString())); - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); + throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } } /** * get cert to revoke from agent. */ - private BigInteger getCertFromAgent(IArgBlock httpParams, - X509Certificate[] certContainer) throws EBaseException { + private BigInteger getCertFromAgent( + IArgBlock httpParams, X509Certificate[] certContainer) + throws EBaseException { BigInteger serialno = null; X509Certificate cert = null; // get serial no serialno = httpParams.getValueAsBigInteger(SERIAL_NO, null); if (serialno == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_REVOKE")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_REVOKE")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_SERIALNO_FOR_REVOKE")); + CMS.getUserMessage("CMS_GW_MISSING_SERIALNO_FOR_REVOKE")); } // get cert from db if we're cert authority. if (mAuthority instanceof ICertificateAuthority) { cert = getX509Certificate(serialno); if (cert == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_CERT_FOR_REVOCATION")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_INVALID_CERT_FOR_REVOCATION")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION")); + CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION")); } } certContainer[0] = cert; @@ -358,21 +350,23 @@ public class CMCRevReqServlet extends CMSServlet { /** * Revoke the specified certificate */ - private BigInteger getCertFromAuthMgr(AuthToken authToken, - X509Certificate[] certContainer) throws EBaseException { - X509CertImpl cert = authToken.getInCert(AuthToken.TOKEN_CERT); + private BigInteger getCertFromAuthMgr( + AuthToken authToken, X509Certificate[] certContainer) + throws EBaseException { + X509CertImpl cert = + authToken.getInCert(AuthToken.TOKEN_CERT); if (cert == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CERTS_REVOKE_FROM_AUTHMGR")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_CERTS_REVOKE_FROM_AUTHMGR")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_CERTS_REVOKE_FROM_AUTHMGR")); + CMS.getUserMessage("CMS_GW_MISSING_CERTS_REVOKE_FROM_AUTHMGR")); } - if (mAuthority instanceof ICertificateAuthority && !isCertFromCA(cert)) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_CERT_FOR_REVOCATION")); + if (mAuthority instanceof ICertificateAuthority && + !isCertFromCA(cert)) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_CERT_FOR_REVOCATION")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION")); + CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION")); } certContainer[0] = cert; BigInteger serialno = ((X509Certificate) cert).getSerialNumber(); @@ -381,23 +375,25 @@ public class CMCRevReqServlet extends CMSServlet { } /** - * get cert to revoke from ssl + * get cert to revoke from ssl */ - private BigInteger getCertFromSSL(HttpServletRequest req, - X509CertImpl[] certContainer) throws EBaseException { + private BigInteger getCertFromSSL( + HttpServletRequest req, X509CertImpl[] certContainer) + throws EBaseException { X509Certificate cert = getSSLClientCertificate(req); if (cert == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CERTS_REVOKE_FROM_SSL")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_CERTS_REVOKE_FROM_SSL")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_CERTS_REVOKE_FROM_SSL")); + CMS.getUserMessage("CMS_GW_MISSING_CERTS_REVOKE_FROM_SSL")); } - if (mAuthority instanceof ICertificateAuthority && !isCertFromCA(cert)) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_CERT_FOR_REVOCATION", "")); + if (mAuthority instanceof ICertificateAuthority && + !isCertFromCA(cert)) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_INVALID_CERT_FOR_REVOCATION", "")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION")); + CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION")); } BigInteger serialno = ((X509Certificate) cert).getSerialNumber(); @@ -410,52 +406,56 @@ public class CMCRevReqServlet extends CMSServlet { * Process cert status change request using the Certificate Management * protocol using CMS (CMC) * <P> - * + * * (Certificate Request - an "EE" cert status change request) * <P> - * + * * (Certificate Request Processed - an "EE" cert status change request) * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used - * when a cert status change request (e. g. - "revocation") is made (before + * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when + * a cert status change request (e. g. - "revocation") is made (before * approval process) - * <li>signed.audit - * LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a - * certificate status is changed (revoked, expired, on-hold, off-hold) + * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED + * used when a certificate status is changed (revoked, expired, on-hold, + * off-hold) * </ul> - * * @param argSet CMS template parameters * @param header argument block - * @param reason revocation reason (0 - Unspecified, 1 - Key compromised, 2 - * - CA key compromised; should not be used, 3 - Affiliation - * changed, 4 - Certificate superceded, 5 - Cessation of - * operation, or 6 - Certificate is on hold) + * @param reason revocation reason (0 - Unspecified, 1 - Key compromised, + * 2 - CA key compromised; should not be used, 3 - Affiliation changed, + * 4 - Certificate superceded, 5 - Cessation of operation, or + * 6 - Certificate is on hold) * @param invalidityDate certificate validity date * @param initiative string containing the audit format * @param req HTTP servlet request * @param resp HTTP servlet response * @param verifiedRecordCount number of verified records - * @param revokeAll string containing information on all of the certificates - * to be revoked + * @param revokeAll string containing information on all of the + * certificates to be revoked * @param totalRecordCount total number of records (verified and unverified) * @param comments string containing certificate comments * @param locale the system locale * @exception EBaseException an error has occurred */ private void process(CMSTemplateParams argSet, IArgBlock header, - int reason, Date invalidityDate, String initiative, - HttpServletRequest req, HttpServletResponse resp, - int verifiedRecordCount, String revokeAll, int totalRecordCount, - String comments, Locale locale, String cmcAgentSerialNumber) - throws EBaseException { + int reason, Date invalidityDate, + String initiative, + HttpServletRequest req, + HttpServletResponse resp, + int verifiedRecordCount, + String revokeAll, + int totalRecordCount, + String comments, + Locale locale,String cmcAgentSerialNumber) + throws EBaseException { String eeSerialNumber = null; - if (cmcAgentSerialNumber != null) { + if(cmcAgentSerialNumber!=null) { eeSerialNumber = cmcAgentSerialNumber; - } else { - X509CertImpl sslCert = (X509CertImpl) getSSLClientCertificate(req); - if (sslCert != null) { + }else{ + X509CertImpl sslCert = ( X509CertImpl ) getSSLClientCertificate( req ); + if( sslCert != null ) { eeSerialNumber = sslCert.getSerialNumber().toString(); } } @@ -463,11 +463,11 @@ public class CMCRevReqServlet extends CMSServlet { boolean auditRequest = true; String auditMessage = null; String auditSubjectID = auditSubjectID(); - String auditRequesterID = auditRequesterID(req); - String auditSerialNumber = auditSerialNumber(eeSerialNumber); - String auditRequestType = auditRequestType(reason); + String auditRequesterID = auditRequesterID( req ); + String auditSerialNumber = auditSerialNumber( eeSerialNumber ); + String auditRequestType = auditRequestType( reason ); String auditApprovalStatus = ILogger.SIGNED_AUDIT_EMPTY_VALUE; - String auditReasonNum = String.valueOf(reason); + String auditReasonNum = String.valueOf( reason ); try { int count = 0; @@ -496,9 +496,8 @@ public class CMCRevReqServlet extends CMSServlet { } if (mAuthority instanceof ICertificateAuthority) { - ICertRecordList list = (ICertRecordList) mCertDB - .findCertRecordsInList(revokeAll, null, - totalRecordCount); + ICertRecordList list = (ICertRecordList) mCertDB.findCertRecordsInList( + revokeAll, null, totalRecordCount); Enumeration e = list.getCertRecords(0, totalRecordCount - 1); while (e != null && e.hasMoreElements()) { @@ -507,18 +506,18 @@ public class CMCRevReqServlet extends CMSServlet { IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - cert.getSerialNumber(), 16); + cert.getSerialNumber(), 16); if (rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) { - rarg.addStringValue("error", "Certificate " - + cert.getSerialNumber().toString() - + " is already revoked."); + rarg.addStringValue("error", "Certificate " + + cert.getSerialNumber().toString() + + " is already revoked."); } else { oldCertsV.addElement(cert); - RevokedCertImpl revCertImpl = new RevokedCertImpl( - cert.getSerialNumber(), CMS.getCurrentDate(), - entryExtn); + RevokedCertImpl revCertImpl = + new RevokedCertImpl(cert.getSerialNumber(), + CMS.getCurrentDate(), entryExtn); revCertImplsV.addElement(revCertImpl); count++; @@ -530,48 +529,42 @@ public class CMCRevReqServlet extends CMSServlet { } else if (mAuthority instanceof IRegistrationAuthority) { String reqIdStr = null; - if (mRequestID != null && mRequestID.length() > 0) + if (mRequestID != null && mRequestID.length() > 0) reqIdStr = mRequestID; Vector serialNumbers = new Vector(); if (revokeAll != null && revokeAll.length() > 0) { - for (int i = revokeAll.indexOf('='); i < revokeAll.length() - && i > -1; i = revokeAll.indexOf('=', i)) { + for (int i = revokeAll.indexOf('='); + i < revokeAll.length() && i > -1; + i = revokeAll.indexOf('=', i)) { if (i > -1) { i++; - while (i < revokeAll.length() - && revokeAll.charAt(i) == ' ') { + while (i < revokeAll.length() && revokeAll.charAt(i) == ' ') { i++; } String legalDigits = "0123456789"; int j = i; - while (j < revokeAll.length() - && legalDigits.indexOf(revokeAll.charAt(j)) != -1) { + while (j < revokeAll.length() && + legalDigits.indexOf(revokeAll.charAt(j)) != -1) { j++; } if (j > i) { - serialNumbers.addElement(revokeAll.substring(i, - j)); + serialNumbers.addElement(revokeAll.substring(i, j)); } } } } - if (reqIdStr != null && reqIdStr.length() > 0 - && serialNumbers.size() > 0) { - IRequest certReq = mRequestQueue.findRequest(new RequestId( - reqIdStr)); - X509CertImpl[] certs = certReq - .getExtDataInCertArray(IRequest.OLD_CERTS); + if (reqIdStr != null && reqIdStr.length() > 0 && serialNumbers.size() > 0) { + IRequest certReq = mRequestQueue.findRequest(new RequestId(reqIdStr)); + X509CertImpl[] certs = certReq.getExtDataInCertArray(IRequest.OLD_CERTS); for (int i = 0; i < certs.length; i++) { boolean addToList = false; for (int j = 0; j < serialNumbers.size(); j++) { - if (certs[i] - .getSerialNumber() - .toString() - .equals((String) serialNumbers.elementAt(j))) { + if (certs[i].getSerialNumber().toString().equals( + (String) serialNumbers.elementAt(j))) { addToList = true; break; } @@ -580,11 +573,11 @@ public class CMCRevReqServlet extends CMSServlet { IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - certs[i].getSerialNumber(), 16); + certs[i].getSerialNumber(), 16); oldCertsV.addElement(certs[i]); - RevokedCertImpl revCertImpl = new RevokedCertImpl( - certs[i].getSerialNumber(), + RevokedCertImpl revCertImpl = + new RevokedCertImpl(certs[i].getSerialNumber(), CMS.getCurrentDate(), entryExtn); revCertImplsV.addElement(revCertImpl); @@ -597,18 +590,17 @@ public class CMCRevReqServlet extends CMSServlet { String b64eCert = req.getParameter("b64eCertificate"); if (b64eCert != null) { - byte[] certBytes = com.netscape.osutil.OSUtil - .AtoB(b64eCert); + byte[] certBytes = com.netscape.osutil.OSUtil.AtoB(b64eCert); X509CertImpl cert = new X509CertImpl(certBytes); IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - cert.getSerialNumber(), 16); + cert.getSerialNumber(), 16); oldCertsV.addElement(cert); - RevokedCertImpl revCertImpl = new RevokedCertImpl( - cert.getSerialNumber(), CMS.getCurrentDate(), - entryExtn); + RevokedCertImpl revCertImpl = + new RevokedCertImpl(cert.getSerialNumber(), + CMS.getCurrentDate(), entryExtn); revCertImplsV.addElement(revCertImpl); count++; @@ -628,13 +620,17 @@ public class CMCRevReqServlet extends CMSServlet { revCertImpls[i] = (RevokedCertImpl) revCertImplsV.elementAt(i); } - IRequest revReq = mQueue.newRequest(IRequest.REVOCATION_REQUEST); + IRequest revReq = + mQueue.newRequest(IRequest.REVOCATION_REQUEST); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, ILogger.SUCCESS, auditRequesterID, - auditSerialNumber, auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + auditSerialNumber, + auditRequestType); audit(auditMessage); @@ -664,35 +660,30 @@ public class CMCRevReqServlet extends CMSServlet { Integer result = revReq.getExtDataInInteger(IRequest.RESULT); if (result.equals(IRequest.RES_ERROR)) { - String[] svcErrors = revReq - .getExtDataInStringArray(IRequest.SVCERRORS); + String[] svcErrors = + revReq.getExtDataInStringArray(IRequest.SVCERRORS); if (svcErrors != null && svcErrors.length > 0) { for (int i = 0; i < svcErrors.length; i++) { String err = svcErrors[i]; if (err != null) { - // cmsReq.setErrorDescription(err); + //cmsReq.setErrorDescription(err); for (int j = 0; j < count; j++) { if (oldCerts[j] != null) { - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "completed with error: " - + err, - oldCerts[j] - .getSubjectDN(), - oldCerts[j] - .getSerialNumber() - .toString(16), - RevocationReason - .fromInt(reason) - .toString() }); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "completed with error: " + + err, + oldCerts[j].getSubjectDN(), + oldCerts[j].getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString()} + ); } } } @@ -704,27 +695,24 @@ public class CMCRevReqServlet extends CMSServlet { // audit log the success. for (int j = 0; j < count; j++) { if (oldCerts[j] != null) { - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "completed", - oldCerts[j].getSubjectDN(), - oldCerts[j].getSerialNumber().toString( - 16), - RevocationReason.fromInt(reason) - .toString() }); + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "completed", + oldCerts[j].getSubjectDN(), + oldCerts[j].getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString()} + ); } } header.addStringValue("revoked", "yes"); - Integer updateCRLResult = revReq - .getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); + Integer updateCRLResult = + revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); if (updateCRLResult != null) { header.addStringValue("updateCRL", "yes"); @@ -732,98 +720,92 @@ public class CMCRevReqServlet extends CMSServlet { header.addStringValue("updateCRLSuccess", "yes"); } else { header.addStringValue("updateCRLSuccess", "no"); - String crlError = revReq - .getExtDataInString(IRequest.CRL_UPDATE_ERROR); + String crlError = + revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR); if (crlError != null) - header.addStringValue("updateCRLError", crlError); + header.addStringValue("updateCRLError", + crlError); } // let known crl publishing status too. - Integer publishCRLResult = revReq - .getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); + Integer publishCRLResult = + revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); if (publishCRLResult != null) { if (publishCRLResult.equals(IRequest.RES_SUCCESS)) { header.addStringValue("publishCRLSuccess", "yes"); } else { header.addStringValue("publishCRLSuccess", "no"); - String publError = revReq - .getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + String publError = + revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); if (publError != null) header.addStringValue("publishCRLError", - publError); + publError); } } } if (mAuthority instanceof ICertificateAuthority) { // let known update and publish status of all crls. - Enumeration otherCRLs = ((ICertificateAuthority) mAuthority) - .getCRLIssuingPoints(); + Enumeration otherCRLs = + ((ICertificateAuthority) mAuthority).getCRLIssuingPoints(); while (otherCRLs.hasMoreElements()) { - ICRLIssuingPoint crl = (ICRLIssuingPoint) otherCRLs - .nextElement(); + ICRLIssuingPoint crl = (ICRLIssuingPoint) + otherCRLs.nextElement(); String crlId = crl.getId(); if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL)) continue; String updateStatusStr = crl.getCrlUpdateStatusStr(); - Integer updateResult = revReq - .getExtDataInInteger(updateStatusStr); + Integer updateResult = revReq.getExtDataInInteger(updateStatusStr); if (updateResult != null) { if (updateResult.equals(IRequest.RES_SUCCESS)) { - CMS.debug("CMCRevReqServlet: " - + CMS.getLogMessage( - "ADMIN_SRVLT_ADDING_HEADER", - updateStatusStr)); + CMS.debug("CMCRevReqServlet: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER", + updateStatusStr)); header.addStringValue(updateStatusStr, "yes"); } else { - String updateErrorStr = crl - .getCrlUpdateErrorStr(); + String updateErrorStr = crl.getCrlUpdateErrorStr(); - CMS.debug("CMCRevReqServlet: " - + CMS.getLogMessage( - "ADMIN_SRVLT_ADDING_HEADER_NO", - updateStatusStr)); + CMS.debug("CMCRevReqServlet: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER_NO", + updateStatusStr)); header.addStringValue(updateStatusStr, "no"); - String error = revReq - .getExtDataInString(updateErrorStr); + String error = + revReq.getExtDataInString(updateErrorStr); if (error != null) - header.addStringValue(updateErrorStr, error); + header.addStringValue(updateErrorStr, + error); } - String publishStatusStr = crl - .getCrlPublishStatusStr(); - Integer publishResult = revReq - .getExtDataInInteger(publishStatusStr); + String publishStatusStr = crl.getCrlPublishStatusStr(); + Integer publishResult = + revReq.getExtDataInInteger(publishStatusStr); if (publishResult == null) continue; if (publishResult.equals(IRequest.RES_SUCCESS)) { header.addStringValue(publishStatusStr, "yes"); } else { - String publishErrorStr = crl - .getCrlPublishErrorStr(); + String publishErrorStr = + crl.getCrlPublishErrorStr(); header.addStringValue(publishStatusStr, "no"); - String error = revReq - .getExtDataInString(publishErrorStr); + String error = + revReq.getExtDataInString(publishErrorStr); if (error != null) - header.addStringValue(publishErrorStr, - error); + header.addStringValue( + publishErrorStr, error); } } } } - if (mPublisherProcessor != null - && mPublisherProcessor.ldapEnabled()) { + if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) { header.addStringValue("dirEnabled", "yes"); - Integer[] ldapPublishStatus = revReq - .getExtDataInIntegerArray("ldapPublishStatus"); + Integer[] ldapPublishStatus = + revReq.getExtDataInIntegerArray("ldapPublishStatus"); int certsToUpdate = 0; int certsUpdated = 0; @@ -839,11 +821,12 @@ public class CMCRevReqServlet extends CMSServlet { header.addIntegerValue("certsToUpdate", certsToUpdate); // add crl publishing status. - String publError = revReq - .getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + String publError = + revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); if (publError != null) { - header.addStringValue("crlPublishError", publError); + header.addStringValue("crlPublishError", + publError); } } else { header.addStringValue("dirEnabled", "no"); @@ -856,32 +839,27 @@ public class CMCRevReqServlet extends CMSServlet { // audit log the pending for (int j = 0; j < count; j++) { if (oldCerts[j] != null) { - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "pending", - oldCerts[j].getSubjectDN(), - oldCerts[j].getSerialNumber().toString( - 16), - RevocationReason.fromInt(reason) - .toString() }); + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "pending", + oldCerts[j].getSubjectDN(), + oldCerts[j].getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString()} + ); } } } else { - Vector errors = revReq - .getExtDataInStringVector(IRequest.ERRORS); + Vector errors = revReq.getExtDataInStringVector(IRequest.ERRORS); StringBuffer errorStr = new StringBuffer(); if (errors != null && errors.size() > 0) { for (int ii = 0; ii < errors.size(); ii++) { - errorStr.append(errors.elementAt(ii)); - ; + errorStr.append(errors.elementAt(ii));; } } header.addStringValue("error", errorStr.toString()); @@ -889,20 +867,17 @@ public class CMCRevReqServlet extends CMSServlet { // audit log the error for (int j = 0; j < count; j++) { if (oldCerts[j] != null) { - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - stat.toString(), - oldCerts[j].getSubjectDN(), - oldCerts[j].getSerialNumber().toString( - 16), - RevocationReason.fromInt(reason) - .toString() }); + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + stat.toString(), + oldCerts[j].getSubjectDN(), + oldCerts[j].getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString()} + ); } } } @@ -911,17 +886,17 @@ public class CMCRevReqServlet extends CMSServlet { // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus - .equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus - .equals(RequestStatus.CANCELED_STRING))) { - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, ILogger.SUCCESS, - auditRequesterID, auditSerialNumber, - auditRequestType, auditReasonNum, - auditApprovalStatus); + || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + auditSerialNumber, + auditRequestType, + auditReasonNum, + auditApprovalStatus); audit(auditMessage); } @@ -931,9 +906,12 @@ public class CMCRevReqServlet extends CMSServlet { // store a "CERT_STATUS_CHANGE_REQUEST" failure // message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, ILogger.FAILURE, auditRequesterID, - auditSerialNumber, auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType); audit(auditMessage); } else { @@ -942,17 +920,18 @@ public class CMCRevReqServlet extends CMSServlet { // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus - .equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus - .equals(RequestStatus.CANCELED_STRING))) { - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, - auditRequesterID, auditSerialNumber, - auditRequestType, auditReasonNum, - auditApprovalStatus); + || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) + { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType, + auditReasonNum, + auditApprovalStatus); audit(auditMessage); } @@ -966,9 +945,12 @@ public class CMCRevReqServlet extends CMSServlet { // store a "CERT_STATUS_CHANGE_REQUEST" failure // message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, ILogger.FAILURE, auditRequesterID, - auditSerialNumber, auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType); audit(auditMessage); } else { @@ -977,17 +959,18 @@ public class CMCRevReqServlet extends CMSServlet { // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus - .equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus - .equals(RequestStatus.CANCELED_STRING))) { - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, - auditRequesterID, auditSerialNumber, - auditRequestType, auditReasonNum, - auditApprovalStatus); + || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) + { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType, + auditReasonNum, + auditApprovalStatus); audit(auditMessage); } @@ -996,16 +979,18 @@ public class CMCRevReqServlet extends CMSServlet { throw e; } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED", - e.toString())); + CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED", e.toString())); if (auditRequest) { // store a "CERT_STATUS_CHANGE_REQUEST" failure // message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, ILogger.FAILURE, auditRequesterID, - auditSerialNumber, auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType); audit(auditMessage); } else { @@ -1014,32 +999,35 @@ public class CMCRevReqServlet extends CMSServlet { // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus - .equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus - .equals(RequestStatus.CANCELED_STRING))) { - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, - auditRequesterID, auditSerialNumber, - auditRequestType, auditReasonNum, - auditApprovalStatus); + || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) + { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType, + auditReasonNum, + auditApprovalStatus); audit(auditMessage); } } - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED")); + throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED")); } catch (Exception e) { if (auditRequest) { // store a "CERT_STATUS_CHANGE_REQUEST" failure // message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, ILogger.FAILURE, auditRequesterID, - auditSerialNumber, auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType); audit(auditMessage); } else { @@ -1048,17 +1036,18 @@ public class CMCRevReqServlet extends CMSServlet { // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus - .equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus - .equals(RequestStatus.CANCELED_STRING))) { - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, - auditRequesterID, auditSerialNumber, - auditRequestType, auditReasonNum, - auditApprovalStatus); + || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) + { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType, + auditReasonNum, + auditApprovalStatus); audit(auditMessage); } @@ -1072,11 +1061,11 @@ public class CMCRevReqServlet extends CMSServlet { /** * Signed Audit Log Requester ID - * - * This method is called to obtain the "RequesterID" for a signed audit log - * message. + * + * This method is called to obtain the "RequesterID" for + * a signed audit log message. * <P> - * + * * @param req HTTP request * @return id string containing the signed audit log message RequesterID */ @@ -1102,11 +1091,11 @@ public class CMCRevReqServlet extends CMSServlet { /** * Signed Audit Log Serial Number - * + * * This method is called to obtain the serial number of the certificate * whose status is to be changed for a signed audit log message. * <P> - * + * * @param eeSerialNumber a string containing the un-normalized serialNumber * @return id string containing the signed audit log message RequesterID */ @@ -1124,8 +1113,8 @@ public class CMCRevReqServlet extends CMSServlet { // convert it to hexadecimal serialNumber = "0x" - + Integer.toHexString(Integer.valueOf(serialNumber) - .intValue()); + + Integer.toHexString( + Integer.valueOf(serialNumber).intValue()); } else { serialNumber = ILogger.SIGNED_AUDIT_EMPTY_VALUE; } @@ -1135,11 +1124,11 @@ public class CMCRevReqServlet extends CMSServlet { /** * Signed Audit Log Request Type - * - * This method is called to obtain the "Request Type" for a signed audit log - * message. + * + * This method is called to obtain the "Request Type" for + * a signed audit log message. * <P> - * + * * @param reason an integer denoting the revocation reason * @return string containing REVOKE or ON_HOLD */ @@ -1161,3 +1150,4 @@ public class CMCRevReqServlet extends CMSServlet { return requestType; } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java b/pki/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java index 807f0493..8dff2768 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; + import java.io.IOException; import java.math.BigInteger; import java.security.cert.CertificateException; @@ -65,11 +66,11 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; + /** - * Takes the certificate info (serial number) and optional challenge phrase, - * creates a revocation request and submits it to the authority subsystem for - * processing - * + * Takes the certificate info (serial number) and optional challenge phrase, creates a + * revocation request and submits it to the authority subsystem for processing + * * @version $Revision$, $Date$ */ public class ChallengeRevocationServlet1 extends CMSServlet { @@ -88,7 +89,7 @@ public class ChallengeRevocationServlet1 extends CMSServlet { private IPublisherProcessor mPublisherProcessor = null; private String mRequestID = null; - // http params + // http params public static final String SERIAL_NO = TOKEN_CERT_SERIAL; public static final String REASON_CODE = "reasonCode"; public static final String CHALLENGE_PHRASE = "challengePhrase"; @@ -101,10 +102,10 @@ public class ChallengeRevocationServlet1 extends CMSServlet { } /** - * Initialize the servlet. This servlet uses the file - * revocationResult.template for the response - * - * @param sc servlet configuration, read from the web.xml file + * Initialize the servlet. This servlet uses the file + * revocationResult.template for the response + * + * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { super.init(sc); @@ -115,27 +116,26 @@ public class ChallengeRevocationServlet1 extends CMSServlet { mTemplates.remove(CMSRequest.SUCCESS); if (mAuthority instanceof ICertificateAuthority) { - mCertDB = ((ICertificateAuthority) mAuthority) - .getCertificateRepository(); + mCertDB = ((ICertificateAuthority) mAuthority).getCertificateRepository(); } if (mAuthority instanceof ICertAuthority) { - mPublisherProcessor = ((ICertAuthority) mAuthority) - .getPublisherProcessor(); + mPublisherProcessor = ((ICertAuthority) mAuthority).getPublisherProcessor(); } mQueue = mAuthority.getRequestQueue(); } - /** - * Process the HTTP request. + /** + * Process the HTTP request. * <ul> * <li>http.param REASON_CODE the revocation reason - * <li>http.param b64eCertificate the base-64 encoded certificate to revoke + * <li>http.param b64eCertificate the base-64 encoded certificate to revoke * </ul> - * + * * @param cmsReq the object holding the request and response information */ - protected void process(CMSRequest cmsReq) throws EBaseException { + protected void process(CMSRequest cmsReq) + throws EBaseException { IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest req = cmsReq.getHttpReq(); HttpServletResponse resp = cmsReq.getHttpResp(); @@ -146,10 +146,8 @@ public class ChallengeRevocationServlet1 extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } EBaseException error = null; @@ -161,40 +159,37 @@ public class ChallengeRevocationServlet1 extends CMSServlet { // for audit log IAuthToken authToken = authenticate(cmsReq); String authMgr = AuditFormat.NOAUTH; - + BigInteger[] serialNoArray = null; if (authToken != null) { serialNoArray = authToken.getInBigIntegerArray(SERIAL_NO); } // set revocation reason, default to unspecified if not set. - int reasonCode = httpParams.getValueAsInt(REASON_CODE, 0); - // header.addIntegerValue("reason", reasonCode); + int reasonCode = + httpParams.getValueAsInt(REASON_CODE, 0); + // header.addIntegerValue("reason", reasonCode); RevocationReason reason = RevocationReason.fromInt(reasonCode); String comments = req.getParameter(IRequest.REQUESTOR_COMMENTS); Date invalidityDate = null; String revokeAll = null; - int totalRecordCount = (serialNoArray != null) ? serialNoArray.length - : 0; - int verifiedRecordCount = (serialNoArray != null) ? serialNoArray.length - : 0; + int totalRecordCount = (serialNoArray != null)? serialNoArray.length:0; + int verifiedRecordCount = (serialNoArray != null)? serialNoArray.length:0; X509CertImpl[] certs = null; - // for audit log. + //for audit log. String initiative = null; - if (mAuthMgr != null - && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { + if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { // request is from agent if (authToken != null) { - authMgr = authToken - .getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); + authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); String agentID = authToken.getInString("userid"); - initiative = AuditFormat.FROMAGENT + " agentID: " + agentID - + " authenticated by " + authMgr; + initiative = AuditFormat.FROMAGENT + " agentID: " + agentID + + " authenticated by " + authMgr; } } else { initiative = AuditFormat.FROMUSER; @@ -203,11 +198,11 @@ public class ChallengeRevocationServlet1 extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "revoke"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "revoke"); } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -220,29 +215,24 @@ public class ChallengeRevocationServlet1 extends CMSServlet { certs = new X509CertImpl[serialNoArray.length]; for (int i = 0; i < serialNoArray.length; i++) { - certs[i] = ((ICertificateAuthority) mAuthority) - .getCertificateRepository().getX509Certificate( - serialNoArray[i]); + certs[i] = ((ICertificateAuthority) mAuthority).getCertificateRepository().getX509Certificate(serialNoArray[i]); } } else if (mAuthority instanceof IRegistrationAuthority) { IRequest getCertsChallengeReq = null; - getCertsChallengeReq = mQueue - .newRequest(GETCERTS_FOR_CHALLENGE_REQUEST); + getCertsChallengeReq = mQueue.newRequest( + GETCERTS_FOR_CHALLENGE_REQUEST); getCertsChallengeReq.setExtData(SERIALNO_ARRAY, serialNoArray); mQueue.processRequest(getCertsChallengeReq); RequestStatus status = getCertsChallengeReq.getRequestStatus(); if (status == RequestStatus.COMPLETE) { - certs = getCertsChallengeReq - .getExtDataInCertArray(IRequest.OLD_CERTS); - header.addStringValue("request", getCertsChallengeReq - .getRequestId().toString()); + certs = getCertsChallengeReq.getExtDataInCertArray(IRequest.OLD_CERTS); + header.addStringValue("request", getCertsChallengeReq.getRequestId().toString()); mRequestID = getCertsChallengeReq.getRequestId().toString(); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_FAIL_GET_CERT_CHALL_PWRD")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_GET_CERT_CHALL_PWRD")); } } @@ -252,20 +242,21 @@ public class ChallengeRevocationServlet1 extends CMSServlet { for (int i = 0; i < serialNoArray.length; i++) { IArgBlock rarg = CMS.createArgBlock(); - rarg.addBigIntegerValue("serialNumber", serialNoArray[i], 16); - rarg.addStringValue("subject", certs[i].getSubjectDN() - .toString()); - rarg.addLongValue("validNotBefore", certs[i].getNotBefore() - .getTime() / 1000); - rarg.addLongValue("validNotAfter", certs[i].getNotAfter() - .getTime() / 1000); - // argSet.addRepeatRecord(rarg); + rarg.addBigIntegerValue("serialNumber", + serialNoArray[i], 16); + rarg.addStringValue("subject", + certs[i].getSubjectDN().toString()); + rarg.addLongValue("validNotBefore", + certs[i].getNotBefore().getTime() / 1000); + rarg.addLongValue("validNotAfter", + certs[i].getNotAfter().getTime() / 1000); + //argSet.addRepeatRecord(rarg); } revokeAll = "(|(certRecordId=" + serialNoArray[0].toString() + "))"; - process(argSet, header, reasonCode, invalidityDate, initiative, - req, resp, verifiedRecordCount, revokeAll, - totalRecordCount, comments, locale[0]); + process(argSet, header, reasonCode, invalidityDate, initiative, req, resp, + verifiedRecordCount, revokeAll, totalRecordCount, + comments, locale[0]); } else { header.addIntegerValue("totalRecordCount", 0); header.addIntegerValue("verifiedRecordCount", 0); @@ -274,11 +265,10 @@ public class ChallengeRevocationServlet1 extends CMSServlet { try { ServletOutputStream out = resp.getOutputStream(); - if (serialNoArray == null) { - CMS.debug("ChallengeRevcationServlet1::process() - " - + " serialNoArray is null!"); - EBaseException ee = new EBaseException( - "No matched certificate is found"); + if( serialNoArray == null ) { + CMS.debug( "ChallengeRevcationServlet1::process() - " + + " serialNoArray is null!" ); + EBaseException ee = new EBaseException( "No matched certificate is found" ); cmsReq.setError(ee); return; @@ -286,34 +276,37 @@ public class ChallengeRevocationServlet1 extends CMSServlet { if (serialNoArray.length == 0) { cmsReq.setStatus(CMSRequest.ERROR); - EBaseException ee = new EBaseException( - "No matched certificate is found"); + EBaseException ee = new EBaseException("No matched certificate is found"); cmsReq.setError(ee); } else { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", - e.toString())); - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); + throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } } private void process(CMSTemplateParams argSet, IArgBlock header, - int reason, Date invalidityDate, String initiative, - HttpServletRequest req, HttpServletResponse resp, - int verifiedRecordCount, String revokeAll, int totalRecordCount, - String comments, Locale locale) throws EBaseException { + int reason, Date invalidityDate, + String initiative, + HttpServletRequest req, + HttpServletResponse resp, + int verifiedRecordCount, + String revokeAll, + int totalRecordCount, + String comments, + Locale locale) + throws EBaseException { try { int count = 0; Vector oldCertsV = new Vector(); @@ -341,9 +334,8 @@ public class ChallengeRevocationServlet1 extends CMSServlet { } if (mAuthority instanceof ICertificateAuthority) { - ICertRecordList list = (ICertRecordList) mCertDB - .findCertRecordsInList(revokeAll, null, - totalRecordCount); + ICertRecordList list = (ICertRecordList) mCertDB.findCertRecordsInList( + revokeAll, null, totalRecordCount); Enumeration e = list.getCertRecords(0, totalRecordCount - 1); while (e != null && e.hasMoreElements()) { @@ -352,18 +344,18 @@ public class ChallengeRevocationServlet1 extends CMSServlet { IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - cert.getSerialNumber(), 16); + cert.getSerialNumber(), 16); if (rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) { - rarg.addStringValue("error", "Certificate " - + cert.getSerialNumber().toString() - + " is already revoked."); + rarg.addStringValue("error", "Certificate " + + cert.getSerialNumber().toString() + + " is already revoked."); } else { oldCertsV.addElement(cert); - RevokedCertImpl revCertImpl = new RevokedCertImpl( - cert.getSerialNumber(), CMS.getCurrentDate(), - entryExtn); + RevokedCertImpl revCertImpl = + new RevokedCertImpl(cert.getSerialNumber(), + CMS.getCurrentDate(), entryExtn); revCertImplsV.addElement(revCertImpl); count++; @@ -375,48 +367,42 @@ public class ChallengeRevocationServlet1 extends CMSServlet { } else if (mAuthority instanceof IRegistrationAuthority) { String reqIdStr = null; - if (mRequestID != null && mRequestID.length() > 0) + if (mRequestID != null && mRequestID.length() > 0) reqIdStr = mRequestID; Vector serialNumbers = new Vector(); if (revokeAll != null && revokeAll.length() > 0) { - for (int i = revokeAll.indexOf('='); i < revokeAll.length() - && i > -1; i = revokeAll.indexOf('=', i)) { + for (int i = revokeAll.indexOf('='); + i < revokeAll.length() && i > -1; + i = revokeAll.indexOf('=', i)) { if (i > -1) { i++; - while (i < revokeAll.length() - && revokeAll.charAt(i) == ' ') { + while (i < revokeAll.length() && revokeAll.charAt(i) == ' ') { i++; } String legalDigits = "0123456789"; int j = i; - while (j < revokeAll.length() - && legalDigits.indexOf(revokeAll.charAt(j)) != -1) { + while (j < revokeAll.length() && + legalDigits.indexOf(revokeAll.charAt(j)) != -1) { j++; } if (j > i) { - serialNumbers.addElement(revokeAll.substring(i, - j)); + serialNumbers.addElement(revokeAll.substring(i, j)); } } } } - if (reqIdStr != null && reqIdStr.length() > 0 - && serialNumbers.size() > 0) { - IRequest certReq = mRequestQueue.findRequest(new RequestId( - reqIdStr)); - X509CertImpl[] certs = certReq - .getExtDataInCertArray(IRequest.OLD_CERTS); + if (reqIdStr != null && reqIdStr.length() > 0 && serialNumbers.size() > 0) { + IRequest certReq = mRequestQueue.findRequest(new RequestId(reqIdStr)); + X509CertImpl[] certs = certReq.getExtDataInCertArray(IRequest.OLD_CERTS); for (int i = 0; i < certs.length; i++) { boolean addToList = false; for (int j = 0; j < serialNumbers.size(); j++) { - if (certs[i] - .getSerialNumber() - .toString() - .equals((String) serialNumbers.elementAt(j))) { + if (certs[i].getSerialNumber().toString().equals( + (String) serialNumbers.elementAt(j))) { addToList = true; break; } @@ -425,11 +411,11 @@ public class ChallengeRevocationServlet1 extends CMSServlet { IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - certs[i].getSerialNumber(), 16); + certs[i].getSerialNumber(), 16); oldCertsV.addElement(certs[i]); - RevokedCertImpl revCertImpl = new RevokedCertImpl( - certs[i].getSerialNumber(), + RevokedCertImpl revCertImpl = + new RevokedCertImpl(certs[i].getSerialNumber(), CMS.getCurrentDate(), entryExtn); revCertImplsV.addElement(revCertImpl); @@ -442,18 +428,17 @@ public class ChallengeRevocationServlet1 extends CMSServlet { String b64eCert = req.getParameter("b64eCertificate"); if (b64eCert != null) { - byte[] certBytes = com.netscape.osutil.OSUtil - .AtoB(b64eCert); + byte[] certBytes = com.netscape.osutil.OSUtil.AtoB(b64eCert); X509CertImpl cert = new X509CertImpl(certBytes); IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - cert.getSerialNumber(), 16); + cert.getSerialNumber(), 16); oldCertsV.addElement(cert); - RevokedCertImpl revCertImpl = new RevokedCertImpl( - cert.getSerialNumber(), CMS.getCurrentDate(), - entryExtn); + RevokedCertImpl revCertImpl = + new RevokedCertImpl(cert.getSerialNumber(), + CMS.getCurrentDate(), entryExtn); revCertImplsV.addElement(revCertImpl); count++; @@ -473,7 +458,8 @@ public class ChallengeRevocationServlet1 extends CMSServlet { revCertImpls[i] = (RevokedCertImpl) revCertImplsV.elementAt(i); } - IRequest revReq = mQueue.newRequest(IRequest.REVOCATION_REQUEST); + IRequest revReq = + mQueue.newRequest(IRequest.REVOCATION_REQUEST); revReq.setExtData(IRequest.CERT_INFO, revCertImpls); revReq.setExtData(IRequest.REQ_TYPE, IRequest.REVOCATION_REQUEST); @@ -492,35 +478,30 @@ public class ChallengeRevocationServlet1 extends CMSServlet { Integer result = revReq.getExtDataInInteger(IRequest.RESULT); if (result.equals(IRequest.RES_ERROR)) { - String[] svcErrors = revReq - .getExtDataInStringArray(IRequest.SVCERRORS); + String[] svcErrors = + revReq.getExtDataInStringArray(IRequest.SVCERRORS); if (svcErrors != null && svcErrors.length > 0) { for (int i = 0; i < svcErrors.length; i++) { String err = svcErrors[i]; if (err != null) { - // cmsReq.setErrorDescription(err); + //cmsReq.setErrorDescription(err); for (int j = 0; j < count; j++) { if (oldCerts[j] != null) { - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "completed with error: " - + err, - oldCerts[j] - .getSubjectDN(), - oldCerts[j] - .getSerialNumber() - .toString(16), - RevocationReason - .fromInt(reason) - .toString() }); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "completed with error: " + + err, + oldCerts[j].getSubjectDN(), + oldCerts[j].getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString()} + ); } } } @@ -532,27 +513,24 @@ public class ChallengeRevocationServlet1 extends CMSServlet { // audit log the success. for (int j = 0; j < count; j++) { if (oldCerts[j] != null) { - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "completed", - oldCerts[j].getSubjectDN(), - oldCerts[j].getSerialNumber().toString( - 16), - RevocationReason.fromInt(reason) - .toString() }); + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "completed", + oldCerts[j].getSubjectDN(), + oldCerts[j].getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString()} + ); } } header.addStringValue("revoked", "yes"); - Integer updateCRLResult = revReq - .getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); + Integer updateCRLResult = + revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); if (updateCRLResult != null) { header.addStringValue("updateCRL", "yes"); @@ -560,98 +538,92 @@ public class ChallengeRevocationServlet1 extends CMSServlet { header.addStringValue("updateCRLSuccess", "yes"); } else { header.addStringValue("updateCRLSuccess", "no"); - String crlError = revReq - .getExtDataInString(IRequest.CRL_UPDATE_ERROR); + String crlError = + revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR); if (crlError != null) - header.addStringValue("updateCRLError", crlError); + header.addStringValue("updateCRLError", + crlError); } // let known crl publishing status too. - Integer publishCRLResult = revReq - .getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); + Integer publishCRLResult = + revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); if (publishCRLResult != null) { if (publishCRLResult.equals(IRequest.RES_SUCCESS)) { header.addStringValue("publishCRLSuccess", "yes"); } else { header.addStringValue("publishCRLSuccess", "no"); - String publError = revReq - .getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + String publError = + revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); if (publError != null) header.addStringValue("publishCRLError", - publError); + publError); } } } if (mAuthority instanceof ICertificateAuthority) { // let known update and publish status of all crls. - Enumeration otherCRLs = ((ICertificateAuthority) mAuthority) - .getCRLIssuingPoints(); + Enumeration otherCRLs = + ((ICertificateAuthority) mAuthority).getCRLIssuingPoints(); while (otherCRLs.hasMoreElements()) { - ICRLIssuingPoint crl = (ICRLIssuingPoint) otherCRLs - .nextElement(); + ICRLIssuingPoint crl = (ICRLIssuingPoint) + otherCRLs.nextElement(); String crlId = crl.getId(); if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL)) continue; String updateStatusStr = crl.getCrlUpdateStatusStr(); - Integer updateResult = revReq - .getExtDataInInteger(updateStatusStr); + Integer updateResult = revReq.getExtDataInInteger(updateStatusStr); if (updateResult != null) { if (updateResult.equals(IRequest.RES_SUCCESS)) { - CMS.debug("ChallengeRevcationServlet1: " - + CMS.getLogMessage( - "ADMIN_SRVLT_ADDING_HEADER", - updateStatusStr)); + CMS.debug("ChallengeRevcationServlet1: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER", + updateStatusStr)); header.addStringValue(updateStatusStr, "yes"); } else { - String updateErrorStr = crl - .getCrlUpdateErrorStr(); + String updateErrorStr = crl.getCrlUpdateErrorStr(); - CMS.debug("ChallengeRevcationServlet1: " - + CMS.getLogMessage( - "ADMIN_SRVLT_ADDING_HEADER_NO", - updateStatusStr)); + CMS.debug("ChallengeRevcationServlet1: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER_NO", + updateStatusStr)); header.addStringValue(updateStatusStr, "no"); - String error = revReq - .getExtDataInString(updateErrorStr); + String error = + revReq.getExtDataInString(updateErrorStr); if (error != null) - header.addStringValue(updateErrorStr, error); + header.addStringValue(updateErrorStr, + error); } - String publishStatusStr = crl - .getCrlPublishStatusStr(); - Integer publishResult = revReq - .getExtDataInInteger(publishStatusStr); + String publishStatusStr = crl.getCrlPublishStatusStr(); + Integer publishResult = + revReq.getExtDataInInteger(publishStatusStr); if (publishResult == null) continue; if (publishResult.equals(IRequest.RES_SUCCESS)) { header.addStringValue(publishStatusStr, "yes"); } else { - String publishErrorStr = crl - .getCrlPublishErrorStr(); + String publishErrorStr = + crl.getCrlPublishErrorStr(); header.addStringValue(publishStatusStr, "no"); - String error = revReq - .getExtDataInString(publishErrorStr); + String error = + revReq.getExtDataInString(publishErrorStr); if (error != null) - header.addStringValue(publishErrorStr, - error); + header.addStringValue( + publishErrorStr, error); } } } } - if (mPublisherProcessor != null - && mPublisherProcessor.ldapEnabled()) { + if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) { header.addStringValue("dirEnabled", "yes"); - Integer[] ldapPublishStatus = revReq - .getExtDataInIntegerArray("ldapPublishStatus"); + Integer[] ldapPublishStatus = + revReq.getExtDataInIntegerArray("ldapPublishStatus"); int certsToUpdate = 0; int certsUpdated = 0; @@ -667,11 +639,12 @@ public class ChallengeRevocationServlet1 extends CMSServlet { header.addIntegerValue("certsToUpdate", certsToUpdate); // add crl publishing status. - String publError = revReq - .getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + String publError = + revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); if (publError != null) { - header.addStringValue("crlPublishError", publError); + header.addStringValue("crlPublishError", + publError); } } else { header.addStringValue("dirEnabled", "no"); @@ -684,26 +657,22 @@ public class ChallengeRevocationServlet1 extends CMSServlet { // audit log the pending for (int j = 0; j < count; j++) { if (oldCerts[j] != null) { - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "pending", - oldCerts[j].getSubjectDN(), - oldCerts[j].getSerialNumber().toString( - 16), - RevocationReason.fromInt(reason) - .toString() }); + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "pending", + oldCerts[j].getSubjectDN(), + oldCerts[j].getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString()} + ); } } } else { - Vector errors = revReq - .getExtDataInStringVector(IRequest.ERRORS); + Vector errors = revReq.getExtDataInStringVector(IRequest.ERRORS); StringBuffer errorStr = new StringBuffer(); if (errors != null && errors.size() > 0) { @@ -716,20 +685,17 @@ public class ChallengeRevocationServlet1 extends CMSServlet { // audit log the error for (int j = 0; j < count; j++) { if (oldCerts[j] != null) { - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - stat.toString(), - oldCerts[j].getSubjectDN(), - oldCerts[j].getSerialNumber().toString( - 16), - RevocationReason.fromInt(reason) - .toString() }); + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + stat.toString(), + oldCerts[j].getSubjectDN(), + oldCerts[j].getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString()} + ); } } } @@ -740,10 +706,8 @@ public class ChallengeRevocationServlet1 extends CMSServlet { throw e; } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED", - e.toString())); - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED")); + CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED", e.toString())); + throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED")); } catch (Exception e) { e.printStackTrace(); } @@ -751,3 +715,4 @@ public class ChallengeRevocationServlet1 extends CMSServlet { return; } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/CloneRedirect.java b/pki/base/common/src/com/netscape/cms/servlet/cert/CloneRedirect.java index b6fd03e9..88abe80e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/CloneRedirect.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/CloneRedirect.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; + import java.io.IOException; import java.util.Locale; @@ -38,11 +39,12 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; + /** - * Redirect a request to the Master. This servlet is used in a clone when a - * requested service (such as CRL) is not available. It redirects the user to - * the master. - * + * Redirect a request to the Master. This servlet is used in + * a clone when a requested service (such as CRL) is not available. + * It redirects the user to the master. + * * @version $Revision$, $Date$ */ public class CloneRedirect extends CMSServlet { @@ -69,8 +71,7 @@ public class CloneRedirect extends CMSServlet { /** * Initialize the servlet. - * - * @param sc servlet configuration, read from the web.xml file + * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { super.init(sc); @@ -82,9 +83,8 @@ public class CloneRedirect extends CMSServlet { if (authConfig != null) { try { - mNewUrl = authConfig - .getString(PROP_REDIRECT_URL, - "*** master URL unavailable, check your configuration ***"); + mNewUrl = authConfig.getString(PROP_REDIRECT_URL, + "*** master URL unavailable, check your configuration ***"); } catch (EBaseException e) { // do nothing } @@ -93,8 +93,8 @@ public class CloneRedirect extends CMSServlet { if (mAuthority instanceof ICertificateAuthority) mCA = (ICertificateAuthority) mAuthority; - - // override success to do output with our own template. + + // override success to do output with our own template. mTemplates.remove(CMSRequest.SUCCESS); } @@ -117,32 +117,29 @@ public class CloneRedirect extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); throw new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } - CMS.debug("CloneRedirect: " - + CMS.getLogMessage("ADMIN_SRVLT_ADD_MASTER_URL", mNewUrl)); + CMS.debug("CloneRedirect: " + CMS.getLogMessage("ADMIN_SRVLT_ADD_MASTER_URL", mNewUrl)); header.addStringValue("masterURL", mNewUrl); try { ServletOutputStream out = resp.getOutputStream(); String xmlOutput = req.getParameter("xml"); - if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); - } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); - } + if (xmlOutput != null && xmlOutput.equals("true")) { + outputXML(resp, argSet); + } else { + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); + } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", - e.toString())); - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); + throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } } @@ -150,11 +147,13 @@ public class CloneRedirect extends CMSServlet { * Display information about redirecting to the master's URL info */ private void process(CMSTemplateParams argSet, IArgBlock header, - HttpServletRequest req, HttpServletResponse resp, - String signatureAlgorithm, Locale locale) throws EBaseException { + HttpServletRequest req, + HttpServletResponse resp, + String signatureAlgorithm, + Locale locale) + throws EBaseException { - CMS.debug("CloneRedirect: " - + CMS.getLogMessage("ADMIN_SRVLT_ADD_MASTER_URL", mNewUrl)); + CMS.debug("CloneRedirect: " + CMS.getLogMessage("ADMIN_SRVLT_ADD_MASTER_URL", mNewUrl)); header.addStringValue("masterURL", mNewUrl); return; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DirAuthServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DirAuthServlet.java index 40514846..0ccf7f18 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DirAuthServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DirAuthServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; + import java.io.IOException; import java.util.Date; import java.util.Locale; @@ -44,9 +45,10 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; + /** * 'Face-to-face' certificate enrollment. - * + * * @version $Revision$, $Date$ */ public class DirAuthServlet extends CMSServlet { @@ -62,15 +64,15 @@ public class DirAuthServlet extends CMSServlet { super(); } - /** + /** * initialize the servlet. - * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { super.init(sc); try { - mFormPath = sc.getInitParameter(PROP_SUCCESS_TEMPLATE); + mFormPath = sc.getInitParameter( + PROP_SUCCESS_TEMPLATE); if (mFormPath == null) mFormPath = TPL_FILE; } catch (Exception e) { @@ -79,13 +81,15 @@ public class DirAuthServlet extends CMSServlet { mTemplates.remove(CMSRequest.SUCCESS); } - /** + + /** * Process the HTTP request. This servlet reads configuration information - * from the hashDirEnrollment configuration substore - * + * from the hashDirEnrollment configuration substore + * * @param cmsReq the object holding the request and response information */ - protected void process(CMSRequest cmsReq) throws EBaseException { + protected void process(CMSRequest cmsReq) + throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -95,10 +99,9 @@ public class DirAuthServlet extends CMSServlet { IArgBlock args = cmsReq.getHttpParams(); if (!(mAuthority instanceof IRegistrationAuthority)) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_CA_FROM_RA_NOT_IMP")); - cmsReq.setError(new ECMSGWException(CMS - .getLogMessage("CMSGW_NOT_YET_IMPLEMENTED"))); + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_CA_FROM_RA_NOT_IMP")); + cmsReq.setError(new ECMSGWException( + CMS.getLogMessage("CMSGW_NOT_YET_IMPLEMENTED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -109,10 +112,10 @@ public class DirAuthServlet extends CMSServlet { try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); - cmsReq.setError(new ECMSGWException(CMS - .getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + cmsReq.setError(new ECMSGWException( + CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -126,8 +129,8 @@ public class DirAuthServlet extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "submit"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "submit"); } catch (Exception e) { // do nothing for now } @@ -139,8 +142,7 @@ public class DirAuthServlet extends CMSServlet { IConfigStore configStore = CMS.getConfigStore(); String val = configStore.getString("hashDirEnrollment.name"); - IAuthSubsystem authSS = (IAuthSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_AUTH); + IAuthSubsystem authSS = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); IAuthManager authMgr = authSS.get(val); HashAuthentication mgr = (HashAuthentication) authMgr; @@ -164,7 +166,7 @@ public class DirAuthServlet extends CMSServlet { printError(cmsReq, "2"); cmsReq.setStatus(CMSRequest.SUCCESS); return; - } + } mgr.setLastLogin(reqHost, currTime); @@ -174,12 +176,11 @@ public class DirAuthServlet extends CMSServlet { mgr.addAuthToken(pageID, authToken); - header.addStringValue("pageID", pageID); + header.addStringValue("pageID", pageID); header.addStringValue("uid", uid); - header.addStringValue("fingerprint", - mgr.hashFingerprint(reqHost, pageID, uid)); + header.addStringValue("fingerprint", mgr.hashFingerprint(reqHost, pageID, uid)); header.addStringValue("hostname", reqHost); - + try { ServletOutputStream out = httpResp.getOutputStream(); @@ -187,11 +188,10 @@ public class DirAuthServlet extends CMSServlet { form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", - e.toString())); - cmsReq.setError(new ECMSGWException(CMS - .getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); + cmsReq.setError(new ECMSGWException( + CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"))); cmsReq.setStatus(CMSRequest.ERROR); } cmsReq.setStatus(CMSRequest.SUCCESS); @@ -199,7 +199,7 @@ public class DirAuthServlet extends CMSServlet { } private void printError(CMSRequest cmsReq, String errorCode) - throws EBaseException { + throws EBaseException { IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -218,10 +218,10 @@ public class DirAuthServlet extends CMSServlet { try { form = getTemplate(formPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "ADMIN_SRVLT_ERR_GET_TEMPLATE", formPath, e.toString())); - cmsReq.setError(new ECMSGWException(CMS - .getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", formPath, e.toString())); + cmsReq.setError(new ECMSGWException( + CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -234,10 +234,9 @@ public class DirAuthServlet extends CMSServlet { cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", - e.toString())); - cmsReq.setError(new ECMSGWException(CMS - .getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"))); + CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); + cmsReq.setError(new ECMSGWException( + CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"))); cmsReq.setStatus(CMSRequest.ERROR); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DisableEnrollResult.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DisableEnrollResult.java index 380bb9d7..9f353312 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DisableEnrollResult.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DisableEnrollResult.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; + import java.io.IOException; import java.security.cert.X509Certificate; import java.util.Locale; @@ -44,9 +45,10 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; + /** * For Face-to-face enrollment, disable EE enrollment feature - * + * * @version $Revision$, $Date$ * @see com.netscape.cms.servlet.cert.EnableEnrollResult */ @@ -80,7 +82,8 @@ public class DisableEnrollResult extends CMSServlet { /** * Services the request */ - protected void process(CMSRequest cmsReq) throws EBaseException { + protected void process(CMSRequest cmsReq) + throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -89,8 +92,8 @@ public class DisableEnrollResult extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, token, mAuthzResourceName, - "disable"); + authzToken = authorize(mAclMethod, token, + mAuthzResourceName, "disable"); } catch (Exception e) { // do nothing for now } @@ -109,10 +112,9 @@ public class DisableEnrollResult extends CMSServlet { IArgBlock args = cmsReq.getHttpParams(); if (!(mAuthority instanceof IRegistrationAuthority)) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_CA_FROM_RA_NOT_IMP")); - cmsReq.setError(new ECMSGWException(CMS - .getLogMessage("CMSGW_NOT_YET_IMPLEMENTED"))); + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_CA_FROM_RA_NOT_IMP")); + cmsReq.setError(new ECMSGWException( + CMS.getLogMessage("CMSGW_NOT_YET_IMPLEMENTED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -123,10 +125,10 @@ public class DisableEnrollResult extends CMSServlet { try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "ADMIN_SRVLT_ERR_GET_TEMPLATE", mFormPath, e.toString())); - cmsReq.setError(new ECMSGWException(CMS - .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", mFormPath, e.toString())); + cmsReq.setError(new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -137,8 +139,7 @@ public class DisableEnrollResult extends CMSServlet { IConfigStore configStore = CMS.getConfigStore(); String val = configStore.getString("hashDirEnrollment.name"); - IAuthSubsystem authSS = (IAuthSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_AUTH); + IAuthSubsystem authSS = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); IAuthManager authMgr = authSS.get(val); HashAuthentication mgr = (HashAuthentication) authMgr; @@ -161,11 +162,10 @@ public class DisableEnrollResult extends CMSServlet { form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", - e.toString())); - cmsReq.setError(new ECMSGWException(CMS - .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); + cmsReq.setError(new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); } cmsReq.setStatus(CMSRequest.SUCCESS); diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java index 62a1f5e9..61cadc4a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; + import java.io.ByteArrayOutputStream; import java.io.IOException; import java.math.BigInteger; @@ -66,12 +67,13 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; + /** * Display detailed information about a certificate - * - * The template 'displayBySerial.template' is used to render the response for - * this servlet. - * + * + * The template 'displayBySerial.template' is used to + * render the response for this servlet. + * * @version $Revision$, $Date$ */ public class DisplayBySerial extends CMSServlet { @@ -97,29 +99,26 @@ public class DisplayBySerial extends CMSServlet { /** * initialize the servlet. - * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { super.init(sc); if (mAuthority instanceof ICertificateAuthority) { - mCertDB = ((ICertificateAuthority) mAuthority) - .getCertificateRepository(); + mCertDB = ((ICertificateAuthority) mAuthority).getCertificateRepository(); } try { - mCACerts = ((ICertAuthority) mAuthority).getCACertChain() - .getChain(); + mCACerts = ((ICertAuthority) mAuthority).getCACertChain().getChain(); } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CA_CHAIN_NOT_AVAILABLE")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CA_CHAIN_NOT_AVAILABLE")); } // coming from ee mForm1Path = "/" + mAuthority.getId() + "/" + TPL_FILE1; - - if (mOutputTemplatePath != null) + + if (mOutputTemplatePath != null) mForm1Path = mOutputTemplatePath; - // override success and error templates to null - + // override success and error templates to null - // handle templates locally. mTemplates.remove(CMSRequest.SUCCESS); } @@ -127,8 +126,8 @@ public class DisplayBySerial extends CMSServlet { /** * Serves HTTP request. The format of this request is as follows: * <ul> - * <li>http.param serialNumber Decimal serial number of certificate to - * display (or hex if serialNumber preceded by 0x) + * <li>http.param serialNumber Decimal serial number of certificate to display + * (or hex if serialNumber preceded by 0x) * </ul> */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -149,11 +148,10 @@ public class DisplayBySerial extends CMSServlet { try { authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "read"); + mAuthzResourceName, "read"); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -168,22 +166,17 @@ public class DisplayBySerial extends CMSServlet { form = getTemplate(mForm1Path, req, locale); } } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT_1", - String.valueOf(serialNumber))); + log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT_1", String.valueOf(serialNumber))); - error = new ECMSGWException( - CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); + error = new ECMSGWException(CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mForm1Path, - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mForm1Path, e.toString())); throw new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } catch (EDBRecordNotFoundException e) { - throw new ECMSGWException(CMS.getLogMessage( - "CMSGW_CERT_SERIAL_NOT_FOUND_1", - "0x" + serialNumber.toString(16))); + throw new ECMSGWException( + CMS.getLogMessage("CMSGW_CERT_SERIAL_NOT_FOUND_1", "0x" + serialNumber.toString(16))); } IArgBlock header = CMS.createArgBlock(); @@ -192,14 +185,15 @@ public class DisplayBySerial extends CMSServlet { try { if (serialNumber.compareTo(MINUS_ONE) > 0) { - process(argSet, header, serialNumber, req, resp, locale[0]); + process(argSet, header, serialNumber, + req, resp, locale[0]); } else { error = new ECMSGWException( - CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUMBER")); + CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUMBER")); } } catch (EBaseException e) { error = e; - } + } try { ServletOutputStream out = resp.getOutputStream(); @@ -207,22 +201,20 @@ public class DisplayBySerial extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", - e.toString())); - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", e.toString())); + throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } } @@ -231,53 +223,55 @@ public class DisplayBySerial extends CMSServlet { * Display information about a particular certificate */ private void process(CMSTemplateParams argSet, IArgBlock header, - BigInteger seq, HttpServletRequest req, HttpServletResponse resp, - Locale locale) throws EBaseException { + BigInteger seq, HttpServletRequest req, + HttpServletResponse resp, + Locale locale) + throws EBaseException { String certType[] = new String[1]; try { ICertRecord rec = getCertRecord(seq, certType); - + if (certType[0].equalsIgnoreCase("x509")) { processX509(argSet, header, seq, req, resp, locale); return; } } catch (EBaseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_DISP_BY_SERIAL", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_DISP_BY_SERIAL", e.toString())); throw e; } - + return; } - + private void processX509(CMSTemplateParams argSet, IArgBlock header, - BigInteger seq, HttpServletRequest req, HttpServletResponse resp, - Locale locale) throws EBaseException { + BigInteger seq, HttpServletRequest req, + HttpServletResponse resp, + Locale locale) + throws EBaseException { try { ICertRecord rec = (ICertRecord) mCertDB.readCertificateRecord(seq); - if (rec == null) { - CMS.debug("DisplayBySerial: failed to read record"); - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT")); + if (rec == null) { + CMS.debug("DisplayBySerial: failed to read record"); + throw new ECMSGWException( + CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT")); } X509CertImpl cert = rec.getCertificate(); - if (cert == null) { - CMS.debug("DisplayBySerial: no certificate in record"); - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT")); + if (cert == null) { + CMS.debug("DisplayBySerial: no certificate in record"); + throw new ECMSGWException( + CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT")); } try { - X509CertInfo info = (X509CertInfo) cert.get(X509CertImpl.NAME - + "." + X509CertImpl.INFO); - if (info == null) { - CMS.debug("DisplayBySerial: no info found"); - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT")); + X509CertInfo info = (X509CertInfo) cert.get(X509CertImpl.NAME + "." + X509CertImpl.INFO); + if (info == null) { + CMS.debug("DisplayBySerial: no info found"); + throw new ECMSGWException( + CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT")); } - CertificateExtensions extensions = (CertificateExtensions) info - .get(X509CertInfo.EXTENSIONS); + CertificateExtensions extensions = (CertificateExtensions) info.get(X509CertInfo.EXTENSIONS); boolean emailCert = false; @@ -288,20 +282,16 @@ public class DisplayBySerial extends CMSServlet { if (ext instanceof NSCertTypeExtension) { NSCertTypeExtension type = (NSCertTypeExtension) ext; - if (((Boolean) type.get(NSCertTypeExtension.EMAIL)) - .booleanValue()) + if (((Boolean) type.get(NSCertTypeExtension.EMAIL)).booleanValue()) emailCert = true; } if (ext instanceof KeyUsageExtension) { - KeyUsageExtension usage = (KeyUsageExtension) ext; + KeyUsageExtension usage = + (KeyUsageExtension) ext; try { - if (((Boolean) usage - .get(KeyUsageExtension.DIGITAL_SIGNATURE)) - .booleanValue() - || ((Boolean) usage - .get(KeyUsageExtension.DATA_ENCIPHERMENT)) - .booleanValue()) + if (((Boolean) usage.get(KeyUsageExtension.DIGITAL_SIGNATURE)).booleanValue() || + ((Boolean) usage.get(KeyUsageExtension.DATA_ENCIPHERMENT)).booleanValue()) emailCert = true; } catch (ArrayIndexOutOfBoundsException e) { // bug356108: @@ -314,23 +304,16 @@ public class DisplayBySerial extends CMSServlet { header.addBooleanValue("emailCert", emailCert); boolean noCertImport = true; - MetaInfo metaInfo = (MetaInfo) rec - .get(ICertRecord.ATTR_META_INFO); + MetaInfo metaInfo = (MetaInfo) rec.get(ICertRecord.ATTR_META_INFO); if (metaInfo != null) { - String rid = (String) metaInfo - .get(ICertRecord.META_REQUEST_ID); - - if (rid != null - && mAuthority instanceof ICertificateAuthority) { - IRequest r = ((ICertificateAuthority) mAuthority) - .getRequestQueue().findRequest( - new RequestId(rid)); - String certType = r.getExtDataInString( - IRequest.HTTP_PARAMS, IRequest.CERT_TYPE); - - if (certType != null - && certType.equals(IRequest.CLIENT_CERT)) { + String rid = (String) metaInfo.get(ICertRecord.META_REQUEST_ID); + + if (rid != null && mAuthority instanceof ICertificateAuthority) { + IRequest r = ((ICertificateAuthority) mAuthority).getRequestQueue().findRequest(new RequestId(rid)); + String certType = r.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE); + + if (certType != null && certType.equals(IRequest.CLIENT_CERT)) { noCertImport = false; } } @@ -338,9 +321,8 @@ public class DisplayBySerial extends CMSServlet { header.addBooleanValue("noCertImport", noCertImport); } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_PARSING_EXTENS", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_PARSING_EXTENS", e.toString())); } IRevocationInfo revocationInfo = rec.getRevocationInfo(); @@ -356,8 +338,7 @@ public class DisplayBySerial extends CMSServlet { Extension ext = (Extension) enumx.nextElement(); if (ext instanceof CRLReasonExtension) { - reason = ((CRLReasonExtension) ext).getReason() - .toInt(); + reason = ((CRLReasonExtension) ext).getReason().toInt(); } } header.addIntegerValue("revocationReason", reason); @@ -366,16 +347,20 @@ public class DisplayBySerial extends CMSServlet { ICertPrettyPrint certDetails = CMS.getCertPrettyPrint(cert); - header.addStringValue("certPrettyPrint", - certDetails.toString(locale)); + header.addStringValue("certPrettyPrint", + certDetails.toString(locale)); /* - * String scheme = req.getScheme(); if (scheme.equals("http") && - * connectionIsSSL(req)) scheme = "https"; String requestURI = - * req.getRequestURI(); int i = requestURI.indexOf('?'); String - * newRequestURI = (i > -1)? requestURI.substring(0, i): requestURI; - * header.addStringValue("serviceURL", scheme +"://"+ - * req.getServerName() + ":"+ req.getServerPort() + newRequestURI); + String scheme = req.getScheme(); + if (scheme.equals("http") && connectionIsSSL(req)) + scheme = "https"; + String requestURI = req.getRequestURI(); + int i = requestURI.indexOf('?'); + String newRequestURI = + (i > -1)? requestURI.substring(0, i): requestURI; + header.addStringValue("serviceURL", scheme +"://"+ + req.getServerName() + ":"+ + req.getServerPort() + newRequestURI); */ header.addStringValue("authorityid", mAuthority.getId()); @@ -384,9 +369,8 @@ public class DisplayBySerial extends CMSServlet { try { certFingerprints = CMS.getFingerPrints(cert); } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_DIGESTING_CERT", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_DIGESTING_CERT", e.toString())); } if (certFingerprints.length() > 0) header.addStringValue("certFingerprint", certFingerprints); @@ -394,30 +378,30 @@ public class DisplayBySerial extends CMSServlet { byte[] ba = cert.getEncoded(); // Do base 64 encoding - header.addStringValue("certChainBase64", - com.netscape.osutil.OSUtil.BtoA(ba)); + header.addStringValue("certChainBase64", com.netscape.osutil.OSUtil.BtoA(ba)); header.addStringValue("serialNumber", seq.toString(16)); /* - * String userAgent = req.getHeader("user-agent"); String agent = - * (userAgent != null)? UserInfo.getUserAgent(userAgent): ""; + String userAgent = req.getHeader("user-agent"); + String agent = + (userAgent != null)? UserInfo.getUserAgent(userAgent): ""; */ // Now formulate a PKCS#7 blob - X509CertImpl[] certsInChain = new X509CertImpl[1]; - ; + X509CertImpl[] certsInChain = new X509CertImpl[1];; if (mCACerts != null) { for (int i = 0; i < mCACerts.length; i++) { if (cert.equals(mCACerts[i])) { - certsInChain = new X509CertImpl[mCACerts.length]; + certsInChain = new + X509CertImpl[mCACerts.length]; break; } certsInChain = new X509CertImpl[mCACerts.length + 1]; } } - + // Set the EE cert certsInChain[0] = cert; - + // Set the Ca certificate chain if (mCACerts != null) { for (int i = 0; i < mCACerts.length; i++) { @@ -430,42 +414,43 @@ public class DisplayBySerial extends CMSServlet { String p7Str; try { - PKCS7 p7 = new PKCS7(new AlgorithmId[0], new ContentInfo( - new byte[0]), certsInChain, new SignerInfo[0]); + PKCS7 p7 = new PKCS7(new AlgorithmId[0], + new ContentInfo(new byte[0]), + certsInChain, + new SignerInfo[0]); ByteArrayOutputStream bos = new ByteArrayOutputStream(); - p7.encodeSignedData(bos, false); + p7.encodeSignedData(bos,false); byte[] p7Bytes = bos.toByteArray(); - p7Str = com.netscape.osutil.OSUtil.BtoA(p7Bytes); + p7Str = com.netscape.osutil.OSUtil.BtoA(p7Bytes); header.addStringValue("pkcs7ChainBase64", p7Str); } catch (Exception e) { - // p7Str = "PKCS#7 B64 Encoding error - " + e.toString() - // + "; Please contact your administrator"; - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_FORMING_PKCS7_1", - e.toString())); + //p7Str = "PKCS#7 B64 Encoding error - " + e.toString() + //+ "; Please contact your administrator"; + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_FORMING_PKCS7_1", e.toString())); throw new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_FORMING_PKCS7")); } } catch (EBaseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("MSGW_ERR_DISP_BY_SERIAL", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("MSGW_ERR_DISP_BY_SERIAL", e.toString())); throw e; } catch (CertificateEncodingException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_ENCODE_CERT", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_ENCODE_CERT", e.toString())); throw new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT")); } return; } - + private ICertRecord getCertRecord(BigInteger seq, String certtype[]) - throws EBaseException { + throws EBaseException { ICertRecord rec = null; - + try { rec = (ICertRecord) mCertDB.readCertificateRecord(seq); X509CertImpl x509cert = rec.getCertificate(); @@ -475,28 +460,28 @@ public class DisplayBySerial extends CMSServlet { return rec; } } catch (EBaseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_DISP_BY_SERIAL", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_DISP_BY_SERIAL", e.toString())); throw e; } - + return rec; } private BigInteger getSerialNumber(HttpServletRequest req) - throws NumberFormatException { + throws NumberFormatException { String serialNumString = req.getParameter("serialNumber"); if (serialNumString != null) { serialNumString = serialNumString.trim(); - if (serialNumString.startsWith("0x") - || serialNumString.startsWith("0X")) { + if (serialNumString.startsWith("0x") || serialNumString.startsWith("0X")) { return new BigInteger(serialNumString.substring(2), 16); } else { - return new BigInteger(serialNumString); + return new BigInteger(serialNumString); } - } else { + } else { throw new NumberFormatException(); - } + } } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayCRL.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayCRL.java index 7f47db5f..3a5f3f06 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayCRL.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayCRL.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; + import java.io.IOException; import java.math.BigInteger; import java.security.cert.CRLException; @@ -49,9 +50,10 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; + /** * Decode the CRL and display it to the requester. - * + * * @version $Revision$, $Date$ */ public class DisplayCRL extends CMSServlet { @@ -62,8 +64,8 @@ public class DisplayCRL extends CMSServlet { private static final long serialVersionUID = 1152016798229054027L; private final static String INFO = "DisplayCRL"; private final static String TPL_FILE = "displayCRL.template"; - // private final static String E_TPL_FILE = "error.template"; - // private final static String OUT_ERROR = "errorDetails"; + //private final static String E_TPL_FILE = "error.template"; + //private final static String OUT_ERROR = "errorDetails"; private String mFormPath = null; private ICertificateAuthority mCA = null; @@ -76,10 +78,9 @@ public class DisplayCRL extends CMSServlet { } /** - * Initialize the servlet. This servlet uses the 'displayCRL.template' file - * to to render the response to the client. - * - * @param sc servlet configuration, read from the web.xml file + * Initialize the servlet. This servlet uses the 'displayCRL.template' file to + * to render the response to the client. + * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { super.init(sc); @@ -95,16 +96,15 @@ public class DisplayCRL extends CMSServlet { } /** - * Process the HTTP request + * Process the HTTP request * <ul> - * <li>http.param crlIssuingPoint number - * <li>http.param crlDisplayType entireCRL or crlHeader or base64Encoded or - * deltaCRL - * <li>http.param pageStart which page to start displaying from - * <li>http.param pageSize number of entries to show per page + * <li>http.param crlIssuingPoint number + * <li>http.param crlDisplayType entireCRL or crlHeader or base64Encoded or deltaCRL + * <li>http.param pageStart which page to start displaying from + * <li>http.param pageSize number of entries to show per page * </ul> - * * @param cmsReq the Request to service. + */ public void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest req = cmsReq.getHttpReq(); @@ -115,8 +115,8 @@ public class DisplayCRL extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "read"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "read"); } catch (Exception e) { // do nothing for now } @@ -132,9 +132,8 @@ public class DisplayCRL extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE_1", mFormPath, - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE_1", mFormPath, e.toString())); throw new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } @@ -148,25 +147,24 @@ public class DisplayCRL extends CMSServlet { String crlIssuingPointId = req.getParameter("crlIssuingPoint"); - process(argSet, header, req, resp, crlIssuingPointId, locale[0]); + process(argSet, header, req, resp, crlIssuingPointId, + locale[0]); try { ServletOutputStream out = resp.getOutputStream(); String xmlOutput = req.getParameter("xml"); - if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); - } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); - } + if (xmlOutput != null && xmlOutput.equals("true")) { + outputXML(resp, argSet); + } else { + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); + } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", - e.toString())); - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", e.toString())); + throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } } @@ -174,8 +172,10 @@ public class DisplayCRL extends CMSServlet { * Display information about a particular CRL. */ private void process(CMSTemplateParams argSet, IArgBlock header, - HttpServletRequest req, HttpServletResponse resp, - String crlIssuingPointId, Locale locale) { + HttpServletRequest req, + HttpServletResponse resp, + String crlIssuingPointId, + Locale locale) { boolean updateStatus = true; EBaseException error = null; ICRLIssuingPoint crlIP = null; @@ -189,30 +189,27 @@ public class DisplayCRL extends CMSServlet { ICRLRepository crlRepository = mCA.getCRLRepository(); try { - masterHost = CMS.getConfigStore().getString("master.ca.agent.host", - ""); - masterPort = CMS.getConfigStore().getString("master.ca.agent.port", - ""); - if (masterHost != null && masterHost.length() > 0 - && masterPort != null && masterPort.length() > 0) { + masterHost = CMS.getConfigStore().getString("master.ca.agent.host", ""); + masterPort = CMS.getConfigStore().getString("master.ca.agent.port", ""); + if (masterHost != null && masterHost.length() > 0 && + masterPort != null && masterPort.length() > 0) { clonedCA = true; ipNames = crlRepository.getIssuingPointsNames(); } } catch (EBaseException e) { } - + if (clonedCA) { if (crlIssuingPointId != null) { if (ipNames != null && ipNames.size() > 0) { int i; for (i = 0; i < ipNames.size(); i++) { - String ipName = (String) ipNames.elementAt(i); + String ipName = (String)ipNames.elementAt(i); if (crlIssuingPointId.equals(ipName)) { break; } } - if (i >= ipNames.size()) - crlIssuingPointId = null; + if (i >= ipNames.size()) crlIssuingPointId = null; } else { crlIssuingPointId = null; } @@ -229,15 +226,13 @@ public class DisplayCRL extends CMSServlet { isCRLCacheEnabled = ip.isCRLCacheEnabled(); break; } - if (!ips.hasMoreElements()) - crlIssuingPointId = null; + if (!ips.hasMoreElements()) crlIssuingPointId = null; } } } if (crlIssuingPointId == null) { header.addStringValue("error", - "Request to unspecified or non-existing CRL issuing point: " - + ipId); + "Request to unspecified or non-existing CRL issuing point: "+ipId); return; } @@ -245,43 +240,36 @@ public class DisplayCRL extends CMSServlet { String crlDisplayType = req.getParameter("crlDisplayType"); - if (crlDisplayType == null) - crlDisplayType = "cachedCRL"; + if (crlDisplayType == null) crlDisplayType = "cachedCRL"; header.addStringValue("crlDisplayType", crlDisplayType); try { - crlRecord = (ICRLIssuingPointRecord) mCA.getCRLRepository() - .readCRLIssuingPointRecord(crlIssuingPointId); + crlRecord = + (ICRLIssuingPointRecord) mCA.getCRLRepository().readCRLIssuingPointRecord(crlIssuingPointId); } catch (EBaseException e) { header.addStringValue("error", e.toString(locale)); return; } if (crlRecord == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId)); - header.addStringValue( - "error", - new ECMSGWException(CMS.getUserMessage(locale, - "CMS_GW_CRL_NOT_YET_UPDATED")).toString()); - return; + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId)); + header.addStringValue("error", + new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString()); + return; } header.addStringValue("crlIssuingPoint", crlIssuingPointId); if (crlDisplayType.equals("deltaCRL")) { if (clonedCA) { - header.addStringValue("crlNumber", crlRecord - .getDeltaCRLNumber().toString()); + header.addStringValue("crlNumber", crlRecord.getDeltaCRLNumber().toString()); } else { - header.addStringValue("crlNumber", crlIP.getDeltaCRLNumber() - .toString()); + header.addStringValue("crlNumber", crlIP.getDeltaCRLNumber().toString()); } } else { if (clonedCA) { - header.addStringValue("crlNumber", crlRecord.getCRLNumber() - .toString()); + header.addStringValue("crlNumber", crlRecord.getCRLNumber().toString()); } else { - header.addStringValue("crlNumber", crlIP.getCRLNumber() - .toString()); + header.addStringValue("crlNumber", crlIP.getCRLNumber().toString()); } } long lCRLSize = crlRecord.getCRLSize().longValue(); @@ -295,12 +283,10 @@ public class DisplayCRL extends CMSServlet { byte[] crlbytes = crlRecord.getCRL(); if (crlbytes == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId)); - header.addStringValue( - "error", - new ECMSGWException(CMS.getUserMessage(locale, - "CMS_GW_CRL_NOT_YET_UPDATED")).toString()); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId)); + header.addStringValue("error", + new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString()); return; } @@ -312,19 +298,14 @@ public class DisplayCRL extends CMSServlet { } } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_DECODE_CRL", e.toString())); - header.addStringValue( - "error", - new ECMSGWException(CMS.getUserMessage(locale, - "CMS_GW_DECODE_CRL_FAILED")).toString()); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_DECODE_CRL", e.toString())); + header.addStringValue("error", + new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString()); } } - if (crl != null - || (isCRLCacheEnabled && crlDisplayType.equals("cachedCRL"))) { - if (crlDisplayType.equals("entireCRL") - || crlDisplayType.equals("cachedCRL")) { + if (crl != null || (isCRLCacheEnabled && crlDisplayType.equals("cachedCRL"))) { + if (crlDisplayType.equals("entireCRL") || crlDisplayType.equals("cachedCRL")) { ICRLPrettyPrint crlDetails = null; if (crlDisplayType.equals("entireCRL")) { crlDetails = CMS.getCRLPrettyPrint(crl); @@ -339,29 +320,28 @@ public class DisplayCRL extends CMSServlet { long lPageStart = new Long(pageStart).longValue(); long lPageSize = new Long(pageSize).longValue(); - if (lPageStart < 1) - lPageStart = 1; + if (lPageStart < 1) lPageStart = 1; // if (lPageStart + lPageSize - lCRLSize > 1) - // lPageStart = lCRLSize - lPageSize + 1; + // lPageStart = lCRLSize - lPageSize + 1; - header.addStringValue("crlPrettyPrint", crlDetails - .toString(locale, lCRLSize, lPageStart, lPageSize)); + header.addStringValue( + "crlPrettyPrint", crlDetails.toString(locale, + lCRLSize, lPageStart, lPageSize)); header.addLongValue("pageStart", lPageStart); header.addLongValue("pageSize", lPageSize); } else { - header.addStringValue("crlPrettyPrint", - crlDetails.toString(locale)); + header.addStringValue( + "crlPrettyPrint", crlDetails.toString(locale)); } } else if (crlDisplayType.equals("crlHeader")) { ICRLPrettyPrint crlDetails = CMS.getCRLPrettyPrint(crl); - header.addStringValue("crlPrettyPrint", - crlDetails.toString(locale, lCRLSize, 0, 0)); + header.addStringValue( + "crlPrettyPrint", crlDetails.toString(locale, lCRLSize, 0, 0)); } else if (crlDisplayType.equals("base64Encoded")) { try { byte[] ba = crl.getEncoded(); - String crlBase64Encoded = com.netscape.osutil.OSUtil - .BtoA(ba); + String crlBase64Encoded = com.netscape.osutil.OSUtil.BtoA(ba); int length = crlBase64Encoded.length(); int i = 0; int j = 0; @@ -376,8 +356,7 @@ public class DisplayCRL extends CMSServlet { if (i >= length) { IArgBlock rarg = CMS.createArgBlock(); - rarg.addStringValue("crlBase64Encoded", - crlBase64Encoded.substring(j, k)); + rarg.addStringValue("crlBase64Encoded", crlBase64Encoded.substring(j, k)); argSet.addRepeatRecord(rarg); } } else { @@ -385,13 +364,11 @@ public class DisplayCRL extends CMSServlet { IArgBlock rarg = CMS.createArgBlock(); if (k > -1) { - rarg.addStringValue("crlBase64Encoded", - crlBase64Encoded.substring(j, k)); + rarg.addStringValue("crlBase64Encoded", crlBase64Encoded.substring(j, k)); i = k + 1; j = i; } else { - rarg.addStringValue("crlBase64Encoded", - crlBase64Encoded.substring(j, length)); + rarg.addStringValue("crlBase64Encoded", crlBase64Encoded.substring(j, length)); i = length; } argSet.addRepeatRecord(rarg); @@ -400,93 +377,70 @@ public class DisplayCRL extends CMSServlet { } catch (CRLException e) { } } else if (crlDisplayType.equals("deltaCRL")) { - if ((clonedCA && crlRecord.getDeltaCRLSize() != null && crlRecord - .getDeltaCRLSize().longValue() > -1) - || (crlIP != null && crlIP.isDeltaCRLEnabled())) { + if ((clonedCA && crlRecord.getDeltaCRLSize() != null && + crlRecord.getDeltaCRLSize().longValue() > -1) || + (crlIP != null && crlIP.isDeltaCRLEnabled())) { byte[] deltaCRLBytes = crlRecord.getDeltaCRL(); if (deltaCRLBytes == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERR_NO_DELTA_CRL", crlIssuingPointId)); - header.addStringValue("error", - "Delta CRL is not available"); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_NO_DELTA_CRL", crlIssuingPointId)); + header.addStringValue("error", "Delta CRL is not available"); } else { X509CRLImpl deltaCRL = null; try { deltaCRL = new X509CRLImpl(deltaCRLBytes); } catch (Exception e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERR_DECODE_DELTA_CRL", e.toString())); - header.addStringValue( - "error", - new ECMSGWException(CMS.getUserMessage( - locale, "CMS_GW_DECODE_CRL_FAILED")) - .toString()); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_DECODE_DELTA_CRL", e.toString())); + header.addStringValue("error", + new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString()); } if (deltaCRL != null) { BigInteger crlNumber = crlRecord.getCRLNumber(); - BigInteger deltaNumber = crlRecord - .getDeltaCRLNumber(); - if ((clonedCA && crlNumber != null - && deltaNumber != null && deltaNumber - .compareTo(crlNumber) >= 0) - || (crlIP != null && crlIP - .isThisCurrentDeltaCRL(deltaCRL))) { + BigInteger deltaNumber = crlRecord.getDeltaCRLNumber(); + if ((clonedCA && crlNumber != null && deltaNumber != null && + deltaNumber.compareTo(crlNumber) >= 0) || + (crlIP != null && crlIP.isThisCurrentDeltaCRL(deltaCRL))) { - header.addIntegerValue("deltaCRLSize", deltaCRL - .getNumberOfRevokedCertificates()); + header.addIntegerValue("deltaCRLSize", + deltaCRL.getNumberOfRevokedCertificates()); - ICRLPrettyPrint crlDetails = CMS - .getCRLPrettyPrint(deltaCRL); + ICRLPrettyPrint crlDetails = CMS.getCRLPrettyPrint(deltaCRL); - header.addStringValue("crlPrettyPrint", - crlDetails.toString(locale, 0, 0, 0)); + header.addStringValue( + "crlPrettyPrint", crlDetails.toString(locale, 0, 0, 0)); try { byte[] ba = deltaCRL.getEncoded(); - String crlBase64Encoded = com.netscape.osutil.OSUtil - .BtoA(ba); + String crlBase64Encoded = com.netscape.osutil.OSUtil.BtoA(ba); int length = crlBase64Encoded.length(); int i = 0; int j = 0; int n = 1; while (i < length) { - int k = crlBase64Encoded.indexOf('\n', - i); + int k = crlBase64Encoded.indexOf('\n', i); if (n < 100 && k > -1) { n++; i = k + 1; if (i >= length) { - IArgBlock rarg = CMS - .createArgBlock(); + IArgBlock rarg = CMS.createArgBlock(); - rarg.addStringValue( - "crlBase64Encoded", - crlBase64Encoded - .substring(j, k)); + rarg.addStringValue("crlBase64Encoded", crlBase64Encoded.substring(j, k)); argSet.addRepeatRecord(rarg); } } else { n = 1; - IArgBlock rarg = CMS - .createArgBlock(); + IArgBlock rarg = CMS.createArgBlock(); if (k > -1) { - rarg.addStringValue( - "crlBase64Encoded", - crlBase64Encoded - .substring(j, k)); + rarg.addStringValue("crlBase64Encoded", crlBase64Encoded.substring(j, k)); i = k + 1; j = i; } else { - rarg.addStringValue( - "crlBase64Encoded", - crlBase64Encoded - .substring(j, - length)); + rarg.addStringValue("crlBase64Encoded", crlBase64Encoded.substring(j, length)); i = length; } argSet.addRepeatRecord(rarg); @@ -495,32 +449,25 @@ public class DisplayCRL extends CMSServlet { } catch (CRLException e) { } } else { - header.addStringValue("error", - "Current Delta CRL is not available."); + header.addStringValue("error", "Current Delta CRL is not available."); } } } } else { - header.addStringValue("error", - "Delta CRL is not enabled for " + crlIssuingPointId - + " issuing point"); + header.addStringValue("error", "Delta CRL is not enabled for " + + crlIssuingPointId + + " issuing point"); } } } else if (!isCRLCacheEnabled && crlDisplayType.equals("cachedCRL")) { - header.addStringValue("error", CMS.getUserMessage(locale, - "CMS_GW_CRL_CACHE_IS_NOT_ENABLED", crlIssuingPointId)); - header.addStringValue("crlPrettyPrint", CMS.getUserMessage(locale, - "CMS_GW_CRL_CACHE_IS_NOT_ENABLED", crlIssuingPointId)); + header.addStringValue("error", CMS.getUserMessage(locale, "CMS_GW_CRL_CACHE_IS_NOT_ENABLED", crlIssuingPointId)); + header.addStringValue("crlPrettyPrint", CMS.getUserMessage(locale, "CMS_GW_CRL_CACHE_IS_NOT_ENABLED", crlIssuingPointId)); } else { - header.addStringValue( - "error", - new ECMSGWException(CMS.getUserMessage(locale, - "CMS_GW_DECODE_CRL_FAILED")).toString()); - header.addStringValue( - "crlPrettyPrint", - new ECMSGWException(CMS.getUserMessage(locale, - "CMS_GW_DECODE_CRL_FAILED")).toString()); + header.addStringValue("error", + new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString()); + header.addStringValue("crlPrettyPrint", + new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString()); } return; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayHashUserEnroll.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayHashUserEnroll.java index 74c4ff28..6efda2bb 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayHashUserEnroll.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayHashUserEnroll.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; + import java.io.IOException; import java.util.Date; import java.util.Locale; @@ -44,10 +45,11 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; + /** - * Servlet to report the status, ie, the agent-initiated user enrollment is - * enabled or disabled. - * + * Servlet to report the status, ie, the agent-initiated user + * enrollment is enabled or disabled. + * * @version $Revision$, $Date$ */ public class DisplayHashUserEnroll extends CMSServlet { @@ -70,7 +72,8 @@ public class DisplayHashUserEnroll extends CMSServlet { super.init(sc); try { - mFormPath = sc.getInitParameter(PROP_SUCCESS_TEMPLATE); + mFormPath = sc.getInitParameter( + PROP_SUCCESS_TEMPLATE); if (mFormPath == null) mFormPath = TPL_FILE; } catch (Exception e) { @@ -86,7 +89,8 @@ public class DisplayHashUserEnroll extends CMSServlet { /** * Services the request */ - protected void process(CMSRequest cmsReq) throws EBaseException { + protected void process(CMSRequest cmsReq) + throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -94,8 +98,8 @@ public class DisplayHashUserEnroll extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "read"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "read"); } catch (Exception e) { // do nothing for now } @@ -111,10 +115,9 @@ public class DisplayHashUserEnroll extends CMSServlet { IArgBlock args = cmsReq.getHttpParams(); if (!(mAuthority instanceof IRegistrationAuthority)) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE")); - cmsReq.setError(new ECMSGWException(CMS - .getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED"))); + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE")); + cmsReq.setError(new ECMSGWException( + CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -125,8 +128,7 @@ public class DisplayHashUserEnroll extends CMSServlet { IConfigStore configStore = CMS.getConfigStore(); String val = configStore.getString("hashDirEnrollment.name"); - IAuthSubsystem authSS = (IAuthSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_AUTH); + IAuthSubsystem authSS = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); IAuthManager authMgr = authSS.get(val); HashAuthentication mgr = (HashAuthentication) authMgr; boolean isEnable = mgr.isEnable(reqHost); @@ -150,7 +152,7 @@ public class DisplayHashUserEnroll extends CMSServlet { printError(cmsReq, "2"); cmsReq.setStatus(CMSRequest.SUCCESS); return; - } + } mgr.setLastLogin(reqHost, currTime); @@ -160,10 +162,10 @@ public class DisplayHashUserEnroll extends CMSServlet { try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "ADMIN_SRVLT_ERR_GET_TEMPLATE", mFormPath, e.toString())); - cmsReq.setError(new ECMSGWException(CMS - .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", mFormPath, e.toString())); + cmsReq.setError(new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -175,11 +177,10 @@ public class DisplayHashUserEnroll extends CMSServlet { form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", - e.toString())); - cmsReq.setError(new ECMSGWException(CMS - .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); + cmsReq.setError(new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); } cmsReq.setStatus(CMSRequest.SUCCESS); @@ -187,7 +188,7 @@ public class DisplayHashUserEnroll extends CMSServlet { } private void printError(CMSRequest cmsReq, String errorCode) - throws EBaseException { + throws EBaseException { IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -206,10 +207,10 @@ public class DisplayHashUserEnroll extends CMSServlet { try { form = getTemplate(formPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "ADMIN_SRVLT_ERR_GET_TEMPLATE", formPath, e.toString())); - cmsReq.setError(new ECMSGWException(CMS - .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", formPath, e.toString())); + cmsReq.setError(new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -222,11 +223,10 @@ public class DisplayHashUserEnroll extends CMSServlet { cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", - e.toString())); + CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", e.toString())); - cmsReq.setError(new ECMSGWException(CMS - .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + cmsReq.setError(new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java index dbca061a..b333c787 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; + import java.io.IOException; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; @@ -70,9 +71,10 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; + /** * Revoke a Certificate - * + * * @version $Revision$, $Date$ */ public class DoRevoke extends CMSServlet { @@ -96,17 +98,20 @@ public class DoRevoke extends CMSServlet { private final static String REVOKE = "revoke"; private final static String ON_HOLD = "on-hold"; private final static int ON_HOLD_REASON = 6; - private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; - private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; + private final static String + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = + "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; + private final static String + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = + "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; public DoRevoke() { super(); } /** - * initialize the servlet. This servlet uses the template file - * "revocationResult.template" to render the result - * + * initialize the servlet. This servlet uses the template + * file "revocationResult.template" to render the result * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -117,15 +122,13 @@ public class DoRevoke extends CMSServlet { mUL = mUG.getCertUserLocator(); if (mAuthority instanceof ICertificateAuthority) { - mCertDB = ((ICertificateAuthority) mAuthority) - .getCertificateRepository(); + mCertDB = ((ICertificateAuthority) mAuthority).getCertificateRepository(); if (((ICertificateAuthority) mAuthority).noncesEnabled()) { mNonces = ((ICertificateAuthority) mAuthority).getNonces(); } } if (mAuthority instanceof ICertAuthority) { - mPublisherProcessor = ((ICertAuthority) mAuthority) - .getPublisherProcessor(); + mPublisherProcessor = ((ICertAuthority) mAuthority).getPublisherProcessor(); } mQueue = mAuthority.getRequestQueue(); @@ -142,20 +145,16 @@ public class DoRevoke extends CMSServlet { } /** - * Serves HTTP request. The http parameters used by this request are as - * follows: - * + * Serves HTTP request. The http parameters used by this request are as follows: * <pre> * serialNumber Serial number of certificate to revoke (in HEX) * revocationReason Revocation reason (Described below) * totalRecordCount [number] * verifiedRecordCount [number] * invalidityDate [number of seconds in Jan 1,1970] - * + * * </pre> - * * revocationReason can be one of these values: - * * <pre> * 0 = Unspecified (default) * 1 = Key compromised @@ -185,11 +184,8 @@ public class DoRevoke extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, - e.toString())); - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } IArgBlock header = CMS.createArgBlock(); @@ -198,18 +194,21 @@ public class DoRevoke extends CMSServlet { try { if (req.getParameter("revocationReason") != null) { - reason = Integer.parseInt(req.getParameter("revocationReason")); + reason = Integer.parseInt(req.getParameter( + "revocationReason")); } if (req.getParameter("totalRecordCount") != null) { - totalRecordCount = Integer.parseInt(req - .getParameter("totalRecordCount")); + totalRecordCount = Integer.parseInt(req.getParameter( + "totalRecordCount")); } if (req.getParameter("verifiedRecordCount") != null) { - verifiedRecordCount = Integer.parseInt(req - .getParameter("verifiedRecordCount")); + verifiedRecordCount = Integer.parseInt( + req.getParameter( + "verifiedRecordCount")); } if (req.getParameter("invalidityDate") != null) { - long l = Long.parseLong(req.getParameter("invalidityDate")); + long l = Long.parseLong(req.getParameter( + "invalidityDate")); if (l > 0) { invalidityDate = new Date(l); @@ -227,11 +226,10 @@ public class DoRevoke extends CMSServlet { certChain[0] = cert2; IUser user = null; try { - user = (IUser) mUL.locateUser(new Certificates( - certChain)); + user = (IUser) mUL.locateUser(new Certificates(certChain)); } catch (Exception e) { - CMS.debug("DoRevoke: Failed to map certificate '" - + cert2.getSubjectDN().getName() + "' to user."); + CMS.debug("DoRevoke: Failed to map certificate '"+ + cert2.getSubjectDN().getName()+"' to user."); } if (mUG.isMemberOf(user, "Subsystem Group")) { skipNonceVerification = true; @@ -244,17 +242,15 @@ public class DoRevoke extends CMSServlet { X509Certificate cert1 = mNonces.getCertificate(nonce); if (cert1 == null) { CMS.debug("DoRevoke: Unknown nonce"); - } else if (cert1 != null && cert2 != null - && cert1.equals(cert2)) { + } else if (cert1 != null && cert2 != null && cert1.equals(cert2)) { nonceVerified = true; mNonces.removeNonce(nonce); } } else { CMS.debug("DoRevoke: Missing nonce"); } - CMS.debug("DoRevoke: nonceVerified=" + nonceVerified); - CMS.debug("DoRevoke: skipNonceVerification=" - + skipNonceVerification); + CMS.debug("DoRevoke: nonceVerified="+nonceVerified); + CMS.debug("DoRevoke: skipNonceVerification="+skipNonceVerification); if ((!nonceVerified) && (!skipNonceVerification)) { cmsReq.setStatus(CMSRequest.UNAUTHORIZED); return; @@ -265,7 +261,7 @@ public class DoRevoke extends CMSServlet { String eeSubjectDN = null; String eeSerialNumber = null; - // for audit log. + //for audit log. String initiative = null; String authMgr = AuditFormat.NOAUTH; @@ -276,51 +272,46 @@ public class DoRevoke extends CMSServlet { try { authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "revoke"); + mAuthzResourceName, "revoke"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { cmsReq.setStatus(CMSRequest.UNAUTHORIZED); return; } - - if (mAuthMgr != null - && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { + + + if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { if (authToken != null) { String serialNumber = req.getParameter("serialNumber"); X509CertImpl sslCert = (X509CertImpl) getSSLClientCertificate(req); - if (serialNumber != null) { + if (serialNumber != null) { eeSerialNumber = serialNumber; } - authMgr = authToken - .getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); + authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); String agentID = authToken.getInString("userid"); - initiative = AuditFormat.FROMAGENT + " agentID: " + agentID - + " authenticated by " + authMgr; + initiative = AuditFormat.FROMAGENT + " agentID: " + agentID + + " authenticated by " + authMgr; } } else { // request is fromUser. initiative = AuditFormat.FROMUSER; - + String serialNumber = req.getParameter("serialNumber"); X509CertImpl sslCert = (X509CertImpl) getSSLClientCertificate(req); - if (serialNumber == null - || sslCert == null - || !(serialNumber.equals(sslCert.getSerialNumber() - .toString(16)))) { + if (serialNumber == null || sslCert == null || + !(serialNumber.equals(sslCert.getSerialNumber().toString(16)))) { authorized = false; } else { eeSubjectDN = sslCert.getSubjectDN().toString(); @@ -331,25 +322,29 @@ public class DoRevoke extends CMSServlet { if (authorized) { process(argSet, header, reason, invalidityDate, initiative, - req, resp, verifiedRecordCount, revokeAll, - totalRecordCount, eeSerialNumber, eeSubjectDN, - comments, locale[0]); + req, resp, verifiedRecordCount, revokeAll, + totalRecordCount, eeSerialNumber, eeSubjectDN, + comments, locale[0]); } } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); - error = new EBaseException( - CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); + error = new EBaseException(CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); } catch (EBaseException e) { error = e; } /* - * catch (Exception e) { noError = false; - * header.addStringValue(OUT_ERROR, MessageFormatter.getLocalizedString( - * errorlocale[0], BaseResources.class.getName(), - * BaseResources.INTERNAL_ERROR_1, e.toString())); } + catch (Exception e) { + noError = false; + header.addStringValue(OUT_ERROR, + MessageFormatter.getLocalizedString( + errorlocale[0], + BaseResources.class.getName(), + BaseResources.INTERNAL_ERROR_1, + e.toString())); + } */ try { @@ -358,11 +353,11 @@ public class DoRevoke extends CMSServlet { if (error == null && authorized) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else if (!authorized) { cmsReq.setStatus(CMSRequest.UNAUTHORIZED); @@ -371,63 +366,67 @@ public class DoRevoke extends CMSServlet { cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", - e.toString())); - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); + throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } } /** * Process cert status change request * <P> - * - * (Certificate Request - either an "agent" cert status change request, or - * an "EE" cert status change request) + * + * (Certificate Request - either an "agent" cert status change request, + * or an "EE" cert status change request) * <P> - * - * (Certificate Request Processed - either an "agent" cert status change - * request, or an "EE" cert status change request) + * + * (Certificate Request Processed - either an "agent" cert status change + * request, or an "EE" cert status change request) * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used - * when a cert status change request (e. g. - "revocation") is made (before + * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when + * a cert status change request (e. g. - "revocation") is made (before * approval process) - * <li>signed.audit - * LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a - * certificate status is changed (revoked, expired, on-hold, off-hold) + * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED + * used when a certificate status is changed (revoked, expired, on-hold, + * off-hold) * </ul> - * * @param argSet CMS template parameters * @param header argument block - * @param reason revocation reason (0 - Unspecified, 1 - Key compromised, 2 - * - CA key compromised; should not be used, 3 - Affiliation - * changed, 4 - Certificate superceded, 5 - Cessation of - * operation, or 6 - Certificate is on hold) + * @param reason revocation reason (0 - Unspecified, 1 - Key compromised, + * 2 - CA key compromised; should not be used, 3 - Affiliation changed, + * 4 - Certificate superceded, 5 - Cessation of operation, or + * 6 - Certificate is on hold) * @param invalidityDate certificate validity date * @param initiative string containing the audit format * @param req HTTP servlet request * @param resp HTTP servlet response * @param verifiedRecordCount number of verified records - * @param revokeAll string containing information on all of the certificates - * to be revoked + * @param revokeAll string containing information on all of the + * certificates to be revoked * @param totalRecordCount total number of records (verified and unverified) - * @param eeSerialNumber string containing the end-entity certificate serial - * number + * @param eeSerialNumber string containing the end-entity certificate + * serial number * @param eeSubjectDN string containing the end-entity certificate subject - * distinguished name (DN) + * distinguished name (DN) * @param comments string containing certificate comments * @param locale the system locale * @exception EBaseException an error has occurred */ private void process(CMSTemplateParams argSet, IArgBlock header, - int reason, Date invalidityDate, String initiative, - HttpServletRequest req, HttpServletResponse resp, - int verifiedRecordCount, String revokeAll, int totalRecordCount, - String eeSerialNumber, String eeSubjectDN, String comments, - Locale locale) throws EBaseException { + int reason, Date invalidityDate, + String initiative, + HttpServletRequest req, + HttpServletResponse resp, + int verifiedRecordCount, + String revokeAll, + int totalRecordCount, + String eeSerialNumber, + String eeSubjectDN, + String comments, + Locale locale) + throws EBaseException { boolean auditRequest = true; String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -437,8 +436,7 @@ public class DoRevoke extends CMSServlet { String auditApprovalStatus = ILogger.SIGNED_AUDIT_EMPTY_VALUE; String auditReasonNum = String.valueOf(reason); - CMS.debug("DoRevoke: eeSerialNumber: " + eeSerialNumber - + " auditSerialNumber: " + auditSerialNumber); + CMS.debug("DoRevoke: eeSerialNumber: " + eeSerialNumber + " auditSerialNumber: " + auditSerialNumber); long startTime = CMS.getCurrentDate().getTime(); try { @@ -481,54 +479,47 @@ public class DoRevoke extends CMSServlet { IArgBlock rarg = CMS.createArgBlock(); // we do not want to revoke the CA certificate accidentially - if (xcert != null - && isSystemCertificate(xcert.getSerialNumber())) { - CMS.debug("DoRevoke: skipped revocation request for system certificate " - + xcert.getSerialNumber()); + if (xcert != null && isSystemCertificate(xcert.getSerialNumber())) { + CMS.debug("DoRevoke: skipped revocation request for system certificate " + xcert.getSerialNumber()); continue; } - + if (xcert != null) { - rarg.addStringValue("serialNumber", xcert - .getSerialNumber().toString(16)); - - if (eeSerialNumber != null - && (eeSerialNumber.equals(xcert - .getSerialNumber().toString())) - && rec.getStatus().equals( - ICertRecord.STATUS_REVOKED)) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CA_CERTIFICATE_ALREADY_REVOKED_1", xcert - .getSerialNumber().toString(16))); + rarg.addStringValue("serialNumber", + xcert.getSerialNumber().toString(16)); + + if (eeSerialNumber != null && + (eeSerialNumber.equals(xcert.getSerialNumber().toString())) && + rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CA_CERTIFICATE_ALREADY_REVOKED_1", xcert.getSerialNumber().toString(16))); // store a message in the signed audit log file - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, auditRequestType); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType); audit(auditMessage); - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_UNAUTHORIZED")); - } else if (rec.getStatus().equals( - ICertRecord.STATUS_REVOKED)) { - rarg.addStringValue("error", "Certificate 0x" - + xcert.getSerialNumber().toString(16) - + " is already revoked."); - } else if (eeSubjectDN != null - && (!eeSubjectDN.equals(xcert.getSubjectDN() - .toString()))) { - rarg.addStringValue("error", "Certificate 0x" - + xcert.getSerialNumber().toString(16) - + " belongs to different subject."); + throw new ECMSGWException(CMS.getLogMessage("CMSGW_UNAUTHORIZED")); + } else if (rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) { + rarg.addStringValue("error", "Certificate 0x" + + xcert.getSerialNumber().toString(16) + + " is already revoked."); + } else if (eeSubjectDN != null && + (!eeSubjectDN.equals(xcert.getSubjectDN().toString()))) { + rarg.addStringValue("error", "Certificate 0x" + + xcert.getSerialNumber().toString(16) + + " belongs to different subject."); } else { oldCertsV.addElement(xcert); - RevokedCertImpl revCertImpl = new RevokedCertImpl( - xcert.getSerialNumber(), + RevokedCertImpl revCertImpl = + new RevokedCertImpl(xcert.getSerialNumber(), CMS.getCurrentDate(), entryExtn); revCertImplsV.addElement(revCertImpl); @@ -544,67 +535,57 @@ public class DoRevoke extends CMSServlet { Vector serialNumbers = new Vector(); if (revokeAll != null && revokeAll.length() > 0) { - for (int i = revokeAll.indexOf('='); i < revokeAll.length() - && i > -1; i = revokeAll.indexOf('=', i)) { + for (int i = revokeAll.indexOf('='); + i < revokeAll.length() && i > -1; + i = revokeAll.indexOf('=', i)) { if (i > -1) { i++; - while (i < revokeAll.length() - && revokeAll.charAt(i) == ' ') { + while (i < revokeAll.length() && revokeAll.charAt(i) == ' ') { i++; } // xxxx decimal serial number? String legalDigits = "0123456789"; int j = i; - while (j < revokeAll.length() - && legalDigits.indexOf(revokeAll.charAt(j)) != -1) { + while (j < revokeAll.length() && legalDigits.indexOf(revokeAll.charAt(j)) != -1) { j++; } if (j > i) { - serialNumbers.addElement(revokeAll.substring(i, - j)); + serialNumbers.addElement(revokeAll.substring(i, j)); } } } } - if (reqIdStr != null && reqIdStr.length() > 0 - && serialNumbers.size() > 0) { - IRequest certReq = mRequestQueue.findRequest(new RequestId( - reqIdStr)); - X509CertImpl[] certs = certReq - .getExtDataInCertArray(IRequest.OLD_CERTS); + if (reqIdStr != null && reqIdStr.length() > 0 && serialNumbers.size() > 0) { + IRequest certReq = mRequestQueue.findRequest(new RequestId(reqIdStr)); + X509CertImpl[] certs = certReq.getExtDataInCertArray(IRequest.OLD_CERTS); boolean authorized = false; for (int i = 0; i < certs.length; i++) { boolean addToList = false; - for (int j = 0; j < serialNumbers.size(); j++) { - // xxxxx serial number in decimal? - if (certs[i] - .getSerialNumber() - .toString() - .equals((String) serialNumbers.elementAt(j)) - && eeSubjectDN != null - && eeSubjectDN.equals(certs[i] - .getSubjectDN().toString())) { + for (int j = 0; j < serialNumbers.size(); + j++) { + //xxxxx serial number in decimal? + if (certs[i].getSerialNumber().toString().equals((String) serialNumbers.elementAt(j)) && + eeSubjectDN != null && eeSubjectDN.equals(certs[i].getSubjectDN().toString())) { addToList = true; break; } } - if (eeSerialNumber != null - && eeSerialNumber.equals(certs[i] - .getSerialNumber().toString())) { + if (eeSerialNumber != null && + eeSerialNumber.equals(certs[i].getSerialNumber().toString())) { authorized = true; } if (addToList) { IArgBlock rarg = CMS.createArgBlock(); - rarg.addStringValue("serialNumber", certs[i] - .getSerialNumber().toString(16)); + rarg.addStringValue("serialNumber", + certs[i].getSerialNumber().toString(16)); oldCertsV.addElement(certs[i]); - RevokedCertImpl revCertImpl = new RevokedCertImpl( - certs[i].getSerialNumber(), + RevokedCertImpl revCertImpl = + new RevokedCertImpl(certs[i].getSerialNumber(), CMS.getCurrentDate(), entryExtn); revCertImplsV.addElement(revCertImpl); @@ -615,38 +596,38 @@ public class DoRevoke extends CMSServlet { } if (!authorized) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_REQ_AUTH_REVOKED_CERT")); + CMS.getLogMessage("CMSGW_REQ_AUTH_REVOKED_CERT")); // store a message in the signed audit log file - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, ILogger.FAILURE, - auditRequesterID, auditSerialNumber, - auditRequestType); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType); audit(auditMessage); - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_UNAUTHORIZED")); + throw new ECMSGWException(CMS.getLogMessage("CMSGW_UNAUTHORIZED")); } } else { String b64eCert = req.getParameter("b64eCertificate"); if (b64eCert != null) { - // BASE64Decoder decoder = new BASE64Decoder(); - // byte[] certBytes = decoder.decodeBuffer(b64eCert); + // BASE64Decoder decoder = new BASE64Decoder(); + // byte[] certBytes = decoder.decodeBuffer(b64eCert); byte[] certBytes = CMS.AtoB(b64eCert); X509CertImpl cert = new X509CertImpl(certBytes); IArgBlock rarg = CMS.createArgBlock(); - rarg.addStringValue("serialNumber", cert - .getSerialNumber().toString(16)); + rarg.addStringValue("serialNumber", + cert.getSerialNumber().toString(16)); oldCertsV.addElement(cert); - RevokedCertImpl revCertImpl = new RevokedCertImpl( - cert.getSerialNumber(), CMS.getCurrentDate(), - entryExtn); + RevokedCertImpl revCertImpl = + new RevokedCertImpl(cert.getSerialNumber(), + CMS.getCurrentDate(), entryExtn); revCertImplsV.addElement(revCertImpl); count++; @@ -655,26 +636,27 @@ public class DoRevoke extends CMSServlet { } } } - if (count == 0) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_REV_CERTS_ZERO")); + if (count == 0) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REV_CERTS_ZERO")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, ILogger.FAILURE, auditRequesterID, - auditSerialNumber, auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType); audit(auditMessage); - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_REVOCATION_ERROR_CERT_NOT_FOUND")); + throw new ECMSGWException(CMS.getLogMessage("CMSGW_REVOCATION_ERROR_CERT_NOT_FOUND")); } header.addIntegerValue("totalRecordCount", count); X509CertImpl[] oldCerts = new X509CertImpl[count]; - // Certificate[] oldCerts = new Certificate[count]; + //Certificate[] oldCerts = new Certificate[count]; RevokedCertImpl[] revCertImpls = new RevokedCertImpl[count]; for (int i = 0; i < count; i++) { @@ -682,29 +664,32 @@ public class DoRevoke extends CMSServlet { revCertImpls[i] = (RevokedCertImpl) revCertImplsV.elementAt(i); } - IRequest revReq = mQueue.newRequest(IRequest.REVOCATION_REQUEST); + IRequest revReq = + mQueue.newRequest(IRequest.REVOCATION_REQUEST); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, ILogger.SUCCESS, auditRequesterID, - auditSerialNumber, auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + auditSerialNumber, + auditRequestType); audit(auditMessage); revReq.setExtData(IRequest.CERT_INFO, revCertImpls); revReq.setExtData(IRequest.REQ_TYPE, IRequest.REVOCATION_REQUEST); - if (initiative.equals(AuditFormat.FROMUSER)) - revReq.setExtData(IRequest.REQUESTOR_TYPE, - IRequest.REQUESTOR_EE); + if(initiative.equals(AuditFormat.FROMUSER)) + revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_EE); else - revReq.setExtData(IRequest.REQUESTOR_TYPE, - IRequest.REQUESTOR_AGENT); + revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_AGENT); revReq.setExtData(IRequest.OLD_CERTS, oldCerts); if (comments != null) { revReq.setExtData(IRequest.REQUESTOR_COMMENTS, comments); } - revReq.setExtData(IRequest.REVOKED_REASON, Integer.valueOf(reason)); + revReq.setExtData(IRequest.REVOKED_REASON, + Integer.valueOf(reason)); // change audit processing from "REQUEST" to "REQUEST_PROCESSED" // to distinguish which type of signed audit log message to save @@ -722,44 +707,38 @@ public class DoRevoke extends CMSServlet { // The SVC_PENDING check has been added for the Cloned CA request // that is meant for the Master CA. From Clone's point of view // the request is complete - if ((stat == RequestStatus.COMPLETE) - || ((type.equals(IRequest.CLA_CERT4CRL_REQUEST)) && (stat == RequestStatus.SVC_PENDING))) { - // audit log the error + if ((stat == RequestStatus.COMPLETE) || ((type.equals(IRequest.CLA_CERT4CRL_REQUEST)) && (stat == RequestStatus.SVC_PENDING))) { + // audit log the error Integer result = revReq.getExtDataInInteger(IRequest.RESULT); if (result.equals(IRequest.RES_ERROR)) { - String[] svcErrors = revReq - .getExtDataInStringArray(IRequest.SVCERRORS); + String[] svcErrors = + revReq.getExtDataInStringArray(IRequest.SVCERRORS); if (svcErrors != null && svcErrors.length > 0) { for (int i = 0; i < svcErrors.length; i++) { String err = svcErrors[i]; if (err != null) { - // cmsReq.setErrorDescription(err); + //cmsReq.setErrorDescription(err); for (int j = 0; j < count; j++) { if (oldCerts[j] instanceof X509CertImpl) { X509CertImpl cert = (X509CertImpl) oldCerts[j]; if (oldCerts[j] != null) { - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "completed with error: " - + err, - cert.getSubjectDN(), - cert.getSerialNumber() - .toString( - 16), - RevocationReason - .fromInt( - reason) - .toString() }); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "completed with error: " + + err, + cert.getSubjectDN(), + cert.getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString()} + ); } } } @@ -770,24 +749,26 @@ public class DoRevoke extends CMSServlet { // store a message in the signed audit log file // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" - if ((auditApprovalStatus - .equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus - .equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus - .equals(RequestStatus.CANCELED_STRING))) { - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, - auditRequesterID, auditSerialNumber, - auditRequestType, auditReasonNum, - auditApprovalStatus); + if ((auditApprovalStatus.equals( + RequestStatus.COMPLETE_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.REJECTED_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.CANCELED_STRING))) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType, + auditReasonNum, + auditApprovalStatus); audit(auditMessage); } - return; + return; } long endTime = CMS.getCurrentDate().getTime(); @@ -798,29 +779,25 @@ public class DoRevoke extends CMSServlet { if (oldCerts[j] instanceof X509CertImpl) { X509CertImpl cert = (X509CertImpl) oldCerts[j]; - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "completed", - cert.getSubjectDN(), - cert.getSerialNumber().toString(16), - RevocationReason.fromInt(reason) - .toString() - + " time: " - + (endTime - startTime) }); + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "completed", + cert.getSubjectDN(), + cert.getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString() + " time: " + (endTime - startTime)} + ); } } } header.addStringValue("revoked", "yes"); - Integer updateCRLResult = revReq - .getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); + Integer updateCRLResult = + revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); if (updateCRLResult != null) { header.addStringValue("updateCRL", "yes"); @@ -828,99 +805,92 @@ public class DoRevoke extends CMSServlet { header.addStringValue("updateCRLSuccess", "yes"); } else { header.addStringValue("updateCRLSuccess", "no"); - String crlError = revReq - .getExtDataInString(IRequest.CRL_UPDATE_ERROR); + String crlError = + revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR); - if (crlError != null) - header.addStringValue("updateCRLError", crlError); + if (crlError != null) + header.addStringValue("updateCRLError", + crlError); } // let known crl publishing status too. - Integer publishCRLResult = revReq - .getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); + Integer publishCRLResult = + revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); if (publishCRLResult != null) { if (publishCRLResult.equals(IRequest.RES_SUCCESS)) { header.addStringValue("publishCRLSuccess", "yes"); } else { header.addStringValue("publishCRLSuccess", "no"); - String publError = revReq - .getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + String publError = + revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); - if (publError != null) - header.addStringValue("publishCRLError", - publError); + if (publError != null) + header.addStringValue("publishCRLError", + publError); } } } if (mAuthority instanceof ICertificateAuthority) { - // let known update and publish status of all crls. - Enumeration otherCRLs = ((ICertificateAuthority) mAuthority) - .getCRLIssuingPoints(); + // let known update and publish status of all crls. + Enumeration otherCRLs = + ((ICertificateAuthority) mAuthority).getCRLIssuingPoints(); while (otherCRLs.hasMoreElements()) { - ICRLIssuingPoint crl = (ICRLIssuingPoint) otherCRLs - .nextElement(); + ICRLIssuingPoint crl = (ICRLIssuingPoint) + otherCRLs.nextElement(); String crlId = crl.getId(); if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL)) continue; String updateStatusStr = crl.getCrlUpdateStatusStr(); - Integer updateResult = revReq - .getExtDataInInteger(updateStatusStr); + Integer updateResult = revReq.getExtDataInInteger(updateStatusStr); if (updateResult != null) { if (updateResult.equals(IRequest.RES_SUCCESS)) { - CMS.debug("DoRevoke: " - + CMS.getLogMessage( - "ADMIN_SRVLT_ADDING_HEADER", - updateStatusStr)); + CMS.debug("DoRevoke: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER", updateStatusStr)); header.addStringValue(updateStatusStr, "yes"); } else { - String updateErrorStr = crl - .getCrlUpdateErrorStr(); + String updateErrorStr = crl.getCrlUpdateErrorStr(); - CMS.debug("DoRevoke: " - + CMS.getLogMessage( - "ADMIN_SRVLT_ADDING_HEADER_NO", - updateStatusStr)); + CMS.debug("DoRevoke: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER_NO", + updateStatusStr)); header.addStringValue(updateStatusStr, "no"); - String error = revReq - .getExtDataInString(updateErrorStr); + String error = + revReq.getExtDataInString(updateErrorStr); - if (error != null) - header.addStringValue(updateErrorStr, error); + if (error != null) + header.addStringValue(updateErrorStr, + error); } - String publishStatusStr = crl - .getCrlPublishStatusStr(); - Integer publishResult = revReq - .getExtDataInInteger(publishStatusStr); + String publishStatusStr = crl.getCrlPublishStatusStr(); + Integer publishResult = + revReq.getExtDataInInteger(publishStatusStr); - if (publishResult == null) + if (publishResult == null) continue; if (publishResult.equals(IRequest.RES_SUCCESS)) { header.addStringValue(publishStatusStr, "yes"); } else { - String publishErrorStr = crl - .getCrlPublishErrorStr(); + String publishErrorStr = + crl.getCrlPublishErrorStr(); header.addStringValue(publishStatusStr, "no"); - String error = revReq - .getExtDataInString(publishErrorStr); + String error = + revReq.getExtDataInString(publishErrorStr); - if (error != null) - header.addStringValue(publishErrorStr, - error); + if (error != null) + header.addStringValue( + publishErrorStr, error); } } } } - if (mPublisherProcessor != null - && mPublisherProcessor.ldapEnabled()) { + if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) { header.addStringValue("dirEnabled", "yes"); - Integer[] ldapPublishStatus = revReq - .getExtDataInIntegerArray("ldapPublishStatus"); + Integer[] ldapPublishStatus = + revReq.getExtDataInIntegerArray("ldapPublishStatus"); int certsToUpdate = 0; int certsUpdated = 0; @@ -935,12 +905,13 @@ public class DoRevoke extends CMSServlet { header.addIntegerValue("certsUpdated", certsUpdated); header.addIntegerValue("certsToUpdate", certsToUpdate); - // add crl publishing status. - String publError = revReq - .getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + // add crl publishing status. + String publError = + revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); if (publError != null) { - header.addStringValue("crlPublishError", publError); + header.addStringValue("crlPublishError", + publError); } } else { header.addStringValue("dirEnabled", "no"); @@ -948,14 +919,12 @@ public class DoRevoke extends CMSServlet { header.addStringValue("error", null); } else { - if (stat == RequestStatus.PENDING - || stat == RequestStatus.REJECTED) { + if (stat == RequestStatus.PENDING || stat == RequestStatus.REJECTED) { header.addStringValue("revoked", stat.toString()); } else { header.addStringValue("revoked", "no"); } - Vector errors = revReq - .getExtDataInStringVector(IRequest.ERRORS); + Vector errors = revReq.getExtDataInStringVector(IRequest.ERRORS); if (errors != null) { StringBuffer errInfo = new StringBuffer(); for (int i = 0; i < errors.size(); i++) { @@ -976,19 +945,17 @@ public class DoRevoke extends CMSServlet { if (oldCerts[j] instanceof X509CertImpl) { X509CertImpl cert = (X509CertImpl) oldCerts[j]; - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - stat.toString(), - cert.getSubjectDN(), - cert.getSerialNumber().toString(16), - RevocationReason.fromInt(reason) - .toString() }); + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + stat.toString(), + cert.getSubjectDN(), + cert.getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString()} + ); } } } @@ -998,17 +965,18 @@ public class DoRevoke extends CMSServlet { // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus - .equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus - .equals(RequestStatus.CANCELED_STRING))) { - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, ILogger.SUCCESS, - auditRequesterID, auditSerialNumber, - auditRequestType, auditReasonNum, - auditApprovalStatus); + || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING)) + ) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + auditSerialNumber, + auditRequestType, + auditReasonNum, + auditApprovalStatus); audit(auditMessage); } @@ -1018,9 +986,12 @@ public class DoRevoke extends CMSServlet { // store a "CERT_STATUS_CHANGE_REQUEST" failure // message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, ILogger.FAILURE, auditRequesterID, - auditSerialNumber, auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType); audit(auditMessage); } else { @@ -1028,18 +999,21 @@ public class DoRevoke extends CMSServlet { // message in the signed audit log file // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" - if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus - .equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus - .equals(RequestStatus.CANCELED_STRING))) { - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, - auditRequesterID, auditSerialNumber, - auditRequestType, auditReasonNum, - auditApprovalStatus); + if ((auditApprovalStatus.equals( + RequestStatus.COMPLETE_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.REJECTED_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.CANCELED_STRING))) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType, + auditReasonNum, + auditApprovalStatus); audit(auditMessage); } @@ -1053,9 +1027,12 @@ public class DoRevoke extends CMSServlet { // store a "CERT_STATUS_CHANGE_REQUEST" failure // message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, ILogger.FAILURE, auditRequesterID, - auditSerialNumber, auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType); audit(auditMessage); } else { @@ -1063,18 +1040,21 @@ public class DoRevoke extends CMSServlet { // message in the signed audit log file // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" - if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus - .equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus - .equals(RequestStatus.CANCELED_STRING))) { - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, - auditRequesterID, auditSerialNumber, - auditRequestType, auditReasonNum, - auditApprovalStatus); + if ((auditApprovalStatus.equals( + RequestStatus.COMPLETE_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.REJECTED_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.CANCELED_STRING))) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType, + auditReasonNum, + auditApprovalStatus); audit(auditMessage); } @@ -1082,17 +1062,19 @@ public class DoRevoke extends CMSServlet { throw e; } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED_1", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED_1", e.toString())); if (auditRequest) { // store a "CERT_STATUS_CHANGE_REQUEST" failure // message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, ILogger.FAILURE, auditRequesterID, - auditSerialNumber, auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType); audit(auditMessage); } else { @@ -1100,25 +1082,27 @@ public class DoRevoke extends CMSServlet { // message in the signed audit log file // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" - if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus - .equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus - .equals(RequestStatus.CANCELED_STRING))) { - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, - auditRequesterID, auditSerialNumber, - auditRequestType, auditReasonNum, - auditApprovalStatus); + if ((auditApprovalStatus.equals( + RequestStatus.COMPLETE_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.REJECTED_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.CANCELED_STRING))) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType, + auditReasonNum, + auditApprovalStatus); audit(auditMessage); } } - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED")); + throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED")); } return; @@ -1126,11 +1110,11 @@ public class DoRevoke extends CMSServlet { /** * Signed Audit Log Requester ID - * - * This method is called to obtain the "RequesterID" for a signed audit log - * message. + * + * This method is called to obtain the "RequesterID" for + * a signed audit log message. * <P> - * + * * @param req HTTP request * @return id string containing the signed audit log message RequesterID */ @@ -1156,11 +1140,11 @@ public class DoRevoke extends CMSServlet { /** * Signed Audit Log Serial Number - * + * * This method is called to obtain the serial number of the certificate * whose status is to be changed for a signed audit log message. * <P> - * + * * @param eeSerialNumber a string containing the un-normalized serialNumber * @return id string containing the signed audit log message RequesterID */ @@ -1179,28 +1163,30 @@ public class DoRevoke extends CMSServlet { // find out if the value is hex or decimal int value = -1; - - // try int - try { - value = Integer.parseInt(serialNumber, 10); + + //try int + try { + value = Integer.parseInt(serialNumber,10); } catch (NumberFormatException e) { } - - // try hex - if (value == -1) { + + //try hex + if( value == -1) { try { - value = Integer.parseInt(serialNumber, 16); + value = Integer.parseInt(serialNumber,16); } catch (NumberFormatException e) { } } // give up if it isn't hex or dec - if (value == -1) { + if ( value == -1) { throw new NumberFormatException(); } // convert it to hexadecimal - serialNumber = "0x" + Integer.toHexString(value); + serialNumber = "0x" + + Integer.toHexString( + value); } else { serialNumber = ILogger.SIGNED_AUDIT_EMPTY_VALUE; } @@ -1210,11 +1196,11 @@ public class DoRevoke extends CMSServlet { /** * Signed Audit Log Request Type - * - * This method is called to obtain the "Request Type" for a signed audit log - * message. + * + * This method is called to obtain the "Request Type" for + * a signed audit log message. * <P> - * + * * @param reason an integer denoting the revocation reason * @return string containing REVOKE or ON_HOLD */ @@ -1236,3 +1222,4 @@ public class DoRevoke extends CMSServlet { return requestType; } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java index d29f795b..ce074a05 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; + import java.io.IOException; import java.io.OutputStream; import java.util.Date; @@ -62,9 +63,10 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; + /** * Revoke a Certificate - * + * * @version $Revision$, $Date$ */ public class DoRevokeTPS extends CMSServlet { @@ -87,17 +89,20 @@ public class DoRevokeTPS extends CMSServlet { private final static String REVOKE = "revoke"; private final static String ON_HOLD = "on-hold"; private final static int ON_HOLD_REASON = 6; - private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; - private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; + private final static String + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = + "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; + private final static String + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = + "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; public DoRevokeTPS() { super(); } /** - * initialize the servlet. This servlet uses the template file - * "revocationResult.template" to render the result - * + * initialize the servlet. This servlet uses the template + * file "revocationResult.template" to render the result * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -105,12 +110,10 @@ public class DoRevokeTPS extends CMSServlet { mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; if (mAuthority instanceof ICertificateAuthority) { - mCertDB = ((ICertificateAuthority) mAuthority) - .getCertificateRepository(); + mCertDB = ((ICertificateAuthority) mAuthority).getCertificateRepository(); } if (mAuthority instanceof ICertAuthority) { - mPublisherProcessor = ((ICertAuthority) mAuthority) - .getPublisherProcessor(); + mPublisherProcessor = ((ICertAuthority) mAuthority).getPublisherProcessor(); } mQueue = mAuthority.getRequestQueue(); @@ -128,20 +131,16 @@ public class DoRevokeTPS extends CMSServlet { } /** - * Serves HTTP request. The http parameters used by this request are as - * follows: - * + * Serves HTTP request. The http parameters used by this request are as follows: * <pre> * serialNumber Serial number of certificate to revoke (in HEX) * revocationReason Revocation reason (Described below) * totalRecordCount [number] * verifiedRecordCount [number] * invalidityDate [number of seconds in Jan 1,1970] - * + * * </pre> - * * revocationReason can be one of these values: - * * <pre> * 0 = Unspecified (default) * 1 = Key compromised @@ -172,15 +171,11 @@ public class DoRevokeTPS extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, - e.toString())); - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } catch (Exception e) { - CMS.debug("DoRevokeTPS getTemplate failed"); - throw new EBaseException( - CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + CMS.debug("DoRevokeTPS getTemplate failed"); + throw new EBaseException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } CMS.debug("DoRevokeTPS after getTemplate"); @@ -190,14 +185,16 @@ public class DoRevokeTPS extends CMSServlet { try { if (req.getParameter("revocationReason") != null) { - reason = Integer.parseInt(req.getParameter("revocationReason")); + reason = Integer.parseInt(req.getParameter( + "revocationReason")); } if (req.getParameter("totalRecordCount") != null) { - totalRecordCount = Integer.parseInt(req - .getParameter("totalRecordCount")); + totalRecordCount = Integer.parseInt(req.getParameter( + "totalRecordCount")); } if (req.getParameter("invalidityDate") != null) { - long l = Long.parseLong(req.getParameter("invalidityDate")); + long l = Long.parseLong(req.getParameter( + "invalidityDate")); if (l > 0) { invalidityDate = new Date(l); @@ -206,7 +203,7 @@ public class DoRevokeTPS extends CMSServlet { revokeAll = req.getParameter("revokeAll"); String comments = req.getParameter(IRequest.REQUESTOR_COMMENTS); - // for audit log. + //for audit log. String initiative = null; String authMgr = AuditFormat.NOAUTH; @@ -215,31 +212,27 @@ public class DoRevokeTPS extends CMSServlet { try { authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "revoke"); + mAuthzResourceName, "revoke"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { cmsReq.setStatus(CMSRequest.UNAUTHORIZED); return; } - - if (mAuthMgr != null - && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { + + if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { if (authToken != null) { - authMgr = authToken - .getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); + authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); String agentID = authToken.getInString("userid"); - initiative = AuditFormat.FROMAGENT + " agentID: " + agentID - + " authenticated by " + authMgr; + initiative = AuditFormat.FROMAGENT + " agentID: " + agentID + + " authenticated by " + authMgr; } } else { CMS.debug("DoRevokeTPS: Missing authentication manager"); @@ -248,15 +241,13 @@ public class DoRevokeTPS extends CMSServlet { } if (authorized) { - process(argSet, header, reason, invalidityDate, initiative, - req, resp, revokeAll, totalRecordCount, comments, - locale[0]); + process(argSet, header, reason, invalidityDate, initiative, req, + resp, revokeAll, totalRecordCount, comments, locale[0]); } } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); - error = new EBaseException( - CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); + error = new EBaseException(CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); } catch (EBaseException e) { error = e; } @@ -269,10 +260,10 @@ public class DoRevokeTPS extends CMSServlet { errorString = "error=unauthorized"; } else if (error != null) { o_status = "status=3"; - errorString = "error=" + error.toString(); + errorString = "error="+error.toString(); } - String pp = o_status + "\n" + errorString; + String pp = o_status+"\n"+errorString; byte[] b = pp.getBytes(); resp.setContentType("text/html"); resp.setContentLength(b.length); @@ -280,57 +271,59 @@ public class DoRevokeTPS extends CMSServlet { os.write(b); os.flush(); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", - e.toString())); - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); + throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } } /** * Process cert status change request * <P> - * - * (Certificate Request - either an "agent" cert status change request, or - * an "EE" cert status change request) + * + * (Certificate Request - either an "agent" cert status change request, + * or an "EE" cert status change request) * <P> - * - * (Certificate Request Processed - either an "agent" cert status change - * request, or an "EE" cert status change request) + * + * (Certificate Request Processed - either an "agent" cert status change + * request, or an "EE" cert status change request) * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used - * when a cert status change request (e. g. - "revocation") is made (before + * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when + * a cert status change request (e. g. - "revocation") is made (before * approval process) - * <li>signed.audit - * LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a - * certificate status is changed (revoked, expired, on-hold, off-hold) + * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED + * used when a certificate status is changed (revoked, expired, on-hold, + * off-hold) * </ul> - * * @param argSet CMS template parameters * @param header argument block - * @param reason revocation reason (0 - Unspecified, 1 - Key compromised, 2 - * - CA key compromised; should not be used, 3 - Affiliation - * changed, 4 - Certificate superceded, 5 - Cessation of - * operation, or 6 - Certificate is on hold) + * @param reason revocation reason (0 - Unspecified, 1 - Key compromised, + * 2 - CA key compromised; should not be used, 3 - Affiliation changed, + * 4 - Certificate superceded, 5 - Cessation of operation, or + * 6 - Certificate is on hold) * @param invalidityDate certificate validity date * @param initiative string containing the audit format * @param req HTTP servlet request * @param resp HTTP servlet response - * @param revokeAll string containing information on all of the certificates - * to be revoked + * @param revokeAll string containing information on all of the + * certificates to be revoked * @param totalRecordCount total number of records (verified and unverified) * @param comments string containing certificate comments * @param locale the system locale * @exception EBaseException an error has occurred */ private void process(CMSTemplateParams argSet, IArgBlock header, - int reason, Date invalidityDate, String initiative, - HttpServletRequest req, HttpServletResponse resp, String revokeAll, - int totalRecordCount, String comments, Locale locale) - throws EBaseException { + int reason, Date invalidityDate, + String initiative, + HttpServletRequest req, + HttpServletResponse resp, + String revokeAll, + int totalRecordCount, + String comments, + Locale locale) + throws EBaseException { boolean auditRequest = true; String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -340,20 +333,21 @@ public class DoRevokeTPS extends CMSServlet { String auditApprovalStatus = ILogger.SIGNED_AUDIT_EMPTY_VALUE; String auditReasonNum = String.valueOf(reason); + if (revokeAll != null) { - CMS.debug("DoRevokeTPS.process revokeAll" + revokeAll); + CMS.debug("DoRevokeTPS.process revokeAll" + revokeAll); - String serial = ""; + String serial = ""; String[] tokens; tokens = revokeAll.split("="); if (tokens.length == 2) { serial = tokens[1]; - // remove the trailing paren + //remove the trailing paren if (serial.endsWith(")")) { - serial = serial.substring(0, serial.length() - 1); + serial = serial.substring(0,serial.length() -1); } - auditSerialNumber = serial; + auditSerialNumber = serial; } } @@ -399,36 +393,30 @@ public class DoRevokeTPS extends CMSServlet { } X509CertImpl xcert = rec.getCertificate(); IArgBlock rarg = CMS.createArgBlock(); - + // we do not want to revoke the CA certificate accidentially - if (xcert != null - && isSystemCertificate(xcert.getSerialNumber())) { - CMS.debug("DoRevokeTPS: skipped revocation request for system certificate " - + xcert.getSerialNumber()); + if (xcert != null && isSystemCertificate(xcert.getSerialNumber())) { + CMS.debug("DoRevokeTPS: skipped revocation request for system certificate " + xcert.getSerialNumber()); badCertsRequested = true; continue; } if (xcert != null) { - rarg.addStringValue("serialNumber", xcert.getSerialNumber() - .toString(16)); + rarg.addStringValue("serialNumber", + xcert.getSerialNumber().toString(16)); if (rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) { alreadyRevokedCertFound = true; - CMS.debug("Certificate 0x" - + xcert.getSerialNumber().toString(16) - + " has been revoked."); + CMS.debug("Certificate 0x"+xcert.getSerialNumber().toString(16) + " has been revoked."); } else { oldCertsV.addElement(xcert); - RevokedCertImpl revCertImpl = new RevokedCertImpl( - xcert.getSerialNumber(), CMS.getCurrentDate(), - entryExtn); + RevokedCertImpl revCertImpl = + new RevokedCertImpl(xcert.getSerialNumber(), + CMS.getCurrentDate(), entryExtn); revCertImplsV.addElement(revCertImpl); - CMS.debug("Certificate 0x" - + xcert.getSerialNumber().toString(16) - + " is going to be revoked."); + CMS.debug("Certificate 0x"+xcert.getSerialNumber().toString(16)+" is going to be revoked."); count++; } } else { @@ -436,37 +424,40 @@ public class DoRevokeTPS extends CMSServlet { } } - if (count == 0) { + if (count == 0) { // Situation where no certs were reoked here, but some certs // requested happened to be already revoked. Don't return error. - if (alreadyRevokedCertFound == true - && badCertsRequested == false) { - CMS.debug("Only have previously revoked certs in the list."); - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, ILogger.SUCCESS, auditRequesterID, - auditSerialNumber, auditRequestType); - - audit(auditMessage); - return; + if (alreadyRevokedCertFound == true && badCertsRequested == false) { + CMS.debug("Only have previously revoked certs in the list."); + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + auditSerialNumber, + auditRequestType); + + audit(auditMessage); + return; } - + errorString = "error=No certificates are revoked."; o_status = "status=2"; - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_REV_CERTS_ZERO")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REV_CERTS_ZERO")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, ILogger.FAILURE, auditRequesterID, - auditSerialNumber, auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType); audit(auditMessage); - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED")); + throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED")); } X509CertImpl[] oldCerts = new X509CertImpl[count]; @@ -477,30 +468,33 @@ public class DoRevokeTPS extends CMSServlet { revCertImpls[i] = (RevokedCertImpl) revCertImplsV.elementAt(i); } - IRequest revReq = mQueue.newRequest(IRequest.REVOCATION_REQUEST); + IRequest revReq = + mQueue.newRequest(IRequest.REVOCATION_REQUEST); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, ILogger.SUCCESS, auditRequesterID, - auditSerialNumber, auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + auditSerialNumber, + auditRequestType); audit(auditMessage); revReq.setExtData(IRequest.CERT_INFO, revCertImpls); revReq.setExtData(IRequest.REQ_TYPE, IRequest.REVOCATION_REQUEST); - if (initiative.equals(AuditFormat.FROMUSER)) { - revReq.setExtData(IRequest.REQUESTOR_TYPE, - IRequest.REQUESTOR_EE); + if(initiative.equals(AuditFormat.FROMUSER)) { + revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_EE); } else { - revReq.setExtData(IRequest.REQUESTOR_TYPE, - IRequest.REQUESTOR_AGENT); + revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_AGENT); } revReq.setExtData(IRequest.OLD_CERTS, oldCerts); if (comments != null) { revReq.setExtData(IRequest.REQUESTOR_COMMENTS, comments); } - revReq.setExtData(IRequest.REVOKED_REASON, Integer.valueOf(reason)); + revReq.setExtData(IRequest.REVOKED_REASON, + Integer.valueOf(reason)); // change audit processing from "REQUEST" to "REQUEST_PROCESSED" // to distinguish which type of signed audit log message to save @@ -518,44 +512,38 @@ public class DoRevokeTPS extends CMSServlet { // The SVC_PENDING check has been added for the Cloned CA request // that is meant for the Master CA. From Clone's point of view // the request is complete - if ((stat == RequestStatus.COMPLETE) - || ((type.equals(IRequest.CLA_CERT4CRL_REQUEST)) && (stat == RequestStatus.SVC_PENDING))) { - // audit log the error + if ((stat == RequestStatus.COMPLETE) || ((type.equals(IRequest.CLA_CERT4CRL_REQUEST)) && (stat == RequestStatus.SVC_PENDING))) { + // audit log the error Integer result = revReq.getExtDataInInteger(IRequest.RESULT); if (result.equals(IRequest.RES_ERROR)) { - String[] svcErrors = revReq - .getExtDataInStringArray(IRequest.SVCERRORS); + String[] svcErrors = + revReq.getExtDataInStringArray(IRequest.SVCERRORS); if (svcErrors != null && svcErrors.length > 0) { for (int i = 0; i < svcErrors.length; i++) { String err = svcErrors[i]; if (err != null) { - // cmsReq.setErrorDescription(err); + //cmsReq.setErrorDescription(err); for (int j = 0; j < count; j++) { if (oldCerts[j] instanceof X509CertImpl) { X509CertImpl cert = (X509CertImpl) oldCerts[j]; if (oldCerts[j] != null) { - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "completed with error: " - + err, - cert.getSubjectDN(), - cert.getSerialNumber() - .toString( - 16), - RevocationReason - .fromInt( - reason) - .toString() }); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "completed with error: " + + err, + cert.getSubjectDN(), + cert.getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString()} + ); } } } @@ -566,24 +554,26 @@ public class DoRevokeTPS extends CMSServlet { // store a message in the signed audit log file // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" - if ((auditApprovalStatus - .equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus - .equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus - .equals(RequestStatus.CANCELED_STRING))) { - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, - auditRequesterID, auditSerialNumber, - auditRequestType, auditReasonNum, - auditApprovalStatus); + if ((auditApprovalStatus.equals( + RequestStatus.COMPLETE_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.REJECTED_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.CANCELED_STRING))) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType, + auditReasonNum, + auditApprovalStatus); audit(auditMessage); } - return; + return; } long endTime = CMS.getCurrentDate().getTime(); @@ -594,103 +584,93 @@ public class DoRevokeTPS extends CMSServlet { if (oldCerts[j] instanceof X509CertImpl) { X509CertImpl cert = (X509CertImpl) oldCerts[j]; - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "completed", - cert.getSubjectDN(), - cert.getSerialNumber().toString(16), - RevocationReason.fromInt(reason) - .toString() - + " time: " - + (endTime - startTime) }); + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "completed", + cert.getSubjectDN(), + cert.getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString() + " time: " + (endTime - startTime)} + ); } } } header.addStringValue("revoked", "yes"); - Integer updateCRLResult = revReq - .getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); + Integer updateCRLResult = + revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); if (updateCRLResult != null) { if (!updateCRLResult.equals(IRequest.RES_SUCCESS)) { o_status = "status=3"; - if (revReq - .getExtDataInString(IRequest.CRL_UPDATE_ERROR) != null) { + if (revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR) != null) { errorString = "error=Update CRL Error."; // 3 means miscellaneous } } // let known crl publishing status too. - Integer publishCRLResult = revReq - .getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); + Integer publishCRLResult = + revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); if (publishCRLResult != null) { if (!publishCRLResult.equals(IRequest.RES_SUCCESS)) { - String publError = revReq - .getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + String publError = + revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); o_status = "status=3"; if (publError != null) { - errorString = "error=" + publError; + errorString = "error="+publError; } } } } if (mAuthority instanceof ICertificateAuthority) { - // let known update and publish status of all crls. - Enumeration otherCRLs = ((ICertificateAuthority) mAuthority) - .getCRLIssuingPoints(); + // let known update and publish status of all crls. + Enumeration otherCRLs = + ((ICertificateAuthority) mAuthority).getCRLIssuingPoints(); while (otherCRLs.hasMoreElements()) { - ICRLIssuingPoint crl = (ICRLIssuingPoint) otherCRLs - .nextElement(); + ICRLIssuingPoint crl = (ICRLIssuingPoint) + otherCRLs.nextElement(); String crlId = crl.getId(); if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL)) continue; String updateStatusStr = crl.getCrlUpdateStatusStr(); - Integer updateResult = revReq - .getExtDataInInteger(updateStatusStr); + Integer updateResult = revReq.getExtDataInInteger(updateStatusStr); if (updateResult != null) { if (!updateResult.equals(IRequest.RES_SUCCESS)) { - String updateErrorStr = crl - .getCrlUpdateErrorStr(); + String updateErrorStr = crl.getCrlUpdateErrorStr(); - CMS.debug("DoRevoke: " - + CMS.getLogMessage( - "ADMIN_SRVLT_ADDING_HEADER_NO", - updateStatusStr)); - String error = revReq - .getExtDataInString(updateErrorStr); + CMS.debug("DoRevoke: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER_NO", + updateStatusStr)); + String error = + revReq.getExtDataInString(updateErrorStr); o_status = "status=3"; - if (error != null) { - errorString = "error=" + error; + if (error != null) { + errorString = "error="+error; } } - String publishStatusStr = crl - .getCrlPublishStatusStr(); - Integer publishResult = revReq - .getExtDataInInteger(publishStatusStr); + String publishStatusStr = crl.getCrlPublishStatusStr(); + Integer publishResult = + revReq.getExtDataInInteger(publishStatusStr); - if (publishResult == null) + if (publishResult == null) continue; if (!publishResult.equals(IRequest.RES_SUCCESS)) { - String publishErrorStr = crl - .getCrlPublishErrorStr(); + String publishErrorStr = + crl.getCrlPublishErrorStr(); - String error = revReq - .getExtDataInString(publishErrorStr); + String error = + revReq.getExtDataInString(publishErrorStr); o_status = "status=3"; if (error != null) { @@ -701,11 +681,10 @@ public class DoRevokeTPS extends CMSServlet { } } - if (mPublisherProcessor != null - && mPublisherProcessor.ldapEnabled()) { + if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) { header.addStringValue("dirEnabled", "yes"); - Integer[] ldapPublishStatus = revReq - .getExtDataInIntegerArray("ldapPublishStatus"); + Integer[] ldapPublishStatus = + revReq.getExtDataInIntegerArray("ldapPublishStatus"); int certsToUpdate = 0; int certsUpdated = 0; @@ -718,30 +697,27 @@ public class DoRevokeTPS extends CMSServlet { } } - // add crl publishing status. - String publError = revReq - .getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + // add crl publishing status. + String publError = + revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); if (publError != null) { - errorString = "error=" + publError; + errorString = "error="+publError; o_status = "status=3"; } - } else if (mPublisherProcessor == null - && mPublisherProcessor.ldapEnabled()) { + } else if (mPublisherProcessor == null && mPublisherProcessor.ldapEnabled()) { errorString = "error=LDAP publishing not enabled."; o_status = "status=3"; } } else { - if (stat == RequestStatus.PENDING - || stat == RequestStatus.REJECTED) { + if (stat == RequestStatus.PENDING || stat == RequestStatus.REJECTED) { o_status = "status=2"; - errorString = "error=" + stat.toString(); + errorString = "error="+stat.toString(); } else { o_status = "status=2"; errorString = "error=Undefined request status"; } - Vector errors = revReq - .getExtDataInStringVector(IRequest.ERRORS); + Vector errors = revReq.getExtDataInStringVector(IRequest.ERRORS); if (errors != null) { StringBuffer errInfo = new StringBuffer(); @@ -766,19 +742,17 @@ public class DoRevokeTPS extends CMSServlet { if (oldCerts[j] instanceof X509CertImpl) { X509CertImpl cert = (X509CertImpl) oldCerts[j]; - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - stat.toString(), - cert.getSubjectDN(), - cert.getSerialNumber().toString(16), - RevocationReason.fromInt(reason) - .toString() }); + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + stat.toString(), + cert.getSubjectDN(), + cert.getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString()} + ); } } } @@ -788,17 +762,18 @@ public class DoRevokeTPS extends CMSServlet { // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus - .equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus - .equals(RequestStatus.CANCELED_STRING))) { - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, ILogger.SUCCESS, - auditRequesterID, auditSerialNumber, - auditRequestType, auditReasonNum, - auditApprovalStatus); + || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING)) + ) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + auditSerialNumber, + auditRequestType, + auditReasonNum, + auditApprovalStatus); audit(auditMessage); } @@ -809,9 +784,12 @@ public class DoRevokeTPS extends CMSServlet { // store a "CERT_STATUS_CHANGE_REQUEST" failure // message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, ILogger.FAILURE, auditRequesterID, - auditSerialNumber, auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType); audit(auditMessage); } else { @@ -819,18 +797,21 @@ public class DoRevokeTPS extends CMSServlet { // message in the signed audit log file // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" - if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus - .equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus - .equals(RequestStatus.CANCELED_STRING))) { - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, - auditRequesterID, auditSerialNumber, - auditRequestType, auditReasonNum, - auditApprovalStatus); + if ((auditApprovalStatus.equals( + RequestStatus.COMPLETE_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.REJECTED_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.CANCELED_STRING))) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType, + auditReasonNum, + auditApprovalStatus); audit(auditMessage); } @@ -838,17 +819,19 @@ public class DoRevokeTPS extends CMSServlet { throw e; } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED_1", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED_1", e.toString())); if (auditRequest) { // store a "CERT_STATUS_CHANGE_REQUEST" failure // message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, ILogger.FAILURE, auditRequesterID, - auditSerialNumber, auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType); audit(auditMessage); } else { @@ -856,25 +839,27 @@ public class DoRevokeTPS extends CMSServlet { // message in the signed audit log file // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" - if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus - .equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus - .equals(RequestStatus.CANCELED_STRING))) { - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, - auditRequesterID, auditSerialNumber, - auditRequestType, auditReasonNum, - auditApprovalStatus); + if ((auditApprovalStatus.equals( + RequestStatus.COMPLETE_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.REJECTED_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.CANCELED_STRING))) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType, + auditReasonNum, + auditApprovalStatus); audit(auditMessage); } } - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED")); + throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED")); } return; @@ -882,11 +867,11 @@ public class DoRevokeTPS extends CMSServlet { /** * Signed Audit Log Requester ID - * - * This method is called to obtain the "RequesterID" for a signed audit log - * message. + * + * This method is called to obtain the "RequesterID" for + * a signed audit log message. * <P> - * + * * @param req HTTP request * @return id string containing the signed audit log message RequesterID */ @@ -912,11 +897,11 @@ public class DoRevokeTPS extends CMSServlet { /** * Signed Audit Log Serial Number - * + * * This method is called to obtain the serial number of the certificate * whose status is to be changed for a signed audit log message. * <P> - * + * * @param eeSerialNumber a string containing the un-normalized serialNumber * @return id string containing the signed audit log message RequesterID */ @@ -934,8 +919,8 @@ public class DoRevokeTPS extends CMSServlet { // convert it to hexadecimal serialNumber = "0x" - + Integer.toHexString(Integer.valueOf(serialNumber) - .intValue()); + + Integer.toHexString( + Integer.valueOf(serialNumber).intValue()); } else { serialNumber = ILogger.SIGNED_AUDIT_EMPTY_VALUE; } @@ -945,11 +930,11 @@ public class DoRevokeTPS extends CMSServlet { /** * Signed Audit Log Request Type - * - * This method is called to obtain the "Request Type" for a signed audit log - * message. + * + * This method is called to obtain the "Request Type" for + * a signed audit log message. * <P> - * + * * @param reason an integer denoting the revocation reason * @return string containing REVOKE or ON_HOLD */ @@ -971,3 +956,4 @@ public class DoRevokeTPS extends CMSServlet { return requestType; } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java index 68813478..e1791045 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; + import java.io.IOException; import java.math.BigInteger; import java.util.Enumeration; @@ -55,10 +56,11 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; + /** - * 'Unrevoke' a certificate. (For certificates that are on-hold only, take them - * off-hold) - * + * 'Unrevoke' a certificate. (For certificates that are on-hold only, + * take them off-hold) + * * @version $Revision$, $Date$ */ public class DoUnrevoke extends CMSServlet { @@ -78,28 +80,29 @@ public class DoUnrevoke extends CMSServlet { private final static String OFF_HOLD = "off-hold"; private final static int OFF_HOLD_REASON = 6; - private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; - private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; - + private final static String + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = + "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; + private final static String + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = + "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; + public DoUnrevoke() { super(); } /** * initialize the servlet. - * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { super.init(sc); mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; if (mAuthority instanceof ICertificateAuthority) { - mCertDB = ((ICertificateAuthority) mAuthority) - .getCertificateRepository(); + mCertDB = ((ICertificateAuthority) mAuthority).getCertificateRepository(); } if (mAuthority instanceof ICertAuthority) { - mPublisherProcessor = ((ICertAuthority) mAuthority) - .getPublisherProcessor(); + mPublisherProcessor = ((ICertAuthority) mAuthority).getPublisherProcessor(); } mQueue = mAuthority.getRequestQueue(); @@ -109,14 +112,14 @@ public class DoUnrevoke extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> - * <li>http.param serialNumber Decimal serial number of certificate to - * unrevoke. The certificate must be revoked with a revovcation reason 'on - * hold' for this operation to succeed. The serial number may be expressed - * as a hex number by prefixing '0x' to the serialNumber string + * <li>http.param serialNumber Decimal serial number of certificate to unrevoke. The + * certificate must be revoked with a revovcation reason 'on hold' for this + * operation to succeed. The serial number may be expressed as a hex number by + * prefixing '0x' to the serialNumber string * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -133,10 +136,10 @@ public class DoUnrevoke extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -146,34 +149,32 @@ public class DoUnrevoke extends CMSServlet { try { serialNumber = getSerialNumbers(req); - // for audit log. + //for audit log. IAuthToken authToken = authenticate(cmsReq); String authMgr = AuditFormat.NOAUTH; - + if (authToken != null) { - authMgr = authToken - .getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); - } else { - CMS.debug("DoUnrevoke::process() - authToken is null!"); + authMgr = + authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); + } else { + CMS.debug( "DoUnrevoke::process() - authToken is null!" ); return; } String agentID = authToken.getInString("userid"); String initiative = AuditFormat.FROMAGENT + " agentID: " + agentID - + " authenticated by " + authMgr; + + " authenticated by " + authMgr; AuthzToken authzToken = null; try { authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "unrevoke"); + mAuthzResourceName, "unrevoke"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -181,14 +182,11 @@ public class DoUnrevoke extends CMSServlet { return; } - process(argSet, header, serialNumber, req, resp, locale[0], - initiative); + process(argSet, header, serialNumber, req, resp, locale[0], initiative); } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUM_FORMAT")); - error = new EBaseException(CMS.getUserMessage(getLocale(req), - "CMS_BASE_INVALID_NUMBER_FORMAT")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUM_FORMAT")); + error = new EBaseException(CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT")); } catch (EBaseException e) { error = e; } @@ -199,46 +197,44 @@ public class DoUnrevoke extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } + /** * Process X509 cert status change request * <P> - * - * (Certificate Request - an "agent" cert status change request to take a - * certificate off-hold) + * + * (Certificate Request - an "agent" cert status change request to take + * a certificate off-hold) * <P> - * - * (Certificate Request Processed - an "agent" cert status change request to - * take a certificate off-hold) + * + * (Certificate Request Processed - an "agent" cert status change request + * to take a certificate off-hold) * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used - * when a cert status change request (e. g. - "revocation") is made (before + * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when + * a cert status change request (e. g. - "revocation") is made (before * approval process) - * <li>signed.audit - * LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a - * certificate status is changed (taken off-hold) + * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED + * used when a certificate status is changed (taken off-hold) * </ul> - * * @param argSet CMS template parameters * @param header argument block * @param serialNumbers the serial number of the certificate @@ -249,15 +245,16 @@ public class DoUnrevoke extends CMSServlet { * @exception EBaseException an error has occurred */ private void process(CMSTemplateParams argSet, IArgBlock header, - BigInteger[] serialNumbers, HttpServletRequest req, - HttpServletResponse resp, Locale locale, String initiative) - throws EBaseException { + BigInteger[] serialNumbers, + HttpServletRequest req, + HttpServletResponse resp, + Locale locale, String initiative) + throws EBaseException { boolean auditRequest = true; String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRequesterID = auditRequesterID(req); - String auditSerialNumber = auditSerialNumber(serialNumbers[0] - .toString()); + String auditSerialNumber = auditSerialNumber(serialNumbers[0].toString()); String auditRequestType = OFF_HOLD; String auditApprovalStatus = ILogger.SIGNED_AUDIT_EMPTY_VALUE; String auditReasonNum = String.valueOf(OFF_HOLD_REASON); @@ -265,34 +262,32 @@ public class DoUnrevoke extends CMSServlet { try { StringBuffer snList = new StringBuffer(); - // certs are for old cloning and they should be removed as soon as - // possible + // certs are for old cloning and they should be removed as soon as possible X509CertImpl[] certs = new X509CertImpl[serialNumbers.length]; for (int i = 0; i < serialNumbers.length; i++) { - certs[i] = (X509CertImpl) getX509Certificate(serialNumbers[i]); - if (snList.length() > 0) - snList.append(", "); + certs[i] = (X509CertImpl)getX509Certificate(serialNumbers[i]); + if (snList.length() > 0) snList.append(", "); snList.append("0x"); snList.append(serialNumbers[i].toString(16)); } header.addStringValue("serialNumber", snList.toString()); - IRequest unrevReq = mQueue - .newRequest(IRequest.UNREVOCATION_REQUEST); + IRequest unrevReq = mQueue.newRequest(IRequest.UNREVOCATION_REQUEST); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, ILogger.SUCCESS, auditRequesterID, - auditSerialNumber, auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + auditSerialNumber, + auditRequestType); audit(auditMessage); - unrevReq.setExtData(IRequest.REQ_TYPE, - IRequest.UNREVOCATION_REQUEST); + unrevReq.setExtData(IRequest.REQ_TYPE, IRequest.UNREVOCATION_REQUEST); unrevReq.setExtData(IRequest.OLD_SERIALS, serialNumbers); - unrevReq.setExtData(IRequest.REQUESTOR_TYPE, - IRequest.REQUESTOR_AGENT); + unrevReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_AGENT); // change audit processing from "REQUEST" to "REQUEST_PROCESSED" // to distinguish which type of signed audit log message to save @@ -307,8 +302,7 @@ public class DoUnrevoke extends CMSServlet { RequestStatus status = unrevReq.getRequestStatus(); String type = unrevReq.getRequestType(); - if ((status == RequestStatus.COMPLETE) - || ((type.equals(IRequest.CLA_UNCERT4CRL_REQUEST)) && (status == RequestStatus.SVC_PENDING))) { + if ((status == RequestStatus.COMPLETE) || ((type.equals(IRequest.CLA_UNCERT4CRL_REQUEST)) && (status == RequestStatus.SVC_PENDING))) { Integer result = unrevReq.getExtDataInInteger(IRequest.RESULT); @@ -316,11 +310,15 @@ public class DoUnrevoke extends CMSServlet { header.addStringValue("unrevoked", "yes"); if (certs[0] != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOUNREVOKEFORMAT, new Object[] { - unrevReq.getRequestId(), initiative, - "completed", certs[0].getSubjectDN(), - "0x" + serialNumbers[0].toString(16) }); + AuditFormat.LEVEL, + AuditFormat.DOUNREVOKEFORMAT, + new Object[] { + unrevReq.getRequestId(), + initiative, + "completed", + certs[0].getSubjectDN(), + "0x" + serialNumbers[0].toString(16)} + ); } } else { header.addStringValue("unrevoked", "no"); @@ -329,61 +327,60 @@ public class DoUnrevoke extends CMSServlet { if (error != null) { header.addStringValue("error", error); if (certs[0] != null) { - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOUNREVOKEFORMAT, - new Object[] { - unrevReq.getRequestId(), - initiative, - "completed with error: " + error, - certs[0].getSubjectDN(), - "0x" - + serialNumbers[0] - .toString(16) }); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOUNREVOKEFORMAT, + new Object[] { + unrevReq.getRequestId(), + initiative, + "completed with error: " + + error, + certs[0].getSubjectDN(), + "0x" + serialNumbers[0].toString(16)} + ); } /****************************************************/ - - /* IMPORTANT: In the event that the following */ - - /* "throw error;" statement is */ - - /* uncommented, uncomment the following */ - - /* signed audit log message, also!!! */ - + + /* IMPORTANT: In the event that the following */ + + /* "throw error;" statement is */ + + /* uncommented, uncomment the following */ + + /* signed audit log message, also!!! */ + /****************************************************/ - // // store a message in the signed audit log file - // // if and only if "auditApprovalStatus" is - // // "complete", "revoked", or "canceled" - // if( ( auditApprovalStatus.equals( - // RequestStatus.COMPLETE_STRING ) ) || - // ( auditApprovalStatus.equals( - // RequestStatus.REJECTED_STRING ) ) || - // ( auditApprovalStatus.equals( - // RequestStatus.CANCELED_STRING ) ) ) { - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - // auditSubjectID, - // ILogger.FAILURE, - // auditRequesterID, - // auditSerialNumber, - // auditRequestType, - // auditReasonNum, - // auditApprovalStatus ); + // // store a message in the signed audit log file + // // if and only if "auditApprovalStatus" is + // // "complete", "revoked", or "canceled" + // if( ( auditApprovalStatus.equals( + // RequestStatus.COMPLETE_STRING ) ) || + // ( auditApprovalStatus.equals( + // RequestStatus.REJECTED_STRING ) ) || + // ( auditApprovalStatus.equals( + // RequestStatus.CANCELED_STRING ) ) ) { + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + // auditSubjectID, + // ILogger.FAILURE, + // auditRequesterID, + // auditSerialNumber, + // auditRequestType, + // auditReasonNum, + // auditApprovalStatus ); // - // audit( auditMessage ); - // } + // audit( auditMessage ); + // } - // throw error; + // throw error; } } - Integer updateCRLResult = unrevReq - .getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); + Integer updateCRLResult = + unrevReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); if (updateCRLResult != null) { header.addStringValue("updateCRL", "yes"); @@ -391,90 +388,91 @@ public class DoUnrevoke extends CMSServlet { header.addStringValue("updateCRLSuccess", "yes"); } else { header.addStringValue("updateCRLSuccess", "no"); - String crlError = unrevReq - .getExtDataInString(IRequest.CRL_UPDATE_ERROR); + String crlError = + unrevReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR); - if (crlError != null) - header.addStringValue("updateCRLError", crlError); + if (crlError != null) + header.addStringValue("updateCRLError", + crlError); } // let known crl publishing status too. - Integer publishCRLResult = unrevReq - .getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); + Integer publishCRLResult = + unrevReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); if (publishCRLResult != null) { if (publishCRLResult.equals(IRequest.RES_SUCCESS)) { header.addStringValue("publishCRLSuccess", "yes"); } else { header.addStringValue("publishCRLSuccess", "no"); - String publError = unrevReq - .getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + String publError = + unrevReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); - if (publError != null) - header.addStringValue("publishCRLError", - publError); + if (publError != null) + header.addStringValue("publishCRLError", + publError); } } } - // let known update and publish status of all crls. - Enumeration otherCRLs = ((ICertificateAuthority) mAuthority) - .getCRLIssuingPoints(); + // let known update and publish status of all crls. + Enumeration otherCRLs = + ((ICertificateAuthority) mAuthority).getCRLIssuingPoints(); while (otherCRLs.hasMoreElements()) { - ICRLIssuingPoint crl = (ICRLIssuingPoint) otherCRLs - .nextElement(); + ICRLIssuingPoint crl = (ICRLIssuingPoint) + otherCRLs.nextElement(); String crlId = crl.getId(); if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL)) continue; String updateStatusStr = crl.getCrlUpdateStatusStr(); - Integer updateResult = unrevReq - .getExtDataInInteger(updateStatusStr); + Integer updateResult = unrevReq.getExtDataInInteger(updateStatusStr); if (updateResult != null) { if (updateResult.equals(IRequest.RES_SUCCESS)) { - CMS.debug("DoUnrevoke: adding header " - + updateStatusStr + " yes "); + CMS.debug("DoUnrevoke: adding header " + + updateStatusStr + " yes "); header.addStringValue(updateStatusStr, "yes"); } else { String updateErrorStr = crl.getCrlUpdateErrorStr(); - CMS.debug("DoUnrevoke: adding header " - + updateStatusStr + " no "); + CMS.debug("DoUnrevoke: adding header " + + updateStatusStr + " no "); header.addStringValue(updateStatusStr, "no"); - String error = unrevReq - .getExtDataInString(updateErrorStr); + String error = + unrevReq.getExtDataInString(updateErrorStr); - if (error != null) - header.addStringValue(updateErrorStr, error); + if (error != null) + header.addStringValue( + updateErrorStr, error); } String publishStatusStr = crl.getCrlPublishStatusStr(); - Integer publishResult = unrevReq - .getExtDataInInteger(publishStatusStr); + Integer publishResult = + unrevReq.getExtDataInInteger(publishStatusStr); - if (publishResult == null) + if (publishResult == null) continue; if (publishResult.equals(IRequest.RES_SUCCESS)) { header.addStringValue(publishStatusStr, "yes"); } else { - String publishErrorStr = crl - .getCrlPublishErrorStr(); + String publishErrorStr = + crl.getCrlPublishErrorStr(); header.addStringValue(publishStatusStr, "no"); - String error = unrevReq - .getExtDataInString(publishErrorStr); + String error = + unrevReq.getExtDataInString(publishErrorStr); - if (error != null) - header.addStringValue(publishErrorStr, error); + if (error != null) + header.addStringValue( + publishErrorStr, error); } } } - if (mPublisherProcessor != null - && mPublisherProcessor.ldapEnabled()) { + if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) { header.addStringValue("dirEnabled", "yes"); - Integer[] ldapPublishStatus = unrevReq - .getExtDataInIntegerArray("ldapPublishStatus"); + Integer[] ldapPublishStatus = + unrevReq.getExtDataInIntegerArray("ldapPublishStatus"); if (ldapPublishStatus != null) { if (ldapPublishStatus[0] == IRequest.RES_SUCCESS) { @@ -492,20 +490,30 @@ public class DoUnrevoke extends CMSServlet { header.addStringValue("unrevoked", "pending"); if (certs[0] != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, AuditFormat.DOUNREVOKEFORMAT, - new Object[] { unrevReq.getRequestId(), initiative, - "pending", certs[0].getSubjectDN(), - "0x" + serialNumbers[0].toString(16) }); + AuditFormat.LEVEL, + AuditFormat.DOUNREVOKEFORMAT, + new Object[] { + unrevReq.getRequestId(), + initiative, + "pending", + certs[0].getSubjectDN(), + "0x" + serialNumbers[0].toString(16)} + ); } } else { header.addStringValue("error", "Request Status.Error"); header.addStringValue("unrevoked", "no"); if (certs[0] != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, AuditFormat.DOUNREVOKEFORMAT, - new Object[] { unrevReq.getRequestId(), initiative, - status.toString(), certs[0].getSubjectDN(), - "0x" + serialNumbers[0].toString(16) }); + AuditFormat.LEVEL, + AuditFormat.DOUNREVOKEFORMAT, + new Object[] { + unrevReq.getRequestId(), + initiative, + status.toString(), + certs[0].getSubjectDN(), + "0x" + serialNumbers[0].toString(16)} + ); } } @@ -513,17 +521,18 @@ public class DoUnrevoke extends CMSServlet { // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus - .equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus - .equals(RequestStatus.CANCELED_STRING))) { - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, ILogger.SUCCESS, - auditRequesterID, auditSerialNumber, - auditRequestType, auditReasonNum, - auditApprovalStatus); + || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING)) + ) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + auditSerialNumber, + auditRequestType, + auditReasonNum, + auditApprovalStatus); audit(auditMessage); } @@ -533,9 +542,12 @@ public class DoUnrevoke extends CMSServlet { // store a "CERT_STATUS_CHANGE_REQUEST" failure // message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, ILogger.FAILURE, auditRequesterID, - auditSerialNumber, auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType); audit(auditMessage); } else { @@ -543,18 +555,21 @@ public class DoUnrevoke extends CMSServlet { // message in the signed audit log file // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" - if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus - .equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus - .equals(RequestStatus.CANCELED_STRING))) { - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, - auditRequesterID, auditSerialNumber, - auditRequestType, auditReasonNum, - auditApprovalStatus); + if ((auditApprovalStatus.equals( + RequestStatus.COMPLETE_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.REJECTED_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.CANCELED_STRING))) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType, + auditReasonNum, + auditApprovalStatus); audit(auditMessage); } @@ -565,7 +580,7 @@ public class DoUnrevoke extends CMSServlet { } private BigInteger[] getSerialNumbers(HttpServletRequest req) - throws NumberFormatException { + throws NumberFormatException { String serialNumString = req.getParameter("serialNumber"); StringTokenizer snList = new StringTokenizer(serialNumString, " "); @@ -586,7 +601,7 @@ public class DoUnrevoke extends CMSServlet { biList.addElement(bi); } else { throw new NumberFormatException(); - } + } } if (biList.size() < 1) { throw new NumberFormatException(); @@ -602,11 +617,11 @@ public class DoUnrevoke extends CMSServlet { /** * Signed Audit Log Requester ID - * - * This method is called to obtain the "RequesterID" for a signed audit log - * message. + * + * This method is called to obtain the "RequesterID" for + * a signed audit log message. * <P> - * + * * @param req HTTP request * @return id string containing the signed audit log message RequesterID */ @@ -632,11 +647,11 @@ public class DoUnrevoke extends CMSServlet { /** * Signed Audit Log Serial Number - * + * * This method is called to obtain the serial number of the certificate * whose status is to be changed for a signed audit log message. * <P> - * + * * @param eeSerialNumber a string containing the un-normalized serialNumber * @return id string containing the signed audit log message RequesterID */ @@ -654,8 +669,8 @@ public class DoUnrevoke extends CMSServlet { // convert it to hexadecimal serialNumber = "0x" - + Integer.toHexString(Integer.valueOf(serialNumber) - .intValue()); + + Integer.toHexString( + Integer.valueOf(serialNumber).intValue()); } else { serialNumber = ILogger.SIGNED_AUDIT_EMPTY_VALUE; } @@ -663,3 +678,4 @@ public class DoUnrevoke extends CMSServlet { return serialNumber; } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java index 18eb0fc3..8f46ee9c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; + import java.io.IOException; import java.io.OutputStream; import java.math.BigInteger; @@ -54,10 +55,11 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.ECMSGWException; + /** - * 'Unrevoke' a certificate. (For certificates that are on-hold only, take them - * off-hold) - * + * 'Unrevoke' a certificate. (For certificates that are on-hold only, + * take them off-hold) + * * @version $Revision$, $Date$ */ public class DoUnrevokeTPS extends CMSServlet { @@ -79,28 +81,29 @@ public class DoUnrevokeTPS extends CMSServlet { private final static String OFF_HOLD = "off-hold"; private final static int OFF_HOLD_REASON = 6; - private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; - private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; - + private final static String + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = + "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; + private final static String + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = + "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; + public DoUnrevokeTPS() { super(); } /** * initialize the servlet. - * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { super.init(sc); mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; if (mAuthority instanceof ICertificateAuthority) { - mCertDB = ((ICertificateAuthority) mAuthority) - .getCertificateRepository(); + mCertDB = ((ICertificateAuthority) mAuthority).getCertificateRepository(); } if (mAuthority instanceof ICertAuthority) { - mPublisherProcessor = ((ICertAuthority) mAuthority) - .getPublisherProcessor(); + mPublisherProcessor = ((ICertAuthority) mAuthority).getPublisherProcessor(); } mQueue = mAuthority.getRequestQueue(); @@ -109,14 +112,14 @@ public class DoUnrevokeTPS extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> - * <li>http.param serialNumber Decimal serial number of certificate to - * unrevoke. The certificate must be revoked with a revovcation reason 'on - * hold' for this operation to succeed. The serial number may be expressed - * as a hex number by prefixing '0x' to the serialNumber string + * <li>http.param serialNumber Decimal serial number of certificate to unrevoke. The + * certificate must be revoked with a revovcation reason 'on hold' for this + * operation to succeed. The serial number may be expressed as a hex number by + * prefixing '0x' to the serialNumber string * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -130,52 +133,53 @@ public class DoUnrevokeTPS extends CMSServlet { Locale[] locale = new Locale[1]; - /* - * try { form = getTemplate(mFormPath, req, locale); } catch - * (IOException e) { log(ILogger.LL_FAILURE, - * CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); throw new - * ECMSGWException( - * CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } - */ +/* + try { + form = getTemplate(mFormPath, req, locale); + } catch (IOException e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + } +*/ try { serialNumbers = getSerialNumbers(req); - // for audit log. + //for audit log. IAuthToken authToken = authenticate(cmsReq); String authMgr = AuditFormat.NOAUTH; - + if (authToken != null) { - authMgr = authToken - .getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); - } else { - CMS.debug("DoUnrevokeTPS::process() - authToken is null!"); + authMgr = + authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); + } else { + CMS.debug( "DoUnrevokeTPS::process() - authToken is null!" ); return; - } + } String agentID = authToken.getInString("userid"); String initiative = AuditFormat.FROMAGENT + " agentID: " + agentID - + " authenticated by " + authMgr; + + " authenticated by " + authMgr; AuthzToken authzToken = null; try { authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "unrevoke"); + mAuthzResourceName, "unrevoke"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { cmsReq.setStatus(CMSRequest.UNAUTHORIZED); o_status = "status=3"; errorString = "error=unauthorized"; - String pp = o_status + "\n" + errorString; + String pp = o_status+"\n"+errorString; byte[] b = pp.getBytes(); resp.setContentType("text/html"); resp.setContentLength(b.length); @@ -187,10 +191,8 @@ public class DoUnrevokeTPS extends CMSServlet { process(serialNumbers, req, resp, locale[0], initiative); } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUM_FORMAT")); - error = new EBaseException(CMS.getUserMessage(getLocale(req), - "CMS_BASE_INVALID_NUMBER_FORMAT")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUM_FORMAT")); + error = new EBaseException(CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT")); } catch (EBaseException e) { error = e; } catch (IOException e) { @@ -204,10 +206,10 @@ public class DoUnrevokeTPS extends CMSServlet { errorString = "error="; } else { o_status = "status=3"; - errorString = "error=" + error.toString(); + errorString = "error="+error.toString(); } - String pp = o_status + "\n" + errorString; + String pp = o_status+"\n"+errorString; byte[] b = pp.getBytes(); resp.setContentType("text/html"); resp.setContentLength(b.length); @@ -215,35 +217,33 @@ public class DoUnrevokeTPS extends CMSServlet { os.write(b); os.flush(); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } + /** * Process X509 cert status change request * <P> - * - * (Certificate Request - an "agent" cert status change request to take a - * certificate off-hold) + * + * (Certificate Request - an "agent" cert status change request to take + * a certificate off-hold) * <P> - * - * (Certificate Request Processed - an "agent" cert status change request to - * take a certificate off-hold) + * + * (Certificate Request Processed - an "agent" cert status change request + * to take a certificate off-hold) * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used - * when a cert status change request (e. g. - "revocation") is made (before + * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when + * a cert status change request (e. g. - "revocation") is made (before * approval process) - * <li>signed.audit - * LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a - * certificate status is changed (taken off-hold) + * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED + * used when a certificate status is changed (taken off-hold) * </ul> - * * @param serialNumbers the serial number of the certificate * @param req HTTP servlet request * @param resp HTTP servlet response @@ -251,15 +251,16 @@ public class DoUnrevokeTPS extends CMSServlet { * @param initiative string containing the audit format * @exception EBaseException an error has occurred */ - private void process(BigInteger[] serialNumbers, HttpServletRequest req, - HttpServletResponse resp, Locale locale, String initiative) - throws EBaseException { + private void process(BigInteger[] serialNumbers, + HttpServletRequest req, + HttpServletResponse resp, + Locale locale, String initiative) + throws EBaseException { boolean auditRequest = true; String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRequesterID = auditRequesterID(req); - String auditSerialNumber = auditSerialNumber(serialNumbers[0] - .toString()); + String auditSerialNumber = auditSerialNumber(serialNumbers[0].toString()); String auditRequestType = OFF_HOLD; String auditApprovalStatus = ILogger.SIGNED_AUDIT_EMPTY_VALUE; String auditReasonNum = String.valueOf(OFF_HOLD_REASON); @@ -267,32 +268,30 @@ public class DoUnrevokeTPS extends CMSServlet { try { String snList = ""; - // certs are for old cloning and they should be removed as soon as - // possible + // certs are for old cloning and they should be removed as soon as possible X509CertImpl[] certs = new X509CertImpl[serialNumbers.length]; for (int i = 0; i < serialNumbers.length; i++) { - certs[i] = (X509CertImpl) getX509Certificate(serialNumbers[i]); - if (snList.length() > 0) - snList += ", "; + certs[i] = (X509CertImpl)getX509Certificate(serialNumbers[i]); + if (snList.length() > 0) snList += ", "; snList += "0x" + serialNumbers[i].toString(16); } - IRequest unrevReq = mQueue - .newRequest(IRequest.UNREVOCATION_REQUEST); + IRequest unrevReq = mQueue.newRequest(IRequest.UNREVOCATION_REQUEST); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, ILogger.SUCCESS, auditRequesterID, - auditSerialNumber, auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + auditSerialNumber, + auditRequestType); audit(auditMessage); - unrevReq.setExtData(IRequest.REQ_TYPE, - IRequest.UNREVOCATION_REQUEST); + unrevReq.setExtData(IRequest.REQ_TYPE, IRequest.UNREVOCATION_REQUEST); unrevReq.setExtData(IRequest.OLD_SERIALS, serialNumbers); - unrevReq.setExtData(IRequest.REQUESTOR_TYPE, - IRequest.REQUESTOR_AGENT); + unrevReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_AGENT); // change audit processing from "REQUEST" to "REQUEST_PROCESSED" // to distinguish which type of signed audit log message to save @@ -307,125 +306,125 @@ public class DoUnrevokeTPS extends CMSServlet { RequestStatus status = unrevReq.getRequestStatus(); String type = unrevReq.getRequestType(); - if ((status == RequestStatus.COMPLETE) - || ((type.equals(IRequest.CLA_UNCERT4CRL_REQUEST)) && (status == RequestStatus.SVC_PENDING))) { + if ((status == RequestStatus.COMPLETE) || ((type.equals(IRequest.CLA_UNCERT4CRL_REQUEST)) && (status == RequestStatus.SVC_PENDING))) { Integer result = unrevReq.getExtDataInInteger(IRequest.RESULT); if (result != null && result.equals(IRequest.RES_SUCCESS)) { if (certs[0] != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOUNREVOKEFORMAT, new Object[] { - unrevReq.getRequestId(), initiative, - "completed", certs[0].getSubjectDN(), - "0x" + serialNumbers[0].toString(16) }); + AuditFormat.LEVEL, + AuditFormat.DOUNREVOKEFORMAT, + new Object[] { + unrevReq.getRequestId(), + initiative, + "completed", + certs[0].getSubjectDN(), + "0x" + serialNumbers[0].toString(16)} + ); } } else { String error = unrevReq.getExtDataInString(IRequest.ERROR); if (error != null) { o_status = "status=3"; - errorString = "error=" + error; + errorString = "error="+error; if (certs[0] != null) { - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOUNREVOKEFORMAT, - new Object[] { - unrevReq.getRequestId(), - initiative, - "completed with error: " + error, - certs[0].getSubjectDN(), - "0x" - + serialNumbers[0] - .toString(16) }); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOUNREVOKEFORMAT, + new Object[] { + unrevReq.getRequestId(), + initiative, + "completed with error: " + + error, + certs[0].getSubjectDN(), + "0x" + serialNumbers[0].toString(16)} + ); } } } - Integer updateCRLResult = unrevReq - .getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); + Integer updateCRLResult = + unrevReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); if (updateCRLResult != null) { if (!updateCRLResult.equals(IRequest.RES_SUCCESS)) { - String crlError = unrevReq - .getExtDataInString(IRequest.CRL_UPDATE_ERROR); + String crlError = + unrevReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR); if (crlError != null) { o_status = "status=3"; - errorString = "error=" + crlError; + errorString = "error="+crlError; } } // let known crl publishing status too. - Integer publishCRLResult = unrevReq - .getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); + Integer publishCRLResult = + unrevReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); if (publishCRLResult != null) { if (!publishCRLResult.equals(IRequest.RES_SUCCESS)) { - String publError = unrevReq - .getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + String publError = + unrevReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); if (publError != null) { o_status = "status=3"; - errorString = "error=" + publError; + errorString = "error="+publError; } } } } - // let known update and publish status of all crls. - Enumeration otherCRLs = ((ICertificateAuthority) mAuthority) - .getCRLIssuingPoints(); + // let known update and publish status of all crls. + Enumeration otherCRLs = + ((ICertificateAuthority) mAuthority).getCRLIssuingPoints(); while (otherCRLs.hasMoreElements()) { - ICRLIssuingPoint crl = (ICRLIssuingPoint) otherCRLs - .nextElement(); + ICRLIssuingPoint crl = (ICRLIssuingPoint) + otherCRLs.nextElement(); String crlId = crl.getId(); if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL)) continue; String updateStatusStr = crl.getCrlUpdateStatusStr(); - Integer updateResult = unrevReq - .getExtDataInInteger(updateStatusStr); + Integer updateResult = unrevReq.getExtDataInInteger(updateStatusStr); if (updateResult != null) { if (!updateResult.equals(IRequest.RES_SUCCESS)) { String updateErrorStr = crl.getCrlUpdateErrorStr(); - String error = unrevReq - .getExtDataInString(updateErrorStr); + String error = + unrevReq.getExtDataInString(updateErrorStr); if (error != null) { o_status = "status=3"; - errorString = "error=" + error; + errorString = "error="+error; } } String publishStatusStr = crl.getCrlPublishStatusStr(); - Integer publishResult = unrevReq - .getExtDataInInteger(publishStatusStr); + Integer publishResult = + unrevReq.getExtDataInInteger(publishStatusStr); - if (publishResult == null) + if (publishResult == null) continue; if (!publishResult.equals(IRequest.RES_SUCCESS)) { - String publishErrorStr = crl - .getCrlPublishErrorStr(); + String publishErrorStr = + crl.getCrlPublishErrorStr(); - String error = unrevReq - .getExtDataInString(publishErrorStr); + String error = + unrevReq.getExtDataInString(publishErrorStr); if (error != null) { o_status = "status=3"; - errorString = "error=" + error; + errorString = "error="+error; } } } } - if (mPublisherProcessor != null - && mPublisherProcessor.ldapEnabled()) { - Integer[] ldapPublishStatus = unrevReq - .getExtDataInIntegerArray("ldapPublishStatus"); + if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) { + Integer[] ldapPublishStatus = + unrevReq.getExtDataInIntegerArray("ldapPublishStatus"); if (ldapPublishStatus != null) { if (ldapPublishStatus[0] != IRequest.RES_SUCCESS) { @@ -433,21 +432,25 @@ public class DoUnrevokeTPS extends CMSServlet { errorString = "error=Problem in publishing to LDAP"; } } - } else if (mPublisherProcessor == null - || (!mPublisherProcessor.ldapEnabled())) { + } else if (mPublisherProcessor == null || (! mPublisherProcessor.ldapEnabled())) { o_status = "status=3"; errorString = "error=LDAP Publisher not enabled"; } } else if (status == RequestStatus.PENDING) { o_status = "status=2"; - errorString = "error=" + status.toString(); + errorString = "error="+status.toString(); if (certs[0] != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, AuditFormat.DOUNREVOKEFORMAT, - new Object[] { unrevReq.getRequestId(), initiative, - "pending", certs[0].getSubjectDN(), - "0x" + serialNumbers[0].toString(16) }); + AuditFormat.LEVEL, + AuditFormat.DOUNREVOKEFORMAT, + new Object[] { + unrevReq.getRequestId(), + initiative, + "pending", + certs[0].getSubjectDN(), + "0x" + serialNumbers[0].toString(16)} + ); } } else { o_status = "status=2"; @@ -455,10 +458,15 @@ public class DoUnrevokeTPS extends CMSServlet { if (certs[0] != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, AuditFormat.DOUNREVOKEFORMAT, - new Object[] { unrevReq.getRequestId(), initiative, - status.toString(), certs[0].getSubjectDN(), - "0x" + serialNumbers[0].toString(16) }); + AuditFormat.LEVEL, + AuditFormat.DOUNREVOKEFORMAT, + new Object[] { + unrevReq.getRequestId(), + initiative, + status.toString(), + certs[0].getSubjectDN(), + "0x" + serialNumbers[0].toString(16)} + ); } } @@ -466,17 +474,18 @@ public class DoUnrevokeTPS extends CMSServlet { // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus - .equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus - .equals(RequestStatus.CANCELED_STRING))) { - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, ILogger.SUCCESS, - auditRequesterID, auditSerialNumber, - auditRequestType, auditReasonNum, - auditApprovalStatus); + || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING)) + ) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + auditSerialNumber, + auditRequestType, + auditReasonNum, + auditApprovalStatus); audit(auditMessage); } @@ -486,9 +495,12 @@ public class DoUnrevokeTPS extends CMSServlet { // store a "CERT_STATUS_CHANGE_REQUEST" failure // message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, ILogger.FAILURE, auditRequesterID, - auditSerialNumber, auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType); audit(auditMessage); } else { @@ -496,18 +508,21 @@ public class DoUnrevokeTPS extends CMSServlet { // message in the signed audit log file // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" - if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus - .equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus - .equals(RequestStatus.CANCELED_STRING))) { - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, - auditRequesterID, auditSerialNumber, - auditRequestType, auditReasonNum, - auditApprovalStatus); + if ((auditApprovalStatus.equals( + RequestStatus.COMPLETE_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.REJECTED_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.CANCELED_STRING))) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType, + auditReasonNum, + auditApprovalStatus); audit(auditMessage); } @@ -518,7 +533,7 @@ public class DoUnrevokeTPS extends CMSServlet { } private BigInteger[] getSerialNumbers(HttpServletRequest req) - throws NumberFormatException { + throws NumberFormatException { String serialNumString = req.getParameter("serialNumber"); StringTokenizer snList = new StringTokenizer(serialNumString, " "); @@ -539,7 +554,7 @@ public class DoUnrevokeTPS extends CMSServlet { biList.addElement(bi); } else { throw new NumberFormatException(); - } + } } if (biList.size() < 1) { throw new NumberFormatException(); @@ -555,11 +570,11 @@ public class DoUnrevokeTPS extends CMSServlet { /** * Signed Audit Log Requester ID - * - * This method is called to obtain the "RequesterID" for a signed audit log - * message. + * + * This method is called to obtain the "RequesterID" for + * a signed audit log message. * <P> - * + * * @param req HTTP request * @return id string containing the signed audit log message RequesterID */ @@ -585,11 +600,11 @@ public class DoUnrevokeTPS extends CMSServlet { /** * Signed Audit Log Serial Number - * + * * This method is called to obtain the serial number of the certificate * whose status is to be changed for a signed audit log message. * <P> - * + * * @param eeSerialNumber a string containing the un-normalized serialNumber * @return id string containing the signed audit log message RequesterID */ @@ -607,8 +622,8 @@ public class DoUnrevokeTPS extends CMSServlet { // convert it to hexadecimal serialNumber = "0x" - + Integer.toHexString(Integer.valueOf(serialNumber) - .intValue()); + + Integer.toHexString( + Integer.valueOf(serialNumber).intValue()); } else { serialNumber = ILogger.SIGNED_AUDIT_EMPTY_VALUE; } @@ -616,3 +631,4 @@ public class DoUnrevokeTPS extends CMSServlet { return serialNumber; } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/EnableEnrollResult.java b/pki/base/common/src/com/netscape/cms/servlet/cert/EnableEnrollResult.java index 0335837d..b1d89426 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/EnableEnrollResult.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/EnableEnrollResult.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; + import java.io.IOException; import java.security.cert.X509Certificate; import java.util.Locale; @@ -45,9 +46,10 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; + /** * For Face-to-face enrollment, enable EE enrollment feature - * + * * @version $Revision$, $Date$ * @see com.netscape.cms.servlet.cert.DisableEnrollResult */ @@ -85,7 +87,8 @@ public class EnableEnrollResult extends CMSServlet { /** * Services the request */ - protected void process(CMSRequest cmsReq) throws EBaseException { + protected void process(CMSRequest cmsReq) + throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -94,8 +97,8 @@ public class EnableEnrollResult extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "enable"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "enable"); } catch (Exception e) { // do nothing for now } @@ -114,10 +117,9 @@ public class EnableEnrollResult extends CMSServlet { IArgBlock args = cmsReq.getHttpParams(); if (!(mAuthority instanceof IRegistrationAuthority)) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP")); - cmsReq.setError(new ECMSGWException(CMS - .getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED"))); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP")); + cmsReq.setError(new ECMSGWException( + CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -128,11 +130,10 @@ public class EnableEnrollResult extends CMSServlet { try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, - e.toString())); - cmsReq.setError(new ECMSGWException(CMS - .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + cmsReq.setError(new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -148,8 +149,7 @@ public class EnableEnrollResult extends CMSServlet { header.addStringValue("machineName", machine); header.addStringValue("port", port); String val = configStore.getString("hashDirEnrollment.name"); - IAuthSubsystem authSS = (IAuthSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_AUTH); + IAuthSubsystem authSS = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); IAuthManager authMgr = authSS.get(val); HashAuthentication mgr = (HashAuthentication) authMgr; @@ -162,7 +162,7 @@ public class EnableEnrollResult extends CMSServlet { String timeout = args.getValueAsString("timeout", "600"); mgr.createEntry(host, dn, Long.parseLong(timeout) * 1000, - random.nextLong() + "", 0); + random.nextLong() + "", 0); header.addStringValue("code", "0"); } @@ -173,10 +173,10 @@ public class EnableEnrollResult extends CMSServlet { form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); - cmsReq.setError(new ECMSGWException(CMS - .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + cmsReq.setError(new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); } cmsReq.setStatus(CMSRequest.SUCCESS); diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java index e58aeb8e..ee64cb94 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; + import java.io.IOException; import java.math.BigInteger; import java.security.cert.CertificateEncodingException; @@ -76,9 +77,10 @@ import com.netscape.cms.servlet.processors.KeyGenProcessor; import com.netscape.cms.servlet.processors.PKCS10Processor; import com.netscape.cms.servlet.processors.PKIProcessor; + /** * Submit a Certificate Enrollment request - * + * * @version $Revision$, $Date$ */ public class EnrollServlet extends CMSServlet { @@ -90,9 +92,10 @@ public class EnrollServlet extends CMSServlet { public final static String ADMIN_ENROLL_SERVLET_ID = "caadminEnroll"; // enrollment templates. - public static final String ENROLL_SUCCESS_TEMPLATE = "EnrollSuccess.template"; + public static final String + ENROLL_SUCCESS_TEMPLATE = "EnrollSuccess.template"; - // http params + // http params public static final String OLD_CERT_TYPE = "csrCertType"; public static final String CERT_TYPE = "certType"; // same as in ConfigConstant.java @@ -115,7 +118,8 @@ public class EnrollServlet extends CMSServlet { private boolean mAuthTokenOverride = true; private String mEnrollSuccessTemplate = null; - private ICMSTemplateFiller mEnrollSuccessFiller = new ImportCertsTemplateFiller(); + private ICMSTemplateFiller + mEnrollSuccessFiller = new ImportCertsTemplateFiller(); ICertificateAuthority mCa = null; ICertificateRepository mRepository = null; @@ -123,46 +127,56 @@ public class EnrollServlet extends CMSServlet { private boolean enforcePop = false; private String auditServiceID = ILogger.UNIDENTIFIED; - private final static String ADMIN_CA_ENROLLMENT_SERVLET = "caadminEnroll"; - private final static String AGENT_CA_BULK_ENROLLMENT_SERVLET = "cabulkissuance"; - private final static String AGENT_RA_BULK_ENROLLMENT_SERVLET = "rabulkissuance"; - private final static String EE_CA_CERT_BASED_ENROLLMENT_SERVLET = "cacertbasedenrollment"; - private final static String EE_CA_ENROLLMENT_SERVLET = "caenrollment"; - private final static String EE_RA_CERT_BASED_ENROLLMENT_SERVLET = "racertbasedenrollment"; - private final static String EE_RA_ENROLLMENT_SERVLET = "raenrollment"; + private final static String ADMIN_CA_ENROLLMENT_SERVLET = + "caadminEnroll"; + private final static String AGENT_CA_BULK_ENROLLMENT_SERVLET = + "cabulkissuance"; + private final static String AGENT_RA_BULK_ENROLLMENT_SERVLET = + "rabulkissuance"; + private final static String EE_CA_CERT_BASED_ENROLLMENT_SERVLET = + "cacertbasedenrollment"; + private final static String EE_CA_ENROLLMENT_SERVLET = + "caenrollment"; + private final static String EE_RA_CERT_BASED_ENROLLMENT_SERVLET = + "racertbasedenrollment"; + private final static String EE_RA_ENROLLMENT_SERVLET = + "raenrollment"; private final static byte EOL[] = { Character.LINE_SEPARATOR }; - private final static String[] SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] { - - /* 0 */"automated non-profile cert request rejection: " - + "unable to render OLD_CERT_TYPE response", - - /* 1 */"automated non-profile cert request rejection: " - + "unable to complete handleEnrollAuditLog() method", - - /* 2 */"automated non-profile cert request rejection: " - + "unable to render success template", - - /* 3 */"automated non-profile cert request rejection: " - + "indeterminate reason for inability to process " - + "cert request due to an EBaseException" }; - private final static String LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST = "LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST_5"; - private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; - + private final static String[] + SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] { + + /* 0 */ "automated non-profile cert request rejection: " + + "unable to render OLD_CERT_TYPE response", + + /* 1 */ "automated non-profile cert request rejection: " + + "unable to complete handleEnrollAuditLog() method", + + /* 2 */ "automated non-profile cert request rejection: " + + "unable to render success template", + + /* 3 */ "automated non-profile cert request rejection: " + + "indeterminate reason for inability to process " + + "cert request due to an EBaseException" + }; + private final static String + LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST = + "LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST_5"; + private final static String + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = + "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; + private static final String HEADER = "-----BEGIN NEW CERTIFICATE REQUEST-----"; private static final String TRAILER = "-----END NEW CERTIFICATE REQUEST-----"; - + public EnrollServlet() { super(); } /** - * initialize the servlet. - * <p> - * the following parameters are read from the servlet config: - * <ul> - * <li>CMSServlet.PROP_ID - ID for signed audit log messages - * <li>CMSServlet.PROP_SUCCESS_TEMPLATE - success template file - * + * initialize the servlet.<p> + * the following parameters are read from the servlet config: + * <ul><li>CMSServlet.PROP_ID - ID for signed audit log messages + * <li>CMSServlet.PROP_SUCCESS_TEMPLATE - success template file * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -173,8 +187,8 @@ public class EnrollServlet extends CMSServlet { try { IConfigStore configStore = CMS.getConfigStore(); - String PKI_Subsystem = configStore.getString("subsystem.0.id", - null); + String PKI_Subsystem = configStore.getString( "subsystem.0.id", + null ); // CMS 6.1 began utilizing the "Certificate Profiles" framework // instead of the legacy "Certificate Policies" framework. @@ -185,49 +199,51 @@ public class EnrollServlet extends CMSServlet { // framework would be deprecated and disabled by default // (see Bugzilla Bug #472597). // - // NOTE: The "Certificate Policies" framework ONLY applied to - // to CA, KRA, and legacy RA (pre-CMS 7.0) subsystems. + // NOTE: The "Certificate Policies" framework ONLY applied to + // to CA, KRA, and legacy RA (pre-CMS 7.0) subsystems. // - // Further, the "EnrollServlet.java" servlet is ONLY - // used by the CA for the following: + // Further, the "EnrollServlet.java" servlet is ONLY + // used by the CA for the following: // - // SERVLET-NAME URL-PATTERN - // ==================================================== - // caadminEnroll ca/admin/ca/adminEnroll.html - // cabulkissuance ca/agent/ca/bulkissuance.html - // cacertbasedenrollment ca/certbasedenrollment.html - // caenrollment ca/enrollment.html + // SERVLET-NAME URL-PATTERN + // ==================================================== + // caadminEnroll ca/admin/ca/adminEnroll.html + // cabulkissuance ca/agent/ca/bulkissuance.html + // cacertbasedenrollment ca/certbasedenrollment.html + // caenrollment ca/enrollment.html // - // The "EnrollServlet.java" servlet is NOT used by - // the KRA. + // The "EnrollServlet.java" servlet is NOT used by + // the KRA. // - if (PKI_Subsystem.trim().equalsIgnoreCase("ca")) { + if( PKI_Subsystem.trim().equalsIgnoreCase( "ca" ) ) { String policyStatus = PKI_Subsystem.trim().toLowerCase() - + "." + "Policy" + "." - + IPolicyProcessor.PROP_ENABLE; - - if (configStore.getBoolean(policyStatus, true) == true) { - // NOTE: If "<subsystem>.Policy.enable=<boolean>" - // is missing, then the referenced instance - // existed prior to this name=value pair - // existing in its 'CS.cfg' file, and thus - // we err on the side that the user may - // still need to use the policy framework. - CMS.debug("EnrollServlet::init Certificate " - + "Policy Framework (deprecated) " - + "is ENABLED"); + + "." + "Policy" + + "." + IPolicyProcessor.PROP_ENABLE; + + if( configStore.getBoolean( policyStatus, true ) == true ) { + // NOTE: If "<subsystem>.Policy.enable=<boolean>" + // is missing, then the referenced instance + // existed prior to this name=value pair + // existing in its 'CS.cfg' file, and thus + // we err on the side that the user may + // still need to use the policy framework. + CMS.debug( "EnrollServlet::init Certificate " + + "Policy Framework (deprecated) " + + "is ENABLED" ); } else { - // CS 8.1 Default: <subsystem>.Policy.enable=false - CMS.debug("EnrollServlet::init Certificate " - + "Policy Framework (deprecated) " - + "is DISABLED"); + // CS 8.1 Default: <subsystem>.Policy.enable=false + CMS.debug( "EnrollServlet::init Certificate " + + "Policy Framework (deprecated) " + + "is DISABLED" ); return; } } - } catch (EBaseException e) { - throw new ServletException("EnrollServlet::init - " - + "EBaseException: " + "Unable to initialize " - + "Certificate Policy Framework " + "(deprecated)"); + } catch( EBaseException e ) { + throw new ServletException( "EnrollServlet::init - " + + "EBaseException: " + + "Unable to initialize " + + "Certificate Policy Framework " + + "(deprecated)" ); } // override success template to allow direct import of keygen certs. @@ -238,36 +254,37 @@ public class EnrollServlet extends CMSServlet { String id = sc.getInitParameter(CMSServlet.PROP_ID); if (id != null) { - if (!(auditServiceID.equals(ADMIN_CA_ENROLLMENT_SERVLET)) - && !(auditServiceID - .equals(AGENT_CA_BULK_ENROLLMENT_SERVLET)) - && !(auditServiceID - .equals(AGENT_RA_BULK_ENROLLMENT_SERVLET)) - && !(auditServiceID - .equals(EE_CA_CERT_BASED_ENROLLMENT_SERVLET)) - && !(auditServiceID - .equals(EE_CA_ENROLLMENT_SERVLET)) - && !(auditServiceID - .equals(EE_RA_CERT_BASED_ENROLLMENT_SERVLET)) - && !(auditServiceID - .equals(EE_RA_ENROLLMENT_SERVLET))) { + if (!(auditServiceID.equals( + ADMIN_CA_ENROLLMENT_SERVLET)) + && !(auditServiceID.equals( + AGENT_CA_BULK_ENROLLMENT_SERVLET)) + && !(auditServiceID.equals( + AGENT_RA_BULK_ENROLLMENT_SERVLET)) + && !(auditServiceID.equals( + EE_CA_CERT_BASED_ENROLLMENT_SERVLET)) + && !(auditServiceID.equals( + EE_CA_ENROLLMENT_SERVLET)) + && !(auditServiceID.equals( + EE_RA_CERT_BASED_ENROLLMENT_SERVLET)) + && !(auditServiceID.equals( + EE_RA_ENROLLMENT_SERVLET))) { auditServiceID = ILogger.UNIDENTIFIED; } else { auditServiceID = id.trim(); } } - mEnrollSuccessTemplate = sc - .getInitParameter(CMSServlet.PROP_SUCCESS_TEMPLATE); + mEnrollSuccessTemplate = sc.getInitParameter( + CMSServlet.PROP_SUCCESS_TEMPLATE); if (mEnrollSuccessTemplate == null) mEnrollSuccessTemplate = ENROLL_SUCCESS_TEMPLATE; - String fillername = sc - .getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER); + String fillername = sc.getInitParameter( + PROP_SUCCESS_TEMPLATE_FILLER); if (fillername != null) { ICMSTemplateFiller filler = newFillerObject(fillername); - if (filler != null) + if (filler != null) mEnrollSuccessFiller = filler; } @@ -276,10 +293,10 @@ public class EnrollServlet extends CMSServlet { init_testbed_hack(mConfig); } catch (Exception e) { - // this should never happen. - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", - e.toString(), mId)); + // this should never happen. + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", + e.toString(), mId)); } } catch (ServletException eAudit1) { // rethrow caught exception @@ -287,61 +304,64 @@ public class EnrollServlet extends CMSServlet { } } - /** - * XXX (SHOULD CHANGE TO READ FROM Servletconfig) Getter method to see if - * Proof of Posession checking is enabled. this value is set in the CMS.cfg - * filem with the parameter "enrollment.enforcePop". It defaults to false - * - * @return true if user is required to Prove that they possess the private - * key corresponding to the public key in the certificate request - * they are submitting - */ + + /** + * XXX (SHOULD CHANGE TO READ FROM Servletconfig) + * Getter method to see if Proof of Posession checking is enabled. + * this value is set in the CMS.cfg filem with the parameter + * "enrollment.enforcePop". It defaults to false + * @return true if user is required to Prove that they possess the + * private key corresponding to the public key in the certificate + * request they are submitting + */ public boolean getEnforcePop() { return enforcePop; } /** - * Process the HTTP request. - * <UL> - * <LI>If the request is coming through the admin port, it is only allowed - * to continue if 'admin enrollment' is enabled in the CMS.cfg file - * <LI>If the CMS.cfg parameter useThreadNaming is true, the current thread - * is renamed with more information about the current request ID - * <LI>The request is preprocessed, then processed further in one of the - * cert request processor classes: KeyGenProcessor, PKCS10Processor, - * CMCProcessor, CRMFProcessor - * </UL> - * + * Process the HTTP request. + * <UL><LI>If the request is coming through the admin port, it is only + * allowed to continue if 'admin enrollment' is enabled in the CMS.cfg file + * <LI>If the CMS.cfg parameter useThreadNaming is true, the current thread is + * renamed with more information about the current request ID + * <LI>The request is preprocessed, then processed further in one + * of the cert request processor classes: KeyGenProcessor, PKCS10Processor, + * CMCProcessor, CRMFProcessor + * </UL> + * * @param cmsReq the object holding the request and response information */ - protected void process(CMSRequest cmsReq) throws EBaseException { + protected void process(CMSRequest cmsReq) + throws EBaseException { // SPECIAL CASE: // if it is adminEnroll servlet,check if it's enabled - if (mId.equals(ADMIN_ENROLL_SERVLET_ID) - && !CMSGateway.getEnableAdminEnroll()) { - log(ILogger.LL_SECURITY, - CMS.getLogMessage("ADMIN_SRVLT_ENROLL_ACCESS_AFTER_SETUP")); - throw new ECMSGWException(CMS.getUserMessage( - "CMS_GW_REDIRECTING_ADMINENROLL_ERROR", - "Attempt to access adminEnroll after already setup.")); + if (mId.equals(ADMIN_ENROLL_SERVLET_ID) && + !CMSGateway.getEnableAdminEnroll()) { + log(ILogger.LL_SECURITY, + CMS.getLogMessage("ADMIN_SRVLT_ENROLL_ACCESS_AFTER_SETUP")); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_REDIRECTING_ADMINENROLL_ERROR", "Attempt to access adminEnroll after already setup.")); } - processX509(cmsReq); + processX509(cmsReq); } private boolean getCertAuthEnrollStatus(IArgBlock httpParams) { /* - * === certAuth based enroll === "certAuthEnroll" is on. - * "certauthEnrollType can be one of the three: single - it's for single - * cert enrollment dual - it's for dual certs enrollment encryption - - * getting the encryption cert only via authentication of the signing - * cert (crmf or keyGenInfo) + * === certAuth based enroll === + * "certAuthEnroll" is on. + * "certauthEnrollType can be one of the three: + * single - it's for single cert enrollment + * dual - it's for dual certs enrollment + * encryption - getting the encryption cert only via + * authentication of the signing cert + * (crmf or keyGenInfo) */ boolean certAuthEnroll = false; - String certAuthEnrollOn = httpParams.getValueAsString("certauthEnroll", - null); + String certAuthEnrollOn = + httpParams.getValueAsString("certauthEnroll", null); if ((certAuthEnrollOn != null) && (certAuthEnrollOn.equals("on"))) { certAuthEnroll = true; @@ -352,14 +372,14 @@ public class EnrollServlet extends CMSServlet { } - private String getCertAuthEnrollType(IArgBlock httpParams, - boolean certAuthEnroll) throws EBaseException { + private String getCertAuthEnrollType(IArgBlock httpParams, boolean certAuthEnroll) + throws EBaseException { String certauthEnrollType = null; if (certAuthEnroll == true) { - certauthEnrollType = httpParams.getValueAsString( - "certauthEnrollType", null); + certauthEnrollType = + httpParams.getValueAsString("certauthEnrollType", null); if (certauthEnrollType != null) { if (certauthEnrollType.equals("dual")) { CMS.debug("EnrollServlet: certauthEnrollType is dual"); @@ -368,50 +388,54 @@ public class EnrollServlet extends CMSServlet { } else if (certauthEnrollType.equals("single")) { CMS.debug("EnrollServlet: certauthEnrollType is single"); } else { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_INVALID_CERTAUTH_ENROLL_TYPE_1", - certauthEnrollType)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_INVALID_CERTAUTH_ENROLL_TYPE_1", certauthEnrollType)); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERTAUTH_ENROLL_TYPE")); + CMS.getUserMessage("CMS_GW_INVALID_CERTAUTH_ENROLL_TYPE")); } } else { log(ILogger.LL_FAILURE, - CMS.getLogMessage("MSGW_MISSING_CERTAUTH_ENROLL_TYPE")); + CMS.getLogMessage("MSGW_MISSING_CERTAUTH_ENROLL_TYPE")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_CERTAUTH_ENROLL_TYPE")); + CMS.getUserMessage("CMS_GW_MISSING_CERTAUTH_ENROLL_TYPE")); } } - + return certauthEnrollType; - + } private boolean checkClientCertSigningOnly(X509Certificate sslClientCert) - throws EBaseException { - if ((CMS.isSigningCert((X509CertImpl) sslClientCert) == false) - || ((CMS.isSigningCert((X509CertImpl) sslClientCert) == true) && (CMS - .isEncryptionCert((X509CertImpl) sslClientCert) == true))) { + throws EBaseException { + if ((CMS.isSigningCert((X509CertImpl) sslClientCert) == + false) || + ((CMS.isSigningCert((X509CertImpl) sslClientCert) == + true) && + (CMS.isEncryptionCert((X509CertImpl) sslClientCert) == + true))) { // either it's not a signing cert, or it's a dual cert log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE")); + CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE")); + CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE")); } return true; } - - private X509CertInfo[] handleCertAuthDual(X509CertInfo certInfo, - IAuthToken authToken, X509Certificate sslClientCert, - ICertificateAuthority mCa, String certBasedOldSubjectDN, - BigInteger certBasedOldSerialNum) throws EBaseException { - + + private X509CertInfo[] handleCertAuthDual(X509CertInfo certInfo, IAuthToken authToken, X509Certificate sslClientCert, + ICertificateAuthority mCa, String certBasedOldSubjectDN, + BigInteger certBasedOldSerialNum) + throws EBaseException { + CMS.debug("EnrollServlet: In handleCertAuthDual!"); - + if (mCa == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NOT_A_CA")); - throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NOT_A_CA")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NOT_A_CA")); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_NOT_A_CA")); } // first, make sure the client cert is indeed a @@ -433,28 +457,21 @@ public class EnrollServlet extends CMSServlet { try { certInfo.set(X509CertInfo.KEY, new CertificateX509Key(key)); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage( - "CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", - e.toString())); + CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_IO", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_IO", e.toString())); throw new ECMSGWException( - CMS.getUserMessage( - "CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", - e.toString())); + CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); } - String filter = "(&(x509cert.subject=" + certBasedOldSubjectDN - + ")(!(x509cert.serialNumber=" + certBasedOldSerialNum - + "))(certStatus=VALID))"; - ICertRecordList list = (ICertRecordList) mCa.getCertificateRepository() - .findCertRecordsInList(filter, null, 10); + String filter = + "(&(x509cert.subject=" + certBasedOldSubjectDN + ")(!(x509cert.serialNumber=" + certBasedOldSerialNum + "))(certStatus=VALID))"; + ICertRecordList list = + (ICertRecordList) mCa.getCertificateRepository().findCertRecordsInList(filter, null, 10); int size = list.getSize(); Enumeration en = list.getCertRecords(0, size - 1); boolean gotEncCert = false; @@ -467,8 +484,8 @@ public class EnrollServlet extends CMSServlet { // pairing encryption cert not found } else { X509CertInfo encCertInfo = CMS.getDefaultX509CertInfo(); - X509CertInfo[] cInfoArray = new X509CertInfo[] { certInfo, - encCertInfo }; + X509CertInfo[] cInfoArray = new X509CertInfo[] {certInfo, + encCertInfo}; int i = 1; boolean encCertFound = false; @@ -478,9 +495,9 @@ public class EnrollServlet extends CMSServlet { X509CertImpl cert = record.getCertificate(); // if not encryption cert only, try next one - if ((CMS.isEncryptionCert(cert) == false) - || ((CMS.isEncryptionCert(cert) == true) && (CMS - .isSigningCert(cert) == true))) { + if ((CMS.isEncryptionCert(cert) == false) || + ((CMS.isEncryptionCert(cert) == true) && + (CMS.isSigningCert(cert) == true))) { CMS.debug("EnrollServlet: Not encryption only cert, will try next one."); continue; @@ -491,33 +508,29 @@ public class EnrollServlet extends CMSServlet { encCertFound = true; try { - encCertInfo = (X509CertInfo) cert.get(X509CertImpl.NAME - + "." + X509CertImpl.INFO); + encCertInfo = (X509CertInfo) + cert.get( + X509CertImpl.NAME + "." + X509CertImpl.INFO); } catch (CertificateParsingException ex) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT")); + CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_CERTINFO")); + CMS.getUserMessage("CMS_GW_MISSING_CERTINFO")); } try { - encCertInfo.set(X509CertInfo.KEY, new CertificateX509Key( - key)); + encCertInfo.set(X509CertInfo.KEY, new CertificateX509Key(key)); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", - e.toString())); - throw new ECMSGWException(CMS.getUserMessage( - "CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", - e.toString())); - throw new ECMSGWException(CMS.getUserMessage( - "CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); } CMS.debug("EnrollServlet: About to fillCertInfoFromAuthToken!"); @@ -532,17 +545,16 @@ public class EnrollServlet extends CMSServlet { return null; } - CMS.debug("EnrollServlet: returning cInfoArray of length " - + cInfoArray.length); + CMS.debug("EnrollServlet: returning cInfoArray of length " + cInfoArray.length); return cInfoArray; - } + } } - private boolean handleEnrollAuditLog(IRequest req, CMSRequest cmsReq, - String authMgr, IAuthToken authToken, X509CertInfo certInfo, - long startTime) throws EBaseException { - // for audit log + private boolean handleEnrollAuditLog(IRequest req, CMSRequest cmsReq, String authMgr, IAuthToken authToken, + X509CertInfo certInfo, long startTime) + throws EBaseException { + //for audit log String initiative = null; String agentID = null; @@ -553,7 +565,7 @@ public class EnrollServlet extends CMSServlet { } else { agentID = authToken.getInString("userid"); initiative = AuditFormat.FROMAGENT + " agentID: " + agentID; - } + } // if service not complete return standard templates. RequestStatus status = req.getRequestStatus(); @@ -563,8 +575,7 @@ public class EnrollServlet extends CMSServlet { // audit log the status try { if (status == RequestStatus.REJECTED) { - Vector messages = req - .getExtDataInStringVector(IRequest.ERRORS); + Vector messages = req.getExtDataInStringVector(IRequest.ERRORS); if (messages != null) { Enumeration msgs = messages.elements(); @@ -574,48 +585,55 @@ public class EnrollServlet extends CMSServlet { wholeMsg.append("\n"); wholeMsg.append(msgs.nextElement()); } - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.ENROLLMENTFORMAT, - new Object[] { req.getRequestId(), initiative, - authMgr, status.toString(), - certInfo.get(X509CertInfo.SUBJECT), - " violation: " + wholeMsg.toString() }); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.ENROLLMENTFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + status.toString(), + certInfo.get(X509CertInfo.SUBJECT), + " violation: " + + wholeMsg.toString()} + ); } else { // no policy violation, from agent - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.ENROLLMENTFORMAT, - new Object[] { req.getRequestId(), initiative, - authMgr, status.toString(), - certInfo.get(X509CertInfo.SUBJECT), "" }); - } - } else { // other imcomplete status - long endTime = CMS.getCurrentDate().getTime(); - - mLogger.log( - ILogger.EV_AUDIT, + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, AuditFormat.LEVEL, AuditFormat.ENROLLMENTFORMAT, new Object[] { - req.getRequestId(), - initiative, - authMgr, - status.toString(), - certInfo.get(X509CertInfo.SUBJECT) - + " time: " + (endTime - startTime), - "" }); + req.getRequestId(), + initiative, + authMgr, + status.toString(), + certInfo.get(X509CertInfo.SUBJECT), ""} + ); + } + } else { // other imcomplete status + long endTime = CMS.getCurrentDate().getTime(); + + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.ENROLLMENTFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + status.toString(), + certInfo.get(X509CertInfo.SUBJECT) + " time: " + (endTime - startTime), ""} + ); } } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", + e.toString())); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", + e.toString())); } return false; } @@ -626,35 +644,40 @@ public class EnrollServlet extends CMSServlet { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(req.getExtDataInString(IRequest.ERROR)); - String[] svcErrors = req - .getExtDataInStringArray(IRequest.SVCERRORS); + String[] svcErrors = + req.getExtDataInStringArray(IRequest.SVCERRORS); if (svcErrors != null && svcErrors.length > 0) { for (int i = 0; i < svcErrors.length; i++) { String err = svcErrors[i]; if (err != null) { - // System.out.println( - // "revocation servlet: setting error description "+ - // err.toString()); + //System.out.println( + //"revocation servlet: setting error description "+ + //err.toString()); cmsReq.setErrorDescription(err); // audit log the error try { - mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.ENROLLMENTFORMAT, new Object[] { - req.getRequestId(), initiative, - authMgr, - "completed with error: " + err, - certInfo.get(X509CertInfo.SUBJECT), - "" }); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.ENROLLMENTFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + "completed with error: " + + err, + certInfo.get(X509CertInfo.SUBJECT), "" + } + ); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_CANT_GET_CERT_SUBJ_AUDITING", + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString())); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_CANT_GET_CERT_SUBJ_AUDITING", + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString())); } @@ -672,29 +695,29 @@ public class EnrollServlet extends CMSServlet { /** * Process X509 certificate enrollment request * <P> - * + * * (Certificate Request - either an "admin" cert request for an admin - * certificate, an "agent" cert request for "bulk enrollment", or an "EE" - * standard cert request) + * certificate, an "agent" cert request for "bulk enrollment", or + * an "EE" standard cert request) * <P> - * + * * (Certificate Request Processed - either an automated "admin" non-profile - * based CA admin cert acceptance, an automated "admin" non-profile based CA - * admin cert rejection, an automated "EE" non-profile based cert - * acceptance, or an automated "EE" non-profile based cert rejection) + * based CA admin cert acceptance, an automated "admin" non-profile based + * CA admin cert rejection, an automated "EE" non-profile based cert + * acceptance, or an automated "EE" non-profile based cert rejection) * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST used when - * a non-profile cert request is made (before approval process) + * <li>signed.audit LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST used when a + * non-profile cert request is made (before approval process) * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a * certificate request has just been through the approval process * </ul> - * * @param cmsReq a certificate enrollment request * @exception EBaseException an error has occurred */ - protected void processX509(CMSRequest cmsReq) throws EBaseException { + protected void processX509(CMSRequest cmsReq) + throws EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRequesterID = ILogger.UNIDENTIFIED; @@ -712,7 +735,7 @@ public class EnrollServlet extends CMSServlet { IConfigStore configStore = CMS.getConfigStore(); - /* XXX shouldn't we read this from ServletConfig at init time? */ + /* XXX shouldn't we read this from ServletConfig at init time? */ enforcePop = configStore.getBoolean("enrollment.enforcePop", false); CMS.debug("EnrollServlet: enforcePop " + enforcePop); @@ -722,21 +745,19 @@ public class EnrollServlet extends CMSServlet { startTime = CMS.getCurrentDate().getTime(); httpParams = cmsReq.getHttpParams(); httpReq = cmsReq.getHttpReq(); - if (mAuthMgr != null) { + if (mAuthMgr != null) { authToken = authenticate(cmsReq); } try { authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "submit"); + mAuthzResourceName, "submit"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -744,12 +765,15 @@ public class EnrollServlet extends CMSServlet { // store a message in the signed audit log file // (either an "admin" cert request for an admin certificate, - // an "agent" cert request for "bulk enrollment", or - // an "EE" standard cert request) + // an "agent" cert request for "bulk enrollment", or + // an "EE" standard cert request) auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, - auditSubjectID, ILogger.FAILURE, auditRequesterID, - auditServiceID, auditCertificateSubjectName); + LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditServiceID, + auditCertificateSubjectName); audit(auditMessage); @@ -769,23 +793,27 @@ public class EnrollServlet extends CMSServlet { } try { - if (CMS.getConfigStore().getBoolean("useThreadNaming", false)) { - String currentName = Thread.currentThread().getName(); - - Thread.currentThread().setName( - currentName + "-request-" - + req.getRequestId().toString() + "-" - + (new Date()).getTime()); + if (CMS.getConfigStore().getBoolean("useThreadNaming", false)) { + String currentName = Thread.currentThread().getName(); + + Thread.currentThread().setName(currentName + + "-request-" + + req.getRequestId().toString() + + "-" + + (new Date()).getTime()); } } catch (Exception e) { } /* - * === certAuth based enroll === "certAuthEnroll" is on. - * "certauthEnrollType can be one of the three: single - it's for - * single cert enrollment dual - it's for dual certs enrollment - * encryption - getting the encryption cert only via authentication - * of the signing cert (crmf or keyGenInfo) + * === certAuth based enroll === + * "certAuthEnroll" is on. + * "certauthEnrollType can be one of the three: + * single - it's for single cert enrollment + * dual - it's for dual certs enrollment + * encryption - getting the encryption cert only via + * authentication of the signing cert + * (crmf or keyGenInfo) */ boolean certAuthEnroll = false; String certauthEnrollType = null; @@ -795,17 +823,20 @@ public class EnrollServlet extends CMSServlet { try { if (certAuthEnroll == true) { certauthEnrollType = getCertAuthEnrollType(httpParams, - certAuthEnroll); + certAuthEnroll); } } catch (ECMSGWException e) { // store a message in the signed audit log file // (either an "admin" cert request for an admin certificate, - // an "agent" cert request for "bulk enrollment", or - // an "EE" standard cert request) + // an "agent" cert request for "bulk enrollment", or + // an "EE" standard cert request) auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, - auditSubjectID, ILogger.FAILURE, auditRequesterID, - auditServiceID, auditCertificateSubjectName); + LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditServiceID, + auditCertificateSubjectName); audit(auditMessage); @@ -815,7 +846,7 @@ public class EnrollServlet extends CMSServlet { CMS.debug("EnrollServlet: In EnrollServlet.processX509!"); CMS.debug("EnrollServlet: certAuthEnroll " + certAuthEnroll); CMS.debug("EnrollServlet: certauthEnrollType " + certauthEnrollType); - + String challengePassword = httpParams.getValueAsString( "challengePassword", ""); @@ -830,91 +861,96 @@ public class EnrollServlet extends CMSServlet { BigInteger certBasedOldSerialNum = null; // check if request was authenticated, if so set authtoken & - // certInfo. also if authenticated, take certInfo from authToken. + // certInfo. also if authenticated, take certInfo from authToken. certInfo = null; if (certAuthEnroll == true) { sslClientCert = getSSLClientCertificate(httpReq); if (sslClientCert == null) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_SSL_CLIENT_CERT")); + CMS.getLogMessage("CMSGW_MISSING_SSL_CLIENT_CERT")); // store a message in the signed audit log file // (either an "admin" cert request for an admin certificate, - // an "agent" cert request for "bulk enrollment", or - // an "EE" standard cert request) + // an "agent" cert request for "bulk enrollment", or + // an "EE" standard cert request) auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, - auditSubjectID, ILogger.FAILURE, auditRequesterID, - auditServiceID, auditCertificateSubjectName); + LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditServiceID, + auditCertificateSubjectName); audit(auditMessage); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_SSL_CLIENT_CERT")); + CMS.getUserMessage("CMS_GW_MISSING_SSL_CLIENT_CERT")); } - certBasedOldSubjectDN = (String) sslClientCert.getSubjectDN() - .toString(); - certBasedOldSerialNum = (BigInteger) sslClientCert - .getSerialNumber(); + certBasedOldSubjectDN = (String) + sslClientCert.getSubjectDN().toString(); + certBasedOldSerialNum = (BigInteger) + sslClientCert.getSerialNumber(); - CMS.debug("EnrollServlet: certBasedOldSubjectDN " - + certBasedOldSubjectDN); - CMS.debug("EnrollServlet: certBasedOldSerialNum " - + certBasedOldSerialNum); + CMS.debug("EnrollServlet: certBasedOldSubjectDN " + certBasedOldSubjectDN); + CMS.debug("EnrollServlet: certBasedOldSerialNum " + certBasedOldSerialNum); // if the cert subject name is NOT MISSING, retrieve the // actual "auditCertificateSubjectName" and "normalize" it if (certBasedOldSubjectDN != null) { - // NOTE: This is ok even if the cert subject name - // is "" (empty)! + // NOTE: This is ok even if the cert subject name + // is "" (empty)! auditCertificateSubjectName = certBasedOldSubjectDN.trim(); } try { - certInfo = (X509CertInfo) ((X509CertImpl) sslClientCert) - .get(X509CertImpl.NAME + "." + X509CertImpl.INFO); + certInfo = (X509CertInfo) + ((X509CertImpl) sslClientCert).get( + X509CertImpl.NAME + "." + X509CertImpl.INFO); } catch (CertificateParsingException ex) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CERTINFO")); + CMS.getLogMessage("CMSGW_MISSING_CERTINFO")); // store a message in the signed audit log file // (either an "admin" cert request for an admin certificate, - // an "agent" cert request for "bulk enrollment", or - // an "EE" standard cert request) + // an "agent" cert request for "bulk enrollment", or + // an "EE" standard cert request) auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, - auditSubjectID, ILogger.FAILURE, auditRequesterID, - auditServiceID, auditCertificateSubjectName); + LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditServiceID, + auditCertificateSubjectName); audit(auditMessage); - throw new ECMSGWException(CMS.getUserMessage( - getLocale(httpReq), "CMS_GW_MISSING_CERTINFO")); + throw new ECMSGWException( + CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_CERTINFO")); } } else { CMS.debug("EnrollServlet: No CertAuthEnroll."); certInfo = CMS.getDefaultX509CertInfo(); } - X509CertInfo[] certInfoArray = new X509CertInfo[] { certInfo }; + X509CertInfo[] certInfoArray = new X509CertInfo[] {certInfo}; X509CertInfo authCertInfo = null; String authMgr = AuditFormat.NOAUTH; // if authentication if (authToken != null) { - authMgr = authToken - .getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); - // don't store agent token in request. - // agent currently used for bulk issuance. + authMgr = + authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); + // don't store agent token in request. + // agent currently used for bulk issuance. // if (!authMgr.equals(AuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { - log(ILogger.LL_INFO, - "Enrollment request was authenticated by " - + authToken - .getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME)); + log(ILogger.LL_INFO, + "Enrollment request was authenticated by " + + authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME)); - PKIProcessor.fillCertInfoFromAuthToken(certInfo, authToken); + PKIProcessor.fillCertInfoFromAuthToken(certInfo, + authToken); // save authtoken attrs to request directly // (for policy use) saveAuthToken(authToken, req); @@ -926,21 +962,24 @@ public class EnrollServlet extends CMSServlet { if (certAuthEnroll == true) { // log(ILogger.LL_DEBUG, - // "just gotten subjectDN and serialNumber " + - // "from ssl client cert"); + // "just gotten subjectDN and serialNumber " + + // "from ssl client cert"); if (authToken == null) { // authToken is null, can't match to anyone; bail! - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_PROCESS_ENROLL_NO_AUTH")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_PROCESS_ENROLL_NO_AUTH")); // store a message in the signed audit log file // (either an "admin" cert request for an admin certificate, - // an "agent" cert request for "bulk enrollment", or - // an "EE" standard cert request) + // an "agent" cert request for "bulk enrollment", or + // an "EE" standard cert request) auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, - auditSubjectID, ILogger.FAILURE, auditRequesterID, - auditServiceID, auditCertificateSubjectName); + LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditServiceID, + auditCertificateSubjectName); audit(auditMessage); @@ -986,40 +1025,40 @@ public class EnrollServlet extends CMSServlet { // ok, if the above fails, it could // be a PKCS10 with header pkcs10 = httpParams.getValueAsPKCS10(PKCS10_REQUEST, - false, null); + false, null); // e.printStackTrace(); } } - // pkcs10 = httpParams.getValuePKCS10(PKCS10_REQUEST, null); + //pkcs10 = httpParams.getValuePKCS10(PKCS10_REQUEST, null); } else { try { // coming from server cut & paste blob. - pkcs10 = httpParams.getValueAsPKCS10(PKCS10_REQUEST, false, - null); + pkcs10 = httpParams.getValueAsPKCS10(PKCS10_REQUEST, + false, null); } catch (Exception ex) { ex.printStackTrace(); } } - + String cmc = null; - String asciiBASE64Blob = httpParams.getValueAsString(CMC_REQUEST, - null); - - if (asciiBASE64Blob != null) { - int startIndex = asciiBASE64Blob.indexOf(HEADER); - int endIndex = asciiBASE64Blob.indexOf(TRAILER); - if (startIndex != -1 && endIndex != -1) { - startIndex = startIndex + HEADER.length(); - cmc = asciiBASE64Blob.substring(startIndex, endIndex); - } else - cmc = asciiBASE64Blob; - CMS.debug("EnrollServlet: cmc " + cmc); + String asciiBASE64Blob = httpParams.getValueAsString(CMC_REQUEST, null); + + if(asciiBASE64Blob!=null) + { + int startIndex = asciiBASE64Blob.indexOf(HEADER); + int endIndex = asciiBASE64Blob.indexOf(TRAILER); + if (startIndex!= -1 && endIndex!=-1) { + startIndex = startIndex + HEADER.length(); + cmc=asciiBASE64Blob.substring(startIndex, endIndex); + }else + cmc = asciiBASE64Blob; + CMS.debug("EnrollServlet: cmc " + cmc); } - + String crmf = httpParams.getValueAsString(CRMF_REQUEST, null); - + CMS.debug("EnrollServlet: crmf " + crmf); if (certAuthEnroll == true) { @@ -1029,24 +1068,27 @@ public class EnrollServlet extends CMSServlet { // for dual certs if (certauthEnrollType.equals(CERT_AUTH_DUAL)) { - CMS.debug("EnrollServlet: Attempting CERT_AUTH_DUAL"); + CMS.debug("EnrollServlet: Attempting CERT_AUTH_DUAL"); boolean gotEncCert = false; X509CertInfo[] cInfoArray = null; try { cInfoArray = handleCertAuthDual(certInfo, authToken, - sslClientCert, mCa, certBasedOldSubjectDN, - certBasedOldSerialNum); + sslClientCert, mCa, + certBasedOldSubjectDN, + certBasedOldSerialNum); } catch (ECMSGWException e) { // store a message in the signed audit log file // (either an "admin" cert request for an admin - // certificate, an "agent" cert request for - // "bulk enrollment", or an "EE" standard cert request) + // certificate, an "agent" cert request for + // "bulk enrollment", or an "EE" standard cert request) auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, - auditSubjectID, ILogger.FAILURE, - auditRequesterID, auditServiceID, - auditCertificateSubjectName); + LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditServiceID, + auditCertificateSubjectName); audit(auditMessage); @@ -1054,8 +1096,7 @@ public class EnrollServlet extends CMSServlet { } if (cInfoArray != null && cInfoArray.length != 0) { - CMS.debug("EnrollServlet: cInfoArray Length " - + cInfoArray.length); + CMS.debug("EnrollServlet: cInfoArray Length " + cInfoArray.length); certInfoArray = cInfoArray; gotEncCert = true; @@ -1064,22 +1105,25 @@ public class EnrollServlet extends CMSServlet { if (gotEncCert == false) { // encryption cert not found, bail log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ENCRYPTION_CERT_NOT_FOUND")); + CMS.getLogMessage( + "CMSGW_ENCRYPTION_CERT_NOT_FOUND")); // store a message in the signed audit log file // (either an "admin" cert request for an admin - // certificate, an "agent" cert request for - // "bulk enrollment", or an "EE" standard cert request) + // certificate, an "agent" cert request for + // "bulk enrollment", or an "EE" standard cert request) auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, - auditSubjectID, ILogger.FAILURE, - auditRequesterID, auditServiceID, - auditCertificateSubjectName); + LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditServiceID, + auditCertificateSubjectName); audit(auditMessage); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_ENCRYPTION_CERT_NOT_FOUND")); + CMS.getUserMessage("CMS_GW_ENCRYPTION_CERT_NOT_FOUND")); } } else if (certauthEnrollType.equals(CERT_AUTH_ENCRYPTION)) { @@ -1093,13 +1137,15 @@ public class EnrollServlet extends CMSServlet { } catch (ECMSGWException e) { // store a message in the signed audit log file // (either an "admin" cert request for an admin - // certificate, an "agent" cert request for - // "bulk enrollment", or an "EE" standard cert request) + // certificate, an "agent" cert request for + // "bulk enrollment", or an "EE" standard cert request) auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, - auditSubjectID, ILogger.FAILURE, - auditRequesterID, auditServiceID, - auditCertificateSubjectName); + LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditServiceID, + auditCertificateSubjectName); audit(auditMessage); @@ -1110,47 +1156,49 @@ public class EnrollServlet extends CMSServlet { * either crmf or keyGenInfo */ if (keyGenInfo != null) { - KeyGenProcessor keyGenProc = new KeyGenProcessor( - cmsReq, this); + KeyGenProcessor keyGenProc = new KeyGenProcessor(cmsReq, + this); - keyGenProc.fillCertInfo(null, certInfo, authToken, - httpParams); + keyGenProc.fillCertInfo(null, certInfo, + authToken, httpParams); - req.setExtData(CLIENT_ISSUER, sslClientCert - .getIssuerDN().toString()); - CMS.debug("EnrollServlet: sslClientCert issuerDN = " - + sslClientCert.getIssuerDN().toString()); + req.setExtData(CLIENT_ISSUER, + sslClientCert.getIssuerDN().toString()); + CMS.debug("EnrollServlet: sslClientCert issuerDN = " + + sslClientCert.getIssuerDN().toString()); } else if (crmf != null && crmf != "") { - CRMFProcessor crmfProc = new CRMFProcessor(cmsReq, - this, enforcePop); + CRMFProcessor crmfProc = new CRMFProcessor(cmsReq, this, enforcePop); certInfoArray = crmfProc.fillCertInfoArray(crmf, - authToken, httpParams, req); - - req.setExtData(CLIENT_ISSUER, sslClientCert - .getIssuerDN().toString()); - CMS.debug("EnrollServlet: sslClientCert issuerDN = " - + sslClientCert.getIssuerDN().toString()); + authToken, + httpParams, + req); + + req.setExtData(CLIENT_ISSUER, + sslClientCert.getIssuerDN().toString()); + CMS.debug("EnrollServlet: sslClientCert issuerDN = " + + sslClientCert.getIssuerDN().toString()); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ") - + CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ") + + CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); // store a message in the signed audit log file // (either an "admin" cert request for an admin - // certificate, an "agent" cert request for - // "bulk enrollment", or an "EE" standard cert request) + // certificate, an "agent" cert request for + // "bulk enrollment", or an "EE" standard cert request) auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, - auditSubjectID, ILogger.FAILURE, - auditRequesterID, auditServiceID, - auditCertificateSubjectName); + LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditServiceID, + auditCertificateSubjectName); audit(auditMessage); - throw new ECMSGWException(CMS.getUserMessage( - getLocale(httpReq), - "CMS_GW_MISSING_KEYGEN_INFO")); + throw new ECMSGWException( + CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_KEYGEN_INFO")); } } else if (certauthEnrollType.equals(CERT_AUTH_SINGLE)) { @@ -1158,52 +1206,55 @@ public class EnrollServlet extends CMSServlet { // have to be buried here to handle the issuer if (keyGenInfo != null) { - KeyGenProcessor keyGenProc = new KeyGenProcessor( - cmsReq, this); + KeyGenProcessor keyGenProc = new KeyGenProcessor(cmsReq, + this); - keyGenProc.fillCertInfo(null, certInfo, authToken, - httpParams); + keyGenProc.fillCertInfo(null, certInfo, + authToken, httpParams); } else if (pkcs10 != null) { - PKCS10Processor pkcs10Proc = new PKCS10Processor( - cmsReq, this); + PKCS10Processor pkcs10Proc = new PKCS10Processor(cmsReq, + this); - pkcs10Proc.fillCertInfo(pkcs10, certInfo, authToken, - httpParams); + pkcs10Proc.fillCertInfo(pkcs10, certInfo, + authToken, httpParams); } else if (cmc != null && cmc != "") { - CMCProcessor cmcProc = new CMCProcessor(cmsReq, this, - enforcePop); + CMCProcessor cmcProc = new CMCProcessor(cmsReq, this, enforcePop); certInfoArray = cmcProc.fillCertInfoArray(cmc, - authToken, httpParams, req); + authToken, + httpParams, + req); } else if (crmf != null && crmf != "") { - CRMFProcessor crmfProc = new CRMFProcessor(cmsReq, - this, enforcePop); + CRMFProcessor crmfProc = new CRMFProcessor(cmsReq, this, enforcePop); certInfoArray = crmfProc.fillCertInfoArray(crmf, - authToken, httpParams, req); + authToken, + httpParams, + req); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ") - + CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ") + + CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); // store a message in the signed audit log file // (either an "admin" cert request for an admin - // certificate, an "agent" cert request for - // "bulk enrollment", or an "EE" standard cert request) + // certificate, an "agent" cert request for + // "bulk enrollment", or an "EE" standard cert request) auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, - auditSubjectID, ILogger.FAILURE, - auditRequesterID, auditServiceID, - auditCertificateSubjectName); + LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditServiceID, + auditCertificateSubjectName); audit(auditMessage); - throw new ECMSGWException(CMS.getUserMessage( - getLocale(httpReq), - "CMS_GW_MISSING_KEYGEN_INFO")); + throw new ECMSGWException( + CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_KEYGEN_INFO")); } - req.setExtData(CLIENT_ISSUER, sslClientCert.getIssuerDN() - .toString()); + req.setExtData(CLIENT_ISSUER, + sslClientCert.getIssuerDN().toString()); } } else if (keyGenInfo != null) { @@ -1216,63 +1267,63 @@ public class EnrollServlet extends CMSServlet { CMS.debug("EnrollServlet: Trying PKCS10 with no cert auth."); PKCS10Processor pkcs10Proc = new PKCS10Processor(cmsReq, this); - pkcs10Proc - .fillCertInfo(pkcs10, certInfo, authToken, httpParams); + pkcs10Proc.fillCertInfo(pkcs10, certInfo, authToken, httpParams); } else if (cmc != null) { CMS.debug("EnrollServlet: Trying CMC with no cert auth."); - CMCProcessor cmcProc = new CMCProcessor(cmsReq, this, - enforcePop); + CMCProcessor cmcProc = new CMCProcessor(cmsReq, this, enforcePop); certInfoArray = cmcProc.fillCertInfoArray(cmc, authToken, - httpParams, req); + httpParams, req); } else if (crmf != null && crmf != "") { CMS.debug("EnrollServlet: Trying CRMF with no cert auth."); - CRMFProcessor crmfProc = new CRMFProcessor(cmsReq, this, - enforcePop); + CRMFProcessor crmfProc = new CRMFProcessor(cmsReq, this, enforcePop); certInfoArray = crmfProc.fillCertInfoArray(crmf, authToken, - httpParams, req); + httpParams, req); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ") - + CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ") + + CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); // store a message in the signed audit log file // (either an "admin" cert request for an admin certificate, - // an "agent" cert request for "bulk enrollment", or - // an "EE" standard cert request) + // an "agent" cert request for "bulk enrollment", or + // an "EE" standard cert request) auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, - auditSubjectID, ILogger.FAILURE, auditRequesterID, - auditServiceID, auditCertificateSubjectName); + LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditServiceID, + auditCertificateSubjectName); audit(auditMessage); - throw new ECMSGWException(CMS.getUserMessage( - getLocale(httpReq), "CMS_GW_MISSING_KEYGEN_INFO")); + throw new ECMSGWException(CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_KEYGEN_INFO")); } - // if ca, fill in default signing alg here + // if ca, fill in default signing alg here + try { - ICertificateAuthority caSub = (ICertificateAuthority) CMS - .getSubsystem("ca"); - if (certInfoArray != null && caSub != null) { - for (int ix = 0; ix < certInfoArray.length; ix++) { - X509CertInfo ci = (X509CertInfo) certInfoArray[ix]; - String defaultSig = caSub.getDefaultAlgorithm(); - AlgorithmId algid = AlgorithmId.get(defaultSig); - ci.set(X509CertInfo.ALGORITHM_ID, - new CertificateAlgorithmId(algid)); - } + ICertificateAuthority caSub = + (ICertificateAuthority) CMS.getSubsystem("ca"); + if (certInfoArray != null && caSub != null) { + for (int ix = 0; ix < certInfoArray.length; ix++) { + X509CertInfo ci = (X509CertInfo)certInfoArray[ix]; + String defaultSig = caSub.getDefaultAlgorithm(); + AlgorithmId algid = AlgorithmId.get(defaultSig); + ci.set(X509CertInfo.ALGORITHM_ID, + new CertificateAlgorithmId(algid)); } + } } catch (Exception e) { - CMS.debug("Failed to set signing alg to certinfo " - + e.toString()); + CMS.debug("Failed to set signing alg to certinfo " + e.toString()); } req.setExtData(IRequest.CERT_INFO, certInfoArray); + if (challengePassword != null && !challengePassword.equals("")) { String pwd = hashPassword(challengePassword); @@ -1281,24 +1332,30 @@ public class EnrollServlet extends CMSServlet { // store a message in the signed audit log file // (either an "admin" cert request for an admin certificate, - // an "agent" cert request for "bulk enrollment", or - // an "EE" standard cert request) + // an "agent" cert request for "bulk enrollment", or + // an "EE" standard cert request) auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, - auditSubjectID, ILogger.SUCCESS, auditRequesterID, - auditServiceID, auditCertificateSubjectName); + LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + auditServiceID, + auditCertificateSubjectName); audit(auditMessage); } catch (EBaseException eAudit1) { // store a message in the signed audit log file // (either an "admin" cert request for an admin certificate, - // an "agent" cert request for "bulk enrollment", or - // an "EE" standard cert request) + // an "agent" cert request for "bulk enrollment", or + // an "EE" standard cert request) auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, - auditSubjectID, ILogger.FAILURE, auditRequesterID, - auditServiceID, auditCertificateSubjectName); + LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditServiceID, + auditCertificateSubjectName); audit(auditMessage); @@ -1310,9 +1367,9 @@ public class EnrollServlet extends CMSServlet { // ensure that any low-level exceptions are reported // to the signed audit log and stored as failures try { - // send request to request queue. + // send request to request queue. mRequestQueue.processRequest(req); - // process result. + // process result. // render OLD_CERT_TYPE's response differently, we // do not want any javascript in HTML, and need to @@ -1322,18 +1379,20 @@ public class EnrollServlet extends CMSServlet { renderServerEnrollResult(cmsReq); cmsReq.setStatus(CMSRequest.SUCCESS); // no default render - issuedCerts = cmsReq.getIRequest().getExtDataInCertArray( - IRequest.ISSUED_CERTS); + issuedCerts = + cmsReq.getIRequest().getExtDataInCertArray( + IRequest.ISSUED_CERTS); for (int i = 0; i < issuedCerts.length; i++) { // (automated "agent" cert request processed - // - "accepted") + // - "accepted") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, ILogger.SUCCESS, - auditRequesterID, - ILogger.SIGNED_AUDIT_ACCEPTANCE, - auditInfoCertValue(issuedCerts[i])); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + ILogger.SIGNED_AUDIT_ACCEPTANCE, + auditInfoCertValue(issuedCerts[i])); audit(auditMessage); } @@ -1342,10 +1401,12 @@ public class EnrollServlet extends CMSServlet { // (automated "agent" cert request processed - "rejected") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, auditRequesterID, - ILogger.SIGNED_AUDIT_REJECTION, - SIGNED_AUDIT_AUTOMATED_REJECTION_REASON[0]); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + ILogger.SIGNED_AUDIT_REJECTION, + SIGNED_AUDIT_AUTOMATED_REJECTION_REASON[0]); audit(auditMessage); } @@ -1353,16 +1414,19 @@ public class EnrollServlet extends CMSServlet { return; } - boolean completed = handleEnrollAuditLog(req, cmsReq, mAuthMgr, - authToken, certInfo, startTime); + boolean completed = handleEnrollAuditLog(req, cmsReq, + mAuthMgr, authToken, + certInfo, startTime); if (completed == false) { // (automated "agent" cert request processed - "rejected") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, auditRequesterID, - ILogger.SIGNED_AUDIT_REJECTION, - SIGNED_AUDIT_AUTOMATED_REJECTION_REASON[1]); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + ILogger.SIGNED_AUDIT_REJECTION, + SIGNED_AUDIT_AUTOMATED_REJECTION_REASON[1]); audit(auditMessage); @@ -1387,34 +1451,38 @@ public class EnrollServlet extends CMSServlet { // audit log the success. long endTime = CMS.getCurrentDate().getTime(); - mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, AuditFormat.LEVEL, - AuditFormat.ENROLLMENTFORMAT, - new Object[] { - req.getRequestId(), - initiative, - mAuthMgr, - "completed", - issuedCerts[0].getSubjectDN(), - "cert issued serial number: 0x" - + issuedCerts[0].getSerialNumber() - .toString(16) + " time: " - + (endTime - startTime) }); + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.ENROLLMENTFORMAT, + new Object[] + { req.getRequestId(), + initiative, + mAuthMgr, + "completed", + issuedCerts[0].getSubjectDN(), + "cert issued serial number: 0x" + + issuedCerts[0].getSerialNumber().toString(16) + + " time: " + + (endTime - startTime) } + ); // handle initial admin enrollment if in adminEnroll mode. checkAdminEnroll(cmsReq, issuedCerts); // return cert as mime type binary if requested. - if (checkImportCertToNav(cmsReq.getHttpResp(), httpParams, - issuedCerts[0])) { + if (checkImportCertToNav(cmsReq.getHttpResp(), + httpParams, issuedCerts[0])) { cmsReq.setStatus(CMSRequest.SUCCESS); for (int i = 0; i < issuedCerts.length; i++) { // (automated "agent" cert request processed - "accepted") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, ILogger.SUCCESS, auditRequesterID, - ILogger.SIGNED_AUDIT_ACCEPTANCE, - auditInfoCertValue(issuedCerts[i])); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + ILogger.SIGNED_AUDIT_ACCEPTANCE, + auditInfoCertValue(issuedCerts[i])); audit(auditMessage); } @@ -1424,46 +1492,53 @@ public class EnrollServlet extends CMSServlet { // use success template. try { - cmsReq.setResult(issuedCerts); - renderTemplate(cmsReq, mEnrollSuccessTemplate, - mEnrollSuccessFiller); - cmsReq.setStatus(CMSRequest.SUCCESS); + cmsReq.setResult(issuedCerts); + renderTemplate(cmsReq, mEnrollSuccessTemplate, + mEnrollSuccessFiller); + cmsReq.setStatus(CMSRequest.SUCCESS); for (int i = 0; i < issuedCerts.length; i++) { // (automated "agent" cert request processed - "accepted") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, ILogger.SUCCESS, auditRequesterID, - ILogger.SIGNED_AUDIT_ACCEPTANCE, - auditInfoCertValue(issuedCerts[i])); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + ILogger.SIGNED_AUDIT_ACCEPTANCE, + auditInfoCertValue(issuedCerts[i])); audit(auditMessage); } } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_TEMP_REND_ERR", mEnrollSuccessFiller.toString(), + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_TEMP_REND_ERR", + mEnrollSuccessFiller.toString(), e.toString())); // (automated "agent" cert request processed - "rejected") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, auditRequesterID, - ILogger.SIGNED_AUDIT_REJECTION, - SIGNED_AUDIT_AUTOMATED_REJECTION_REASON[2]); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + ILogger.SIGNED_AUDIT_REJECTION, + SIGNED_AUDIT_AUTOMATED_REJECTION_REASON[2]); audit(auditMessage); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_RETURNING_RESULT_ERROR")); + CMS.getUserMessage("CMS_GW_RETURNING_RESULT_ERROR")); } } catch (EBaseException eAudit1) { // store a message in the signed audit log file // (automated "agent" cert request processed - "rejected") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, auditRequesterID, - ILogger.SIGNED_AUDIT_REJECTION, - SIGNED_AUDIT_AUTOMATED_REJECTION_REASON[3]); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + ILogger.SIGNED_AUDIT_REJECTION, + SIGNED_AUDIT_AUTOMATED_REJECTION_REASON[3]); audit(auditMessage); @@ -1474,21 +1549,20 @@ public class EnrollServlet extends CMSServlet { } /** - * check if this is first enroll from admin enroll. If so disable admin - * enroll from here on. + * check if this is first enroll from admin enroll. + * If so disable admin enroll from here on. */ - protected void checkAdminEnroll(CMSRequest cmsReq, - X509CertImpl[] issuedCerts) throws EBaseException { + protected void checkAdminEnroll(CMSRequest cmsReq, X509CertImpl[] issuedCerts) + throws EBaseException { // this is special case, get the admin certificate - if (mAuthMgr != null - && mAuthMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID)) { + if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID)) { addAdminAgent(cmsReq, issuedCerts); CMSGateway.disableAdminEnroll(); } } - protected void addAdminAgent(CMSRequest cmsReq, X509CertImpl[] issuedCerts) - throws EBaseException { + protected void addAdminAgent(CMSRequest cmsReq, X509CertImpl[] issuedCerts) + throws EBaseException { String userid = cmsReq.getHttpParams().getValueAsString("uid"); IUGSubsystem ug = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG); @@ -1498,12 +1572,14 @@ public class EnrollServlet extends CMSServlet { try { ug.addUserCert(adminuser); } catch (netscape.ldap.LDAPException e) { - CMS.debug("EnrollServlet: Cannot add admin's certificate to its entry in the " - + "user group database. Error " + e); - throw new ECMSGWException(CMS.getUserMessage( - "CMS_GW_ADDING_ADMIN_CERT_ERROR", e.toString())); + CMS.debug( + "EnrollServlet: Cannot add admin's certificate to its entry in the " + + "user group database. Error " + e); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_ADDING_ADMIN_CERT_ERROR", e.toString())); } - IGroup agentGroup = ug.getGroupFromName(CA_AGENT_GROUP); + IGroup agentGroup = + ug.getGroupFromName(CA_AGENT_GROUP); if (agentGroup != null) { // add user to the group if necessary @@ -1511,22 +1587,23 @@ public class EnrollServlet extends CMSServlet { agentGroup.addMemberName(userid); ug.modifyGroup(agentGroup); mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP, - AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT, - new Object[] { userid, userid, CA_AGENT_GROUP }); + AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT, + new Object[] {userid, userid, CA_AGENT_GROUP} + ); } } else { - String msg = "Cannot add admin to the " + CA_AGENT_GROUP - + " group: Group does not exist."; + String msg = "Cannot add admin to the " + + CA_AGENT_GROUP + + " group: Group does not exist."; CMS.debug("EnrollServlet: " + msg); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_ADDING_ADMIN_ERROR")); + throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_ADMIN_ERROR")); } } - protected void renderServerEnrollResult(CMSRequest cmsReq) - throws IOException { + protected void renderServerEnrollResult(CMSRequest cmsReq) throws + IOException { HttpServletResponse httpResp = cmsReq.getHttpResp(); httpResp.setContentType("text/html"); @@ -1541,16 +1618,11 @@ public class EnrollServlet extends CMSServlet { out.println("</TITLE>"); // out.println("<BODY BGCOLOR=white>"); - if (cmsReq.getIRequest().getRequestStatus() - .equals(RequestStatus.COMPLETE)) { + if (cmsReq.getIRequest().getRequestStatus().equals(RequestStatus.COMPLETE)) { out.println("<H1>"); out.println("SUCCESS"); out.println("</H1>"); - out.println("Your request is submitted and approved. Please cut and paste the certificate into your server."); // XXX - // - - // localize - // the - // message + out.println("Your request is submitted and approved. Please cut and paste the certificate into your server."); // XXX - localize the message out.println("<P>"); out.println("Request Creation Time: "); out.println(cmsReq.getIRequest().getCreationTime().toString()); @@ -1564,30 +1636,25 @@ public class EnrollServlet extends CMSServlet { out.println("Certificate: "); out.println("<P>"); out.println("<PRE>"); - X509CertImpl certs[] = cmsReq.getIRequest().getExtDataInCertArray( - IRequest.ISSUED_CERTS); + X509CertImpl certs[] = + cmsReq.getIRequest().getExtDataInCertArray(IRequest.ISSUED_CERTS); out.println(CMS.getEncodedCert(certs[0])); out.println("</PRE>"); out.println("<P>"); - out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" - + cmsReq.getIRequest().getCreationTime().toString() + ">"); - out.println("<!HTTP_OUTPUT REQUEST_STATUS=" - + cmsReq.getStatus().toString() + ">"); - out.println("<!HTTP_OUTPUT REQUEST_ID=" - + cmsReq.getIRequest().getRequestId().toString() + ">"); - out.println("<!HTTP_OUTPUT X509_CERTIFICATE=" - + CMS.getEncodedCert(certs[0]) + ">"); - } else if (cmsReq.getIRequest().getRequestStatus() - .equals(RequestStatus.PENDING)) { + out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" + + cmsReq.getIRequest().getCreationTime().toString() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + + cmsReq.getStatus().toString() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_ID=" + + cmsReq.getIRequest().getRequestId().toString() + ">"); + out.println("<!HTTP_OUTPUT X509_CERTIFICATE=" + + CMS.getEncodedCert(certs[0]) + ">"); + } else if (cmsReq.getIRequest().getRequestStatus().equals(RequestStatus.PENDING)) { out.println("<H1>"); out.println("PENDING"); out.println("</H1>"); - out.println("Your request is submitted. You can check on the status of your request with an authorized agent or local administrator by referring to the request ID."); // XXX - // - - // localize - // the - // message + out.println("Your request is submitted. You can check on the status of your request with an authorized agent or local administrator by referring to the request ID."); // XXX - localize the message out.println("<P>"); out.println("Request Creation Time: "); out.println(cmsReq.getIRequest().getCreationTime().toString()); @@ -1598,22 +1665,18 @@ public class EnrollServlet extends CMSServlet { out.println("Request ID: "); out.println(cmsReq.getIRequest().getRequestId().toString()); out.println("<P>"); - out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" - + cmsReq.getIRequest().getCreationTime().toString() + ">"); - out.println("<!HTTP_OUTPUT REQUEST_STATUS=" - + cmsReq.getStatus().toString() + ">"); - out.println("<!HTTP_OUTPUT REQUEST_ID=" - + cmsReq.getIRequest().getRequestId().toString() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" + + cmsReq.getIRequest().getCreationTime().toString() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + + cmsReq.getStatus().toString() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_ID=" + + cmsReq.getIRequest().getRequestId().toString() + ">"); } else { out.println("<H1>"); out.println("ERROR"); out.println("</H1>"); out.println("<!INFO>"); - out.println("Please consult your local administrator for assistance."); // XXX - // - - // localize - // the - // message + out.println("Please consult your local administrator for assistance."); // XXX - localize the message out.println("<!/INFO>"); out.println("<P>"); out.println("Request Status: "); @@ -1622,55 +1685,62 @@ public class EnrollServlet extends CMSServlet { out.println("Error: "); out.println(cmsReq.getError()); // XXX - need to parse in Locale out.println("<P>"); - out.println("<!HTTP_OUTPUT REQUEST_STATUS=" - + cmsReq.getStatus().toString() + ">"); - out.println("<!HTTP_OUTPUT ERROR=" + cmsReq.getError() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + + cmsReq.getStatus().toString() + ">"); + out.println("<!HTTP_OUTPUT ERROR=" + + cmsReq.getError() + ">"); } /** - * // include all the input data ArgBlock args = cmsReq.getHttpParams(); - * Enumeration ele = args.getElements(); while (ele.hasMoreElements()) { - * String eleT = (String)ele.nextElement(); out.println("<!HTTP_INPUT " - * + eleT + "=" + args.get(eleT) + ">"); } + // include all the input data + ArgBlock args = cmsReq.getHttpParams(); + Enumeration ele = args.getElements(); + while (ele.hasMoreElements()) { + String eleT = (String)ele.nextElement(); + out.println("<!HTTP_INPUT " + eleT + "=" + + args.get(eleT) + ">"); + } **/ out.println("</HTML>"); } - // XXX ALERT !! - // Remove the following and calls to them when we bundle a cartman - // later than alpha1. - // These are here to cover up problem in cartman where the - // key usage extension always ends up being digital signature only + // XXX ALERT !! + // Remove the following and calls to them when we bundle a cartman + // later than alpha1. + // These are here to cover up problem in cartman where the + // key usage extension always ends up being digital signature only // and for rsa-ex ends up having no bits set. private boolean mIsTestBed = false; - private void init_testbed_hack(IConfigStore config) throws EBaseException { + private void init_testbed_hack(IConfigStore config) + throws EBaseException { mIsTestBed = config.getBoolean("isTestBed", true); } - private void do_testbed_hack(int nummsgs, X509CertInfo[] certinfo, - IArgBlock httpParams) throws EBaseException { - if (!mIsTestBed) + private void do_testbed_hack( + int nummsgs, X509CertInfo[] certinfo, IArgBlock httpParams) + throws EBaseException { + if (!mIsTestBed) return; - // get around bug in cartman - bits are off by one byte. + // get around bug in cartman - bits are off by one byte. for (int i = 0; i < certinfo.length; i++) { try { X509CertInfo cert = certinfo[i]; - CertificateExtensions exts = (CertificateExtensions) cert - .get(CertificateExtensions.NAME); + CertificateExtensions exts = (CertificateExtensions) + cert.get(CertificateExtensions.NAME); if (exts == null) { // should not happen. continue; } - KeyUsageExtension ext = (KeyUsageExtension) exts - .get(KeyUsageExtension.NAME); + KeyUsageExtension ext = (KeyUsageExtension) + exts.get(KeyUsageExtension.NAME); - if (ext == null) - // should not happen + if (ext == null) + // should not happen continue; byte[] value = ext.getExtensionValue(); @@ -1681,30 +1751,33 @@ public class EnrollServlet extends CMSServlet { newvalue[1] = 0x03; newvalue[2] = 0x07; newvalue[3] = value[3]; - // force encryption certs to have digitial signature + // force encryption certs to have digitial signature // set too so smime can find the cert for encryption. if (value[3] == 0x20) { /* - * newvalue[3] = 0x3f; newvalue[4] = (byte)0x80; + newvalue[3] = 0x3f; + newvalue[4] = (byte)0x80; */ - if (httpParams.getValueAsBoolean("dual-use-hack", true)) { + if (httpParams.getValueAsBoolean( + "dual-use-hack", true)) { newvalue[3] = (byte) 0xE0; // same as rsa-dual-use. } } newvalue[4] = 0; - KeyUsageExtension newext = new KeyUsageExtension( - Boolean.valueOf(true), (Object) newvalue); + KeyUsageExtension newext = + new KeyUsageExtension(Boolean.valueOf(true), + (Object) newvalue); exts.delete(KeyUsageExtension.NAME); exts.set(KeyUsageExtension.NAME, newext); } } catch (IOException e) { - // should never happen + // should never happen continue; } catch (CertificateException e) { - // should never happen + // should never happen continue; } } @@ -1713,11 +1786,11 @@ public class EnrollServlet extends CMSServlet { /** * Signed Audit Log Info Certificate Value - * + * * This method is called to obtain the certificate from the passed in * "X509CertImpl" for a signed audit log message. * <P> - * + * * @param x509cert an X509CertImpl * @return cert string containing the certificate */ @@ -1770,3 +1843,4 @@ public class EnrollServlet extends CMSServlet { } } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetBySerial.java index e80b5a7e..a723cb52 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetBySerial.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetBySerial.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; + import java.io.ByteArrayOutputStream; import java.io.IOException; import java.math.BigInteger; @@ -57,6 +58,7 @@ import com.netscape.cms.servlet.common.ECMSGWException; import com.netscape.cms.servlet.common.ICMSTemplateFiller; import com.netscape.cmsutil.crypto.CryptoUtil; + /** * Retrieve certificate by serial number. * @@ -81,17 +83,17 @@ public class GetBySerial extends CMSServlet { super(); } - /** + /** * Initialize the servlet. This servlet uses the template file - * "ImportCert.template" to import the cert to the users browser, if that is - * what the user requested - * + * "ImportCert.template" to import the cert to the users browser, + * if that is what the user requested * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { super.init(sc); try { - mImportTemplate = sc.getInitParameter(PROP_SUCCESS_TEMPLATE); + mImportTemplate = sc.getInitParameter( + PROP_SUCCESS_TEMPLATE); mIETemplate = sc.getInitParameter("importCertTemplate"); if (mImportTemplate == null) mImportTemplate = IMPORT_CERT_TEMPLATE; @@ -100,12 +102,11 @@ public class GetBySerial extends CMSServlet { } mImportTemplateFiller = new ImportCertsTemplateFiller(); - // override success and error templates to null - + // override success and error templates to null - // handle templates locally. mTemplates.remove(CMSRequest.SUCCESS); - ICertificateAuthority mCa = (ICertificateAuthority) CMS - .getSubsystem("ca"); + ICertificateAuthority mCa = (ICertificateAuthority) CMS.getSubsystem("ca"); if (mCa == null) { return; } @@ -114,11 +115,11 @@ public class GetBySerial extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> - * <li>http.param serialNumber serial number of certificate in HEX + * <li>http.param serialNumber serial number of certificate in HEX * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -134,14 +135,14 @@ public class GetBySerial extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "import"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "import"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -159,22 +160,20 @@ public class GetBySerial extends CMSServlet { serialNo = null; } if (serial == null || serialNo == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUMBER")); - cmsReq.setError(new ECMSGWException(CMS - .getUserMessage("CMS_GW_INVALID_SERIAL_NUMBER"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUMBER")); + cmsReq.setError(new ECMSGWException( + CMS.getUserMessage("CMS_GW_INVALID_SERIAL_NUMBER"))); cmsReq.setStatus(CMSRequest.ERROR); return; } ICertRecord certRecord = (ICertRecord) getCertRecord(serialNo); if (certRecord == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CERT_SERIAL_NOT_FOUND_1", - serialNo.toString(16))); - cmsReq.setError(new ECMSGWException(CMS.getUserMessage( - "CMS_GW_CERT_SERIAL_NOT_FOUND", - "0x" + serialNo.toString(16)))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CERT_SERIAL_NOT_FOUND_1", serialNo.toString(16))); + cmsReq.setError(new ECMSGWException( + CMS.getUserMessage("CMS_GW_CERT_SERIAL_NOT_FOUND", "0x" + serialNo.toString(16)))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -182,41 +181,37 @@ public class GetBySerial extends CMSServlet { // if RA, needs requestOwner to match // first, find the user's group if (authToken != null) { - String group = authToken.getInString("group"); - - if ((group != null) && (group != "")) { - CMS.debug("GetBySerial process: auth group=" + group); - if (group.equals("Registration Manager Agents")) { - boolean groupMatched = false; - // find the cert record's orig. requestor's group - MetaInfo metai = certRecord.getMetaInfo(); - if (metai != null) { - String reqId = (String) metai - .get(ICertRecord.META_REQUEST_ID); - RequestId rid = new RequestId(reqId); - IRequest creq = mReqQ.findRequest(rid); - if (creq != null) { - String reqOwner = creq.getRequestOwner(); - if (reqOwner != null) { - CMS.debug("GetBySerial process: req owner=" - + reqOwner); - if (reqOwner.equals(group)) - groupMatched = true; - } - } - } - if (groupMatched == false) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_CERT_SERIAL_NOT_FOUND_1", - serialNo.toString(16))); - cmsReq.setError(new ECMSGWException(CMS.getUserMessage( - "CMS_GW_CERT_SERIAL_NOT_FOUND", - "0x" + serialNo.toString(16)))); - cmsReq.setStatus(CMSRequest.ERROR); - return; - } + String group = authToken.getInString("group"); + + if ((group != null) && (group != "")) { + CMS.debug("GetBySerial process: auth group="+group); + if (group.equals("Registration Manager Agents")) { + boolean groupMatched = false; + // find the cert record's orig. requestor's group + MetaInfo metai = certRecord.getMetaInfo(); + if (metai != null) { + String reqId = (String) metai.get(ICertRecord.META_REQUEST_ID); + RequestId rid = new RequestId(reqId); + IRequest creq = mReqQ.findRequest(rid); + if (creq != null) { + String reqOwner = creq.getRequestOwner(); + if (reqOwner != null) { + CMS.debug("GetBySerial process: req owner="+reqOwner); + if (reqOwner.equals(group)) + groupMatched = true; + } } + } + if (groupMatched == false) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CERT_SERIAL_NOT_FOUND_1", serialNo.toString(16))); + cmsReq.setError(new ECMSGWException( + CMS.getUserMessage("CMS_GW_CERT_SERIAL_NOT_FOUND", "0x" + serialNo.toString(16)))); + cmsReq.setStatus(CMSRequest.ERROR); + return; + } } + } } X509CertImpl cert = certRecord.getCertificate(); @@ -229,8 +224,7 @@ public class GetBySerial extends CMSServlet { IArgBlock ctx = CMS.createArgBlock(); Locale[] locale = new Locale[1]; CMSTemplateParams argSet = new CMSTemplateParams(header, ctx); - ICertificateAuthority ca = (ICertificateAuthority) CMS - .getSubsystem("ca"); + ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca"); CertificateChain cachain = ca.getCACertChain(); X509Certificate[] cacerts = cachain.getChain(); X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1]; @@ -241,8 +235,8 @@ public class GetBySerial extends CMSServlet { } userChain[0] = cert; - PKCS7 p7 = new PKCS7(new AlgorithmId[0], new ContentInfo( - new byte[0]), userChain, new SignerInfo[0]); + PKCS7 p7 = new PKCS7(new AlgorithmId[0], + new ContentInfo(new byte[0]), userChain, new SignerInfo[0]); ByteArrayOutputStream bos = new ByteArrayOutputStream(); try { @@ -252,9 +246,8 @@ public class GetBySerial extends CMSServlet { byte[] p7Bytes = bos.toByteArray(); String p7Str = CMS.BtoA(p7Bytes); - - header.addStringValue("pkcs7", - CryptoUtil.normalizeCertStr(p7Str)); + + header.addStringValue("pkcs7", CryptoUtil.normalizeCertStr(p7Str)); try { CMSTemplate form = getTemplate(mIETemplate, req, locale); ServletOutputStream out = response.getOutputStream(); @@ -263,22 +256,21 @@ public class GetBySerial extends CMSServlet { form.renderOutput(out, argSet); return; } catch (Exception ee) { - CMS.debug("GetBySerial process: Exception=" + ee.toString()); + CMS.debug("GetBySerial process: Exception="+ee.toString()); } - } // browser is IE - + } //browser is IE + MetaInfo metai = certRecord.getMetaInfo(); String crmfReqId = null; if (metai != null) { crmfReqId = (String) metai.get(ICertRecord.META_CRMF_REQID); - if (crmfReqId != null) + if (crmfReqId != null) cmsReq.setResult(IRequest.CRMF_REQID, crmfReqId); } - if (crmfReqId == null - && checkImportCertToNav(cmsReq.getHttpResp(), - cmsReq.getHttpParams(), cert)) { + if (crmfReqId == null && checkImportCertToNav( + cmsReq.getHttpResp(), cmsReq.getHttpParams(), cert)) { cmsReq.setStatus(CMSRequest.SUCCESS); return; } @@ -291,20 +283,19 @@ public class GetBySerial extends CMSServlet { cmsReq.setStatus(CMSRequest.SUCCESS); // XXX follow request in cert record to set certtype, which will - // import cert only if it's client. For now assume "client" if + // import cert only if it's client. For now assume "client" if // someone clicked to import this cert. cmsReq.getHttpParams().set("certType", "client"); try { renderTemplate(cmsReq, mImportTemplate, mImportTemplateFiller); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + throw new ECMSGWException(CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } - + return; } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCAChain.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCAChain.java index fc393b49..facf501c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCAChain.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCAChain.java @@ -15,9 +15,10 @@ // (C) 2007 Red Hat, Inc. // All rights reserved. // --- END COPYRIGHT BLOCK --- -package com.netscape.cms.servlet.cert; + package com.netscape.cms.servlet.cert; -import java.io.ByteArrayOutputStream; + + import java.io.ByteArrayOutputStream; import java.io.IOException; import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; @@ -48,242 +49,236 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; -/** - * Retrieve the Certificates comprising the CA Chain for this CA. - * - * @version $Revision$, $Date$ - */ -public class GetCAChain extends CMSServlet { - /** - * - */ - private static final long serialVersionUID = -8189048155415074581L; - private final static String TPL_FILE = "displayCaCert.template"; - private String mFormPath = null; - - public GetCAChain() { - super(); - } - - /** - * initialize the servlet. - * - * @param sc servlet configuration, read from the web.xml file - */ - public void init(ServletConfig sc) throws ServletException { - super.init(sc); - - // override success to display own output. - mTemplates.remove(CMSRequest.SUCCESS); - // coming from ee - mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; - } - - /** - * Process the HTTP request. - * <ul> - * <li>http.param op 'downloadBIN' - return the binary certificate chain - * <li>http.param op 'displayIND' - display pretty-print of certificate - * chain components - * </ul> - * - * @param cmsReq the object holding the request and response information - */ - protected void process(CMSRequest cmsReq) throws EBaseException { - HttpServletRequest httpReq = cmsReq.getHttpReq(); - HttpServletResponse httpResp = cmsReq.getHttpResp(); - - IAuthToken authToken = authenticate(cmsReq); - - // Construct an ArgBlock - IArgBlock args = cmsReq.getHttpParams(); - - // Get the operation code - String op = null; - - op = args.getValueAsString("op", null); - if (op == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_OPTIONS_SELECTED")); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_NO_OPTIONS_SELECTED")); - } - - cmsReq.setStatus(CMSRequest.SUCCESS); - - AuthzToken authzToken = null; - if (op.startsWith("download")) { - try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "download"); - } catch (EAuthzAccessDenied e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); - } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); - } - - if (authzToken == null) { - cmsReq.setStatus(CMSRequest.UNAUTHORIZED); - return; - } - - downloadChain(op, args, httpReq, httpResp, cmsReq); - } else if (op.startsWith("display")) { - try { - authzToken = mAuthz.authorize(mAclMethod, authToken, - mAuthzResourceName, "read"); - } catch (EAuthzAccessDenied e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); - } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); - } - - if (authzToken == null) { - cmsReq.setStatus(CMSRequest.UNAUTHORIZED); - return; - } - - displayChain(op, args, httpReq, httpResp, cmsReq); - } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_OPTIONS_CA_CHAIN")); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_OPTIONS_SELECTED")); - } - // cmsReq.setResult(null); - return; - } - - private void downloadChain(String op, IArgBlock args, - HttpServletRequest httpReq, HttpServletResponse httpResp, - CMSRequest cmsReq) throws EBaseException { - - /* check browser info ? */ - - /* check if pkcs7 will work for both nav and ie */ - - byte[] bytes = null; - - /* - * Some IE actions - IE doesn't want PKCS7 for "download" CA Cert. This - * means that we can only hand out the root CA, and not the whole chain. + /** + * Retrieve the Certificates comprising the CA Chain for this CA. + * + * @version $Revision$, $Date$ + */ + public class GetCAChain extends CMSServlet { + /** + * */ - - if (clientIsMSIE(httpReq) - && (op.equals("download") || op.equals("downloadBIN"))) { - X509Certificate[] caCerts = ((ICertAuthority) mAuthority) - .getCACertChain().getChain(); - - try { - bytes = caCerts[0].getEncoded(); - } catch (CertificateEncodingException e) { - cmsReq.setStatus(CMSRequest.ERROR); - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERROR_GETTING_CACERT_ENCODED", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_GETTING_CA_CERT_ERROR")); - } - } else { - CertificateChain certChain = ((ICertAuthority) mAuthority) - .getCACertChain(); - - if (certChain == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CA_CHAIN_EMPTY")); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CA_CHAIN_EMPTY")); - } - - try { - ByteArrayOutputStream encoded = new ByteArrayOutputStream(); - - certChain.encode(encoded, false); - bytes = encoded.toByteArray(); - } catch (IOException e) { - cmsReq.setStatus(CMSRequest.ERROR); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_ENCODING_CA_CHAIN_1", - e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR")); - } - } - - String mimeType = null; - - if (op.equals("downloadBIN")) { - mimeType = "application/octet-stream"; - } else { - try { - mimeType = args.getValueAsString("mimeType"); - } catch (EBaseException e) { - mimeType = "application/octet-stream"; - } - } - - try { - if (op.equals("downloadBIN")) { - // file suffixes changed to comply with RFC 5280 - // requirements for AIA extensions - if (clientIsMSIE(httpReq)) { - httpResp.setHeader("Content-disposition", - "attachment; filename=ca.cer"); - } else { - httpResp.setHeader("Content-disposition", - "attachment; filename=ca.p7c"); - } - } - httpResp.setContentType(mimeType); - httpResp.getOutputStream().write(bytes); - httpResp.setContentLength(bytes.length); - httpResp.getOutputStream().flush(); - } catch (IOException e) { - cmsReq.setStatus(CMSRequest.ERROR); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_DISPLAYING_CACHAIN_1", - e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAYING_CACHAIN_ERROR")); - } - } - - private void displayChain(String op, IArgBlock args, - HttpServletRequest httpReq, HttpServletResponse httpResp, - CMSRequest cmsReq) throws EBaseException { - String outputString = null; - - CertificateChain certChain = ((ICertAuthority) mAuthority) - .getCACertChain(); - - if (certChain == null) { - cmsReq.setStatus(CMSRequest.ERROR); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CA_CHAIN_NOT_AVAILABLE")); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CA_CHAIN_NOT_AVAILABLE")); - } - - CMSTemplate form = null; - Locale[] locale = new Locale[1]; - - if (mOutputTemplatePath != null) - mFormPath = mOutputTemplatePath; + private static final long serialVersionUID = -8189048155415074581L; + private final static String TPL_FILE = "displayCaCert.template"; + private String mFormPath = null; + + public GetCAChain() { + super(); + } + + /** + * initialize the servlet. + * @param sc servlet configuration, read from the web.xml file + */ + public void init(ServletConfig sc) throws ServletException { + super.init(sc); + + // override success to display own output. + mTemplates.remove(CMSRequest.SUCCESS); + // coming from ee + mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; + } + + /** + * Process the HTTP request. + * <ul> + * <li>http.param op 'downloadBIN' - return the binary certificate chain + * <li>http.param op 'displayIND' - display pretty-print of certificate chain components + * </ul> + * @param cmsReq the object holding the request and response information + */ + protected void process(CMSRequest cmsReq) + throws EBaseException { + HttpServletRequest httpReq = cmsReq.getHttpReq(); + HttpServletResponse httpResp = cmsReq.getHttpResp(); + + IAuthToken authToken = authenticate(cmsReq); + + // Construct an ArgBlock + IArgBlock args = cmsReq.getHttpParams(); + + // Get the operation code + String op = null; + + op = args.getValueAsString("op", null); + if (op == null) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_OPTIONS_SELECTED")); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_NO_OPTIONS_SELECTED")); + } + + cmsReq.setStatus(CMSRequest.SUCCESS); + + AuthzToken authzToken = null; + + if (op.startsWith("download")) { + try { + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "download"); + } catch (EAuthzAccessDenied e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + } catch (Exception e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + } + + if (authzToken == null) { + cmsReq.setStatus(CMSRequest.UNAUTHORIZED); + return; + } + + downloadChain(op, args, httpReq, httpResp, cmsReq); + } else if (op.startsWith("display")) { + try { + authzToken = mAuthz.authorize(mAclMethod, authToken, + mAuthzResourceName, "read"); + } catch (EAuthzAccessDenied e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + } catch (Exception e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + } + + if (authzToken == null) { + cmsReq.setStatus(CMSRequest.UNAUTHORIZED); + return; + } + + displayChain(op, args, httpReq, httpResp, cmsReq); + } else { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_INVALID_OPTIONS_CA_CHAIN")); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_INVALID_OPTIONS_SELECTED")); + } + // cmsReq.setResult(null); + return; + } + + private void downloadChain(String op, + IArgBlock args, + HttpServletRequest httpReq, + HttpServletResponse httpResp, + CMSRequest cmsReq) + throws EBaseException { + + /* check browser info ? */ + + /* check if pkcs7 will work for both nav and ie */ + + byte[] bytes = null; + + /* + * Some IE actions - IE doesn't want PKCS7 for "download" CA Cert. + * This means that we can only hand out the root CA, and not + * the whole chain. + */ + + if (clientIsMSIE(httpReq) && (op.equals("download") || op.equals("downloadBIN"))) { + X509Certificate[] caCerts = + ((ICertAuthority) mAuthority).getCACertChain().getChain(); + + try { + bytes = caCerts[0].getEncoded(); + } catch (CertificateEncodingException e) { + cmsReq.setStatus(CMSRequest.ERROR); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_GETTING_CACERT_ENCODED", e.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_GETTING_CA_CERT_ERROR")); + } + } else { + CertificateChain certChain = + ((ICertAuthority) mAuthority).getCACertChain(); + + if (certChain == null) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_CHAIN_EMPTY")); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_CA_CHAIN_EMPTY")); + } + + try { + ByteArrayOutputStream encoded = new ByteArrayOutputStream(); + + certChain.encode(encoded, false); + bytes = encoded.toByteArray(); + } catch (IOException e) { + cmsReq.setStatus(CMSRequest.ERROR); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_ENCODING_CA_CHAIN_1", e.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR")); + } + } + + String mimeType = null; + + if (op.equals("downloadBIN")) { + mimeType = "application/octet-stream"; + } else { + try { + mimeType = args.getValueAsString("mimeType"); + } catch (EBaseException e) { + mimeType = "application/octet-stream"; + } + } + + try { + if (op.equals("downloadBIN")) { + // file suffixes changed to comply with RFC 5280 + // requirements for AIA extensions + if (clientIsMSIE(httpReq)) { + httpResp.setHeader("Content-disposition", + "attachment; filename=ca.cer"); + } else { + httpResp.setHeader("Content-disposition", + "attachment; filename=ca.p7c"); + } + } + httpResp.setContentType(mimeType); + httpResp.getOutputStream().write(bytes); + httpResp.setContentLength(bytes.length); + httpResp.getOutputStream().flush(); + } catch (IOException e) { + cmsReq.setStatus(CMSRequest.ERROR); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_DISPLAYING_CACHAIN_1", e.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAYING_CACHAIN_ERROR")); + } + } + + private void displayChain(String op, + IArgBlock args, + HttpServletRequest httpReq, + HttpServletResponse httpResp, + CMSRequest cmsReq) + throws EBaseException { + String outputString = null; + + CertificateChain certChain = + ((ICertAuthority) mAuthority).getCACertChain(); + + if (certChain == null) { + cmsReq.setStatus(CMSRequest.ERROR); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_CHAIN_NOT_AVAILABLE")); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_CA_CHAIN_NOT_AVAILABLE")); + } + + CMSTemplate form = null; + Locale[] locale = new Locale[1]; + + if (mOutputTemplatePath != null) + mFormPath = mOutputTemplatePath; try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); - cmsReq.setError(new ECMSGWException(CMS - .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); + cmsReq.setError(new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -311,25 +306,23 @@ public class GetCAChain extends CMSServlet { byte[] bytes = null; try { - subjectdn = certChain.getFirstCertificate().getSubjectDN() - .toString(); + subjectdn = + certChain.getFirstCertificate().getSubjectDN().toString(); ByteArrayOutputStream encoded = new ByteArrayOutputStream(); certChain.encode(encoded); bytes = encoded.toByteArray(); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_ENCODING_CA_CHAIN_1", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_ENCODING_CA_CHAIN_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR")); + CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR")); } String chainBase64 = getBase64(bytes); header.addStringValue("subjectdn", subjectdn); header.addStringValue("chainBase64", chainBase64); - } else { + } else { try { X509Certificate[] certs = certChain.getChain(); @@ -346,13 +339,13 @@ public class GetCAChain extends CMSServlet { String subjectdn = certs[i].getSubjectDN().toString(); String finger = null; try { - finger = CMS.getFingerPrints(certs[i]); + finger = CMS.getFingerPrints(certs[i]); } catch (Exception e) { throw new IOException("Internal Error"); } - ICertPrettyPrint certDetails = CMS - .getCertPrettyPrint((X509CertImpl) certs[i]); + ICertPrettyPrint certDetails = + CMS.getCertPrettyPrint((X509CertImpl) certs[i]); IArgBlock rarg = CMS.createArgBlock(); @@ -360,15 +353,14 @@ public class GetCAChain extends CMSServlet { rarg.addStringValue("subjectdn", subjectdn); rarg.addStringValue("base64", getBase64(bytes)); rarg.addStringValue("certDetails", - certDetails.toString(locale[0])); + certDetails.toString(locale[0])); argSet.addRepeatRecord(rarg); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_DISPLAYING_CACHAIN_1", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_DISPLAYING_CACHAIN_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAYING_CACHAIN_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAYING_CACHAIN_ERROR")); } } @@ -379,11 +371,10 @@ public class GetCAChain extends CMSServlet { form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", - e.toString())); - cmsReq.setError(new ECMSGWException(CMS - .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", e.toString())); + cmsReq.setError(new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); } @@ -419,7 +410,7 @@ public class GetCAChain extends CMSServlet { locale = Locale.getDefault(); } else { locale = new Locale(UserInfo.getUserLanguage(lang), - UserInfo.getUserCountry(lang)); + UserInfo.getUserCountry(lang)); } return locale; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java index 3b87ed5a..2bbec482 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; + import java.io.IOException; import java.math.BigInteger; import java.security.cert.CRLException; @@ -47,9 +48,10 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; + /** * Retrieve CRL for a Certificate Authority - * + * * @version $Revision$, $Date$ */ public class GetCRL extends CMSServlet { @@ -66,7 +68,6 @@ public class GetCRL extends CMSServlet { /** * initialize the servlet. - * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -78,13 +79,15 @@ public class GetCRL extends CMSServlet { mFormPath = mOutputTemplatePath; } + /** - * Process the HTTP request. - * + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information - * @see DisplayCRL#process + * @see DisplayCRL#process */ - protected void process(CMSRequest cmsReq) throws EBaseException { + protected void process(CMSRequest cmsReq) + throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -93,14 +96,14 @@ public class GetCRL extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "read"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -112,10 +115,9 @@ public class GetCRL extends CMSServlet { IArgBlock args = cmsReq.getHttpParams(); if (!(mAuthority instanceof ICertificateAuthority)) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP")); - cmsReq.setError(new ECMSGWException(CMS - .getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED"))); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP")); + cmsReq.setError(new ECMSGWException( + CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -123,15 +125,14 @@ public class GetCRL extends CMSServlet { CMSTemplate form = null; Locale[] locale = new Locale[1]; - CMS.debug("**** mFormPath before getTemplate = " + mFormPath); +CMS.debug("**** mFormPath before getTemplate = "+mFormPath); try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, - e.toString())); - cmsReq.setError(new ECMSGWException(CMS - .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + cmsReq.setError(new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -147,18 +148,16 @@ public class GetCRL extends CMSServlet { op = args.getValueAsString("op", null); crlId = args.getValueAsString("crlIssuingPoint", null); if (op == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_OPTIONS_SELECTED")); - cmsReq.setError(new ECMSGWException(CMS - .getUserMessage("CMS_GW_NO_OPTIONS_SELECTED"))); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_OPTIONS_SELECTED")); + cmsReq.setError(new ECMSGWException( + CMS.getUserMessage("CMS_GW_NO_OPTIONS_SELECTED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } if (crlId == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT")); - cmsReq.setError(new ECMSGWException(CMS - .getUserMessage("CMS_GW_NO_CRL_SELECTED"))); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT")); + cmsReq.setError(new ECMSGWException( + CMS.getUserMessage("CMS_GW_NO_CRL_SELECTED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -166,25 +165,23 @@ public class GetCRL extends CMSServlet { ICRLIssuingPointRecord crlRecord = null; ICertificateAuthority ca = (ICertificateAuthority) mAuthority; ICRLIssuingPoint crlIP = null; - if (ca != null) - crlIP = ca.getCRLIssuingPoint(crlId); + if (ca != null) crlIP = ca.getCRLIssuingPoint(crlId); try { - crlRecord = (ICRLIssuingPointRecord) ca.getCRLRepository() - .readCRLIssuingPointRecord(crlId); + crlRecord = (ICRLIssuingPointRecord) ca.getCRLRepository().readCRLIssuingPointRecord(crlId); } catch (EBaseException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_NO_CRL_ISSUING_POINT_FOUND", crlId)); - cmsReq.setError(new ECMSGWException(CMS - .getUserMessage("CMS_GW_CRL_NOT_FOUND"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT_FOUND", crlId)); + cmsReq.setError(new ECMSGWException( + CMS.getUserMessage("CMS_GW_CRL_NOT_FOUND"))); cmsReq.setStatus(CMSRequest.ERROR); return; } if (crlRecord == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlId)); - cmsReq.setError(new ECMSGWException(CMS - .getUserMessage("CMS_GW_CRL_NOT_UPDATED"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlId)); + cmsReq.setError(new ECMSGWException( + CMS.getUserMessage("CMS_GW_CRL_NOT_UPDATED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -203,43 +200,40 @@ public class GetCRL extends CMSServlet { header.addStringValue("crlDisplayType", crlDisplayType); } - if ((op.equals("checkCRLcache") || (op.equals("displayCRL") - && crlDisplayType != null && crlDisplayType.equals("cachedCRL"))) - && (crlIP == null || (!crlIP.isCRLCacheEnabled()) || crlIP - .isCRLCacheEmpty())) { - cmsReq.setError(CMS.getUserMessage( - ((crlIP != null && crlIP.isCRLCacheEnabled() && crlIP - .isCRLCacheEmpty()) ? "CMS_GW_CRL_CACHE_IS_EMPTY" - : "CMS_GW_CRL_CACHE_IS_NOT_ENABLED"), crlId)); + if ((op.equals("checkCRLcache") || + (op.equals("displayCRL") && crlDisplayType != null && crlDisplayType.equals("cachedCRL"))) && + (crlIP == null || (!crlIP.isCRLCacheEnabled()) || crlIP.isCRLCacheEmpty())) { + cmsReq.setError( + CMS.getUserMessage( + ((crlIP != null && crlIP.isCRLCacheEnabled() && crlIP.isCRLCacheEmpty())? + "CMS_GW_CRL_CACHE_IS_EMPTY":"CMS_GW_CRL_CACHE_IS_NOT_ENABLED"), crlId)); cmsReq.setStatus(CMSRequest.ERROR); return; } byte[] crlbytes = null; - if (op.equals("importDeltaCRL") - || op.equals("getDeltaCRL") - || (op.equals("displayCRL") && crlDisplayType != null && crlDisplayType - .equals("deltaCRL"))) { + if (op.equals("importDeltaCRL") || op.equals("getDeltaCRL") || + (op.equals("displayCRL") && crlDisplayType != null && + crlDisplayType.equals("deltaCRL"))) { crlbytes = crlRecord.getDeltaCRL(); - } else if (op.equals("importCRL") - || op.equals("getCRL") - || op.equals("checkCRL") - || (op.equals("displayCRL") && crlDisplayType != null && (crlDisplayType - .equals("entireCRL") - || crlDisplayType.equals("crlHeader") || crlDisplayType - .equals("base64Encoded")))) { + } else if (op.equals("importCRL") || op.equals("getCRL") || + op.equals("checkCRL") || + (op.equals("displayCRL") && + crlDisplayType != null && + (crlDisplayType.equals("entireCRL") || + crlDisplayType.equals("crlHeader") || + crlDisplayType.equals("base64Encoded")))) { crlbytes = crlRecord.getCRL(); - } - - if (crlbytes == null - && (!op.equals("checkCRLcache")) - && (!(op.equals("displayCRL") && crlDisplayType != null && crlDisplayType - .equals("cachedCRL")))) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlId)); - cmsReq.setError(new ECMSGWException(CMS - .getUserMessage("CMS_GW_CRL_NOT_UPDATED"))); + } + + if (crlbytes == null && (!op.equals("checkCRLcache")) && + (!(op.equals("displayCRL") && crlDisplayType != null && + crlDisplayType.equals("cachedCRL")))) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlId)); + cmsReq.setError(new ECMSGWException( + CMS.getUserMessage("CMS_GW_CRL_NOT_UPDATED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -247,56 +241,48 @@ public class GetCRL extends CMSServlet { X509CRLImpl crl = null; - if (op.equals("checkCRL") - || op.equals("importCRL") - || op.equals("importDeltaCRL") - || (op.equals("displayCRL") && crlDisplayType != null && (crlDisplayType - .equals("entireCRL") - || crlDisplayType.equals("crlHeader") - || crlDisplayType.equals("base64Encoded") || crlDisplayType - .equals("deltaCRL")))) { + if (op.equals("checkCRL") || op.equals("importCRL") || + op.equals("importDeltaCRL") || + (op.equals("displayCRL") && crlDisplayType != null && + (crlDisplayType.equals("entireCRL") || + crlDisplayType.equals("crlHeader") || + crlDisplayType.equals("base64Encoded") || + crlDisplayType.equals("deltaCRL")))) { try { - if (op.equals("displayCRL") && crlDisplayType != null - && crlDisplayType.equals("crlHeader")) { + if (op.equals("displayCRL") && crlDisplayType != null && + crlDisplayType.equals("crlHeader")) { crl = new X509CRLImpl(crlbytes, false); } else { crl = new X509CRLImpl(crlbytes); } } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_DECODE_CRL_1", - e.toString())); - cmsReq.setError(new ECMSGWException(CMS - .getUserMessage("CMS_GW_DECODE_CRL_FAILED"))); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_FAILED_DECODE_CRL_1", e.toString())); + cmsReq.setError(new ECMSGWException( + CMS.getUserMessage("CMS_GW_DECODE_CRL_FAILED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } - if ((op.equals("importDeltaCRL") || (op.equals("displayCRL") - && crlDisplayType != null && crlDisplayType - .equals("deltaCRL"))) - && ((!(crlIP != null && crlIP.isThisCurrentDeltaCRL(crl))) && (crlRecord - .getCRLNumber() == null - || crlRecord.getDeltaCRLNumber() == null - || crlRecord.getDeltaCRLNumber().compareTo( - crlRecord.getCRLNumber()) < 0 - || crlRecord.getDeltaCRLSize() == null || crlRecord - .getDeltaCRLSize().longValue() == -1))) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_NO_DELTA_CRL_1")); - cmsReq.setError(new ECMSGWException(CMS - .getUserMessage("CMS_GW_CRL_NOT_UPDATED"))); + if ((op.equals("importDeltaCRL") || (op.equals("displayCRL") && + crlDisplayType != null && crlDisplayType.equals("deltaCRL"))) && + ((!(crlIP != null && crlIP.isThisCurrentDeltaCRL(crl))) && + (crlRecord.getCRLNumber() == null || + crlRecord.getDeltaCRLNumber() == null || + crlRecord.getDeltaCRLNumber().compareTo(crlRecord.getCRLNumber()) < 0 || + crlRecord.getDeltaCRLSize() == null || + crlRecord.getDeltaCRLSize().longValue() == -1))) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_NO_DELTA_CRL_1")); + cmsReq.setError(new ECMSGWException( + CMS.getUserMessage("CMS_GW_CRL_NOT_UPDATED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } - } + } String mimeType = "application/x-pkcs7-crl"; - if (op.equals("checkCRLcache") || op.equals("checkCRL") - || op.equals("displayCRL")) { + if (op.equals("checkCRLcache") || op.equals("checkCRL") || op.equals("displayCRL")) { header.addStringValue("toDo", op); - String certSerialNumber = args.getValueAsString("certSerialNumber", - ""); + String certSerialNumber = args.getValueAsString("certSerialNumber", ""); header.addStringValue("certSerialNumber", certSerialNumber); if (certSerialNumber.startsWith("0x")) { @@ -304,8 +290,8 @@ public class GetCRL extends CMSServlet { } if (op.equals("checkCRLcache")) { - if (crlIP.getRevocationDateFromCache(new BigInteger( - certSerialNumber), false, false) != null) { + if (crlIP.getRevocationDateFromCache( + new BigInteger(certSerialNumber), false, false) != null) { header.addBooleanValue("isOnCRL", true); } else { header.addBooleanValue("isOnCRL", false); @@ -314,15 +300,14 @@ public class GetCRL extends CMSServlet { if (op.equals("checkCRL")) { header.addBooleanValue("isOnCRL", - crl.isRevoked(new BigInteger(certSerialNumber))); + crl.isRevoked(new BigInteger(certSerialNumber))); } if (op.equals("displayCRL")) { - if (crlDisplayType.equals("entireCRL") - || crlDisplayType.equals("cachedCRL")) { - ICRLPrettyPrint crlDetails = (crlDisplayType - .equals("entireCRL")) ? CMS.getCRLPrettyPrint(crl) - : CMS.getCRLCachePrettyPrint(crlIP); + if (crlDisplayType.equals("entireCRL") || crlDisplayType.equals("cachedCRL")) { + ICRLPrettyPrint crlDetails = (crlDisplayType.equals("entireCRL"))? + CMS.getCRLPrettyPrint(crl): + CMS.getCRLCachePrettyPrint(crlIP); String pageStart = args.getValueAsString("pageStart", null); String pageSize = args.getValueAsString("pageSize", null); @@ -330,28 +315,26 @@ public class GetCRL extends CMSServlet { long lPageStart = new Long(pageStart).longValue(); long lPageSize = new Long(pageSize).longValue(); - if (lPageStart < 1) - lPageStart = 1; + if (lPageStart < 1) lPageStart = 1; - header.addStringValue("crlPrettyPrint", crlDetails - .toString(locale[0], lCRLSize, lPageStart, - lPageSize)); + header.addStringValue("crlPrettyPrint", + crlDetails.toString(locale[0], + lCRLSize, lPageStart, lPageSize)); header.addLongValue("pageStart", lPageStart); header.addLongValue("pageSize", lPageSize); } else { - header.addStringValue("crlPrettyPrint", - crlDetails.toString(locale[0])); + header.addStringValue( + "crlPrettyPrint", crlDetails.toString(locale[0])); } } else if (crlDisplayType.equals("crlHeader")) { ICRLPrettyPrint crlDetails = CMS.getCRLPrettyPrint(crl); - header.addStringValue("crlPrettyPrint", - crlDetails.toString(locale[0], lCRLSize, 0, 0)); + header.addStringValue( + "crlPrettyPrint", crlDetails.toString(locale[0], lCRLSize, 0, 0)); } else if (crlDisplayType.equals("base64Encoded")) { try { byte[] ba = crl.getEncoded(); - String crlBase64Encoded = com.netscape.osutil.OSUtil - .BtoA(ba); + String crlBase64Encoded = com.netscape.osutil.OSUtil.BtoA(ba); int length = crlBase64Encoded.length(); int i = 0; int j = 0; @@ -368,14 +351,11 @@ public class GetCRL extends CMSServlet { IArgBlock rarg = CMS.createArgBlock(); if (k > -1) { - rarg.addStringValue("crlBase64Encoded", - crlBase64Encoded.substring(j, k)); + rarg.addStringValue("crlBase64Encoded", crlBase64Encoded.substring(j, k)); i = k + 1; j = i; } else { - rarg.addStringValue("crlBase64Encoded", - crlBase64Encoded.substring(j, - length)); + rarg.addStringValue("crlBase64Encoded", crlBase64Encoded.substring(j, length)); i = length; } argSet.addRepeatRecord(rarg); @@ -385,17 +365,16 @@ public class GetCRL extends CMSServlet { } } else if (crlDisplayType.equals("deltaCRL")) { header.addIntegerValue("deltaCRLSize", - crl.getNumberOfRevokedCertificates()); + crl.getNumberOfRevokedCertificates()); ICRLPrettyPrint crlDetails = CMS.getCRLPrettyPrint(crl); - header.addStringValue("crlPrettyPrint", - crlDetails.toString(locale[0], 0, 0, 0)); + header.addStringValue( + "crlPrettyPrint", crlDetails.toString(locale[0], 0, 0, 0)); try { byte[] ba = crl.getEncoded(); - String crlBase64Encoded = com.netscape.osutil.OSUtil - .BtoA(ba); + String crlBase64Encoded = com.netscape.osutil.OSUtil.BtoA(ba); int length = crlBase64Encoded.length(); int i = 0; int j = 0; @@ -412,14 +391,11 @@ public class GetCRL extends CMSServlet { IArgBlock rarg = CMS.createArgBlock(); if (k > -1) { - rarg.addStringValue("crlBase64Encoded", - crlBase64Encoded.substring(j, k)); + rarg.addStringValue("crlBase64Encoded", crlBase64Encoded.substring(j, k)); i = k + 1; j = i; } else { - rarg.addStringValue("crlBase64Encoded", - crlBase64Encoded.substring(j, - length)); + rarg.addStringValue("crlBase64Encoded", crlBase64Encoded.substring(j, length)); i = length; } argSet.addRepeatRecord(rarg); @@ -437,11 +413,10 @@ public class GetCRL extends CMSServlet { form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", - e.toString())); - cmsReq.setError(new ECMSGWException(CMS - .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); + cmsReq.setError(new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); } return; @@ -452,34 +427,32 @@ public class GetCRL extends CMSServlet { mimeType = "application/x-pkcs7-crl"; } else if (op.equals("getCRL")) { mimeType = "application/octet-stream"; - httpResp.setHeader("Content-disposition", "attachment; filename=" - + crlId + ".crl"); + httpResp.setHeader("Content-disposition", + "attachment; filename=" + crlId + ".crl"); } else if (op.equals("getDeltaCRL")) { mimeType = "application/octet-stream"; httpResp.setHeader("Content-disposition", - "attachment; filename=delta-" + crlId + ".crl"); + "attachment; filename=delta-" + crlId + ".crl"); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_OPTIONS_SELECTED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_OPTIONS_SELECTED")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_OPTIONS_SELECTED")); + CMS.getUserMessage("CMS_GW_INVALID_OPTIONS_SELECTED")); } try { - // if (clientIsMSIE(httpReq) && op.equals("getCRL")) - // httpResp.setHeader("Content-disposition", - // "attachment; filename=getCRL.crl"); + // if (clientIsMSIE(httpReq) && op.equals("getCRL")) + // httpResp.setHeader("Content-disposition", + // "attachment; filename=getCRL.crl"); httpResp.setContentType(mimeType); httpResp.setContentLength(bytes.length); httpResp.getOutputStream().write(bytes); httpResp.getOutputStream().flush(); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_DISPLAYING_CRLINFO")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_DISPLAYING_CRLINFO")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAYING_CRLINFO_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAYING_CRLINFO_ERROR")); } - // cmsReq.setResult(null); + // cmsReq.setResult(null); cmsReq.setStatus(CMSRequest.SUCCESS); return; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java index 7dcec5cd..5909bc4b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; + import java.io.IOException; import java.util.Locale; @@ -51,9 +52,10 @@ import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; import com.netscape.cms.servlet.common.ICMSTemplateFiller; + /** - * Gets a issued certificate from a request id. - * + * Gets a issued certificate from a request id. + * * @version $Revision$, $Date$ */ public class GetCertFromRequest extends CMSServlet { @@ -62,26 +64,27 @@ public class GetCertFromRequest extends CMSServlet { */ private static final long serialVersionUID = 5310646832256611066L; private final static String PROP_IMPORT = "importCert"; - protected static final String GET_CERT_FROM_REQUEST_TEMPLATE = "ImportCert.template"; - protected static final String DISPLAY_CERT_FROM_REQUEST_TEMPLATE = "displayCertFromRequest.template"; + protected static final String + GET_CERT_FROM_REQUEST_TEMPLATE = "ImportCert.template"; + protected static final String + DISPLAY_CERT_FROM_REQUEST_TEMPLATE = "displayCertFromRequest.template"; protected static final String REQUEST_ID = "requestId"; protected static final String CERT_TYPE = "certtype"; - protected String mCertFrReqSuccessTemplate = null; + protected String mCertFrReqSuccessTemplate = null; protected ICMSTemplateFiller mCertFrReqFiller = null; protected IRequestQueue mQueue = null; protected boolean mImportCert = true; - public GetCertFromRequest() { + public GetCertFromRequest() { super(); } /** * initialize the servlet. This servlet uses the template files - * "displayCertFromRequest.template" and "ImportCert.template" - * + * "displayCertFromRequest.template" and "ImportCert.template" * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -89,7 +92,8 @@ public class GetCertFromRequest extends CMSServlet { mTemplates.remove(CMSRequest.SUCCESS); mQueue = mAuthority.getRequestQueue(); try { - String tmp = sc.getInitParameter(PROP_IMPORT); + String tmp = sc.getInitParameter( + PROP_IMPORT); if (tmp != null && tmp.trim().equalsIgnoreCase("false")) mImportCert = false; @@ -98,43 +102,46 @@ public class GetCertFromRequest extends CMSServlet { if (mImportCert) defTemplate = GET_CERT_FROM_REQUEST_TEMPLATE; - else + else defTemplate = DISPLAY_CERT_FROM_REQUEST_TEMPLATE; if (mAuthority instanceof IRegistrationAuthority) defTemplate = "/ra/" + defTemplate; - else + else defTemplate = "/ca/" + defTemplate; - mCertFrReqSuccessTemplate = sc - .getInitParameter(PROP_SUCCESS_TEMPLATE); + mCertFrReqSuccessTemplate = sc.getInitParameter( + PROP_SUCCESS_TEMPLATE); if (mCertFrReqSuccessTemplate == null) mCertFrReqSuccessTemplate = defTemplate; - String fillername = sc - .getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER); + String fillername = + sc.getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER); if (fillername != null) { ICMSTemplateFiller filler = newFillerObject(fillername); - if (filler != null) + if (filler != null) mCertFrReqFiller = filler; } else { mCertFrReqFiller = new CertFrRequestFiller(); } } catch (Exception e) { // should never happen. - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_IMP_INIT_SERV_ERR", e.toString(), mId)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(), + mId)); } } + /** - * Process the HTTP request. + * Process the HTTP request. * <ul> - * <li>http.param requestId The request ID to search on + * <li>http.param requestId The request ID to search on * </ul> - * + * * @param cmsReq the object holding the request and response information */ - protected void process(CMSRequest cmsReq) throws EBaseException { + protected void process(CMSRequest cmsReq) + throws EBaseException { IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest httpReq = cmsReq.getHttpReq(); @@ -143,14 +150,14 @@ public class GetCertFromRequest extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "read"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -158,104 +165,96 @@ public class GetCertFromRequest extends CMSServlet { return; } - String requestId = httpParams.getValueAsString(REQUEST_ID, null); + String requestId = httpParams.getValueAsString(REQUEST_ID, null); if (requestId == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_REQUEST_ID_PROVIDED")); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_NO_REQUEST_ID_PROVIDED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_REQUEST_ID_PROVIDED")); + throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_REQUEST_ID_PROVIDED")); } // check if request Id is valid. try { Integer.parseInt(requestId); } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_REQ_ID_FORMAT", requestId)); - throw new EBaseException(CMS.getUserMessage(getLocale(httpReq), - "CMS_BASE_INVALID_NUMBER_FORMAT_1", requestId)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_REQ_ID_FORMAT", requestId)); + throw new EBaseException( + CMS.getUserMessage(getLocale(httpReq), "CMS_BASE_INVALID_NUMBER_FORMAT_1", requestId)); } IRequest r = mQueue.findRequest(new RequestId(requestId)); if (r == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_REQUEST_ID_NOT_FOUND", requestId)); - throw new ECMSGWException(CMS.getUserMessage( - "CMS_GW_REQUEST_ID_NOT_FOUND", requestId)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REQUEST_ID_NOT_FOUND", requestId)); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_REQUEST_ID_NOT_FOUND", requestId)); } if (authToken != null) { - // if RA, group and requestOwner must match - String group = authToken.getInString("group"); - if ((group != null) && (group != "") - && group.equals("Registration Manager Agents")) { - boolean groupMatched = false; - String reqOwner = r.getRequestOwner(); - if (reqOwner != null) { - CMS.debug("GetCertFromRequest process: req owner=" - + reqOwner); - if (reqOwner.equals(group)) - groupMatched = true; - } - if (groupMatched == false) { - CMS.debug("RA group unmatched"); - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_REQUEST_ID_NOT_FOUND", requestId)); - throw new ECMSGWException(CMS.getUserMessage( - "CMS_GW_REQUEST_ID_NOT_FOUND", requestId)); - } + //if RA, group and requestOwner must match + String group = authToken.getInString("group"); + if ((group != null) && (group != "") && + group.equals("Registration Manager Agents")) { + boolean groupMatched = false; + String reqOwner = r.getRequestOwner(); + if (reqOwner != null) { + CMS.debug("GetCertFromRequest process: req owner="+reqOwner); + if (reqOwner.equals(group)) + groupMatched = true; + } + if (groupMatched == false) { + CMS.debug("RA group unmatched"); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REQUEST_ID_NOT_FOUND", requestId)); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_REQUEST_ID_NOT_FOUND", requestId)); } + } } - if (!((r.getRequestType().equals(IRequest.ENROLLMENT_REQUEST)) || (r - .getRequestType().equals(IRequest.RENEWAL_REQUEST)))) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_REQUEST_NOT_ENROLLMENT_1", requestId)); - throw new ECMSGWException(CMS.getUserMessage( - "CMS_GW_REQUEST_NOT_ENROLLMENT", requestId)); + if (!((r.getRequestType().equals(IRequest.ENROLLMENT_REQUEST)) || (r.getRequestType().equals(IRequest.RENEWAL_REQUEST)))) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_REQUEST_NOT_ENROLLMENT_1", requestId)); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_REQUEST_NOT_ENROLLMENT", requestId)); } RequestStatus status = r.getRequestStatus(); if (!status.equals(RequestStatus.COMPLETE)) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_REQUEST_NOT_COMPLETED_1", requestId)); - throw new ECMSGWException(CMS.getUserMessage( - "CMS_GW_REQUEST_NOT_COMPLETED", requestId)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_REQUEST_NOT_COMPLETED_1", requestId)); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_REQUEST_NOT_COMPLETED", requestId)); } Integer result = r.getExtDataInInteger(IRequest.RESULT); if (result != null && !result.equals(IRequest.RES_SUCCESS)) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_REQUEST_HAD_ERROR_1", requestId)); - throw new ECMSGWException(CMS.getUserMessage( - "CMS_GW_REQUEST_HAD_ERROR", requestId)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_REQUEST_HAD_ERROR_1", requestId)); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_REQUEST_HAD_ERROR", requestId)); } Object o = r.getExtDataInCertArray(IRequest.ISSUED_CERTS); if (r.getExtDataInString("profile") != null) { // handle profile-based request - X509CertImpl cert = r - .getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT); + X509CertImpl cert = r.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT); X509CertImpl certs[] = new X509CertImpl[1]; certs[0] = cert; o = certs; } if (o == null || !(o instanceof X509CertImpl[])) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_REQUEST_HAD_NO_CERTS_1", requestId)); - throw new ECMSGWException(CMS.getUserMessage( - "CMS_GW_REQUEST_HAD_NO_CERTS", requestId)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_REQUEST_HAD_NO_CERTS_1", requestId)); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_REQUEST_HAD_NO_CERTS", requestId)); } if (o instanceof X509CertImpl[]) { X509CertImpl[] certs = (X509CertImpl[]) o; if (certs == null || certs.length == 0 || certs[0] == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_REQUEST_HAD_NO_CERTS_1", requestId)); - throw new ECMSGWException(CMS.getUserMessage( - "CMS_GW_REQUEST_HAD_NO_CERTS", requestId)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_REQUEST_HAD_NO_CERTS_1", requestId)); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_REQUEST_HAD_NO_CERTS", requestId)); } // for importsCert to get the crmf_reqid. @@ -263,66 +262,58 @@ public class GetCertFromRequest extends CMSServlet { cmsReq.setStatus(CMSRequest.SUCCESS); - if (mImportCert - && checkImportCertToNav(cmsReq.getHttpResp(), httpParams, - certs[0])) { + if (mImportCert && + checkImportCertToNav(cmsReq.getHttpResp(), httpParams, certs[0])) { return; } try { cmsReq.setResult(certs); - renderTemplate(cmsReq, mCertFrReqSuccessTemplate, - mCertFrReqFiller); + renderTemplate(cmsReq, mCertFrReqSuccessTemplate, mCertFrReqFiller); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGE_ERROR_DISPLAY_TEMPLATE_1", + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGE_ERROR_DISPLAY_TEMPLATE_1", mCertFrReqSuccessTemplate, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } return; } } + class CertFrRequestFiller extends ImportCertsTemplateFiller { public CertFrRequestFiller() { } - public CMSTemplateParams getTemplateParams(CMSRequest cmsReq, - IAuthority authority, Locale locale, Exception e) throws Exception { - CMSTemplateParams tparams = super.getTemplateParams(cmsReq, authority, - locale, e); + public CMSTemplateParams getTemplateParams( + CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) + throws Exception { + CMSTemplateParams tparams = + super.getTemplateParams(cmsReq, authority, locale, e); String reqId = cmsReq.getHttpParams().getValueAsString( GetCertFromRequest.REQUEST_ID); - tparams.getHeader() - .addStringValue(GetCertFromRequest.REQUEST_ID, reqId); + tparams.getHeader().addStringValue(GetCertFromRequest.REQUEST_ID, reqId); if (reqId != null) { - IRequest r = authority.getRequestQueue().findRequest( - new RequestId(reqId)); + IRequest r = authority.getRequestQueue().findRequest(new RequestId(reqId)); if (r != null) { boolean noCertImport = true; - String certType = r.getExtDataInString(IRequest.HTTP_PARAMS, - IRequest.CERT_TYPE); + String certType = r.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE); if (certType != null && certType.equals(IRequest.CLIENT_CERT)) { noCertImport = false; } - tparams.getHeader().addBooleanValue("noCertImport", - noCertImport); + tparams.getHeader().addBooleanValue("noCertImport", noCertImport); - X509CertImpl[] certs = r - .getExtDataInCertArray(IRequest.ISSUED_CERTS); + X509CertImpl[] certs = r.getExtDataInCertArray(IRequest.ISSUED_CERTS); if (certs != null) { - X509CertInfo info = (X509CertInfo) certs[0] - .get(X509CertImpl.NAME + "." + X509CertImpl.INFO); - CertificateExtensions extensions = (CertificateExtensions) info - .get(X509CertInfo.EXTENSIONS); + X509CertInfo info = (X509CertInfo) certs[0].get(X509CertImpl.NAME + "." + X509CertImpl.INFO); + CertificateExtensions extensions = (CertificateExtensions) info.get(X509CertInfo.EXTENSIONS); - tparams.getHeader().addStringValue( - GetCertFromRequest.CERT_TYPE, "x509"); + tparams.getHeader().addStringValue(GetCertFromRequest.CERT_TYPE, "x509"); boolean emailCert = false; @@ -333,21 +324,16 @@ class CertFrRequestFiller extends ImportCertsTemplateFiller { if (ext instanceof NSCertTypeExtension) { NSCertTypeExtension type = (NSCertTypeExtension) ext; - if (((Boolean) type - .get(NSCertTypeExtension.EMAIL)) - .booleanValue()) + if (((Boolean) type.get(NSCertTypeExtension.EMAIL)).booleanValue()) emailCert = true; } if (ext instanceof KeyUsageExtension) { - KeyUsageExtension usage = (KeyUsageExtension) ext; + KeyUsageExtension usage = + (KeyUsageExtension) ext; try { - if (((Boolean) usage - .get(KeyUsageExtension.DIGITAL_SIGNATURE)) - .booleanValue() - || ((Boolean) usage - .get(KeyUsageExtension.DATA_ENCIPHERMENT)) - .booleanValue()) + if (((Boolean) usage.get(KeyUsageExtension.DIGITAL_SIGNATURE)).booleanValue() || + ((Boolean) usage.get(KeyUsageExtension.DATA_ENCIPHERMENT)).booleanValue()) emailCert = true; } catch (ArrayIndexOutOfBoundsException e0) { // bug356108: diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetEnableStatus.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetEnableStatus.java index 1e9f9a02..8b5536ea 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetEnableStatus.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetEnableStatus.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; + import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -44,9 +45,10 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; + /** * Servlet to get the enrollment status, enable or disable. - * + * * @version $Revision$, $Date$ */ public class GetEnableStatus extends CMSServlet { @@ -62,8 +64,7 @@ public class GetEnableStatus extends CMSServlet { } /** - * initialize the servlet. - * + * initialize the servlet. * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -79,14 +80,15 @@ public class GetEnableStatus extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> * <li>http.param * </ul> - * + * * @param cmsReq the object holding the request and response information */ - protected void process(CMSRequest cmsReq) throws EBaseException { + protected void process(CMSRequest cmsReq) + throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -94,8 +96,8 @@ public class GetEnableStatus extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "read"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "read"); } catch (Exception e) { // do nothing for now } @@ -111,10 +113,9 @@ public class GetEnableStatus extends CMSServlet { IArgBlock args = cmsReq.getHttpParams(); if (!(mAuthority instanceof IRegistrationAuthority)) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP")); - cmsReq.setError(new ECMSGWException(CMS - .getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED"))); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP")); + cmsReq.setError(new ECMSGWException( + CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -125,11 +126,11 @@ public class GetEnableStatus extends CMSServlet { try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, - e.toString())); - cmsReq.setError(new ECMSGWException(CMS - .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", + mFormPath, e.toString())); + cmsReq.setError(new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -141,8 +142,7 @@ public class GetEnableStatus extends CMSServlet { IConfigStore configStore = CMS.getConfigStore(); String val = configStore.getString("hashDirEnrollment.name"); - IAuthSubsystem authSS = (IAuthSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_AUTH); + IAuthSubsystem authSS = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); IAuthManager authMgr = authSS.get(val); HashAuthentication mgr = (HashAuthentication) authMgr; long timeout = HashAuthentication.DEFAULT_TIMEOUT / 1000; @@ -164,10 +164,10 @@ public class GetEnableStatus extends CMSServlet { form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); - cmsReq.setError(new ECMSGWException(CMS - .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + cmsReq.setError(new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); } cmsReq.setStatus(CMSRequest.SUCCESS); diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetInfo.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetInfo.java index 300ba3e0..9d83d430 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetInfo.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetInfo.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; + import java.io.IOException; import java.math.BigInteger; import java.util.Enumeration; @@ -48,9 +49,10 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; + /** * Get detailed information about CA CRL processing - * + * * @version $Revision$, $Date$ */ public class GetInfo extends CMSServlet { @@ -74,7 +76,6 @@ public class GetInfo extends CMSServlet { /** * initialize the servlet. - * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -89,11 +90,11 @@ public class GetInfo extends CMSServlet { } /** - * XXX Process the HTTP request. + * XXX Process the HTTP request. * <ul> * <li>http.param template filename of template to use to render the result * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -104,14 +105,14 @@ public class GetInfo extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "read"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -128,33 +129,35 @@ public class GetInfo extends CMSServlet { String template = req.getParameter("template"); String formFile = ""; - /* - * for (int i = 0; ((template != null) && (i < template.length())); i++) - * { char c = template.charAt(i); if (!Character.isLetterOrDigit(c) && c - * != '_' && c != '-') { template = null; break; } } - */ +/* + for (int i = 0; ((template != null) && (i < template.length())); i++) { + char c = template.charAt(i); + if (!Character.isLetterOrDigit(c) && c != '_' && c != '-') { + template = null; + break; + } + } +*/ + if (template != null) { formFile = template + ".template"; } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE_1")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE_1")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } CMSTemplate form = null; Locale[] locale = new Locale[1]; - CMS.debug("*** formFile = " + formFile); +CMS.debug("*** formFile = "+formFile); try { form = getTemplate(formFile, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", formFile, - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", formFile, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } try { @@ -169,27 +172,29 @@ public class GetInfo extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } private void process(CMSTemplateParams argSet, IArgBlock header, - HttpServletRequest req, HttpServletResponse resp, Locale locale) - throws EBaseException { + HttpServletRequest req, + HttpServletResponse resp, + Locale locale) + throws EBaseException { if (mCA != null) { String crlIssuingPoints = ""; String crlNumbers = ""; @@ -202,23 +207,20 @@ public class GetInfo extends CMSServlet { String crlTesting = ""; boolean isDeltaCRLEnabled = false; - String masterHost = CMS.getConfigStore().getString( - "master.ca.agent.host", ""); - String masterPort = CMS.getConfigStore().getString( - "master.ca.agent.port", ""); - - if (masterHost != null && masterHost.length() > 0 - && masterPort != null && masterPort.length() > 0) { + String masterHost = CMS.getConfigStore().getString("master.ca.agent.host", ""); + String masterPort = CMS.getConfigStore().getString("master.ca.agent.port", ""); + + if (masterHost != null && masterHost.length() > 0 && + masterPort != null && masterPort.length() > 0) { ICRLRepository crlRepository = mCA.getCRLRepository(); Vector ipNames = crlRepository.getIssuingPointsNames(); for (int i = 0; i < ipNames.size(); i++) { - String ipName = (String) ipNames.elementAt(i); + String ipName = (String)ipNames.elementAt(i); ICRLIssuingPointRecord crlRecord = null; try { - crlRecord = crlRepository - .readCRLIssuingPointRecord(ipName); + crlRecord = crlRepository.readCRLIssuingPointRecord(ipName); } catch (Exception e) { } if (crlRecord != null) { @@ -234,8 +236,8 @@ public class GetInfo extends CMSServlet { if (crlSizes.length() > 0) crlSizes += "+"; - crlSizes += ((crlRecord.getCRLSize() != null) ? crlRecord - .getCRLSize().toString() : "-1"); + crlSizes += ((crlRecord.getCRLSize() != null)? + crlRecord.getCRLSize().toString(): "-1"); if (deltaSizes.length() > 0) deltaSizes += "+"; @@ -302,18 +304,13 @@ public class GetInfo extends CMSServlet { if (recentChanges.length() > 0) recentChanges += "+"; if (ip.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_PUBLISHING_STARTED) { - recentChanges += "Publishing CRL #" - + ip.getCRLNumber(); + recentChanges += "Publishing CRL #" + ip.getCRLNumber(); } else if (ip.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_UPDATE_STARTED) { - recentChanges += "Creating CRL #" - + ip.getNextCRLNumber(); - } else { // ip.CRL_UPDATE_DONE - recentChanges += ip - .getNumberOfRecentlyRevokedCerts() - + ", " - + ip.getNumberOfRecentlyUnrevokedCerts() - + ", " - + ip.getNumberOfRecentlyExpiredCerts(); + recentChanges += "Creating CRL #" + ip.getNextCRLNumber(); + } else { // ip.CRL_UPDATE_DONE + recentChanges += ip.getNumberOfRecentlyRevokedCerts() + ", " + + ip.getNumberOfRecentlyUnrevokedCerts() + ", " + + ip.getNumberOfRecentlyExpiredCerts(); } isDeltaCRLEnabled |= ip.isDeltaCRLEnabled(); @@ -329,8 +326,7 @@ public class GetInfo extends CMSServlet { if (crlTesting.length() > 0) crlTesting += "+"; - crlTesting += ((ip.isCRLCacheTestingEnabled()) ? "1" - : "0"); + crlTesting += ((ip.isCRLCacheTestingEnabled())?"1":"0"); } } @@ -349,14 +345,11 @@ public class GetInfo extends CMSServlet { header.addStringValue("master_host", masterHost); header.addStringValue("master_port", masterPort); - header.addStringValue("masterCRLIssuingPoint", - ICertificateAuthority.PROP_MASTER_CRL); - ICRLIssuingPoint ip0 = mCA - .getCRLIssuingPoint(ICertificateAuthority.PROP_MASTER_CRL); + header.addStringValue("masterCRLIssuingPoint", ICertificateAuthority.PROP_MASTER_CRL); + ICRLIssuingPoint ip0 = mCA.getCRLIssuingPoint(ICertificateAuthority.PROP_MASTER_CRL); if (ip0 != null) { - header.addStringValue("defaultAlgorithm", - ip0.getSigningAlgorithm()); + header.addStringValue("defaultAlgorithm", ip0.getSigningAlgorithm()); } if (recentChanges.length() > 0) diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java index 0922f882..645cb831 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; + import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -84,9 +85,10 @@ import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; import com.netscape.cms.servlet.common.ICMSTemplateFiller; + /** * performs face-to-face enrollment. - * + * * @version $Revision$, $Date$ */ public class HashEnrollServlet extends CMSServlet { @@ -98,9 +100,10 @@ public class HashEnrollServlet extends CMSServlet { public final static String ADMIN_ENROLL_SERVLET_ID = "adminEnroll"; // enrollment templates. - public static final String ENROLL_SUCCESS_TEMPLATE = "/ra/HashEnrollSuccess.template"; + public static final String + ENROLL_SUCCESS_TEMPLATE = "/ra/HashEnrollSuccess.template"; - // http params + // http params public static final String OLD_CERT_TYPE = "csrCertType"; public static final String CERT_TYPE = "certType"; // same as in ConfigConstant.java @@ -120,7 +123,8 @@ public class HashEnrollServlet extends CMSServlet { private boolean mAuthTokenOverride = true; private String mEnrollSuccessTemplate = null; - private ICMSTemplateFiller mEnrollSuccessFiller = new ImportCertsTemplateFiller(); + private ICMSTemplateFiller + mEnrollSuccessFiller = new ImportCertsTemplateFiller(); ICertificateAuthority mCa = null; ICertificateRepository mRepository = null; @@ -131,7 +135,6 @@ public class HashEnrollServlet extends CMSServlet { /** * initialize the servlet. - * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -139,17 +142,17 @@ public class HashEnrollServlet extends CMSServlet { // override success template to allow direct import of keygen certs. mTemplates.remove(CMSRequest.SUCCESS); try { - mEnrollSuccessTemplate = sc - .getInitParameter(CMSServlet.PROP_SUCCESS_TEMPLATE); + mEnrollSuccessTemplate = sc.getInitParameter( + CMSServlet.PROP_SUCCESS_TEMPLATE); if (mEnrollSuccessTemplate == null) mEnrollSuccessTemplate = ENROLL_SUCCESS_TEMPLATE; - String fillername = sc - .getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER); + String fillername = + sc.getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER); if (fillername != null) { ICMSTemplateFiller filler = newFillerObject(fillername); - if (filler != null) + if (filler != null) mEnrollSuccessFiller = filler; } @@ -158,18 +161,20 @@ public class HashEnrollServlet extends CMSServlet { init_testbed_hack(mConfig); } catch (Exception e) { - // this should never happen. - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_IMP_INIT_SERV_ERR", e.toString(), mId)); + // this should never happen. + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(), mId)); } } + /** - * Process the HTTP request. - * + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information */ - protected void process(CMSRequest cmsReq) throws EBaseException { + protected void process(CMSRequest cmsReq) + throws EBaseException { IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -187,8 +192,8 @@ public class HashEnrollServlet extends CMSServlet { IConfigStore configStore = CMS.getConfigStore(); String val = configStore.getString("hashDirEnrollment.name"); - IAuthSubsystem authSS = (IAuthSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_AUTH); + IAuthSubsystem authSS = (IAuthSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); IAuthManager authMgr = authSS.get(val); HashAuthentication mgr = (HashAuthentication) authMgr; @@ -221,15 +226,14 @@ public class HashEnrollServlet extends CMSServlet { certType = httpParams.getValueAsString(OLD_CERT_TYPE, null); if (certType == null) { certType = httpParams.getValueAsString(CERT_TYPE, "client"); - } else { - ; - } + } else {; + } - processX509(cmsReq); + processX509(cmsReq); } - + private void printError(CMSRequest cmsReq, String errorCode) - throws EBaseException { + throws EBaseException { IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -249,10 +253,9 @@ public class HashEnrollServlet extends CMSServlet { form = getTemplate(formPath, httpReq, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", formPath, - e.toString())); - cmsReq.setError(new ECMSGWException(CMS - .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", formPath, e.toString())); + cmsReq.setError(new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -264,15 +267,16 @@ public class HashEnrollServlet extends CMSServlet { cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", - e.toString())); - cmsReq.setError(new ECMSGWException(CMS - .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", + e.toString())); + cmsReq.setError(new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); } } - protected void processX509(CMSRequest cmsReq) throws EBaseException { + protected void processX509(CMSRequest cmsReq) + throws EBaseException { IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest httpReq = cmsReq.getHttpReq(); @@ -280,16 +284,19 @@ public class HashEnrollServlet extends CMSServlet { IRequest req = mRequestQueue.newRequest(IRequest.ENROLLMENT_REQUEST); /* - * === certAuth based enroll === "certAuthEnroll" is on. - * "certauthEnrollType can be one of the three: single - it's for single - * cert enrollment dual - it's for dual certs enrollment encryption - - * getting the encryption cert only via authentication of the signing - * cert (crmf or keyGenInfo) + * === certAuth based enroll === + * "certAuthEnroll" is on. + * "certauthEnrollType can be one of the three: + * single - it's for single cert enrollment + * dual - it's for dual certs enrollment + * encryption - getting the encryption cert only via + * authentication of the signing cert + * (crmf or keyGenInfo) */ boolean certAuthEnroll = false; - String certAuthEnrollOn = httpParams.getValueAsString("certauthEnroll", - null); + String certAuthEnrollOn = + httpParams.getValueAsString("certauthEnroll", null); X509CertInfo new_certInfo = null; if ((certAuthEnrollOn != null) && (certAuthEnrollOn.equals("on"))) { @@ -300,8 +307,8 @@ public class HashEnrollServlet extends CMSServlet { String certauthEnrollType = null; if (certAuthEnroll == true) { - certauthEnrollType = httpParams.getValueAsString( - "certauthEnrollType", null); + certauthEnrollType = + httpParams.getValueAsString("certauthEnrollType", null); if (certauthEnrollType != null) { if (certauthEnrollType.equals("dual")) { CMS.debug("HashEnrollServlet: certauthEnrollType is dual"); @@ -310,22 +317,20 @@ public class HashEnrollServlet extends CMSServlet { } else if (certauthEnrollType.equals("single")) { CMS.debug("HashEnrollServlet: certauthEnrollType is single"); } else { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_INVALID_CERTAUTH_ENROLL_TYPE_1", - certauthEnrollType)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_INVALID_CERTAUTH_ENROLL_TYPE_1", certauthEnrollType)); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERTAUTH_ENROLL_TYPE")); + CMS.getUserMessage("CMS_GW_INVALID_CERTAUTH_ENROLL_TYPE")); } } else { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CERTAUTH_ENROLL_TYPE")); + CMS.getLogMessage("CMSGW_MISSING_CERTAUTH_ENROLL_TYPE")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_CERTAUTH_ENROLL_TYPE")); + CMS.getUserMessage("CMS_GW_MISSING_CERTAUTH_ENROLL_TYPE")); } } - String challengePassword = httpParams.getValueAsString( - "challengePassword", ""); + String challengePassword = httpParams.getValueAsString("challengePassword", ""); cmsReq.setIRequest(req); saveHttpHeaders(httpReq, req); @@ -335,8 +340,8 @@ public class HashEnrollServlet extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, token, mAuthzResourceName, - "import"); + authzToken = authorize(mAclMethod, token, + mAuthzResourceName, "import"); } catch (Exception e) { // do nothing for now } @@ -351,43 +356,41 @@ public class HashEnrollServlet extends CMSServlet { String certBasedOldSubjectDN = null; BigInteger certBasedOldSerialNum = null; - // check if request was authenticated, if so set authtoken & certInfo. - // also if authenticated, take certInfo from authToken. + // check if request was authenticated, if so set authtoken & certInfo. + // also if authenticated, take certInfo from authToken. X509CertInfo certInfo = null; if (certAuthEnroll == true) { sslClientCert = getSSLClientCertificate(httpReq); if (sslClientCert == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_SSL_CLIENT_CERT")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_MISSING_SSL_CLIENT_CERT")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_SSL_CLIENT_CERT")); + CMS.getUserMessage("CMS_GW_MISSING_SSL_CLIENT_CERT")); } - certBasedOldSubjectDN = (String) sslClientCert.getSubjectDN() - .toString(); - certBasedOldSerialNum = (BigInteger) sslClientCert - .getSerialNumber(); + certBasedOldSubjectDN = (String) sslClientCert.getSubjectDN().toString(); + certBasedOldSerialNum = (BigInteger) sslClientCert.getSerialNumber(); try { - certInfo = (X509CertInfo) ((X509CertImpl) sslClientCert) - .get(X509CertImpl.NAME + "." + X509CertImpl.INFO); + certInfo = (X509CertInfo) + ((X509CertImpl) sslClientCert).get( + X509CertImpl.NAME + "." + X509CertImpl.INFO); } catch (CertificateParsingException ex) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT")); - throw new ECMSGWException(CMS.getUserMessage( - getLocale(httpReq), "CMS_GW_MISSING_CERTINFO")); + CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT")); + throw new ECMSGWException( + CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_CERTINFO")); } } else { certInfo = CMS.getDefaultX509CertInfo(); } - X509CertInfo[] certInfoArray = new X509CertInfo[] { certInfo }; + X509CertInfo[] certInfoArray = new X509CertInfo[] {certInfo}; - // AuthToken authToken = access.getAuthToken(); + //AuthToken authToken = access.getAuthToken(); IConfigStore configStore = CMS.getConfigStore(); String val = configStore.getString("hashDirEnrollment.name"); - IAuthSubsystem authSS = (IAuthSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_AUTH); + IAuthSubsystem authSS = (IAuthSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); IAuthManager authMgr1 = authSS.get(val); HashAuthentication mgr = (HashAuthentication) authMgr1; String pageID = httpParams.getValueAsString("pageID", null); @@ -402,22 +405,24 @@ public class HashEnrollServlet extends CMSServlet { cmsReq.setStatus(CMSRequest.SUCCESS); return; } else { - authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); - // don't store agent token in request. - // agent currently used for bulk issuance. + authMgr = + authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); + // don't store agent token in request. + // agent currently used for bulk issuance. // if (!authMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { - log(ILogger.LL_INFO, "Enrollment request was authenticated by " - + authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME)); + log(ILogger.LL_INFO, + "Enrollment request was authenticated by " + + authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME)); fillCertInfoFromAuthToken(certInfo, authToken); - // save authtoken attrs to request directly (for policy use) + // save authtoken attrs to request directly (for policy use) saveAuthToken(authToken, req); // req.set(IRequest.AUTH_TOKEN, authToken); // } } // fill certInfo from input types: keygen, cmc, pkcs10 or crmf - KeyGenInfo keyGenInfo = httpParams.getValueAsKeyGenInfo( - SUBJECT_KEYGEN_INFO, null); + KeyGenInfo keyGenInfo = + httpParams.getValueAsKeyGenInfo(SUBJECT_KEYGEN_INFO, null); String certType = null; @@ -436,7 +441,8 @@ public class HashEnrollServlet extends CMSServlet { req.setExtData(IRequest.HTTP_PARAMS, CERT_TYPE, certType); } - String crmf = httpParams.getValueAsString(CRMF_REQUEST, null); + String crmf = + httpParams.getValueAsString(CRMF_REQUEST, null); if (certAuthEnroll == true) { @@ -445,21 +451,25 @@ public class HashEnrollServlet extends CMSServlet { // for dual certs if (certauthEnrollType.equals(CERT_AUTH_DUAL)) { if (mCa == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NOT_A_CA")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NOT_A_CA")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_NOT_A_CA")); + CMS.getUserMessage("CMS_GW_NOT_A_CA")); } // first, make sure the client cert is indeed a - // signing only cert - if ((CMS.isSigningCert((X509CertImpl) sslClientCert) == false) - || ((CMS.isSigningCert((X509CertImpl) sslClientCert) == true) && (CMS - .isEncryptionCert((X509CertImpl) sslClientCert) == true))) { + // signing only cert + if ((CMS.isSigningCert((X509CertImpl) sslClientCert) == + false) || + ((CMS.isSigningCert((X509CertImpl) sslClientCert) == + true) && + (CMS.isEncryptionCert((X509CertImpl) sslClientCert) == + true))) { // either it's not a signing cert, or it's a dual cert log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE")); + CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE")); + CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE")); } X509Key key = null; @@ -468,27 +478,22 @@ public class HashEnrollServlet extends CMSServlet { try { certInfo.set(X509CertInfo.KEY, new CertificateX509Key(key)); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", - e.toString())); - throw new ECMSGWException(CMS.getUserMessage( - "CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", - e.toString())); - throw new ECMSGWException(CMS.getUserMessage( - "CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); } - String filter = "(&(x509cert.subject=" + certBasedOldSubjectDN - + ")(!(x509cert.serialNumber=" + certBasedOldSerialNum - + "))(certStatus=VALID))"; - ICertRecordList list = (ICertRecordList) mCa - .getCertificateRepository().findCertRecordsInList( - filter, null, 10); + String filter = + "(&(x509cert.subject=" + certBasedOldSubjectDN + ")(!(x509cert.serialNumber=" + certBasedOldSerialNum + "))(certStatus=VALID))"; + ICertRecordList list = + (ICertRecordList) mCa.getCertificateRepository().findCertRecordsInList(filter, + null, 10); int size = list.getSize(); Enumeration en = list.getCertRecords(0, size - 1); boolean gotEncCert = false; @@ -497,8 +502,8 @@ public class HashEnrollServlet extends CMSServlet { // pairing encryption cert not found } else { X509CertInfo encCertInfo = CMS.getDefaultX509CertInfo(); - X509CertInfo[] cInfoArray = new X509CertInfo[] { certInfo, - encCertInfo }; + X509CertInfo[] cInfoArray = new X509CertInfo[] {certInfo, + encCertInfo}; int i = 1; while (en.hasMoreElements()) { @@ -506,47 +511,37 @@ public class HashEnrollServlet extends CMSServlet { X509CertImpl cert = record.getCertificate(); // if not encryption cert only, try next one - if ((CMS.isEncryptionCert(cert) == false) - || ((CMS.isEncryptionCert(cert) == true) && (CMS - .isSigningCert(cert) == true))) { + if ((CMS.isEncryptionCert(cert) == false) || + ((CMS.isEncryptionCert(cert) == true) && + (CMS.isSigningCert(cert) == true))) { continue; } key = (X509Key) cert.getPublicKey(); try { - encCertInfo = (X509CertInfo) cert - .get(X509CertImpl.NAME + "." - + X509CertImpl.INFO); + encCertInfo = (X509CertInfo) + cert.get( + X509CertImpl.NAME + "." + X509CertImpl.INFO); } catch (CertificateParsingException ex) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT")); - throw new ECMSGWException(CMS.getUserMessage( - getLocale(httpReq), - "CMS_GW_MISSING_CERTINFO")); + CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT")); + throw new ECMSGWException( + CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_CERTINFO")); } try { - encCertInfo.set(X509CertInfo.KEY, - new CertificateX509Key(key)); + encCertInfo.set(X509CertInfo.KEY, new CertificateX509Key(key)); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage( - "CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage( - "CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", - e.toString())); + CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage( - "CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage( - "CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", - e.toString())); + CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); } fillCertInfoFromAuthToken(encCertInfo, authToken); @@ -560,21 +555,24 @@ public class HashEnrollServlet extends CMSServlet { if (gotEncCert == false) { // encryption cert not found, bail log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ENCRYPTION_CERT_NOT_FOUND")); + CMS.getLogMessage("CMSGW_ENCRYPTION_CERT_NOT_FOUND")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_ENCRYPTION_CERT_NOT_FOUND")); + CMS.getUserMessage("CMS_GW_ENCRYPTION_CERT_NOT_FOUND")); } } else if (certauthEnrollType.equals(CERT_AUTH_ENCRYPTION)) { // first, make sure the client cert is indeed a - // signing only cert - if ((CMS.isSigningCert((X509CertImpl) sslClientCert) == false) - || ((CMS.isSigningCert((X509CertImpl) sslClientCert) == true) && (CMS - .isEncryptionCert((X509CertImpl) sslClientCert) == true))) { + // signing only cert + if ((CMS.isSigningCert((X509CertImpl) sslClientCert) == + false) || + ((CMS.isSigningCert((X509CertImpl) sslClientCert) == + true) && + (CMS.isEncryptionCert((X509CertImpl) sslClientCert) == + true))) { // either it's not a signing cert, or it's a dual cert log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE")); + CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE")); + CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE")); } /* @@ -582,15 +580,15 @@ public class HashEnrollServlet extends CMSServlet { */ if (crmf != null && crmf != "") { certInfoArray = fillCRMF(crmf, authToken, httpParams, req); - req.setExtData(CLIENT_ISSUER, sslClientCert.getIssuerDN() - .toString()); - CMS.debug("HashEnrollServlet: sslClientCert issuerDN = " - + sslClientCert.getIssuerDN().toString()); + req.setExtData(CLIENT_ISSUER, + sslClientCert.getIssuerDN().toString()); + CMS.debug( + "HashEnrollServlet: sslClientCert issuerDN = " + sslClientCert.getIssuerDN().toString()); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); - throw new ECMSGWException(CMS.getUserMessage( - getLocale(httpReq), "CMS_GW_MISSING_KEYGEN_INFO")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); + throw new ECMSGWException(CMS.getUserMessage(getLocale(httpReq), + "CMS_GW_MISSING_KEYGEN_INFO")); } } else if (certauthEnrollType.equals(CERT_AUTH_SINGLE)) { // have to be buried here to handle the issuer @@ -598,21 +596,21 @@ public class HashEnrollServlet extends CMSServlet { if (crmf != null && crmf != "") { certInfoArray = fillCRMF(crmf, authToken, httpParams, req); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); - throw new ECMSGWException(CMS.getUserMessage( - getLocale(httpReq), "CMS_GW_MISSING_KEYGEN_INFO")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); + throw new ECMSGWException(CMS.getUserMessage(getLocale(httpReq), + "CMS_GW_MISSING_KEYGEN_INFO")); } - req.setExtData(CLIENT_ISSUER, sslClientCert.getIssuerDN() - .toString()); + req.setExtData(CLIENT_ISSUER, + sslClientCert.getIssuerDN().toString()); } } else if (crmf != null && crmf != "") { certInfoArray = fillCRMF(crmf, authToken, httpParams, req); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); throw new ECMSGWException(CMS.getUserMessage(getLocale(httpReq), - "CMS_GW_MISSING_KEYGEN_INFO")); + "CMS_GW_MISSING_KEYGEN_INFO")); } req.setExtData(IRequest.CERT_INFO, certInfoArray); @@ -623,9 +621,9 @@ public class HashEnrollServlet extends CMSServlet { req.setExtData(CHALLENGE_PASSWORD, pwd); } - // send request to request queue. + // send request to request queue. mRequestQueue.processRequest(req); - // process result. + // process result. // render OLD_CERT_TYPE's response differently, we // dont want any javascript in HTML, and need to @@ -640,28 +638,27 @@ public class HashEnrollServlet extends CMSServlet { return; } - // for audit log + //for audit log String initiative = null; String agentID = null; if (!authMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { - // request is from eegateway, so fromUser. + // request is from eegateway, so fromUser. initiative = AuditFormat.FROMUSER; } else { agentID = authToken.getInString("userid"); initiative = AuditFormat.FROMAGENT + " agentID: " + agentID; - } + } // if service not complete return standard templates. RequestStatus status = req.getRequestStatus(); if (status != RequestStatus.COMPLETE) { cmsReq.setIRequestStatus(); // set status acc. to IRequest status. - // audit log the status + // audit log the status try { if (status == RequestStatus.REJECTED) { - Vector messages = req - .getExtDataInStringVector(IRequest.ERRORS); + Vector messages = req.getExtDataInStringVector(IRequest.ERRORS); if (messages != null) { Enumeration msgs = messages.elements(); @@ -671,42 +668,52 @@ public class HashEnrollServlet extends CMSServlet { wholeMsg.append("\n"); wholeMsg.append(msgs.nextElement()); } - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.ENROLLMENTFORMAT, - new Object[] { req.getRequestId(), initiative, - authMgr, status.toString(), - certInfo.get(X509CertInfo.SUBJECT), - " violation: " + wholeMsg.toString() }, - ILogger.L_MULTILINE); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.ENROLLMENTFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + status.toString(), + certInfo.get(X509CertInfo.SUBJECT), + " violation: " + + wholeMsg.toString()}, + ILogger.L_MULTILINE + ); } else { // no policy violation, from agent - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.ENROLLMENTFORMAT, - new Object[] { req.getRequestId(), initiative, - authMgr, status.toString(), - certInfo.get(X509CertInfo.SUBJECT), "" }); - } - } else { // other imcomplete status - mLogger.log( - ILogger.EV_AUDIT, + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, AuditFormat.LEVEL, AuditFormat.ENROLLMENTFORMAT, - new Object[] { req.getRequestId(), initiative, - authMgr, status.toString(), - certInfo.get(X509CertInfo.SUBJECT), "" }); + new Object[] { + req.getRequestId(), + initiative, + authMgr, + status.toString(), + certInfo.get(X509CertInfo.SUBJECT), ""} + ); + } + } else { // other imcomplete status + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.ENROLLMENTFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + status.toString(), + certInfo.get(X509CertInfo.SUBJECT), ""} + ); } } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString())); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString())); } return; } @@ -717,35 +724,39 @@ public class HashEnrollServlet extends CMSServlet { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(req.getExtDataInString(IRequest.ERROR)); - String[] svcErrors = req - .getExtDataInStringArray(IRequest.SVCERRORS); + String[] svcErrors = + req.getExtDataInStringArray(IRequest.SVCERRORS); if (svcErrors != null && svcErrors.length > 0) { for (int i = 0; i < svcErrors.length; i++) { String err = svcErrors[i]; if (err != null) { - // System.out.println( - // "revocation servlet: setting error description "+ - // err.toString()); + //System.out.println( + //"revocation servlet: setting error description "+ + //err.toString()); cmsReq.setErrorDescription(err); // audit log the error try { - mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.ENROLLMENTFORMAT, new Object[] { - req.getRequestId(), initiative, - authMgr, - "completed with error: " + err, - certInfo.get(X509CertInfo.SUBJECT), - "" }); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.ENROLLMENTFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + "completed with error: " + + err, + certInfo.get(X509CertInfo.SUBJECT), ""} + ); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_CANT_GET_CERT_SUBJ_AUDITING", + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString())); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_CANT_GET_CERT_SUBJ_AUDITING", + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString())); } } @@ -756,143 +767,144 @@ public class HashEnrollServlet extends CMSServlet { // service success cmsReq.setStatus(CMSRequest.SUCCESS); - X509CertImpl[] issuedCerts = req - .getExtDataInCertArray(IRequest.ISSUED_CERTS); + X509CertImpl[] issuedCerts = + req.getExtDataInCertArray(IRequest.ISSUED_CERTS); // audit log the success. - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.ENROLLMENTFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - "completed", - issuedCerts[0].getSubjectDN(), - "cert issued serial number: 0x" - + issuedCerts[0].getSerialNumber().toString(16) }); + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.ENROLLMENTFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + "completed", + issuedCerts[0].getSubjectDN(), + "cert issued serial number: 0x" + + issuedCerts[0].getSerialNumber().toString(16)} + ); // return cert as mime type binary if requested. - if (checkImportCertToNav(cmsReq.getHttpResp(), httpParams, - issuedCerts[0])) { + if (checkImportCertToNav( + cmsReq.getHttpResp(), httpParams, issuedCerts[0])) { cmsReq.setStatus(CMSRequest.SUCCESS); return; } - + // use success template. try { - cmsReq.setResult(issuedCerts); - renderTemplate(cmsReq, mEnrollSuccessTemplate, mEnrollSuccessFiller); - cmsReq.setStatus(CMSRequest.SUCCESS); + cmsReq.setResult(issuedCerts); + renderTemplate(cmsReq, mEnrollSuccessTemplate, + mEnrollSuccessFiller); + cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_TEMP_REND_ERR", - mEnrollSuccessFiller.toString(), e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_TEMP_REND_ERR", mEnrollSuccessFiller.toString(), e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_RETURNING_RESULT_ERROR")); + CMS.getUserMessage("CMS_GW_RETURNING_RESULT_ERROR")); } return; } /** - * fill subject name, validity, extensions from authoken if any, overriding - * what was in pkcs10. fill subject name, extensions from http input if not - * authenticated. requests not authenticated will need to be approved by an - * agent. + * fill subject name, validity, extensions from authoken if any, + * overriding what was in pkcs10. + * fill subject name, extensions from http input if not authenticated. + * requests not authenticated will need to be approved by an agent. */ - protected void fillCertInfoFromAuthToken(X509CertInfo certInfo, - IAuthToken authToken) throws EBaseException { + protected void fillCertInfoFromAuthToken( + X509CertInfo certInfo, IAuthToken authToken) + throws EBaseException { // override subject, validity and extensions from auth token // CA determines algorithm, version and issuer. - // take key from keygen, cmc, pkcs10 or crmf. + // take key from keygen, cmc, pkcs10 or crmf. // subject name. try { - String subjectname = authToken - .getInString(AuthToken.TOKEN_CERT_SUBJECT); + String subjectname = + authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT); if (subjectname != null) { - CertificateSubjectName certSubject = (CertificateSubjectName) new CertificateSubjectName( - new X500Name(subjectname)); + CertificateSubjectName certSubject = (CertificateSubjectName) + new CertificateSubjectName(new X500Name(subjectname)); certInfo.set(X509CertInfo.SUBJECT, certSubject); - log(ILogger.LL_INFO, "cert subject set to " + certSubject - + " from authtoken"); + log(ILogger.LL_INFO, + "cert subject set to " + certSubject + " from authtoken"); } } catch (CertificateException e) { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", - e.toString())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); } catch (IOException e) { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", - e.toString())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); } // validity try { CertificateValidity validity = null; - Date notBefore = authToken - .getInDate(AuthToken.TOKEN_CERT_NOTBEFORE); - Date notAfter = authToken.getInDate(AuthToken.TOKEN_CERT_NOTAFTER); + Date notBefore = + authToken.getInDate(AuthToken.TOKEN_CERT_NOTBEFORE); + Date notAfter = + authToken.getInDate(AuthToken.TOKEN_CERT_NOTAFTER); if (notBefore != null && notAfter != null) { validity = new CertificateValidity(notBefore, notAfter); certInfo.set(X509CertInfo.VALIDITY, validity); - log(ILogger.LL_INFO, "cert validity set to " + validity - + " from authtoken"); + log(ILogger.LL_INFO, + "cert validity set to " + validity + " from authtoken"); } } catch (CertificateException e) { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", - e.toString())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR")); + CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR")); } catch (IOException e) { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", - e.toString())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR")); + CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR")); } - + // extensions try { - CertificateExtensions extensions = authToken - .getInCertExts(X509CertInfo.EXTENSIONS); + CertificateExtensions extensions = + authToken.getInCertExts(X509CertInfo.EXTENSIONS); if (extensions != null) { certInfo.set(X509CertInfo.EXTENSIONS, extensions); log(ILogger.LL_INFO, "cert extensions set from authtoken"); } } catch (CertificateException e) { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", - e.toString())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR")); + CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR")); } catch (IOException e) { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", - e.toString())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR")); + CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR")); } } - protected X509CertInfo[] fillCRMF(String crmf, IAuthToken authToken, - IArgBlock httpParams, IRequest req) throws EBaseException { + protected X509CertInfo[] fillCRMF( + String crmf, IAuthToken authToken, IArgBlock httpParams, IRequest req) + throws EBaseException { try { byte[] crmfBlob = CMS.AtoB(crmf); - ByteArrayInputStream crmfBlobIn = new ByteArrayInputStream(crmfBlob); - - SEQUENCE crmfMsgs = (SEQUENCE) new SEQUENCE.OF_Template( - new CertReqMsg.Template()).decode(crmfBlobIn); + ByteArrayInputStream crmfBlobIn = + new ByteArrayInputStream(crmfBlob); + + SEQUENCE crmfMsgs = (SEQUENCE) + new SEQUENCE.OF_Template(new CertReqMsg.Template()).decode(crmfBlobIn); int nummsgs = crmfMsgs.size(); X509CertInfo[] certInfoArray = new X509CertInfo[nummsgs]; @@ -902,11 +914,17 @@ public class HashEnrollServlet extends CMSServlet { CertReqMsg certReqMsg = (CertReqMsg) crmfMsgs.elementAt(i); /* - * if (certReqMsg.hasPop()) { try { certReqMsg.verify(); } catch - * (ChallengeResponseException ex) { // create and save the - * challenge // construct the cmmf message together // in a - * sequence to challenge the requestor } catch (Exception e) { - * // failed, should only affect one request } } + if (certReqMsg.hasPop()) { + try { + certReqMsg.verify(); + } catch (ChallengeResponseException ex) { + // create and save the challenge + // construct the cmmf message together + // in a sequence to challenge the requestor + } catch (Exception e) { + // failed, should only affect one request + } + } */ CertRequest certReq = certReqMsg.getCertReq(); INTEGER certReqId = certReq.getCertReqId(); @@ -930,94 +948,95 @@ public class HashEnrollServlet extends CMSServlet { // field suggested notBefore and notAfter in CRMF // Tech Support #383184 - if (certTemplate.getNotBefore() != null - || certTemplate.getNotAfter() != null) { - CertificateValidity certValidity = new CertificateValidity( - certTemplate.getNotBefore(), - certTemplate.getNotAfter()); + if (certTemplate.getNotBefore() != null || certTemplate.getNotAfter() != null) { + CertificateValidity certValidity = new CertificateValidity(certTemplate.getNotBefore(), certTemplate.getNotAfter()); - certInfo.set(X509CertInfo.VALIDITY, certValidity); + certInfo.set(X509CertInfo.VALIDITY, certValidity); } if (certTemplate.hasSubject()) { Name subjectdn = certTemplate.getSubject(); - ByteArrayOutputStream subjectEncStream = new ByteArrayOutputStream(); + ByteArrayOutputStream subjectEncStream = + new ByteArrayOutputStream(); subjectdn.encode(subjectEncStream); byte[] subjectEnc = subjectEncStream.toByteArray(); X500Name subject = new X500Name(subjectEnc); - certInfo.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(subject)); - } else if (authToken == null - || authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) { - // No subject name - error! - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); + certInfo.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(subject)); + } else if (authToken == null || + authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) { + // No subject name - error! + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); + CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); } - // get extensions + // get extensions CertificateExtensions extensions = null; try { - extensions = (CertificateExtensions) certInfo - .get(X509CertInfo.EXTENSIONS); + extensions = (CertificateExtensions) + certInfo.get(X509CertInfo.EXTENSIONS); } catch (CertificateException e) { extensions = null; } catch (IOException e) { extensions = null; } if (certTemplate.hasExtensions()) { - // put each extension from CRMF into CertInfo. - // index by extension name, consistent with + // put each extension from CRMF into CertInfo. + // index by extension name, consistent with // CertificateExtensions.parseExtension() method. - if (extensions == null) + if (extensions == null) extensions = new CertificateExtensions(); int numexts = certTemplate.numExtensions(); for (int j = 0; j < numexts; j++) { - org.mozilla.jss.pkix.cert.Extension jssext = certTemplate - .extensionAt(j); + org.mozilla.jss.pkix.cert.Extension jssext = + certTemplate.extensionAt(j); boolean isCritical = jssext.getCritical(); - org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid = jssext - .getExtnId(); + org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid = + jssext.getExtnId(); long[] numbers = jssoid.getNumbers(); int[] oidNumbers = new int[numbers.length]; for (int k = numbers.length - 1; k >= 0; k--) { oidNumbers[k] = (int) numbers[k]; } - ObjectIdentifier oid = new ObjectIdentifier(oidNumbers); - org.mozilla.jss.asn1.OCTET_STRING jssvalue = jssext - .getExtnValue(); - ByteArrayOutputStream jssvalueout = new ByteArrayOutputStream(); + ObjectIdentifier oid = + new ObjectIdentifier(oidNumbers); + org.mozilla.jss.asn1.OCTET_STRING jssvalue = + jssext.getExtnValue(); + ByteArrayOutputStream jssvalueout = + new ByteArrayOutputStream(); jssvalue.encode(jssvalueout); byte[] extValue = jssvalueout.toByteArray(); - Extension ext = new Extension(oid, isCritical, extValue); + Extension ext = + new Extension(oid, isCritical, extValue); extensions.parseExtension(ext); } - certInfo.set(X509CertInfo.VERSION, new CertificateVersion( - CertificateVersion.V3)); + certInfo.set(X509CertInfo.VERSION, + new CertificateVersion(CertificateVersion.V3)); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } - // Added a new configuration parameter + // Added a new configuration parameter // eeGateway.Enrollment.authTokenOverride=[true|false] // By default, it is set to true. In most // of the case, administrator would want // to have the control of the subject name // formulation. // -- CRMFfillCert - if (authToken != null - && authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null) { - // if authenticated override subect name, validity and + if (authToken != null && + authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null) { + // if authenticated override subect name, validity and // extensions if any from authtoken. fillCertInfoFromAuthToken(certInfo, authToken); } @@ -1029,34 +1048,32 @@ public class HashEnrollServlet extends CMSServlet { return certInfoArray; } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } catch (InvalidBERException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } catch (InvalidKeyException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } } - protected void renderServerEnrollResult(CMSRequest cmsReq) - throws IOException { + protected void renderServerEnrollResult(CMSRequest cmsReq) throws + IOException { HttpServletResponse httpResp = cmsReq.getHttpResp(); httpResp.setContentType("text/html"); @@ -1071,16 +1088,11 @@ public class HashEnrollServlet extends CMSServlet { out.println("</TITLE>"); // out.println("<BODY BGCOLOR=white>"); - if (cmsReq.getIRequest().getRequestStatus() - .equals(RequestStatus.COMPLETE)) { + if (cmsReq.getIRequest().getRequestStatus().equals(RequestStatus.COMPLETE)) { out.println("<H1>"); out.println("SUCCESS"); out.println("</H1>"); - out.println("Your request is submitted and approved. Please cut and paste the certificate into your server."); // XXX - // - - // localize - // the - // message + out.println("Your request is submitted and approved. Please cut and paste the certificate into your server."); // XXX - localize the message out.println("<P>"); out.println("Request Creation Time: "); out.println(cmsReq.getIRequest().getCreationTime().toString()); @@ -1094,30 +1106,25 @@ public class HashEnrollServlet extends CMSServlet { out.println("Certificate: "); out.println("<P>"); out.println("<PRE>"); - X509CertImpl certs[] = cmsReq.getIRequest().getExtDataInCertArray( - IRequest.ISSUED_CERTS); + X509CertImpl certs[] = + cmsReq.getIRequest().getExtDataInCertArray(IRequest.ISSUED_CERTS); out.println(CMS.getEncodedCert(certs[0])); out.println("</PRE>"); out.println("<P>"); - out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" - + cmsReq.getIRequest().getCreationTime().toString() + ">"); - out.println("<!HTTP_OUTPUT REQUEST_STATUS=" - + cmsReq.getStatus().toString() + ">"); - out.println("<!HTTP_OUTPUT REQUEST_ID=" - + cmsReq.getIRequest().getRequestId().toString() + ">"); - out.println("<!HTTP_OUTPUT X509_CERTIFICATE=" - + CMS.getEncodedCert(certs[0]) + ">"); - } else if (cmsReq.getIRequest().getRequestStatus() - .equals(RequestStatus.PENDING)) { + out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" + + cmsReq.getIRequest().getCreationTime().toString() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + + cmsReq.getStatus().toString() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_ID=" + + cmsReq.getIRequest().getRequestId().toString() + ">"); + out.println("<!HTTP_OUTPUT X509_CERTIFICATE=" + + CMS.getEncodedCert(certs[0]) + ">"); + } else if (cmsReq.getIRequest().getRequestStatus().equals(RequestStatus.PENDING)) { out.println("<H1>"); out.println("PENDING"); out.println("</H1>"); - out.println("Your request is submitted. You can check on the status of your request with an authorized agent or local administrator by referring to the request ID."); // XXX - // - - // localize - // the - // message + out.println("Your request is submitted. You can check on the status of your request with an authorized agent or local administrator by referring to the request ID."); // XXX - localize the message out.println("<P>"); out.println("Request Creation Time: "); out.println(cmsReq.getIRequest().getCreationTime().toString()); @@ -1128,22 +1135,18 @@ public class HashEnrollServlet extends CMSServlet { out.println("Request ID: "); out.println(cmsReq.getIRequest().getRequestId().toString()); out.println("<P>"); - out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" - + cmsReq.getIRequest().getCreationTime().toString() + ">"); - out.println("<!HTTP_OUTPUT REQUEST_STATUS=" - + cmsReq.getStatus().toString() + ">"); - out.println("<!HTTP_OUTPUT REQUEST_ID=" - + cmsReq.getIRequest().getRequestId().toString() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" + + cmsReq.getIRequest().getCreationTime().toString() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + + cmsReq.getStatus().toString() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_ID=" + + cmsReq.getIRequest().getRequestId().toString() + ">"); } else { out.println("<H1>"); out.println("ERROR"); out.println("</H1>"); out.println("<!INFO>"); - out.println("Please consult your local administrator for assistance."); // XXX - // - - // localize - // the - // message + out.println("Please consult your local administrator for assistance."); // XXX - localize the message out.println("<!/INFO>"); out.println("<P>"); out.println("Request Status: "); @@ -1152,55 +1155,62 @@ public class HashEnrollServlet extends CMSServlet { out.println("Error: "); out.println(cmsReq.getError()); // XXX - need to parse in Locale out.println("<P>"); - out.println("<!HTTP_OUTPUT REQUEST_STATUS=" - + cmsReq.getStatus().toString() + ">"); - out.println("<!HTTP_OUTPUT ERROR=" + cmsReq.getError() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + + cmsReq.getStatus().toString() + ">"); + out.println("<!HTTP_OUTPUT ERROR=" + + cmsReq.getError() + ">"); } /** - * // include all the input data IArgBlock args = - * cmsReq.getHttpParams(); Enumeration ele = args.getElements(); while - * (ele.hasMoreElements()) { String eleT = (String)ele.nextElement(); - * out.println("<!HTTP_INPUT " + eleT + "=" + args.get(eleT) + ">"); } + // include all the input data + IArgBlock args = cmsReq.getHttpParams(); + Enumeration ele = args.getElements(); + while (ele.hasMoreElements()) { + String eleT = (String)ele.nextElement(); + out.println("<!HTTP_INPUT " + eleT + "=" + + args.get(eleT) + ">"); + } **/ out.println("</HTML>"); } - // XXX ALERT !! - // Remove the following and calls to them when we bundle a cartman - // later than alpha1. - // These are here to cover up problem in cartman where the - // key usage extension always ends up being digital signature only + // XXX ALERT !! + // Remove the following and calls to them when we bundle a cartman + // later than alpha1. + // These are here to cover up problem in cartman where the + // key usage extension always ends up being digital signature only // and for rsa-ex ends up having no bits set. private boolean mIsTestBed = false; - private void init_testbed_hack(IConfigStore config) throws EBaseException { + private void init_testbed_hack(IConfigStore config) + throws EBaseException { mIsTestBed = config.getBoolean("isTestBed", true); } - private void do_testbed_hack(int nummsgs, X509CertInfo[] certinfo, - IArgBlock httpParams) throws EBaseException { - if (!mIsTestBed) + private void do_testbed_hack( + int nummsgs, X509CertInfo[] certinfo, IArgBlock httpParams) + throws EBaseException { + if (!mIsTestBed) return; - // get around bug in cartman - bits are off by one byte. + // get around bug in cartman - bits are off by one byte. for (int i = 0; i < certinfo.length; i++) { try { X509CertInfo cert = certinfo[i]; - CertificateExtensions exts = (CertificateExtensions) cert - .get(CertificateExtensions.NAME); + CertificateExtensions exts = (CertificateExtensions) + cert.get(CertificateExtensions.NAME); if (exts == null) { // should not happen. continue; } - KeyUsageExtension ext = (KeyUsageExtension) exts - .get(KeyUsageExtension.NAME); + KeyUsageExtension ext = (KeyUsageExtension) + exts.get(KeyUsageExtension.NAME); - if (ext == null) - // should not happen + if (ext == null) + // should not happen continue; byte[] value = ext.getExtensionValue(); @@ -1211,32 +1221,36 @@ public class HashEnrollServlet extends CMSServlet { newvalue[1] = 0x03; newvalue[2] = 0x07; newvalue[3] = value[3]; - // force encryption certs to have digitial signature + // force encryption certs to have digitial signature // set too so smime can find the cert for encryption. if (value[3] == 0x20) { /* - * newvalue[3] = 0x3f; newvalue[4] = (byte)0x80; + newvalue[3] = 0x3f; + newvalue[4] = (byte)0x80; */ - if (httpParams.getValueAsBoolean("dual-use-hack", true)) { + if (httpParams.getValueAsBoolean( + "dual-use-hack", true)) { newvalue[3] = (byte) 0xE0; // same as rsa-dual-use. } } newvalue[4] = 0; - KeyUsageExtension newext = new KeyUsageExtension( - Boolean.valueOf(true), (Object) newvalue); + KeyUsageExtension newext = + new KeyUsageExtension(Boolean.valueOf(true), + (Object) newvalue); exts.delete(KeyUsageExtension.NAME); exts.set(KeyUsageExtension.NAME, newext); } } catch (IOException e) { - // should never happen + // should never happen continue; } catch (CertificateException e) { - // should never happen + // should never happen continue; } } } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java index 8f1e57c4..75726730 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; + import java.io.BufferedReader; import java.io.ByteArrayOutputStream; import java.io.StringReader; @@ -57,25 +58,25 @@ import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; import com.netscape.cms.servlet.common.ICMSTemplateFiller; + /** * Set up HTTP response to import certificate into browsers * - * The result must have been populate with the set of certificates to return. - * + * The result must have been populate with the set of certificates + * to return. * <pre> * inputs: certtype. * outputs: - * - cert type from http input (if any) + * - cert type from http input (if any) * - CA chain - * - authority name (RM, CM, DRM) + * - authority name (RM, CM, DRM) * - scheme:host:port of server. - * array of one or more + * array of one or more * - cert serial number * - cert pretty print - * - cert in base 64 encoding. - * - cmmf blob to import + * - cert in base 64 encoding. + * - cmmf blob to import * </pre> - * * @version $Revision$, $Date$ */ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { @@ -87,7 +88,7 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { public static final String CERT_FINGERPRINT = "certFingerprint"; // cisco public static final String CERT_NICKNAME = "certNickname"; public static final String CMMF_RESP = "cmmfResponse"; - public static final String PKCS7_RESP = "pkcs7ChainBase64"; // for MSIE + public static final String PKCS7_RESP = "pkcs7ChainBase64"; // for MSIE public ImportCertsTemplateFiller() { } @@ -98,31 +99,33 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { * @param locale locale of template. * @param e unexpected exception e. ignored. */ - public CMSTemplateParams getTemplateParams(CMSRequest cmsReq, - IAuthority authority, Locale locale, Exception e) throws Exception { + public CMSTemplateParams getTemplateParams( + CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) + throws Exception { Certificate[] certs = (Certificate[]) cmsReq.getResult(); if (certs instanceof X509CertImpl[]) - return getX509TemplateParams(cmsReq, authority, locale, e); + return getX509TemplateParams(cmsReq, authority, locale, e); else return null; } - - public CMSTemplateParams getX509TemplateParams(CMSRequest cmsReq, - IAuthority authority, Locale locale, Exception e) throws Exception { + + public CMSTemplateParams getX509TemplateParams( + CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) + throws Exception { IArgBlock header = CMS.createArgBlock(); IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams params = new CMSTemplateParams(header, fixed); - // set host name and port. + // set host name and port. HttpServletRequest httpReq = cmsReq.getHttpReq(); String host = httpReq.getServerName(); int port = httpReq.getServerPort(); String scheme = httpReq.getScheme(); String format = httpReq.getParameter("format"); - if (format != null && format.equals("cmc")) + if(format!=null && format.equals("cmc")) fixed.set("importCMC", "false"); - String agentPort = "" + port; + String agentPort = ""+port; fixed.set("agentHost", host); fixed.set("agentPort", agentPort); fixed.set(ICMSTemplateFiller.HOST, host); @@ -131,8 +134,7 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { IRequest r = cmsReq.getIRequest(); if (r != null) { - fixed.set(ICMSTemplateFiller.REQUEST_ID, r.getRequestId() - .toString()); + fixed.set(ICMSTemplateFiller.REQUEST_ID, r.getRequestId().toString()); } // set key record (if KRA enabled) @@ -140,53 +142,53 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { BigInteger keyRecSerialNo = r.getExtDataInBigInteger("keyRecord"); if (keyRecSerialNo != null) { - fixed.set(ICMSTemplateFiller.KEYREC_ID, - keyRecSerialNo.toString()); + fixed.set(ICMSTemplateFiller.KEYREC_ID, keyRecSerialNo.toString()); } } // set cert type. IArgBlock httpParams = cmsReq.getHttpParams(); - String certType = httpParams.getValueAsString(CERT_TYPE, null); + String certType = + httpParams.getValueAsString(CERT_TYPE, null); - if (certType != null) + if (certType != null) fixed.set(CERT_TYPE, certType); - // this authority - fixed.set(ICMSTemplateFiller.AUTHORITY, - (String) authority.getOfficialName()); + // this authority + fixed.set(ICMSTemplateFiller.AUTHORITY, + (String) authority.getOfficialName()); // CA chain. - CertificateChain cachain = ((ICertAuthority) authority) - .getCACertChain(); + CertificateChain cachain = + ((ICertAuthority) authority).getCACertChain(); X509Certificate[] cacerts = cachain.getChain(); String replyTo = httpParams.getValueAsString("replyTo", null); - if (replyTo != null) - fixed.set("replyTo", replyTo); + if (replyTo != null) fixed.set("replyTo", replyTo); - // set user + CA cert chain and pkcs7 for MSIE. + // set user + CA cert chain and pkcs7 for MSIE. X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1]; int m = 1, n = 0; - for (; n < cacerts.length; m++, n++) + for (; n < cacerts.length; m++, n++) userChain[m] = (X509CertImpl) cacerts[n]; - // certs. + // certs. X509CertImpl[] certs = (X509CertImpl[]) cmsReq.getResult(); // expose CRMF request id String crmfReqId = cmsReq.getExtData(IRequest.CRMF_REQID); if (crmfReqId == null) { - crmfReqId = (String) cmsReq.getResult(IRequest.CRMF_REQID); + crmfReqId = (String) cmsReq.getResult( + IRequest.CRMF_REQID); } if (crmfReqId != null) { fixed.set(CRMF_REQID, crmfReqId); } - // set CA certs in cmmf, initialize CertRepContent + // set CA certs in cmmf, initialize CertRepContent // note cartman can't trust ca certs yet but it'll import them. // also set cert nickname for cartman. CertRepContent certRepContent = null; @@ -194,31 +196,33 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { if (CMSServlet.doCMMFResponse(httpParams)) { byte[][] caPubs = new byte[cacerts.length][]; - for (int j = 0; j < cacerts.length; j++) + for (int j = 0; j < cacerts.length; j++) caPubs[j] = ((X509CertImpl) cacerts[j]).getEncoded(); certRepContent = new CertRepContent(caPubs); - String certnickname = cmsReq.getHttpParams().getValueAsString( - CERT_NICKNAME, null); + String certnickname = + cmsReq.getHttpParams().getValueAsString(CERT_NICKNAME, null); // if nickname is not requested set to subject name by default. - if (certnickname == null) + if (certnickname == null) fixed.set(CERT_NICKNAME, certs[0].getSubjectDN().toString()); else fixed.set(CERT_NICKNAME, certnickname); } - // make pkcs7 for MSIE - if (CMSServlet.clientIsMSIE(cmsReq.getHttpReq()) - && (certType == null || certType.equals("client"))) { + // make pkcs7 for MSIE + if (CMSServlet.clientIsMSIE(cmsReq.getHttpReq()) && + (certType == null || certType.equals("client"))) { userChain[0] = certs[0]; - PKCS7 p7 = new PKCS7(new AlgorithmId[0], new ContentInfo( - new byte[0]), userChain, new SignerInfo[0]); + PKCS7 p7 = new PKCS7(new AlgorithmId[0], + new ContentInfo(new byte[0]), + userChain, + new SignerInfo[0]); ByteArrayOutputStream bos = new ByteArrayOutputStream(); p7.encodeSignedData(bos); byte[] p7Bytes = bos.toByteArray(); - // String p7Str = encoder.encodeBuffer(p7Bytes); + // String p7Str = encoder.encodeBuffer(p7Bytes); String p7Str = CMS.BtoA(p7Bytes); header.set(PKCS7_RESP, p7Str); @@ -230,23 +234,24 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { X509CertImpl cert = certs[i]; // set serial number. - BigInteger serialNo = ((X509Certificate) cert).getSerialNumber(); + BigInteger serialNo = + ((X509Certificate) cert).getSerialNumber(); repeat.addBigIntegerValue(ISSUED_CERT_SERIAL, serialNo, 16); // set base64 encoded blob. byte[] certEncoded = cert.getEncoded(); - // String b64 = encoder.encodeBuffer(certEncoded); + // String b64 = encoder.encodeBuffer(certEncoded); String b64 = CMS.BtoA(certEncoded); - String b64cert = "-----BEGIN CERTIFICATE-----\n" + b64 - + "\n-----END CERTIFICATE-----"; + String b64cert = "-----BEGIN CERTIFICATE-----\n" + + b64 + "\n-----END CERTIFICATE-----"; repeat.set(BASE64_CERT, b64cert); - + // set cert pretty print. - - String prettyPrintRequested = cmsReq.getHttpParams() - .getValueAsString(CERT_PRETTYPRINT, null); + + String prettyPrintRequested = + cmsReq.getHttpParams().getValueAsString(CERT_PRETTYPRINT, null); if (prettyPrintRequested == null) { prettyPrintRequested = "true"; @@ -261,21 +266,21 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { repeat.set(CERT_PRETTYPRINT, ppStr); // Now formulate a PKCS#7 blob - X509CertImpl[] certsInChain = new X509CertImpl[1]; - ; + X509CertImpl[] certsInChain = new X509CertImpl[1];; if (cacerts != null) { for (int j = 0; j < cacerts.length; j++) { if (cert.equals(cacerts[j])) { - certsInChain = new X509CertImpl[cacerts.length]; + certsInChain = new + X509CertImpl[cacerts.length]; break; } certsInChain = new X509CertImpl[cacerts.length + 1]; } } - + // Set the EE cert certsInChain[0] = cert; - + // Set the Ca certificate chain if (cacerts != null) { for (int j = 0; j < cacerts.length; j++) { @@ -287,21 +292,23 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { String p7Str; try { - PKCS7 p7 = new PKCS7(new AlgorithmId[0], new ContentInfo( - new byte[0]), certsInChain, new SignerInfo[0]); + PKCS7 p7 = new PKCS7(new AlgorithmId[0], + new ContentInfo(new byte[0]), + certsInChain, + new SignerInfo[0]); ByteArrayOutputStream bos = new ByteArrayOutputStream(); p7.encodeSignedData(bos); byte[] p7Bytes = bos.toByteArray(); - // p7Str = encoder.encodeBuffer(p7Bytes); + //p7Str = encoder.encodeBuffer(p7Bytes); p7Str = CMS.BtoA(p7Bytes); repeat.addStringValue("pkcs7ChainBase64", p7Str); } catch (Exception ex) { - // p7Str = "PKCS#7 B64 Encoding error - " + ex.toString() - // + "; Please contact your administrator"; + //p7Str = "PKCS#7 B64 Encoding error - " + ex.toString() + //+ "; Please contact your administrator"; throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_FORMING_PKCS7_ERROR")); + CMS.getUserMessage("CMS_GW_FORMING_PKCS7_ERROR")); } // set cert fingerprint (for Cisco routers) @@ -311,24 +318,25 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { fingerprint = CMS.getFingerPrints(cert); } catch (CertificateEncodingException ex) { // should never happen - throw new EBaseException(CMS.getUserMessage(locale, - "CMS_BASE_INTERNAL_ERROR", ex.toString())); + throw new EBaseException( + CMS.getUserMessage(locale, "CMS_BASE_INTERNAL_ERROR", ex.toString())); } catch (NoSuchAlgorithmException ex) { // should never happen - throw new EBaseException(CMS.getUserMessage(locale, - "CMS_BASE_INTERNAL_ERROR", ex.toString())); + throw new EBaseException( + CMS.getUserMessage(locale, "CMS_BASE_INTERNAL_ERROR", ex.toString())); } - if (fingerprint != null && fingerprint.length() > 0) + if (fingerprint != null && fingerprint.length() > 0) repeat.set(CERT_FINGERPRINT, fingerprint); - // cmmf response for this cert. - if (CMSServlet.doCMMFResponse(httpParams) && crmfReqId != null - && (certType == null || certType.equals("client"))) { + // cmmf response for this cert. + if (CMSServlet.doCMMFResponse(httpParams) && crmfReqId != null && + (certType == null || certType.equals("client"))) { PKIStatusInfo status = new PKIStatusInfo(PKIStatusInfo.granted); - CertifiedKeyPair certifiedKP = new CertifiedKeyPair( - new CertOrEncCert(certEncoded)); - CertResponse resp = new CertResponse(new INTEGER(crmfReqId), - status, certifiedKP); + CertifiedKeyPair certifiedKP = + new CertifiedKeyPair(new CertOrEncCert(certEncoded)); + CertResponse resp = + new CertResponse(new INTEGER(crmfReqId), status, + certifiedKP); certRepContent.addCertResponse(resp); } @@ -344,19 +352,19 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { byte[] certRepBytes = certRepOut.toByteArray(); String certRepB64 = com.netscape.osutil.OSUtil.BtoA(certRepBytes); // add CR to each return as required by cartman - BufferedReader certRepB64lines = new BufferedReader( - new StringReader(certRepB64)); + BufferedReader certRepB64lines = + new BufferedReader(new StringReader(certRepB64)); StringWriter certRepStringOut = new StringWriter(); String oneLine = null; boolean first = true; while ((oneLine = certRepB64lines.readLine()) != null) { if (first) { - // certRepStringOut.write("\""+oneLine+"\""); + //certRepStringOut.write("\""+oneLine+"\""); certRepStringOut.write(oneLine); first = false; } else { - // certRepStringOut.write("+\"\\n"+oneLine+"\""); + //certRepStringOut.write("+\"\\n"+oneLine+"\""); certRepStringOut.write("\n" + oneLine); } } @@ -368,3 +376,4 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { return params; } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java b/pki/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java index 7ec6ee66..e79efc32 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; + import java.io.IOException; import java.math.BigInteger; import java.security.PublicKey; @@ -57,9 +58,10 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; + /** * Retrieve a paged list of certs matching the specified query - * + * * @version $Revision$, $Date$ */ public class ListCerts extends CMSServlet { @@ -79,8 +81,8 @@ public class ListCerts extends CMSServlet { private ICertificateRepository mCertDB = null; private X500Name mAuthName = null; private String mFormPath = null; - private boolean mReverse = false; - private boolean mHardJumpTo = false; // jump to the end + private boolean mReverse = false; + private boolean mHardJumpTo = false; //jump to the end private String mDirection = null; private boolean mUseClientFilter = false; private Vector mAllowedClientFilters = new Vector(); @@ -96,7 +98,7 @@ public class ListCerts extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "queryCert.template" to render the response - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -121,54 +123,44 @@ public class ListCerts extends CMSServlet { /* do nothing, just use the default if integer parsing failed */ } - /* - * useClientFilter should be off by default. We keep this parameter - * around so that we do not break the client applications that submits - * raw LDAP filter into this servlet. - */ - if (sc.getInitParameter(USE_CLIENT_FILTER) != null - && sc.getInitParameter(USE_CLIENT_FILTER).equalsIgnoreCase( - "true")) { - mUseClientFilter = true; + /* useClientFilter should be off by default. We keep + this parameter around so that we do not break + the client applications that submits raw LDAP + filter into this servlet. */ + if (sc.getInitParameter(USE_CLIENT_FILTER) != null && + sc.getInitParameter(USE_CLIENT_FILTER).equalsIgnoreCase("true")) { mUseClientFilter = true; } - if (sc.getInitParameter(ALLOWED_CLIENT_FILTERS) == null - || sc.getInitParameter(ALLOWED_CLIENT_FILTERS).equals("")) { - mAllowedClientFilters.addElement("(certStatus=*)"); - mAllowedClientFilters.addElement("(certStatus=VALID)"); - mAllowedClientFilters - .addElement("(|(certStatus=VALID)(certStatus=INVALID)(certStatus=EXPIRED))"); - mAllowedClientFilters - .addElement("(|(certStatus=VALID)(certStatus=REVOKED))"); + if (sc.getInitParameter(ALLOWED_CLIENT_FILTERS) == null || sc.getInitParameter(ALLOWED_CLIENT_FILTERS).equals("")) { + mAllowedClientFilters.addElement("(certStatus=*)"); + mAllowedClientFilters.addElement("(certStatus=VALID)"); + mAllowedClientFilters.addElement("(|(certStatus=VALID)(certStatus=INVALID)(certStatus=EXPIRED))"); + mAllowedClientFilters.addElement("(|(certStatus=VALID)(certStatus=REVOKED))"); } else { - StringTokenizer st = new StringTokenizer( - sc.getInitParameter(ALLOWED_CLIENT_FILTERS), ","); + StringTokenizer st = new StringTokenizer(sc.getInitParameter(ALLOWED_CLIENT_FILTERS), ","); while (st.hasMoreTokens()) { - mAllowedClientFilters.addElement(st.nextToken()); + mAllowedClientFilters.addElement(st.nextToken()); } } } - public String buildFilter(HttpServletRequest req) { + public String buildFilter(HttpServletRequest req) + { String queryCertFilter = req.getParameter("queryCertFilter"); - com.netscape.certsrv.apps.CMS.debug("client queryCertFilter=" - + queryCertFilter); + com.netscape.certsrv.apps.CMS.debug("client queryCertFilter=" + queryCertFilter); if (mUseClientFilter) { com.netscape.certsrv.apps.CMS.debug("useClientFilter=true"); Enumeration filters = mAllowedClientFilters.elements(); // check to see if the filter is allowed while (filters.hasMoreElements()) { - String filter = (String) filters.nextElement(); - com.netscape.certsrv.apps.CMS.debug("Comparing filter=" - + filter + " queryCertFilter=" + queryCertFilter); + String filter = (String)filters.nextElement(); + com.netscape.certsrv.apps.CMS.debug("Comparing filter=" + filter + " queryCertFilter=" + queryCertFilter); if (filter.equals(queryCertFilter)) { return queryCertFilter; } } - com.netscape.certsrv.apps.CMS.debug("Requested filter '" - + queryCertFilter + "' is not allowed. Please check the " - + ALLOWED_CLIENT_FILTERS + "parameter"); + com.netscape.certsrv.apps.CMS.debug("Requested filter '" + queryCertFilter + "' is not allowed. Please check the " + ALLOWED_CLIENT_FILTERS + "parameter"); return null; } else { com.netscape.certsrv.apps.CMS.debug("useClientFilter=false"); @@ -176,38 +168,35 @@ public class ListCerts extends CMSServlet { boolean skipRevoked = false; boolean skipNonValid = false; - if (req.getParameter("skipRevoked") != null - && req.getParameter("skipRevoked").equals("on")) { + if (req.getParameter("skipRevoked") != null && + req.getParameter("skipRevoked").equals("on")) { skipRevoked = true; } - if (req.getParameter("skipNonValid") != null - && req.getParameter("skipNonValid").equals("on")) { + if (req.getParameter("skipNonValid") != null && + req.getParameter("skipNonValid").equals("on")) { skipNonValid = true; } if (!skipRevoked && !skipNonValid) { - queryCertFilter = "(certStatus=*)"; - } else if (skipRevoked && skipNonValid) { - queryCertFilter = "(certStatus=VALID)"; - } else if (skipRevoked) { - queryCertFilter = "(|(certStatus=VALID)(certStatus=INVALID)(certStatus=EXPIRED))"; - } else if (skipNonValid) { - queryCertFilter = "(|(certStatus=VALID)(certStatus=REVOKED))"; + queryCertFilter = "(certStatus=*)"; + } else if (skipRevoked && skipNonValid) { + queryCertFilter = "(certStatus=VALID)"; + } else if (skipRevoked) { + queryCertFilter = "(|(certStatus=VALID)(certStatus=INVALID)(certStatus=EXPIRED))"; + } else if (skipNonValid) { + queryCertFilter = "(|(certStatus=VALID)(certStatus=REVOKED))"; } return queryCertFilter; } /** - * Process the HTTP request. - * <ul> - * <li>http.param maxCount Number of certificates to show + * Process the HTTP request. + * <ul> + * <li>http.param maxCount Number of certificates to show * <li>http.param queryFilter and ldap style filter specifying the - * certificates to show - * <li>http.param querySentinelDown the serial number of the first - * certificate to show (default decimal, or hex if prefixed with 0x) when - * paging down - * <li>http.param querySentinelUp the serial number of the first certificate - * to show (default decimal, or hex if prefixed with 0x) when paging up + * certificates to show + * <li>http.param querySentinelDown the serial number of the first certificate to show (default decimal, or hex if prefixed with 0x) when paging down + * <li>http.param querySentinelUp the serial number of the first certificate to show (default decimal, or hex if prefixed with 0x) when paging up * <li>http.param direction "up", "down", "begin", or "end" * </ul> */ @@ -220,8 +209,8 @@ public class ListCerts extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "list"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "list"); } catch (Exception e) { } @@ -246,54 +235,50 @@ public class ListCerts extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - com.netscape.certsrv.apps.CMS.getLogMessage( - "CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + log(ILogger.LL_FAILURE, + com.netscape.certsrv.apps.CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - com.netscape.certsrv.apps.CMS - .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + com.netscape.certsrv.apps.CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } - mHardJumpTo = false; + mHardJumpTo = false; try { - if (req.getParameter("direction") != null) { - mDirection = req.getParameter("direction").trim(); - mReverse = mDirection.equals("up"); - if (mReverse) - com.netscape.certsrv.apps.CMS.debug("reverse is true"); - else - com.netscape.certsrv.apps.CMS.debug("reverse is false"); + if (req.getParameter("direction") != null) { + mDirection = req.getParameter("direction").trim(); + mReverse = mDirection.equals("up"); + if (mReverse) + com.netscape.certsrv.apps.CMS.debug("reverse is true"); + else + com.netscape.certsrv.apps.CMS.debug("reverse is false"); - } + } if (req.getParameter("maxCount") != null) { maxCount = Integer.parseInt(req.getParameter("maxCount")); } if (maxCount == -1 || maxCount > mMaxReturns) { - com.netscape.certsrv.apps.CMS.debug("Resetting page size from " - + maxCount + " to " + mMaxReturns); + com.netscape.certsrv.apps.CMS.debug("Resetting page size from " + maxCount + " to " + mMaxReturns); maxCount = mMaxReturns; } - String sentinelStr = ""; - if (mReverse) { - sentinelStr = req.getParameter("querySentinelUp"); - } else if (mDirection.equals("end")) { - // this servlet will figure out the end - sentinelStr = "0"; - mReverse = true; - mHardJumpTo = true; - } else if (mDirection.equals("down")) { - sentinelStr = req.getParameter("querySentinelDown"); - } else - sentinelStr = "0"; - // begin and non-specified have sentinel default "0" + String sentinelStr = ""; + if (mReverse) { + sentinelStr = req.getParameter("querySentinelUp"); + } else if (mDirection.equals("end")) { + // this servlet will figure out the end + sentinelStr = "0"; + mReverse = true; + mHardJumpTo = true; + } else if (mDirection.equals("down")) { + sentinelStr = req.getParameter("querySentinelDown"); + } else + sentinelStr = "0"; + //begin and non-specified have sentinel default "0" if (sentinelStr != null) { if (sentinelStr.trim().startsWith("0x")) { - sentinel = new BigInteger(sentinelStr.trim().substring(2), - 16); + sentinel = new BigInteger(sentinelStr.trim().substring(2), 16); } else { sentinel = new BigInteger(sentinelStr, 10); } @@ -302,12 +287,11 @@ public class ListCerts extends CMSServlet { revokeAll = req.getParameter("revokeAll"); if (mAuthority instanceof ICertificateAuthority) { - X509CertImpl caCert = ((ICertificateAuthority) mAuthority) - .getSigningUnit().getCertImpl(); + X509CertImpl caCert = ((ICertificateAuthority) mAuthority).getSigningUnit().getCertImpl(); - // if (isCertFromCA(caCert)) - header.addStringValue("caSerialNumber", caCert - .getSerialNumber().toString(16)); + //if (isCertFromCA(caCert)) + header.addStringValue("caSerialNumber", + caCert.getSerialNumber().toString(16)); } // constructs the ldap filter on the server side @@ -317,28 +301,25 @@ public class ListCerts extends CMSServlet { cmsReq.setStatus(CMSRequest.UNAUTHORIZED); return; } - - com.netscape.certsrv.apps.CMS.debug("queryCertFilter=" - + queryCertFilter); + + com.netscape.certsrv.apps.CMS.debug("queryCertFilter=" + queryCertFilter); int totalRecordCount = -1; try { - totalRecordCount = Integer.parseInt(req - .getParameter("totalRecordCount")); + totalRecordCount = Integer.parseInt(req.getParameter("totalRecordCount")); } catch (Exception e) { } - processCertFilter(argSet, header, maxCount, sentinel, - totalRecordCount, req.getParameter("serialTo"), - queryCertFilter, req, resp, revokeAll, locale[0]); + processCertFilter(argSet, header, maxCount, + sentinel, + totalRecordCount, + req.getParameter("serialTo"), + queryCertFilter, + req, resp, revokeAll, locale[0]); } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, - com.netscape.certsrv.apps.CMS - .getLogMessage("BASE_INVALID_NUMBER_FORMAT")); - - error = new EBaseException( - com.netscape.certsrv.apps.CMS.getUserMessage( - getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT")); + log(ILogger.LL_FAILURE, com.netscape.certsrv.apps.CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); + + error = new EBaseException(com.netscape.certsrv.apps.CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT")); } catch (EBaseException e) { error = e; } @@ -351,38 +332,44 @@ public class ListCerts extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - cmsReq.setStatus(CMSRequest.SUCCESS); - resp.setContentType("text/html"); - form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - com.netscape.certsrv.apps.CMS.getLogMessage( - "CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + com.netscape.certsrv.apps.CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - com.netscape.certsrv.apps.CMS - .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + com.netscape.certsrv.apps.CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } - private void processCertFilter(CMSTemplateParams argSet, IArgBlock header, - int maxCount, BigInteger sentinel, int totalRecordCount, - String serialTo, String filter, HttpServletRequest req, - HttpServletResponse resp, String revokeAll, Locale locale) - throws EBaseException { + private void processCertFilter(CMSTemplateParams argSet, + IArgBlock header, + int maxCount, + BigInteger sentinel, + int totalRecordCount, + String serialTo, + String filter, + HttpServletRequest req, + HttpServletResponse resp, + String revokeAll, + Locale locale + ) throws EBaseException { BigInteger serialToVal = MINUS_ONE; try { if (serialTo != null) { serialTo = serialTo.trim(); if (serialTo.startsWith("0x")) { - serialToVal = new BigInteger(serialTo.substring(2), 16); + serialToVal = new BigInteger + (serialTo.substring(2), 16); serialTo = serialToVal.toString(); } else { serialToVal = new BigInteger(serialTo); @@ -392,30 +379,32 @@ public class ListCerts extends CMSServlet { } String jumpTo = sentinel.toString(); - int pSize = 0; - if (mReverse) { - if (!mHardJumpTo) // reverse gets one more - pSize = -1 * maxCount - 1; - else - pSize = -1 * maxCount; - } else - pSize = maxCount; - - ICertRecordList list = (ICertRecordList) mCertDB - .findCertRecordsInList(filter, (String[]) null, jumpTo, - mHardJumpTo, "serialno", pSize); + int pSize = 0; + if (mReverse) { + if (!mHardJumpTo) //reverse gets one more + pSize = -1*maxCount-1; + else + pSize = -1*maxCount; + } else + pSize = maxCount; + + ICertRecordList list = (ICertRecordList) mCertDB.findCertRecordsInList( + filter, (String[]) null, jumpTo, mHardJumpTo, "serialno", + pSize); // retrive maxCount + 1 entries - Enumeration e = list.getCertRecords(0, maxCount); + Enumeration e = list.getCertRecords(0, maxCount); ICertRecordList tolist = null; int toCurIndex = 0; if (!serialToVal.equals(MINUS_ONE)) { - // if user specify a range, we need to + // if user specify a range, we need to // calculate the totalRecordCount - tolist = (ICertRecordList) mCertDB.findCertRecordsInList(filter, - (String[]) null, serialTo, "serialno", maxCount); + tolist = (ICertRecordList) mCertDB.findCertRecordsInList( + filter, + (String[]) null, serialTo, + "serialno", maxCount); Enumeration en = tolist.getCertRecords(0, 0); if (en == null || (!en.hasMoreElements())) { @@ -428,98 +417,88 @@ public class ListCerts extends CMSServlet { if (curToSerial.compareTo(serialToVal) == -1) { toCurIndex = list.getSize() - 1; } else { - if (!rx.getSerialNumber().toString() - .equals(serialTo.trim())) { + if (!rx.getSerialNumber().toString().equals(serialTo.trim())) { toCurIndex = toCurIndex - 1; } } } } - + int curIndex = list.getCurrentIndex(); int count = 0; - BigInteger firstSerial = new BigInteger("0"); - BigInteger curSerial = new BigInteger("0"); - ICertRecord[] recs = new ICertRecord[maxCount]; - int rcount = 0; + BigInteger firstSerial = new BigInteger("0"); + BigInteger curSerial = new BigInteger("0"); + ICertRecord[] recs = new ICertRecord[maxCount]; + int rcount = 0; if (e != null) { - /* - * in reverse (page up), because the sentinel is the one after the - * last item to be displayed, we need to skip it - */ - while ((count < ((mReverse && !mHardJumpTo) ? (maxCount + 1) - : maxCount)) && e.hasMoreElements()) { + /* in reverse (page up), because the sentinel is the one after the + * last item to be displayed, we need to skip it + */ + while ((count < ((mReverse &&!mHardJumpTo)? (maxCount+1):maxCount)) && e.hasMoreElements()) { ICertRecord rec = (ICertRecord) e.nextElement(); if (rec == null) { - com.netscape.certsrv.apps.CMS.debug("record " + count - + " is null"); + com.netscape.certsrv.apps.CMS.debug("record "+count+" is null"); break; - } + } curSerial = rec.getSerialNumber(); - com.netscape.certsrv.apps.CMS.debug("record " + count - + " is serial#" + curSerial); - - if (count == 0) { - firstSerial = curSerial; - if (mReverse && !mHardJumpTo) {// reverse got one more, skip - count++; - continue; - } - } - - // DS has a problem where last record will be returned - // even though the filter is not matched. - /* - * cfu - is this necessary? it breaks when paging up if - * (curSerial.compareTo(sentinel) == -1) { - * com.netscape.certsrv.apps - * .CMS.debug("curSerial compare sentinel -1 break..."); - * - * break; } - */ + com.netscape.certsrv.apps.CMS.debug("record "+count+" is serial#"+curSerial); + + if (count == 0) { + firstSerial = curSerial; + if (mReverse && !mHardJumpTo) {//reverse got one more, skip + count++; + continue; + } + } + + // DS has a problem where last record will be returned + // even though the filter is not matched. + /*cfu - is this necessary? it breaks when paging up + if (curSerial.compareTo(sentinel) == -1) { + com.netscape.certsrv.apps.CMS.debug("curSerial compare sentinel -1 break..."); + + break; + } + */ if (!serialToVal.equals(MINUS_ONE)) { // check if we go over the limit if (curSerial.compareTo(serialToVal) == 1) { - com.netscape.certsrv.apps.CMS - .debug("curSerial compare serialToVal 1 breaking..."); + com.netscape.certsrv.apps.CMS.debug("curSerial compare serialToVal 1 breaking..."); break; - } + } } - if (mReverse) { - recs[rcount++] = rec; - } else { + if (mReverse) { + recs[rcount++] = rec; + } else { - IArgBlock rarg = com.netscape.certsrv.apps.CMS - .createArgBlock(); + IArgBlock rarg = com.netscape.certsrv.apps.CMS.createArgBlock(); - fillRecordIntoArg(rec, rarg); - argSet.addRepeatRecord(rarg); - } + fillRecordIntoArg(rec, rarg); + argSet.addRepeatRecord(rarg); + } count++; } } else { - com.netscape.certsrv.apps.CMS - .debug("ListCerts::processCertFilter() - no Cert Records found!"); + com.netscape.certsrv.apps.CMS.debug( + "ListCerts::processCertFilter() - no Cert Records found!" ); return; } - if (mReverse) { - // fill records into arg block and argSet - for (int ii = rcount - 1; ii >= 0; ii--) { - if (recs[ii] != null) { - IArgBlock rarg = com.netscape.certsrv.apps.CMS - .createArgBlock(); - // com.netscape.certsrv.apps.CMS.debug("item "+ii+" is serial # "+ - // recs[ii].getSerialNumber()); - fillRecordIntoArg(recs[ii], rarg); - argSet.addRepeatRecord(rarg); - } - } - } + if (mReverse) { + // fill records into arg block and argSet + for (int ii = rcount-1; ii>= 0; ii--) { + if (recs[ii] != null) { + IArgBlock rarg = com.netscape.certsrv.apps.CMS.createArgBlock(); + //com.netscape.certsrv.apps.CMS.debug("item "+ii+" is serial # "+ recs[ii].getSerialNumber()); + fillRecordIntoArg(recs[ii], rarg); + argSet.addRepeatRecord(rarg); + } + } + } // peek ahead ICertRecord nextRec = null; @@ -543,72 +522,70 @@ public class ListCerts extends CMSServlet { if (totalRecordCount == -1) { if (!serialToVal.equals(MINUS_ONE)) { totalRecordCount = toCurIndex - curIndex + 1; - com.netscape.certsrv.apps.CMS.debug("totalRecordCount=" - + totalRecordCount); + com.netscape.certsrv.apps.CMS.debug("totalRecordCount="+totalRecordCount); } else { - totalRecordCount = list.getSize() - list.getCurrentIndex(); - com.netscape.certsrv.apps.CMS.debug("totalRecordCount=" - + totalRecordCount); + totalRecordCount = list.getSize() - + list.getCurrentIndex(); + com.netscape.certsrv.apps.CMS.debug("totalRecordCount="+totalRecordCount); } } header.addIntegerValue("totalRecordCount", totalRecordCount); - header.addIntegerValue("currentRecordCount", - list.getSize() - list.getCurrentIndex()); - - String qs = ""; - if (mReverse) - qs = "querySentinelUp"; - else - qs = "querySentinelDown"; - - if (mHardJumpTo) { - com.netscape.certsrv.apps.CMS - .debug("curSerial added to querySentinelUp:" - + curSerial.toString()); - - header.addStringValue("querySentinelUp", curSerial.toString()); + header.addIntegerValue("currentRecordCount", list.getSize() - + list.getCurrentIndex()); + + String qs = ""; + if (mReverse) + qs = "querySentinelUp"; + else + qs = "querySentinelDown"; + + if (mHardJumpTo) { + com.netscape.certsrv.apps.CMS.debug("curSerial added to querySentinelUp:"+ curSerial.toString()); + + header.addStringValue("querySentinelUp", curSerial.toString()); + } else { + if (nextRec == null) { + header.addStringValue(qs, null); + com.netscape.certsrv.apps.CMS.debug("nextRec is null"); + if (mReverse) { + com.netscape.certsrv.apps.CMS.debug("curSerial added to querySentinelUp:"+ curSerial.toString()); + + header.addStringValue("querySentinelUp", curSerial.toString()); + } } else { - if (nextRec == null) { - header.addStringValue(qs, null); - com.netscape.certsrv.apps.CMS.debug("nextRec is null"); - if (mReverse) { - com.netscape.certsrv.apps.CMS - .debug("curSerial added to querySentinelUp:" - + curSerial.toString()); - - header.addStringValue("querySentinelUp", - curSerial.toString()); - } - } else { - BigInteger nextRecNo = nextRec.getSerialNumber(); + BigInteger nextRecNo = nextRec.getSerialNumber(); - if (serialToVal.equals(MINUS_ONE)) { - header.addStringValue(qs, nextRecNo.toString()); + if (serialToVal.equals(MINUS_ONE)) { + header.addStringValue( + qs, nextRecNo.toString()); + } else { + if (nextRecNo.compareTo(serialToVal) <= 0) { + header.addStringValue( + qs, nextRecNo.toString()); } else { - if (nextRecNo.compareTo(serialToVal) <= 0) { - header.addStringValue(qs, nextRecNo.toString()); - } else { - header.addStringValue(qs, null); - } + header.addStringValue(qs, + null); } - com.netscape.certsrv.apps.CMS.debug("querySentinel " + qs - + " = " + nextRecNo.toString()); } - } // !mHardJumpto + com.netscape.certsrv.apps.CMS.debug("querySentinel "+qs+" = "+nextRecNo.toString()); + } + } // !mHardJumpto - header.addStringValue(!mReverse ? "querySentinelUp" - : "querySentinelDown", firstSerial.toString()); + header.addStringValue(!mReverse? "querySentinelUp":"querySentinelDown", + firstSerial.toString()); } /** * Process the key search. */ - private void process(CMSTemplateParams argSet, IArgBlock header, - int maxCount, int sentinel, String filter, HttpServletRequest req, - HttpServletResponse resp, String revokeAll, Locale locale) - throws EBaseException { + private void process(CMSTemplateParams argSet, IArgBlock header, + int maxCount, int sentinel, + String filter, HttpServletRequest req, + HttpServletResponse resp, + String revokeAll, Locale locale) + throws EBaseException { try { if (filter.indexOf(CURRENT_TIME, 0) > -1) { filter = insertCurrentTime(filter); @@ -618,11 +595,11 @@ public class ListCerts extends CMSServlet { } // xxx the filter includes serial number range??? - ICertRecordList list = (ICertRecordList) mCertDB - .findCertRecordsInList(filter, null, maxCount); + ICertRecordList list = + (ICertRecordList) mCertDB.findCertRecordsInList(filter, null, maxCount); // sentinel is the index on the list now, not serial number - Enumeration e = list.getCertRecords(sentinel, sentinel + maxCount - - 1); + Enumeration e = + list.getCertRecords(sentinel, sentinel + maxCount - 1); int count = 0; @@ -651,9 +628,7 @@ public class ListCerts extends CMSServlet { else header.addStringValue("querySentinelDown", null); } catch (EBaseException e) { - log(ILogger.LL_FAILURE, - com.netscape.certsrv.apps.CMS.getLogMessage( - "CMSGW_ERROR_LISTCERTS", e.toString())); + log(ILogger.LL_FAILURE, com.netscape.certsrv.apps.CMS.getLogMessage("CMSGW_ERROR_LISTCERTS", e.toString())); throw e; } return; @@ -666,8 +641,7 @@ public class ListCerts extends CMSServlet { int i = filter.indexOf(CURRENT_TIME, k); while (i > -1) { - if (now == null) - now = new Date(); + if (now == null) now = new Date(); if (newFilter.length() == 0) { newFilter.append(filter.substring(k, i)); newFilter.append(now.getTime()); @@ -688,7 +662,7 @@ public class ListCerts extends CMSServlet { * Fills cert record into argument block. */ private void fillRecordIntoArg(ICertRecord rec, IArgBlock rarg) - throws EBaseException { + throws EBaseException { X509CertImpl xcert = rec.getCertificate(); @@ -696,16 +670,15 @@ public class ListCerts extends CMSServlet { fillX509RecordIntoArg(rec, rarg); } } - + private void fillX509RecordIntoArg(ICertRecord rec, IArgBlock rarg) - throws EBaseException { + throws EBaseException { X509CertImpl cert = rec.getCertificate(); rarg.addIntegerValue("version", cert.getVersion()); rarg.addStringValue("serialNumber", cert.getSerialNumber().toString(16)); - rarg.addStringValue("serialNumberDecimal", cert.getSerialNumber() - .toString()); + rarg.addStringValue("serialNumberDecimal", cert.getSerialNumber().toString()); if (cert.getSubjectDN().toString().equals("")) { rarg.addStringValue("subject", " "); @@ -726,32 +699,28 @@ public class ListCerts extends CMSServlet { if (pKey instanceof X509Key) { key = (X509Key) pKey; } - rarg.addStringValue("subjectPublicKeyAlgorithm", key - .getAlgorithmId().getOID().toString()); + rarg.addStringValue("subjectPublicKeyAlgorithm", key.getAlgorithmId().getOID().toString()); if (key.getAlgorithmId().toString().equalsIgnoreCase("RSA")) { RSAPublicKey rsaKey = new RSAPublicKey(key.getEncoded()); - rarg.addIntegerValue("subjectPublicKeyLength", - rsaKey.getKeySize()); + rarg.addIntegerValue("subjectPublicKeyLength", rsaKey.getKeySize()); } } catch (Exception e) { rarg.addStringValue("subjectPublicKeyAlgorithm", null); rarg.addIntegerValue("subjectPublicKeyLength", 0); } - rarg.addLongValue("validNotBefore", - cert.getNotBefore().getTime() / 1000); + rarg.addLongValue("validNotBefore", cert.getNotBefore().getTime() / 1000); rarg.addLongValue("validNotAfter", cert.getNotAfter().getTime() / 1000); rarg.addStringValue("signatureAlgorithm", cert.getSigAlgOID()); String issuedBy = rec.getIssuedBy(); - if (issuedBy == null) - issuedBy = ""; + if (issuedBy == null) issuedBy = ""; rarg.addStringValue("issuedBy", issuedBy); // cert.getIssuerDN().toString() rarg.addLongValue("issuedOn", rec.getCreateTime().getTime() / 1000); - rarg.addStringValue("revokedBy", ((rec.getRevokedBy() == null) ? "" - : rec.getRevokedBy())); + rarg.addStringValue("revokedBy", + ((rec.getRevokedBy() == null) ? "" : rec.getRevokedBy())); if (rec.getRevokedOn() == null) { rarg.addStringValue("revokedOn", null); } else { @@ -770,8 +739,7 @@ public class ListCerts extends CMSServlet { Extension ext = (Extension) enum1.nextElement(); if (ext instanceof CRLReasonExtension) { - reason = ((CRLReasonExtension) ext).getReason() - .toInt(); + reason = ((CRLReasonExtension) ext).getReason().toInt(); break; } } @@ -781,3 +749,4 @@ public class ListCerts extends CMSServlet { } } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/Monitor.java b/pki/base/common/src/com/netscape/cms/servlet/cert/Monitor.java index 577caa18..db77d039 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/Monitor.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/Monitor.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; + import java.io.IOException; import java.util.Calendar; import java.util.Date; @@ -50,9 +51,10 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; + /** * Provide statistical queries of request and certificate records. - * + * * @version $Revision$, $Date$ */ public class Monitor extends CMSServlet { @@ -81,8 +83,8 @@ public class Monitor extends CMSServlet { /** * initialize the servlet. This servlet uses the template file - * 'monitor.template' to render the response. - * + * 'monitor.template' to render the response. + * * @param sc servlet configuration, read from the web.xml file */ @@ -109,8 +111,8 @@ public class Monitor extends CMSServlet { * Process the HTTP request. * <ul> * <li>http.param startTime start of time period to query - * <li>http.param endTime end of time period to query - * <li>http.param interval time between queries + * <li>http.param endTime end of time period to query + * <li>http.param interval time between queries * <li>http.param numberOfIntervals number of queries to run * <li>http.param maxResults =number * <li>http.param timeLimit =time @@ -124,14 +126,14 @@ public class Monitor extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "read"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -156,11 +158,9 @@ public class Monitor extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, - e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + throw new ECMSGWException(CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } try { @@ -169,11 +169,10 @@ public class Monitor extends CMSServlet { interval = req.getParameter("interval"); numberOfIntervals = req.getParameter("numberOfIntervals"); - process(argSet, header, startTime, endTime, interval, - numberOfIntervals, locale[0]); + process(argSet, header, startTime, endTime, interval, numberOfIntervals, locale[0]); } catch (EBaseException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_PROCESSING_REQ", e.toString())); + CMS.getLogMessage("CMSGW_ERR_PROCESSING_REQ", e.toString())); error = e; } @@ -183,34 +182,35 @@ public class Monitor extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", + e.toString())); + throw new ECMSGWException(CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } - private void process(CMSTemplateParams argSet, IArgBlock header, - String startTime, String endTime, String interval, - String numberOfIntervals, Locale locale) throws EBaseException { + private void process(CMSTemplateParams argSet, IArgBlock header, + String startTime, String endTime, + String interval, String numberOfIntervals, + Locale locale) + throws EBaseException { if (interval == null || interval.length() == 0) { header.addStringValue("error", "Invalid interval: " + interval); return; } if (numberOfIntervals == null || numberOfIntervals.length() == 0) { - header.addStringValue("error", "Invalid number of intervals: " - + numberOfIntervals); + header.addStringValue("error", "Invalid number of intervals: " + numberOfIntervals); return; } @@ -235,8 +235,7 @@ public class Monitor extends CMSServlet { try { iNumberOfIntervals = Integer.parseInt(numberOfIntervals); } catch (NumberFormatException nfe) { - header.addStringValue("error", "Invalid number of intervals: " - + numberOfIntervals); + header.addStringValue("error", "Invalid number of intervals: " + numberOfIntervals); return; } @@ -271,7 +270,7 @@ public class Monitor extends CMSServlet { return; } - + Date nextDate(Date d, int seconds) { Date date = new Date((d.getTime()) + ((long) (seconds * 1000))); @@ -289,8 +288,7 @@ public class Monitor extends CMSServlet { try { if (mCertDB != null) { - filter = Filter(ICertRecord.ATTR_CREATE_TIME, startTime, - endTime); + filter = Filter(ICertRecord.ATTR_CREATE_TIME, startTime, endTime); Enumeration e = mCertDB.findCertRecs(filter); @@ -308,21 +306,18 @@ public class Monitor extends CMSServlet { } if (mQueue != null) { - filter = Filter(IRequestRecord.ATTR_CREATE_TIME, startTime, - endTime); + filter = Filter(IRequestRecord.ATTR_CREATE_TIME, startTime, endTime); IRequestList reqList = mQueue.listRequestsByFilter(filter); int count = 0; while (reqList != null && reqList.hasMoreElements()) { - IRequestRecord rec = (IRequestRecord) reqList - .nextRequest(); + IRequestRecord rec = (IRequestRecord) reqList.nextRequest(); if (rec != null) { if (count == 0) { - arg.addStringValue("firstRequest", rec - .getRequestId().toString()); + arg.addStringValue("firstRequest", rec.getRequestId().toString()); } count++; } @@ -331,21 +326,20 @@ public class Monitor extends CMSServlet { mTotalReqs += count; } } catch (Exception ex) { - return "Exception: " + ex; + return "Exception: " + ex; } return null; } else { - return "Missing start or end date"; + return "Missing start or end date"; } } Date StringToDate(String z) { Date d = null; - if (z != null - && (z.length() == 14 || z.length() == 15 - && (z.charAt(14) == 'Z' || z.charAt(14) == 'z'))) { + if (z != null && (z.length() == 14 || + z.length() == 15 && (z.charAt(14) == 'Z' || z.charAt(14) == 'z'))) { // 20020516132030Z or 20020516132030 try { int year = Integer.parseInt(z.substring(0, 4)); @@ -354,12 +348,12 @@ public class Monitor extends CMSServlet { int hour = Integer.parseInt(z.substring(8, 10)); int minute = Integer.parseInt(z.substring(10, 12)); int second = Integer.parseInt(z.substring(12, 14)); - Calendar calendar = Calendar.getInstance(); + Calendar calendar= Calendar.getInstance(); calendar.set(year, month, date, hour, minute, second); d = calendar.getTime(); } catch (NumberFormatException nfe) { } - } else if (z != null && z.length() > 1 && z.charAt(0) == '-') { // -5 + } else if (z != null && z.length() > 1 && z.charAt(0) == '-') { // -5 try { int i = Integer.parseInt(z); @@ -376,42 +370,37 @@ public class Monitor extends CMSServlet { Calendar calendar = Calendar.getInstance(); calendar.setTime(d); + String time = "" + (calendar.get(Calendar.YEAR)); int i = calendar.get(Calendar.MONTH) + 1; - if (i < 10) - time += "0"; + if (i < 10) time += "0"; time += i; - i = calendar.get(Calendar.DAY_OF_MONTH); - if (i < 10) - time += "0"; + i = calendar.get(Calendar.DAY_OF_MONTH); + if (i < 10) time += "0"; time += i; i = calendar.get(Calendar.HOUR_OF_DAY); - if (i < 10) - time += "0"; + if (i < 10) time += "0"; time += i; i = calendar.get(Calendar.MINUTE); - if (i < 10) - time += "0"; + if (i < 10) time += "0"; time += i; i = calendar.get(Calendar.SECOND); - if (i < 10) - time += "0"; + if (i < 10) time += "0"; time += i + "Z"; return time; } String Filter(String name, String start, String end) { - String filter = "(&(" + name + ">=" + start + ")(" + name + "<=" + end - + "))"; + String filter = "(&(" + name + ">=" + start + ")(" + name + "<=" + end + "))"; return filter; } String uriFilter(String name, String start, String end) { - String filter = "(%26(" + name + "%3e%3d" + start + ")(" + name - + "%3c%3d" + end + "))"; + String filter = "(%26(" + name + "%3e%3d" + start + ")(" + name + "%3c%3d" + end + "))"; return filter; } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/ReasonToRevoke.java b/pki/base/common/src/com/netscape/cms/servlet/cert/ReasonToRevoke.java index 2d11bff6..50296cf1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/ReasonToRevoke.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/ReasonToRevoke.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; + import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -47,9 +48,10 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; + /** * Specify the RevocationReason when revoking a certificate - * + * * @version $Revision$, $Date$ */ public class ReasonToRevoke extends CMSServlet { @@ -73,9 +75,9 @@ public class ReasonToRevoke extends CMSServlet { } /** - * initialize the servlet. This servlet uses the template file - * 'reasonToRevoke.template' to render the response - * + * initialize the servlet. This servlet uses the template file + * 'reasonToRevoke.template' to render the response + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -83,8 +85,7 @@ public class ReasonToRevoke extends CMSServlet { mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; if (mAuthority instanceof ICertificateAuthority) { mCA = (ICertificateAuthority) mAuthority; - mCertDB = ((ICertificateAuthority) mAuthority) - .getCertificateRepository(); + mCertDB = ((ICertificateAuthority) mAuthority).getCertificateRepository(); } if (mCA != null && mCA.noncesEnabled()) { @@ -107,13 +108,13 @@ public class ReasonToRevoke extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** - * Process the HTTP request. - * + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -125,14 +126,14 @@ public class ReasonToRevoke extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "revoke"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "revoke"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -150,11 +151,10 @@ public class ReasonToRevoke extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -163,28 +163,31 @@ public class ReasonToRevoke extends CMSServlet { try { if (req.getParameter("totalRecordCount") != null) { - totalRecordCount = Integer.parseInt(req - .getParameter("totalRecordCount")); + totalRecordCount = + Integer.parseInt(req.getParameter("totalRecordCount")); } revokeAll = req.getParameter("revokeAll"); - process(argSet, header, req, resp, revokeAll, totalRecordCount, - locale[0]); + process(argSet, header, req, resp, + revokeAll, totalRecordCount, locale[0]); } catch (EBaseException e) { error = e; } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_RECORD_COUNT_FORMAT")); - error = new EBaseException(CMS.getUserMessage(getLocale(req), - "CMS_BASE_INVALID_NUMBER_FORMAT")); - } + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_RECORD_COUNT_FORMAT")); + error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT")); + } /* - * catch (Exception e) { noError = false; - * header.addStringValue(OUT_ERROR, MessageFormatter.getLocalizedString( - * errorlocale[0], BaseResources.class.getName(), - * BaseResources.INTERNAL_ERROR_1, e.toString())); } + catch (Exception e) { + noError = false; + header.addStringValue(OUT_ERROR, + MessageFormatter.getLocalizedString( + errorlocale[0], + BaseResources.class.getName(), + BaseResources.INTERNAL_ERROR_1, + e.toString())); + } */ try { @@ -193,28 +196,30 @@ public class ReasonToRevoke extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } private void process(CMSTemplateParams argSet, IArgBlock header, - HttpServletRequest req, HttpServletResponse resp, String revokeAll, - int totalRecordCount, Locale locale) throws EBaseException { + HttpServletRequest req, + HttpServletResponse resp, + String revokeAll, int totalRecordCount, + Locale locale) + throws EBaseException { header.addStringValue("revokeAll", revokeAll); header.addIntegerValue("totalRecordCount", totalRecordCount); @@ -232,15 +237,15 @@ public class ReasonToRevoke extends CMSServlet { X509CertImpl caCert = mCA.getSigningUnit().getCertImpl(); if (isCertFromCA(caCert)) { - header.addStringValue("caSerialNumber", caCert - .getSerialNumber().toString(16)); + header.addStringValue("caSerialNumber", + caCert.getSerialNumber().toString(16)); } } /** - * ICertRecordList list = mCertDB.findCertRecordsInList( revokeAll, - * null, totalRecordCount); Enumeration e = list.getCertRecords(0, - * totalRecordCount - 1); + ICertRecordList list = mCertDB.findCertRecordsInList( + revokeAll, null, totalRecordCount); + Enumeration e = list.getCertRecords(0, totalRecordCount - 1); **/ Enumeration e = mCertDB.searchCertificates(revokeAll, totalRecordCount, mTimeLimits); @@ -260,16 +265,16 @@ public class ReasonToRevoke extends CMSServlet { count++; IArgBlock rarg = CMS.createArgBlock(); - rarg.addStringValue("serialNumber", xcert - .getSerialNumber().toString(16)); - rarg.addStringValue("serialNumberDecimal", xcert - .getSerialNumber().toString()); - rarg.addStringValue("subject", xcert.getSubjectDN() - .toString()); - rarg.addLongValue("validNotBefore", xcert - .getNotBefore().getTime() / 1000); - rarg.addLongValue("validNotAfter", xcert.getNotAfter() - .getTime() / 1000); + rarg.addStringValue("serialNumber", + xcert.getSerialNumber().toString(16)); + rarg.addStringValue("serialNumberDecimal", + xcert.getSerialNumber().toString()); + rarg.addStringValue("subject", + xcert.getSubjectDN().toString()); + rarg.addLongValue("validNotBefore", + xcert.getNotBefore().getTime() / 1000); + rarg.addLongValue("validNotAfter", + xcert.getNotAfter().getTime() / 1000); argSet.addRepeatRecord(rarg); } } @@ -283,3 +288,4 @@ public class ReasonToRevoke extends CMSServlet { return; } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/RemoteAuthConfig.java b/pki/base/common/src/com/netscape/cms/servlet/cert/RemoteAuthConfig.java index fc81c70c..9c414b9c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/RemoteAuthConfig.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/RemoteAuthConfig.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; + import java.io.IOException; import java.util.Calendar; import java.util.Date; @@ -53,6 +54,7 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; + /** * Allow agent to turn on/off authentication managers * @@ -87,11 +89,11 @@ public class RemoteAuthConfig extends CMSServlet { /** * Initializes the servlet. - * - * Presence of "auths.enableRemoteConfiguration=true" in CMS.cfg enables - * remote configuration for authentication plugins. List of remotely set - * instances can be found in CMS.cfg at - * "auths.remotelySetInstances=<name1>,<name2>,...,<nameN>" + * + * Presence of "auths.enableRemoteConfiguration=true" in CMS.cfg + * enables remote configuration for authentication plugins. + * List of remotely set instances can be found in CMS.cfg + * at "auths.remotelySetInstances=<name1>,<name2>,...,<nameN>" */ public void init(ServletConfig sc) throws ServletException { super.init(sc); @@ -100,11 +102,9 @@ public class RemoteAuthConfig extends CMSServlet { mFileConfig = CMS.getConfigStore(); mAuthConfig = mFileConfig.getSubStore("auths"); try { - mEnableRemoteConfiguration = mAuthConfig.getBoolean( - ENABLE_REMOTE_CONFIG, false); + mEnableRemoteConfiguration = mAuthConfig.getBoolean(ENABLE_REMOTE_CONFIG, false); } catch (EBaseException eb) { - // Thanks to design of getBoolean we have to catch but we will never - // get anything. + // Thanks to design of getBoolean we have to catch but we will never get anything. } String remoteList = null; @@ -112,8 +112,7 @@ public class RemoteAuthConfig extends CMSServlet { try { remoteList = mAuthConfig.getString(REMOTELY_SET_INSTANCES, null); } catch (EBaseException eb) { - // Thanks to design of getString we have to catch but we will never - // get anything. + // Thanks to design of getString we have to catch but we will never get anything. } if (remoteList != null) { StringTokenizer s = new StringTokenizer(remoteList, ","); @@ -134,10 +133,16 @@ public class RemoteAuthConfig extends CMSServlet { /** * Serves HTTPS request. The format of this request is as follows: - * https://host:ee-port/remoteAuthConfig? op="add"|"delete"& - * instance=<instanceName>& of=<authPluginName>& host=<hostName>& - * port=<portNumber>& password=<password>& [adminDN=<adminDN>]& [uid=<uid>]& - * [baseDN=<baseDN>] + * https://host:ee-port/remoteAuthConfig? + * op="add"|"delete"& + * instance=<instanceName>& + * of=<authPluginName>& + * host=<hostName>& + * port=<portNumber>& + * password=<password>& + * [adminDN=<adminDN>]& + * [uid=<uid>]& + * [baseDN=<baseDN>] */ public void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest req = cmsReq.getHttpReq(); @@ -169,8 +174,7 @@ public class RemoteAuthConfig extends CMSServlet { if (adminDN != null && adminDN.length() > 0) { errMsg = authenticateRemoteAdmin(host, port, adminDN, password); } else { - errMsg = authenticateRemoteAdmin(host, port, uid, baseDN, - password); + errMsg = authenticateRemoteAdmin(host, port, uid, baseDN, password); } if (errMsg == null || errMsg.length() == 0) { if (mAuthSubsystem != null && mAuthConfig != null) { @@ -193,17 +197,14 @@ public class RemoteAuthConfig extends CMSServlet { header.addStringValue("error", errMsg); } else { header.addStringValue("plugin", plugin); - header.addStringValue("instance", - instance); + header.addStringValue("instance", instance); } } else { - header.addStringValue("error", - "Unknown instance " + instance - + "."); + header.addStringValue("error", "Unknown instance " + + instance + "."); } } else { - header.addStringValue("error", - "Unknown plugin name: " + plugin); + header.addStringValue("error", "Unknown plugin name: " + plugin); } } else if (op.equals("add")) { String plugin = req.getParameter("of"); @@ -215,33 +216,28 @@ public class RemoteAuthConfig extends CMSServlet { instance = makeInstanceName(); } if (isInstanceListed(instance)) { - header.addStringValue("error", - "Instance name " + instance - + " is already in use."); + header.addStringValue("error", "Instance name " + + instance + " is already in use."); } else { errMsg = addInstance(instance, plugin, - host, port, baseDN, - req.getParameter("dnPattern")); + host, port, baseDN, + req.getParameter("dnPattern")); if (errMsg != null && errMsg.length() > 0) { header.addStringValue("error", errMsg); } else { header.addStringValue("plugin", plugin); - header.addStringValue("instance", - instance); + header.addStringValue("instance", instance); } } } else { - header.addStringValue("error", - "Unknown plugin name: " + plugin); + header.addStringValue("error", "Unknown plugin name: " + plugin); } } else { - header.addStringValue("error", - "Unsupported operation: " + op); + header.addStringValue("error", "Unsupported operation: " + op); } } } else { - header.addStringValue("error", - "Invalid configuration data."); + header.addStringValue("error", "Invalid configuration data."); } } else { header.addStringValue("error", errMsg); @@ -255,10 +251,9 @@ public class RemoteAuthConfig extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } try { @@ -268,15 +263,15 @@ public class RemoteAuthConfig extends CMSServlet { form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } private String authenticateRemoteAdmin(String host, String port, - String adminDN, String password) { + String adminDN, String password) { if (host == null || host.length() == 0) { return "Missing host name."; } @@ -318,16 +313,13 @@ public class RemoteAuthConfig extends CMSServlet { LDAPEntry groupEntry = c.read(nextValue); if (groupEntry != null) { - LDAPAttribute gAttr = groupEntry - .getAttribute(UNIQUE_MEMBER); + LDAPAttribute gAttr = groupEntry.getAttribute(UNIQUE_MEMBER); if (gAttr != null) { - Enumeration eValues = gAttr - .getStringValues(); + Enumeration eValues = gAttr.getStringValues(); while (eValues.hasMoreElements()) { - String value = (String) eValues - .nextElement(); + String value = (String) eValues.nextElement(); if (value.equals(entry.getDN())) { c.disconnect(); @@ -347,11 +339,13 @@ public class RemoteAuthConfig extends CMSServlet { } catch (LDAPException e) { /* - * switch (e.getLDAPResultCode()) { case - * LDAPException.NO_SUCH_OBJECT: case - * LDAPException.INVALID_CREDENTIALS: case - * LDAPException.INSUFFICIENT_ACCESS_RIGHTS: case - * LDAPException.LDAP_PARTIAL_RESULTS: default: } + switch (e.getLDAPResultCode()) { + case LDAPException.NO_SUCH_OBJECT: + case LDAPException.INVALID_CREDENTIALS: + case LDAPException.INSUFFICIENT_ACCESS_RIGHTS: + case LDAPException.LDAP_PARTIAL_RESULTS: + default: + } */ c.disconnect(); return "LDAP error: " + e.toString(); @@ -368,7 +362,8 @@ public class RemoteAuthConfig extends CMSServlet { } private String authenticateRemoteAdmin(String host, String port, - String uid, String baseDN, String password) { + String uid, String baseDN, + String password) { if (host == null || host.length() == 0) { return "Missing host name."; } @@ -403,7 +398,8 @@ public class RemoteAuthConfig extends CMSServlet { connected = true; boolean memberOf = false; LDAPSearchResults results = c.search(baseDN, LDAPv2.SCOPE_SUB, - "(uid=" + uid + ")", null, false); + "(uid=" + uid + ")", + null, false); while (results.hasMoreElements()) { LDAPEntry entry = null; @@ -424,16 +420,13 @@ public class RemoteAuthConfig extends CMSServlet { LDAPEntry groupEntry = c.read(nextValue); if (groupEntry != null) { - LDAPAttribute gAttr = groupEntry - .getAttribute(UNIQUE_MEMBER); + LDAPAttribute gAttr = groupEntry.getAttribute(UNIQUE_MEMBER); if (gAttr != null) { - Enumeration eValues = gAttr - .getStringValues(); + Enumeration eValues = gAttr.getStringValues(); while (eValues.hasMoreElements()) { - String value = (String) eValues - .nextElement(); + String value = (String) eValues.nextElement(); if (value.equals(entry.getDN())) { c.disconnect(); @@ -479,8 +472,9 @@ public class RemoteAuthConfig extends CMSServlet { return "Access unauthorized"; } - private String addInstance(String instance, String plugin, String host, - String port, String baseDN, String dnPattern) { + private String addInstance(String instance, String plugin, + String host, String port, + String baseDN, String dnPattern) { if (host == null || host.length() == 0) { return "Missing host name."; } @@ -522,8 +516,7 @@ public class RemoteAuthConfig extends CMSServlet { StringBuffer list = new StringBuffer(); for (int i = 0; i < mRemotelySetInstances.size(); i++) { - if (i > 0) - list.append(","); + if (i > 0) list.append(","); list.append((String) mRemotelySetInstances.elementAt(i)); } @@ -549,8 +542,7 @@ public class RemoteAuthConfig extends CMSServlet { StringBuffer list = new StringBuffer(); for (int i = 0; i < mRemotelySetInstances.size(); i++) { - if (i > 0) - list.append(","); + if (i > 0) list.append(","); list.append((String) mRemotelySetInstances.elementAt(i)); } @@ -610,21 +602,17 @@ public class RemoteAuthConfig extends CMSServlet { int y = now.get(Calendar.YEAR); String name = "R" + y; - if (now.get(Calendar.MONTH) < 10) - name += "0"; + if (now.get(Calendar.MONTH) < 10) name += "0"; name += now.get(Calendar.MONTH); - if (now.get(Calendar.DAY_OF_MONTH) < 10) - name += "0"; + if (now.get(Calendar.DAY_OF_MONTH) < 10) name += "0"; name += now.get(Calendar.DAY_OF_MONTH); - if (now.get(Calendar.HOUR_OF_DAY) < 10) - name += "0"; + if (now.get(Calendar.HOUR_OF_DAY) < 10) name += "0"; name += now.get(Calendar.HOUR_OF_DAY); - if (now.get(Calendar.MINUTE) < 10) - name += "0"; + if (now.get(Calendar.MINUTE) < 10) name += "0"; name += now.get(Calendar.MINUTE); - if (now.get(Calendar.SECOND) < 10) - name += "0"; + if (now.get(Calendar.SECOND) < 10) name += "0"; name += now.get(Calendar.SECOND); return name; } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/RenewalServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/RenewalServlet.java index 1eccf40e..050dd36d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/RenewalServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/RenewalServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; + import java.io.IOException; import java.math.BigInteger; import java.security.cert.CertificateException; @@ -58,7 +59,7 @@ import com.netscape.cms.servlet.common.ICMSTemplateFiller; /** * Certificate Renewal - * + * * @version $Revision$, $Date$ */ public class RenewalServlet extends CMSServlet { @@ -68,27 +69,29 @@ public class RenewalServlet extends CMSServlet { private static final long serialVersionUID = -3094124661102395244L; // renewal templates. - public static final String RENEWAL_SUCCESS_TEMPLATE = "RenewalSuccess.template"; + public static final String + RENEWAL_SUCCESS_TEMPLATE = "RenewalSuccess.template"; - // http params + // http params public static final String CERT_TYPE = "certType"; public static final String SERIAL_NO = "serialNo"; - // XXX can't do pkcs10 cause it's got no serial no. + // XXX can't do pkcs10 cause it's got no serial no. // (unless put serial no in pki attributes) - // public static final String PKCS10 = "pkcs10"; + // public static final String PKCS10 = "pkcs10"; public static final String IMPORT_CERT = "importCert"; private String mRenewalSuccessTemplate = RENEWAL_SUCCESS_TEMPLATE; - private ICMSTemplateFiller mRenewalSuccessFiller = new ImportCertsTemplateFiller(); + private ICMSTemplateFiller + mRenewalSuccessFiller = new ImportCertsTemplateFiller(); public RenewalServlet() { super(); } /** - * initialize the servlet. This servlet makes use of the template file - * "RenewalSuccess.template" to render the response - * + * initialize the servlet. This servlet makes use of the + * template file "RenewalSuccess.template" to render the + * response * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -96,44 +99,47 @@ public class RenewalServlet extends CMSServlet { // override success template. has same info as enrollment. mTemplates.remove(CMSRequest.SUCCESS); try { - mRenewalSuccessTemplate = sc - .getInitParameter(PROP_SUCCESS_TEMPLATE); + mRenewalSuccessTemplate = sc.getInitParameter( + PROP_SUCCESS_TEMPLATE); if (mRenewalSuccessTemplate == null) mRenewalSuccessTemplate = RENEWAL_SUCCESS_TEMPLATE; - String fillername = sc - .getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER); + String fillername = + sc.getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER); if (fillername != null) { ICMSTemplateFiller filler = newFillerObject(fillername); - if (filler != null) + if (filler != null) mRenewalSuccessFiller = filler; } } catch (Exception e) { - // this should never happen. - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_IMP_INIT_SERV_ERR", e.toString(), mId)); + // this should never happen. + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(), + mId)); } } + /** - * Process the HTTP request. - * + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information */ - protected void process(CMSRequest cmsReq) throws EBaseException { + protected void process(CMSRequest cmsReq) + throws EBaseException { long startTime = CMS.getCurrentDate().getTime(); IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest httpReq = cmsReq.getHttpReq(); - // renewal requires either: - // - coming from ee: - // - old cert from ssl client auth - // - old certs from auth manager - // - coming from agent or trusted RA: - // - serial no of cert to be renewed. - + // renewal requires either: + // - coming from ee: + // - old cert from ssl client auth + // - old certs from auth manager + // - coming from agent or trusted RA: + // - serial no of cert to be renewed. + BigInteger old_serial_no = null; X509CertImpl old_cert = null; X509CertImpl renewed_cert = null; @@ -146,14 +152,14 @@ public class RenewalServlet extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "renew"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "renew"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -164,12 +170,12 @@ public class RenewalServlet extends CMSServlet { String authMgr = AuditFormat.NOAUTH; if (authToken != null && !mAuthMgr.equals("sslClientCertAuthMgr")) { - authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); + authMgr = + authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); } - // coming from agent - if (mAuthMgr != null - && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { + // coming from agent + if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { X509Certificate[] cert = new X509Certificate[1]; old_serial_no = getCertFromAgent(httpParams, cert); @@ -183,8 +189,8 @@ public class RenewalServlet extends CMSServlet { int endMonth = httpParams.getValueAsInt("endMonth", -1); int endDate = httpParams.getValueAsInt("endDate", -1); - if (beginYear != -1 && beginMonth != -1 && beginDate != -1 - && endYear != -1 && endMonth != -1 && endDate != -1) { + if (beginYear != -1 && beginMonth != -1 && beginDate != -1 && + endYear != -1 && endMonth != -1 && endDate != -1) { Calendar calendar = Calendar.getInstance(); calendar.set(beginYear, beginMonth, beginDate); notBefore = calendar.getTime(); @@ -193,7 +199,7 @@ public class RenewalServlet extends CMSServlet { } } // coming from client else { - // from auth manager + // from auth manager X509CertImpl[] cert = new X509CertImpl[1]; old_serial_no = getCertFromAuthMgr(authToken, cert); @@ -207,43 +213,44 @@ public class RenewalServlet extends CMSServlet { X509CertInfo new_certInfo = null; req = mRequestQueue.newRequest(IRequest.RENEWAL_REQUEST); - req.setExtData(IRequest.OLD_SERIALS, - new BigInteger[] { old_serial_no }); + req.setExtData(IRequest.OLD_SERIALS, new BigInteger[] {old_serial_no}); if (old_cert != null) { req.setExtData(IRequest.OLD_CERTS, - new X509CertImpl[] { old_cert }); - // create new certinfo from old_cert contents. - X509CertInfo old_certInfo = (X509CertInfo) ((X509CertImpl) old_cert) - .get(X509CertImpl.NAME + "." + X509CertImpl.INFO); + new X509CertImpl[] { old_cert } + ); + // create new certinfo from old_cert contents. + X509CertInfo old_certInfo = (X509CertInfo) + ((X509CertImpl) old_cert).get( + X509CertImpl.NAME + "." + X509CertImpl.INFO); new_certInfo = new X509CertInfo(old_certInfo.getEncodedInfo()); } else { - // if no old cert (came from RA agent) create new cert info - // (serializable) to pass through policies. And set the old + // if no old cert (came from RA agent) create new cert info + // (serializable) to pass through policies. And set the old // serial number to pick up. new_certInfo = new CertInfo(); - new_certInfo.set(X509CertInfo.SERIAL_NUMBER, - new CertificateSerialNumber(old_serial_no)); + new_certInfo.set(X509CertInfo.SERIAL_NUMBER, + new CertificateSerialNumber(old_serial_no)); } - + if (notBefore == null || notAfter == null) { notBefore = new Date(0); notAfter = new Date(0); } - new_certInfo.set(X509CertInfo.VALIDITY, new CertificateValidity( - notBefore, notAfter)); - req.setExtData(IRequest.CERT_INFO, - new X509CertInfo[] { new_certInfo }); + new_certInfo.set(X509CertInfo.VALIDITY, + new CertificateValidity(notBefore, notAfter)); + req.setExtData(IRequest.CERT_INFO, new X509CertInfo[] { new_certInfo } + ); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERROR_SETTING_RENEWAL_VALIDITY_1", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_SETTING_RENEWAL_VALIDITY_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SETTING_RENEWAL_VALIDITY_ERROR")); + CMS.getUserMessage("CMS_GW_SETTING_RENEWAL_VALIDITY_ERROR")); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERROR_SETTING_RENEWAL_VALIDITY_1", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_SETTING_RENEWAL_VALIDITY_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SETTING_RENEWAL_VALIDITY_ERROR")); + CMS.getUserMessage("CMS_GW_SETTING_RENEWAL_VALIDITY_ERROR")); } saveHttpHeaders(httpReq, req); @@ -252,23 +259,22 @@ public class RenewalServlet extends CMSServlet { saveAuthToken(authToken, req); cmsReq.setIRequest(req); - // send request to request queue. + // send request to request queue. mRequestQueue.processRequest(req); // for audit log String initiative = null; String agentID = null; - if (mAuthMgr != null - && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { + if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { agentID = authToken.getInString("userid"); initiative = AuditFormat.FROMAGENT + " agentID: " + agentID; - } else { + }else { // request is from eegateway, so fromUser. initiative = AuditFormat.FROMUSER; } - // check resulting status + // check resulting status RequestStatus status = req.getRequestStatus(); if (status != RequestStatus.COMPLETE) { @@ -286,76 +292,92 @@ public class RenewalServlet extends CMSServlet { wholeMsg.append(msgs.nextElement()); } - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.RENEWALFORMAT, - new Object[] { req.getRequestId(), initiative, - authMgr, status.toString(), - old_cert.getSubjectDN(), - old_cert.getSerialNumber().toString(16), - "violation: " + wholeMsg.toString() } - // wholeMsg}, - // ILogger.L_MULTILINE + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.RENEWALFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + status.toString(), + old_cert.getSubjectDN(), + old_cert.getSerialNumber().toString(16), + "violation: " + + wholeMsg.toString()} + // wholeMsg}, + // ILogger.L_MULTILINE ); } else { // no policy violation, from agent - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.RENEWALFORMAT, - new Object[] { req.getRequestId(), initiative, - authMgr, status.toString(), - old_cert.getSubjectDN(), - old_cert.getSerialNumber().toString(16), "" }); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.RENEWALFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + status.toString(), + old_cert.getSubjectDN(), + old_cert.getSerialNumber().toString(16), + "" } + ); } - } else { // other imcomplete status - mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, AuditFormat.RENEWALFORMAT, - new Object[] { req.getRequestId(), initiative, authMgr, - status.toString(), old_cert.getSubjectDN(), - old_cert.getSerialNumber().toString(16), "" }); + } else { // other imcomplete status + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.RENEWALFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + status.toString(), + old_cert.getSubjectDN(), + old_cert.getSerialNumber().toString(16), + "" } + ); } return; } - // service error + // service error Integer result = req.getExtDataInInteger(IRequest.RESULT); - CMS.debug("RenewalServlet: Result for request " + req.getRequestId() - + " is " + result); + CMS.debug( + "RenewalServlet: Result for request " + req.getRequestId() + " is " + result); if (result.equals(IRequest.RES_ERROR)) { - CMS.debug("RenewalServlet: Result for request " - + req.getRequestId() + " is error."); + CMS.debug( + "RenewalServlet: Result for request " + req.getRequestId() + " is error."); cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(req.getExtDataInString(IRequest.ERROR)); - String[] svcErrors = req - .getExtDataInStringArray(IRequest.SVCERRORS); + String[] svcErrors = + req.getExtDataInStringArray(IRequest.SVCERRORS); if (svcErrors != null && svcErrors.length > 0) { for (int i = 0; i < svcErrors.length; i++) { String err = svcErrors[i]; if (err != null) { - // System.out.println( - // "revocation servlet: setting error description "+ - // err.toString()); + //System.out.println( + //"revocation servlet: setting error description "+ + //err.toString()); cmsReq.setErrorDescription(err); - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.RENEWALFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - "completed with error: " + err, - old_cert.getSubjectDN(), - old_cert.getSerialNumber().toString(16), - "" }); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.RENEWALFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + "completed with error: " + + err, + old_cert.getSubjectDN(), + old_cert.getSerialNumber().toString(16), + "" } + ); } } @@ -370,29 +392,32 @@ public class RenewalServlet extends CMSServlet { respondSuccess(cmsReq, renewed_cert); long endTime = CMS.getCurrentDate().getTime(); - mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, AuditFormat.LEVEL, - AuditFormat.RENEWALFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - "completed", - old_cert.getSubjectDN(), - old_cert.getSerialNumber().toString(16), - "new serial number: 0x" - + renewed_cert.getSerialNumber().toString(16) - + " time: " + (endTime - startTime) }); + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.RENEWALFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + "completed", + old_cert.getSubjectDN(), + old_cert.getSerialNumber().toString(16), + "new serial number: 0x" + + renewed_cert.getSerialNumber().toString(16) + " time: " + (endTime - startTime)} + ); return; } - private void respondSuccess(CMSRequest cmsReq, X509CertImpl renewed_cert) - throws EBaseException { - cmsReq.setResult(new X509CertImpl[] { renewed_cert }); + private void respondSuccess( + CMSRequest cmsReq, X509CertImpl renewed_cert) + throws EBaseException { + cmsReq.setResult(new X509CertImpl[] {renewed_cert} + ); cmsReq.setStatus(CMSRequest.SUCCESS); - // check if cert should be imported. - // browser must have input type set to nav or cartman since + // check if cert should be imported. + // browser must have input type set to nav or cartman since // there's no other way to tell IArgBlock httpParams = cmsReq.getHttpParams(); @@ -400,73 +425,73 @@ public class RenewalServlet extends CMSServlet { String certType = httpParams.getValueAsString(CERT_TYPE, "client"); String agent = httpReq.getHeader("user-agent"); - if (checkImportCertToNav(cmsReq.getHttpResp(), httpParams, renewed_cert)) { + if (checkImportCertToNav(cmsReq.getHttpResp(), + httpParams, renewed_cert)) { return; } else { try { - renderTemplate(cmsReq, mRenewalSuccessTemplate, - mRenewalSuccessFiller); + renderTemplate(cmsReq, + mRenewalSuccessTemplate, mRenewalSuccessFiller); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGE_ERROR_DISPLAY_TEMPLATE_1", + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGE_ERROR_DISPLAY_TEMPLATE_1", mRenewalSuccessTemplate, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } return; } - protected BigInteger getRenewedCert(ICertRecord certRec) - throws EBaseException { + protected BigInteger getRenewedCert(ICertRecord certRec) + throws EBaseException { BigInteger renewedCert = null; String serial = null; - MetaInfo meta = certRec.getMetaInfo(); + MetaInfo meta = certRec.getMetaInfo(); if (meta == null) { - log(ILogger.LL_INFO, "no meta info in cert serial 0x" - + certRec.getSerialNumber().toString(16)); + log(ILogger.LL_INFO, + "no meta info in cert serial 0x" + certRec.getSerialNumber().toString(16)); return null; } serial = (String) meta.get(ICertRecord.META_RENEWED_CERT); if (serial == null) { - log(ILogger.LL_INFO, "no renewed cert in cert 0x" - + certRec.getSerialNumber().toString(16)); + log(ILogger.LL_INFO, + "no renewed cert in cert 0x" + certRec.getSerialNumber().toString(16)); return null; } renewedCert = new BigInteger(serial); - log(ILogger.LL_INFO, - "renewed cert serial 0x" + renewedCert.toString(16) - + "found for 0x" - + certRec.getSerialNumber().toString(16)); + log(ILogger.LL_INFO, + "renewed cert serial 0x" + renewedCert.toString(16) + "found for 0x" + + certRec.getSerialNumber().toString(16)); return renewedCert; } /** * get certs to renew from agent. */ - private BigInteger getCertFromAgent(IArgBlock httpParams, - X509Certificate[] certContainer) throws EBaseException { + private BigInteger getCertFromAgent( + IArgBlock httpParams, X509Certificate[] certContainer) + throws EBaseException { BigInteger serialno = null; X509Certificate cert = null; // get serial no serialno = httpParams.getValueAsBigInteger(SERIAL_NO, null); if (serialno == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_RENEW")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_RENEW")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_SERIALNO_FOR_RENEW")); + CMS.getUserMessage("CMS_GW_MISSING_SERIALNO_FOR_RENEW")); } // get cert from db if we're cert authority. if (mAuthority instanceof ICertificateAuthority) { cert = getX509Certificate(serialno); if (cert == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_MISSING_SERIALNO_FOR_RENEW_1", - serialno.toString(16))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_RENEW_1", serialno.toString(16))); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_RENEWAL")); + CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_RENEWAL")); } } certContainer[0] = cert; @@ -476,21 +501,24 @@ public class RenewalServlet extends CMSServlet { /** * get cert to renew from auth manager */ - private BigInteger getCertFromAuthMgr(IAuthToken authToken, - X509Certificate[] certContainer) throws EBaseException { - X509CertImpl cert = authToken.getInCert(AuthToken.TOKEN_CERT); + private BigInteger getCertFromAuthMgr( + IAuthToken authToken, X509Certificate[] certContainer) + throws EBaseException { + X509CertImpl cert = + authToken.getInCert(AuthToken.TOKEN_CERT); if (cert == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CERTS_RENEW_FROM_AUTHMGR")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_CERTS_RENEW_FROM_AUTHMGR")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_CERTS_RENEW_FROM_AUTHMGR")); + CMS.getUserMessage("CMS_GW_MISSING_CERTS_RENEW_FROM_AUTHMGR")); } - if (mAuthority instanceof ICertificateAuthority && !isCertFromCA(cert)) { - log(ILogger.LL_FAILURE, "certficate from auth manager for " - + " renewal is not from this ca."); + if (mAuthority instanceof ICertificateAuthority && + !isCertFromCA(cert)) { + log(ILogger.LL_FAILURE, "certficate from auth manager for " + + " renewal is not from this ca."); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_RENEWAL")); + CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_RENEWAL")); } certContainer[0] = cert; BigInteger serialno = ((X509Certificate) cert).getSerialNumber(); diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationServlet.java index 6142d685..9b39acc7 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; + import java.io.IOException; import java.math.BigInteger; import java.security.cert.CertificateEncodingException; @@ -56,9 +57,10 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; + /** * Perform the first step in revoking a certificate - * + * * @version $Revision$, $Date$ */ public class RevocationServlet extends CMSServlet { @@ -70,11 +72,11 @@ public class RevocationServlet extends CMSServlet { // revocation templates. private final static String TPL_FILE = "reasonToRevoke.template"; - // http params + // http params public static final String SERIAL_NO = "serialNo"; - // XXX can't do pkcs10 cause it's got no serial no. + // XXX can't do pkcs10 cause it's got no serial no. // (unless put serial no in pki attributes) - // public static final String PKCS10 = "pkcs10"; + // public static final String PKCS10 = "pkcs10"; public static final String REASON_CODE = "reasonCode"; private String mFormPath = null; @@ -83,14 +85,15 @@ public class RevocationServlet extends CMSServlet { private Random mRandom = null; private Nonces mNonces = null; + public RevocationServlet() { super(); } /** - * initialize the servlet. This servlet uses the template file - * "reasonToRevoke.template" to render the result. - * + * initialize the servlet. This servlet uses + * the template file "reasonToRevoke.template" to render the + * result. * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -100,7 +103,8 @@ public class RevocationServlet extends CMSServlet { mFormPath = "/" + TPL_FILE; try { - mFormPath = sc.getInitParameter(PROP_SUCCESS_TEMPLATE); + mFormPath = sc.getInitParameter( + PROP_SUCCESS_TEMPLATE); if (mFormPath == null) mFormPath = "/" + TPL_FILE; @@ -111,7 +115,7 @@ public class RevocationServlet extends CMSServlet { } } - // set to false by revokeByDN=false in web.xml + // set to false by revokeByDN=false in web.xml mRevokeByDN = false; String tmp = sc.getInitParameter(PROP_REVOKEBYDN); @@ -123,26 +127,28 @@ public class RevocationServlet extends CMSServlet { } } + /** - * Process the HTTP request. Note that this servlet does not actually - * perform the certificate revocation. This is the first step in the - * multi-step revocation process. (the next step is in the ReasonToRevoke - * servlet. - * + * Process the HTTP request. Note that this servlet does not + * actually perform the certificate revocation. This is the first + * step in the multi-step revocation process. (the next step is + * in the ReasonToRevoke servlet. + * * @param cmsReq the object holding the request and response information */ - protected void process(CMSRequest cmsReq) throws EBaseException { + protected void process(CMSRequest cmsReq) + throws EBaseException { IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); - // revocation requires either: - // - coming from ee: - // - old cert from ssl client auth - // - old certs from auth manager - // - coming from agent or trusted RA: - // - serial no of cert to be revoked. - + // revocation requires either: + // - coming from ee: + // - old cert from ssl client auth + // - old certs from auth manager + // - coming from agent or trusted RA: + // - serial no of cert to be revoked. + BigInteger old_serial_no = null; X509CertImpl old_cert = null; String revokeAll = null; @@ -153,11 +159,10 @@ public class RevocationServlet extends CMSServlet { try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -169,50 +174,45 @@ public class RevocationServlet extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "submit"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "submit"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { cmsReq.setStatus(CMSRequest.UNAUTHORIZED); return; } - - // coming from agent - if (mAuthMgr != null - && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { + + // coming from agent + if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { X509Certificate[] cert = new X509Certificate[1]; old_serial_no = getCertFromAgent(httpParams, cert); old_cert = (X509CertImpl) cert[0]; } // coming from client else { - // from auth manager + // from auth manager X509CertImpl[] cert = new X509CertImpl[1]; - + old_serial_no = getCertFromAuthMgr(authToken, cert); old_cert = cert[0]; } - header.addStringValue("serialNumber", old_cert.getSerialNumber() - .toString(16)); - header.addStringValue("serialNumberDecimal", old_cert.getSerialNumber() - .toString()); - // header.addStringValue("subject", old_cert.getSubjectDN().toString()); - // header.addLongValue("validNotBefore", - // old_cert.getNotBefore().getTime()/1000); - // header.addLongValue("validNotAfter", - // old_cert.getNotAfter().getTime()/1000); + header.addStringValue("serialNumber", old_cert.getSerialNumber().toString(16)); + header.addStringValue("serialNumberDecimal", old_cert.getSerialNumber().toString()); + // header.addStringValue("subject", old_cert.getSubjectDN().toString()); + // header.addLongValue("validNotBefore", old_cert.getNotBefore().getTime()/1000); + // header.addLongValue("validNotAfter", old_cert.getNotAfter().getTime()/1000); if (mNonces != null) { long n = mRandom.nextLong(); - long m = mNonces.addNonce(n, (X509Certificate) old_cert); + long m = mNonces.addNonce(n, (X509Certificate)old_cert); if ((n + m) != 0) { header.addStringValue("nonce", Long.toString(m)); } @@ -222,20 +222,19 @@ public class RevocationServlet extends CMSServlet { X509CertImpl[] certsToRevoke = null; if (mAuthority instanceof ICertificateAuthority) { - certsToRevoke = ((ICertificateAuthority) mAuthority) - .getCertificateRepository().getX509Certificates( - old_cert.getSubjectDN().toString(), - ICertificateRepository.ALL_UNREVOKED_CERTS); + certsToRevoke = ((ICertificateAuthority) mAuthority).getCertificateRepository().getX509Certificates( + old_cert.getSubjectDN().toString(), + ICertificateRepository.ALL_UNREVOKED_CERTS); } else if (mAuthority instanceof IRegistrationAuthority) { IRequest req = mRequestQueue.newRequest(IRequest.GETCERTS_REQUEST); - String filter = "(&(" + ICertRecord.ATTR_X509CERT + "." - + X509CertInfo.SUBJECT + "=" - + old_cert.getSubjectDN().toString() + ")(|(" - + ICertRecord.ATTR_CERT_STATUS + "=" - + ICertRecord.STATUS_VALID + ")(" - + ICertRecord.ATTR_CERT_STATUS + "=" - + ICertRecord.STATUS_EXPIRED + ")))"; + String filter = "(&(" + ICertRecord.ATTR_X509CERT + "." + + X509CertInfo.SUBJECT + "=" + + old_cert.getSubjectDN().toString() + ")(|(" + + ICertRecord.ATTR_CERT_STATUS + "=" + + ICertRecord.STATUS_VALID + ")(" + + ICertRecord.ATTR_CERT_STATUS + "=" + + ICertRecord.STATUS_EXPIRED + ")))"; req.setExtData(IRequest.CERT_FILTER, filter); mRequestQueue.processRequest(req); @@ -249,8 +248,7 @@ public class RevocationServlet extends CMSServlet { String name = (String) enum1.nextElement(); if (name.equals(IRequest.OLD_CERTS)) { - X509CertImpl[] certs = req - .getExtDataInCertArray(IRequest.OLD_CERTS); + X509CertImpl[] certs = req.getExtDataInCertArray(IRequest.OLD_CERTS); certsToRevoke = certs; } @@ -264,20 +262,18 @@ public class RevocationServlet extends CMSServlet { if (certsToRevoke != null && certsToRevoke.length > 0) { for (int i = 0; i < certsToRevoke.length; i++) { - if (old_cert.getSerialNumber().equals( - certsToRevoke[i].getSerialNumber())) { + if (old_cert.getSerialNumber().equals(certsToRevoke[i].getSerialNumber())) { authorized = true; break; } } } - if (!noInfo - && (certsToRevoke == null || certsToRevoke.length == 0 || (!authorized))) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CA_CERT_ALREADY_REVOKED_1", old_serial_no.toString(16))); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CERT_ALREADY_REVOKED")); + if (!noInfo && (certsToRevoke == null || certsToRevoke.length == 0 || + (!authorized))) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CA_CERT_ALREADY_REVOKED_1", old_serial_no.toString(16))); + throw new ECMSGWException(CMS.getUserMessage("CMS_GW_CERT_ALREADY_REVOKED")); } if (!mRevokeByDN || noInfo) { @@ -287,8 +283,7 @@ public class RevocationServlet extends CMSServlet { byte[] ba = old_cert.getEncoded(); // Do base 64 encoding - header.addStringValue("b64eCertificate", - com.netscape.osutil.OSUtil.BtoA(ba)); + header.addStringValue("b64eCertificate", com.netscape.osutil.OSUtil.BtoA(ba)); } catch (CertificateEncodingException e) { } } @@ -300,16 +295,16 @@ public class RevocationServlet extends CMSServlet { for (int i = 0; i < certsToRevoke.length; i++) { IArgBlock rarg = CMS.createArgBlock(); - rarg.addStringValue("serialNumber", certsToRevoke[i] - .getSerialNumber().toString(16)); - rarg.addStringValue("serialNumberDecimal", certsToRevoke[i] - .getSerialNumber().toString()); - rarg.addStringValue("subject", certsToRevoke[i].getSubjectDN() - .toString()); - rarg.addLongValue("validNotBefore", certsToRevoke[i] - .getNotBefore().getTime() / 1000); - rarg.addLongValue("validNotAfter", certsToRevoke[i] - .getNotAfter().getTime() / 1000); + rarg.addStringValue("serialNumber", + certsToRevoke[i].getSerialNumber().toString(16)); + rarg.addStringValue("serialNumberDecimal", + certsToRevoke[i].getSerialNumber().toString()); + rarg.addStringValue("subject", + certsToRevoke[i].getSubjectDN().toString()); + rarg.addLongValue("validNotBefore", + certsToRevoke[i].getNotBefore().getTime() / 1000); + rarg.addLongValue("validNotAfter", + certsToRevoke[i].getNotAfter().getTime() / 1000); argSet.addRepeatRecord(rarg); } } else { @@ -318,7 +313,7 @@ public class RevocationServlet extends CMSServlet { } // set revocation reason, default to unspecified if not set. - int reasonCode = httpParams.getValueAsInt(REASON_CODE, 0); + int reasonCode = httpParams.getValueAsInt(REASON_CODE, 0); header.addIntegerValue("reason", reasonCode); @@ -329,11 +324,10 @@ public class RevocationServlet extends CMSServlet { form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } return; @@ -342,28 +336,29 @@ public class RevocationServlet extends CMSServlet { /** * get cert to revoke from agent. */ - private BigInteger getCertFromAgent(IArgBlock httpParams, - X509Certificate[] certContainer) throws EBaseException { + private BigInteger getCertFromAgent( + IArgBlock httpParams, X509Certificate[] certContainer) + throws EBaseException { BigInteger serialno = null; X509Certificate cert = null; // get serial no serialno = httpParams.getValueAsBigInteger(SERIAL_NO, null); if (serialno == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_REVOKE")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_REVOKE")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_SERIALNO_FOR_REVOKE")); + CMS.getUserMessage("CMS_GW_MISSING_SERIALNO_FOR_REVOKE")); } // get cert from db if we're cert authority. if (mAuthority instanceof ICertificateAuthority) { cert = getX509Certificate(serialno); if (cert == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_CERT_FOR_REVOCATION")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_INVALID_CERT_FOR_REVOCATION")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION")); + CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION")); } } certContainer[0] = cert; @@ -373,21 +368,23 @@ public class RevocationServlet extends CMSServlet { /** * get cert to revoke from auth manager */ - private BigInteger getCertFromAuthMgr(IAuthToken authToken, - X509Certificate[] certContainer) throws EBaseException { - X509CertImpl cert = authToken.getInCert(AuthToken.TOKEN_CERT); + private BigInteger getCertFromAuthMgr( + IAuthToken authToken, X509Certificate[] certContainer) + throws EBaseException { + X509CertImpl cert = + authToken.getInCert(AuthToken.TOKEN_CERT); if (cert == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CERTS_REVOKE_FROM_AUTHMGR")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_CERTS_REVOKE_FROM_AUTHMGR")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_CERTS_REVOKE_FROM_AUTHMGR")); + CMS.getUserMessage("CMS_GW_MISSING_CERTS_REVOKE_FROM_AUTHMGR")); } - if (mAuthority instanceof ICertificateAuthority && !isCertFromCA(cert)) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_CERT_FOR_REVOCATION")); + if (mAuthority instanceof ICertificateAuthority && + !isCertFromCA(cert)) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_CERT_FOR_REVOCATION")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION")); + CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION")); } certContainer[0] = cert; BigInteger serialno = ((X509Certificate) cert).getSerialNumber(); @@ -396,3 +393,4 @@ public class RevocationServlet extends CMSServlet { } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationSuccessTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationSuccessTemplateFiller.java index d3513320..3a571d44 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationSuccessTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationSuccessTemplateFiller.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; + import java.util.Locale; import javax.servlet.http.HttpServletRequest; @@ -30,13 +31,21 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ICMSTemplateFiller; + /** - * Certificates Template filler. must have list of certificates in result. looks - * at inputs: certtype. outputs: - cert type from http input (if any) - CA chain - * - authority name (RM, CM, DRM) - scheme:host:port of server. array of one or - * more - cert serial number - cert pretty print - cert in base 64 encoding. - - * cmmf blob to import - * + * Certificates Template filler. + * must have list of certificates in result. + * looks at inputs: certtype. + * outputs: + * - cert type from http input (if any) + * - CA chain + * - authority name (RM, CM, DRM) + * - scheme:host:port of server. + * array of one or more + * - cert serial number + * - cert pretty print + * - cert in base 64 encoding. + * - cmmf blob to import * @version $Revision$, $Date$ */ class RevocationSuccessTemplateFiller implements ICMSTemplateFiller { @@ -51,12 +60,13 @@ class RevocationSuccessTemplateFiller implements ICMSTemplateFiller { * @param locale locale of template. * @param e unexpected exception e. ignored. */ - public CMSTemplateParams getTemplateParams(CMSRequest cmsReq, - IAuthority authority, Locale locale, Exception e) throws Exception { + public CMSTemplateParams getTemplateParams( + CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) + throws Exception { IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams params = new CMSTemplateParams(null, fixed); - // set host name and port. + // set host name and port. HttpServletRequest httpReq = cmsReq.getHttpReq(); String host = httpReq.getServerName(); int port = httpReq.getServerPort(); @@ -67,14 +77,15 @@ class RevocationSuccessTemplateFiller implements ICMSTemplateFiller { fixed.set(ICMSTemplateFiller.SCHEME, scheme); // this authority - fixed.set(ICMSTemplateFiller.AUTHORITY, - (String) authority.getOfficialName()); + fixed.set(ICMSTemplateFiller.AUTHORITY, + (String) authority.getOfficialName()); // XXX CA chain. - RevokedCertImpl[] revoked = (RevokedCertImpl[]) cmsReq.getResult(); + RevokedCertImpl[] revoked = + (RevokedCertImpl[]) cmsReq.getResult(); - // revoked certs. + // revoked certs. for (int i = 0; i < revoked.length; i++) { IArgBlock repeat = CMS.createArgBlock(); @@ -85,3 +96,4 @@ class RevocationSuccessTemplateFiller implements ICMSTemplateFiller { return params; } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java b/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java index 40464e9e..84e7e784 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; + import java.io.IOException; import java.math.BigInteger; import java.security.PublicKey; @@ -60,9 +61,10 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; + /** * Search for certificates matching complex query filter - * + * * @version $Revision$, $Date$ */ public class SrchCerts extends CMSServlet { @@ -94,9 +96,8 @@ public class SrchCerts extends CMSServlet { } /** - * initialize the servlet. This servlet uses srchCert.template to render the - * response - * + * initialize the servlet. This servlet uses srchCert.template + * to render the response * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -110,8 +111,7 @@ public class SrchCerts extends CMSServlet { if (authConfig != null) { try { - mMaxReturns = authConfig.getInteger( - PROP_MAX_SEARCH_RETURNS, MAX_RESULTS); + mMaxReturns = authConfig.getInteger(PROP_MAX_SEARCH_RETURNS, MAX_RESULTS); } catch (EBaseException e) { // do nothing } @@ -128,8 +128,7 @@ public class SrchCerts extends CMSServlet { /* Server-Side time limit */ try { - int maxResults = Integer - .parseInt(sc.getInitParameter("maxResults")); + int maxResults = Integer.parseInt(sc.getInitParameter("maxResults")); if (maxResults < mMaxReturns) mMaxReturns = maxResults; } catch (Exception e) { @@ -141,21 +140,20 @@ public class SrchCerts extends CMSServlet { /* do nothing, just use the default if integer parsing failed */ } - /* - * useClientFilter should be off by default. We keep this parameter - * around so that we do not break the client applications that submits - * raw LDAP filter into this servlet. - */ - if (sc.getInitParameter("useClientFilter") != null - && sc.getInitParameter("useClientFilter").equalsIgnoreCase( - "true")) { + /* useClientFilter should be off by default. We keep + this parameter around so that we do not break + the client applications that submits raw LDAP + filter into this servlet. */ + if (sc.getInitParameter("useClientFilter") != null && + sc.getInitParameter("useClientFilter").equalsIgnoreCase("true")) { mUseClientFilter = true; } } - private boolean isOn(HttpServletRequest req, String name) { + private boolean isOn(HttpServletRequest req, String name) + { String inUse = req.getParameter(name); - if (inUse == null) { + if (inUse == null) { return false; } if (inUse.equals("on")) { @@ -164,9 +162,10 @@ public class SrchCerts extends CMSServlet { return false; } - private boolean isOff(HttpServletRequest req, String name) { + private boolean isOff(HttpServletRequest req, String name) + { String inUse = req.getParameter(name); - if (inUse == null) { + if (inUse == null) { return false; } if (inUse.equals("off")) { @@ -175,8 +174,8 @@ public class SrchCerts extends CMSServlet { return false; } - private void buildCertStatusFilter(HttpServletRequest req, - StringBuffer filter) { + private void buildCertStatusFilter(HttpServletRequest req, StringBuffer filter) + { if (!isOn(req, "statusInUse")) { return; } @@ -186,7 +185,8 @@ public class SrchCerts extends CMSServlet { filter.append(")"); } - private void buildProfileFilter(HttpServletRequest req, StringBuffer filter) { + private void buildProfileFilter(HttpServletRequest req, StringBuffer filter) + { if (!isOn(req, "profileInUse")) { return; } @@ -196,16 +196,16 @@ public class SrchCerts extends CMSServlet { filter.append(")"); } - private void buildBasicConstraintsFilter(HttpServletRequest req, - StringBuffer filter) { + private void buildBasicConstraintsFilter(HttpServletRequest req, StringBuffer filter) + { if (!isOn(req, "basicConstraintsInUse")) { return; } filter.append("(x509cert.BasicConstraints.isCA=on)"); } - private void buildSerialNumberRangeFilter(HttpServletRequest req, - StringBuffer filter) { + private void buildSerialNumberRangeFilter(HttpServletRequest req, StringBuffer filter) + { if (!isOn(req, "serialNumberRangeInUse")) { return; } @@ -225,8 +225,9 @@ public class SrchCerts extends CMSServlet { } } - private void buildAVAFilter(HttpServletRequest req, String paramName, - String avaName, StringBuffer lf, String match) { + private void buildAVAFilter(HttpServletRequest req, String paramName, + String avaName, StringBuffer lf, String match) + { String val = req.getParameter(paramName); if (val != null && !val.equals("")) { if (match != null && match.equals("exact")) { @@ -253,7 +254,8 @@ public class SrchCerts extends CMSServlet { } } - private void buildSubjectFilter(HttpServletRequest req, StringBuffer filter) { + private void buildSubjectFilter(HttpServletRequest req, StringBuffer filter) + { if (!isOn(req, "subjectInUse")) { return; } @@ -284,8 +286,9 @@ public class SrchCerts extends CMSServlet { } } - private void buildRevokedByFilter(HttpServletRequest req, - StringBuffer filter) { + private void buildRevokedByFilter(HttpServletRequest req, + StringBuffer filter) + { if (!isOn(req, "revokedByInUse")) { return; } @@ -299,8 +302,10 @@ public class SrchCerts extends CMSServlet { } } - private void buildDateFilter(HttpServletRequest req, String prefix, - String outStr, long adjustment, StringBuffer filter) { + private void buildDateFilter(HttpServletRequest req, String prefix, + String outStr, long adjustment, + StringBuffer filter) + { String queryCertFilter = null; long epoch = 0; try { @@ -319,16 +324,19 @@ public class SrchCerts extends CMSServlet { } private void buildRevokedOnFilter(HttpServletRequest req, - StringBuffer filter) { + StringBuffer filter) + { if (!isOn(req, "revokedOnInUse")) { return; } buildDateFilter(req, "revokedOnFrom", "certRevokedOn>=", 0, filter); - buildDateFilter(req, "revokedOnTo", "certRevokedOn<=", 86399999, filter); + buildDateFilter(req, "revokedOnTo", "certRevokedOn<=", 86399999, + filter); } private void buildRevocationReasonFilter(HttpServletRequest req, - StringBuffer filter) { + StringBuffer filter) + { if (!isOn(req, "revocationReasonInUse")) { return; } @@ -339,21 +347,23 @@ public class SrchCerts extends CMSServlet { String queryCertFilter = null; StringTokenizer st = new StringTokenizer(reasons, ","); if (st.hasMoreTokens()) { - filter.append("(|"); - while (st.hasMoreTokens()) { - String token = st.nextToken(); - if (queryCertFilter == null) { - queryCertFilter = ""; - } - filter.append("(x509cert.certRevoInfo="); - filter.append(token); - filter.append(")"); - } - filter.append(")"); + filter.append("(|"); + while (st.hasMoreTokens()) { + String token = st.nextToken(); + if (queryCertFilter == null) { + queryCertFilter = ""; + } + filter.append("(x509cert.certRevoInfo="); + filter.append(token); + filter.append(")"); + } + filter.append(")"); } } - private void buildIssuedByFilter(HttpServletRequest req, StringBuffer filter) { + private void buildIssuedByFilter(HttpServletRequest req, + StringBuffer filter) + { if (!isOn(req, "issuedByInUse")) { return; } @@ -367,38 +377,44 @@ public class SrchCerts extends CMSServlet { } } - private void buildIssuedOnFilter(HttpServletRequest req, StringBuffer filter) { + private void buildIssuedOnFilter(HttpServletRequest req, + StringBuffer filter) + { if (!isOn(req, "issuedOnInUse")) { return; } buildDateFilter(req, "issuedOnFrom", "certCreateTime>=", 0, filter); - buildDateFilter(req, "issuedOnTo", "certCreateTime<=", 86399999, filter); + buildDateFilter(req, "issuedOnTo", "certCreateTime<=", 86399999, + filter); } private void buildValidNotBeforeFilter(HttpServletRequest req, - StringBuffer filter) { + StringBuffer filter) + { if (!isOn(req, "validNotBeforeInUse")) { return; } - buildDateFilter(req, "validNotBeforeFrom", "x509cert.notBefore>=", 0, - filter); - buildDateFilter(req, "validNotBeforeTo", "x509cert.notBefore<=", - 86399999, filter); + buildDateFilter(req, "validNotBeforeFrom", "x509cert.notBefore>=", + 0, filter); + buildDateFilter(req, "validNotBeforeTo", "x509cert.notBefore<=", + 86399999, filter); } private void buildValidNotAfterFilter(HttpServletRequest req, - StringBuffer filter) { + StringBuffer filter) + { if (!isOn(req, "validNotAfterInUse")) { return; } - buildDateFilter(req, "validNotAfterFrom", "x509cert.notAfter>=", 0, - filter); - buildDateFilter(req, "validNotAfterTo", "x509cert.notAfter<=", - 86399999, filter); + buildDateFilter(req, "validNotAfterFrom", "x509cert.notAfter>=", + 0, filter); + buildDateFilter(req, "validNotAfterTo", "x509cert.notAfter<=", + 86399999, filter); } private void buildValidityLengthFilter(HttpServletRequest req, - StringBuffer filter) { + StringBuffer filter) + { if (!isOn(req, "validityLengthInUse")) { return; } @@ -422,7 +438,9 @@ public class SrchCerts extends CMSServlet { filter.append(")"); } - private void buildCertTypeFilter(HttpServletRequest req, StringBuffer filter) { + private void buildCertTypeFilter(HttpServletRequest req, + StringBuffer filter) + { if (!isOn(req, "certTypeInUse")) { return; } @@ -453,7 +471,8 @@ public class SrchCerts extends CMSServlet { } } - public String buildFilter(HttpServletRequest req) { + public String buildFilter(HttpServletRequest req) + { String queryCertFilter = req.getParameter("queryCertFilter"); StringBuffer filter = new StringBuffer(); @@ -485,8 +504,10 @@ public class SrchCerts extends CMSServlet { /** * Serves HTTP request. This format of this request is as follows: - * queryCert? [maxCount=<number>] [queryFilter=<filter>] - * [revokeAll=<filter>] + * queryCert? + * [maxCount=<number>] + * [queryFilter=<filter>] + * [revokeAll=<filter>] */ public void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest req = cmsReq.getHttpReq(); @@ -497,14 +518,14 @@ public class SrchCerts extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "list"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "list"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -530,10 +551,10 @@ public class SrchCerts extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } try { @@ -549,13 +570,11 @@ public class SrchCerts extends CMSServlet { timeLimit = Integer.parseInt(timeLimitStr); String queryCertFilter = buildFilter(req); - process(argSet, header, queryCertFilter, revokeAll, maxResults, - timeLimit, req, resp, locale[0]); + process(argSet, header, queryCertFilter, + revokeAll, maxResults, timeLimit, req, resp, locale[0]); } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); - error = new EBaseException(CMS.getUserMessage(getLocale(req), - "CMS_BASE_INVALID_NUMBER_FORMAT")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); + error = new EBaseException(CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT")); } catch (EBaseException e) { error = e; } @@ -566,32 +585,33 @@ public class SrchCerts extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - cmsReq.setStatus(CMSRequest.SUCCESS); - resp.setContentType("text/html"); - form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } /** * Process the key search. */ - private void process(CMSTemplateParams argSet, IArgBlock header, - String filter, String revokeAll, int maxResults, int timeLimit, - HttpServletRequest req, HttpServletResponse resp, Locale locale) - throws EBaseException { + private void process(CMSTemplateParams argSet, IArgBlock header, + String filter, String revokeAll, + int maxResults, int timeLimit, + HttpServletRequest req, HttpServletResponse resp, + Locale locale) + throws EBaseException { try { long startTime = CMS.getCurrentDate().getTime(); @@ -601,19 +621,15 @@ public class SrchCerts extends CMSServlet { // xxx the filter includes serial number range??? if (maxResults == -1 || maxResults > mMaxReturns) { - CMS.debug("Resetting maximum of returned results from " - + maxResults + " to " + mMaxReturns); + CMS.debug("Resetting maximum of returned results from " + maxResults + " to " + mMaxReturns); maxResults = mMaxReturns; } if (timeLimit == -1 || timeLimit > mTimeLimits) { - CMS.debug("Resetting timelimit from " + timeLimit + " to " - + mTimeLimits); + CMS.debug("Resetting timelimit from " + timeLimit + " to " + mTimeLimits); timeLimit = mTimeLimits; } - CMS.debug("Start searching ... " + "filter=" + filter - + " maxreturns=" + maxResults + " timelimit=" + timeLimit); - Enumeration e = mCertDB.searchCertificates(filter, maxResults, - timeLimit); + CMS.debug("Start searching ... " + "filter=" + filter + " maxreturns=" + maxResults + " timelimit=" + timeLimit); + Enumeration e = mCertDB.searchCertificates(filter, maxResults, timeLimit); int count = 0; @@ -655,8 +671,7 @@ public class SrchCerts extends CMSServlet { int i = filter.indexOf(CURRENT_TIME, k); while (i > -1) { - if (now == null) - now = new Date(); + if (now == null) now = new Date(); newFilter.append(filter.substring(k, i)); newFilter.append(now.getTime()); k = i + CURRENT_TIME.length(); @@ -672,7 +687,7 @@ public class SrchCerts extends CMSServlet { * Fills cert record into argument block. */ private void fillRecordIntoArg(ICertRecord rec, IArgBlock rarg) - throws EBaseException { + throws EBaseException { X509CertImpl xcert = rec.getCertificate(); @@ -680,21 +695,20 @@ public class SrchCerts extends CMSServlet { fillX509RecordIntoArg(rec, rarg); } } - + private void fillX509RecordIntoArg(ICertRecord rec, IArgBlock rarg) - throws EBaseException { + throws EBaseException { X509CertImpl cert = rec.getCertificate(); rarg.addIntegerValue("version", cert.getVersion()); rarg.addStringValue("serialNumber", cert.getSerialNumber().toString(16)); - rarg.addStringValue("serialNumberDecimal", cert.getSerialNumber() - .toString()); + rarg.addStringValue("serialNumberDecimal", cert.getSerialNumber().toString()); String subject = (String) cert.getSubjectDN().toString(); if (subject.equals("")) { - rarg.addStringValue("subject", " "); + rarg.addStringValue("subject", " "); } else { rarg.addStringValue("subject", subject); @@ -714,32 +728,28 @@ public class SrchCerts extends CMSServlet { if (pKey instanceof X509Key) { key = (X509Key) pKey; } - rarg.addStringValue("subjectPublicKeyAlgorithm", key - .getAlgorithmId().getOID().toString()); + rarg.addStringValue("subjectPublicKeyAlgorithm", key.getAlgorithmId().getOID().toString()); if (key.getAlgorithmId().toString().equalsIgnoreCase("RSA")) { RSAPublicKey rsaKey = new RSAPublicKey(key.getEncoded()); - rarg.addIntegerValue("subjectPublicKeyLength", - rsaKey.getKeySize()); + rarg.addIntegerValue("subjectPublicKeyLength", rsaKey.getKeySize()); } } catch (Exception e) { rarg.addStringValue("subjectPublicKeyAlgorithm", null); rarg.addIntegerValue("subjectPublicKeyLength", 0); } - rarg.addLongValue("validNotBefore", - cert.getNotBefore().getTime() / 1000); + rarg.addLongValue("validNotBefore", cert.getNotBefore().getTime() / 1000); rarg.addLongValue("validNotAfter", cert.getNotAfter().getTime() / 1000); rarg.addStringValue("signatureAlgorithm", cert.getSigAlgOID()); String issuedBy = rec.getIssuedBy(); - if (issuedBy == null) - issuedBy = ""; + if (issuedBy == null) issuedBy = ""; rarg.addStringValue("issuedBy", issuedBy); // cert.getIssuerDN().toString() rarg.addLongValue("issuedOn", rec.getCreateTime().getTime() / 1000); - rarg.addStringValue("revokedBy", ((rec.getRevokedBy() == null) ? "" - : rec.getRevokedBy())); + rarg.addStringValue("revokedBy", + ((rec.getRevokedBy() == null) ? "" : rec.getRevokedBy())); if (rec.getRevokedOn() == null) { rarg.addStringValue("revokedOn", null); } else { @@ -758,8 +768,7 @@ public class SrchCerts extends CMSServlet { Extension ext = (Extension) enum1.nextElement(); if (ext instanceof CRLReasonExtension) { - reason = ((CRLReasonExtension) ext).getReason() - .toInt(); + reason = ((CRLReasonExtension) ext).getReason().toInt(); break; } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java b/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java index 83e2d395..396f333b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; + import java.io.IOException; import java.math.BigInteger; import java.util.Date; @@ -58,9 +59,10 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; + /** * Force the CRL to be updated now. - * + * * @version $Revision$, $Date$ */ public class UpdateCRL extends CMSServlet { @@ -85,41 +87,40 @@ public class UpdateCRL extends CMSServlet { } /** - * Initializes the servlet. This servlet uses updateCRL.template to render - * the result + * Initializes the servlet. This servlet uses updateCRL.template + * to render the result */ public void init(ServletConfig sc) throws ServletException { super.init(sc); mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; if (mAuthority instanceof ICertificateAuthority) mCA = (ICertificateAuthority) mAuthority; - - // override success to do output orw own template. + + // override success to do output orw own template. mTemplates.remove(CMSRequest.SUCCESS); if (mOutputTemplatePath != null) mFormPath = mOutputTemplatePath; } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> * <li>http.param signatureAlgorithm the algorithm to use to sign the CRL - * <li>http.param waitForUpdate true/false - should the servlet wait until - * the CRL update is complete? + * <li>http.param waitForUpdate true/false - should the servlet wait until + * the CRL update is complete? * <li>http.param clearCRLCache true/false - should the CRL cache cleared - * before the CRL is generated? + * before the CRL is generated? * <li>http.param crlIssuingPoint the CRL Issuing Point to Update * </ul> - * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest req = cmsReq.getHttpReq(); HttpServletResponse resp = cmsReq.getHttpResp(); - IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats"); + IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats"); if (statsSub != null) { - statsSub.startTiming("crl", true /* main action */); + statsSub.startTiming("crl", true /* main action */); } long startTime = CMS.getCurrentDate().getTime(); @@ -127,20 +128,20 @@ public class UpdateCRL extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "update"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "update"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { cmsReq.setStatus(CMSRequest.UNAUTHORIZED); if (statsSub != null) { - statsSub.endTiming("crl"); + statsSub.endTiming("crl"); } return; } @@ -157,20 +158,21 @@ public class UpdateCRL extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); if (statsSub != null) { - statsSub.endTiming("crl"); + statsSub.endTiming("crl"); } throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } try { - String signatureAlgorithm = req.getParameter("signatureAlgorithm"); + String signatureAlgorithm = + req.getParameter("signatureAlgorithm"); - process(argSet, header, req, resp, signatureAlgorithm, locale[0]); + process(argSet, header, req, resp, + signatureAlgorithm, locale[0]); } catch (EBaseException e) { error = e; } @@ -181,43 +183,42 @@ public class UpdateCRL extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", + e.toString())); if (statsSub != null) { - statsSub.endTiming("crl"); + statsSub.endTiming("crl"); } throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } if (statsSub != null) { - statsSub.endTiming("crl"); + statsSub.endTiming("crl"); } } - private CRLExtensions crlEntryExtensions(String reason, String invalidity) { + private CRLExtensions crlEntryExtensions (String reason, String invalidity) { CRLExtensions entryExts = new CRLExtensions(); CRLReasonExtension crlReasonExtn = null; if (reason != null && reason.length() > 0) { try { - RevocationReason revReason = RevocationReason.fromInt(Integer - .parseInt(reason)); - if (revReason == null) - revReason = RevocationReason.UNSPECIFIED; + RevocationReason revReason = RevocationReason.fromInt(Integer.parseInt(reason)); + if (revReason == null) revReason = RevocationReason.UNSPECIFIED; crlReasonExtn = new CRLReasonExtension(revReason); } catch (Exception e) { - CMS.debug("Invalid revocation reason: " + reason); + CMS.debug("Invalid revocation reason: "+reason); } } @@ -227,16 +228,15 @@ public class UpdateCRL extends CMSServlet { Date invalidityDate = null; try { long backInTime = Long.parseLong(invalidity); - invalidityDate = new Date(now - (backInTime * 60000)); + invalidityDate = new Date(now-(backInTime*60000)); } catch (Exception e) { - CMS.debug("Invalid invalidity time offset: " + invalidity); + CMS.debug("Invalid invalidity time offset: "+invalidity); } if (invalidityDate != null) { try { - invalidityDateExtn = new InvalidityDateExtension( - invalidityDate); + invalidityDateExtn = new InvalidityDateExtension(invalidityDate); } catch (Exception e) { - CMS.debug("Error creating invalidity extension: " + e); + CMS.debug("Error creating invalidity extension: "+e); } } } @@ -245,8 +245,7 @@ public class UpdateCRL extends CMSServlet { try { entryExts.set(crlReasonExtn.getName(), crlReasonExtn); } catch (Exception e) { - CMS.debug("Error adding revocation reason extension to entry extensions: " - + e); + CMS.debug("Error adding revocation reason extension to entry extensions: "+e); } } @@ -254,16 +253,14 @@ public class UpdateCRL extends CMSServlet { try { entryExts.set(invalidityDateExtn.getName(), invalidityDateExtn); } catch (Exception e) { - CMS.debug("Error adding invalidity date extension to entry extensions: " - + e); + CMS.debug("Error adding invalidity date extension to entry extensions: "+e); } } return entryExts; } - private void addInfo(CMSTemplateParams argSet, - ICRLIssuingPoint crlIssuingPoint, long cacheUpdate) { + private void addInfo(CMSTemplateParams argSet, ICRLIssuingPoint crlIssuingPoint, long cacheUpdate) { IArgBlock rarg = CMS.createArgBlock(); rarg.addLongValue("cacheUpdate", cacheUpdate); @@ -295,12 +292,18 @@ public class UpdateCRL extends CMSServlet { } private void process(CMSTemplateParams argSet, IArgBlock header, - HttpServletRequest req, HttpServletResponse resp, - String signatureAlgorithm, Locale locale) throws EBaseException { + HttpServletRequest req, + HttpServletResponse resp, + String signatureAlgorithm, + Locale locale) + throws EBaseException { long startTime = CMS.getCurrentDate().getTime(); - String waitForUpdate = req.getParameter("waitForUpdate"); - String clearCache = req.getParameter("clearCRLCache"); - String crlIssuingPointId = req.getParameter("crlIssuingPoint"); + String waitForUpdate = + req.getParameter("waitForUpdate"); + String clearCache = + req.getParameter("clearCRLCache"); + String crlIssuingPointId = + req.getParameter("crlIssuingPoint"); String test = req.getParameter("test"); String add = req.getParameter("add"); String from = req.getParameter("from"); @@ -318,41 +321,40 @@ public class UpdateCRL extends CMSServlet { if (crlIssuingPointId.equals(ip.getId())) { break; } - if (!ips.hasMoreElements()) - crlIssuingPointId = null; + if (!ips.hasMoreElements()) crlIssuingPointId = null; } } if (crlIssuingPointId == null) { crlIssuingPointId = ICertificateAuthority.PROP_MASTER_CRL; } - ICRLIssuingPoint crlIssuingPoint = mCA - .getCRLIssuingPoint(crlIssuingPointId); + ICRLIssuingPoint crlIssuingPoint = + mCA.getCRLIssuingPoint(crlIssuingPointId); header.addStringValue("crlIssuingPoint", crlIssuingPointId); IPublisherProcessor lpm = mCA.getPublisherProcessor(); if (crlIssuingPoint != null) { - if (clearCache != null - && clearCache.equals("true") - && crlIssuingPoint.isCRLGenerationEnabled() - && crlIssuingPoint.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_UPDATE_DONE - && crlIssuingPoint.isCRLIssuingPointInitialized() == ICRLIssuingPoint.CRL_IP_INITIALIZED) { + if (clearCache != null && clearCache.equals("true") && + crlIssuingPoint.isCRLGenerationEnabled() && + crlIssuingPoint.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_UPDATE_DONE && + crlIssuingPoint.isCRLIssuingPointInitialized() + == ICRLIssuingPoint.CRL_IP_INITIALIZED) { crlIssuingPoint.clearCRLCache(); } - if (waitForUpdate != null - && waitForUpdate.equals("true") - && crlIssuingPoint.isCRLGenerationEnabled() - && crlIssuingPoint.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_UPDATE_DONE - && crlIssuingPoint.isCRLIssuingPointInitialized() == ICRLIssuingPoint.CRL_IP_INITIALIZED) { - if (test != null && test.equals("true") - && crlIssuingPoint.isCRLCacheTestingEnabled() - && (!mTesting.contains(crlIssuingPointId))) { + if (waitForUpdate != null && waitForUpdate.equals("true") && + crlIssuingPoint.isCRLGenerationEnabled() && + crlIssuingPoint.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_UPDATE_DONE && + crlIssuingPoint.isCRLIssuingPointInitialized() + == ICRLIssuingPoint.CRL_IP_INITIALIZED) { + if (test != null && test.equals("true") && + crlIssuingPoint.isCRLCacheTestingEnabled() && + (!mTesting.contains(crlIssuingPointId))) { CMS.debug("CRL test started."); mTesting.add(crlIssuingPointId); BigInteger addLen = null; BigInteger startFrom = null; - if (add != null && add.length() > 0 && from != null - && from.length() > 0) { + if (add != null && add.length() > 0 && + from != null && from.length() > 0) { try { addLen = new BigInteger(add); startFrom = new BigInteger(from); @@ -363,8 +365,7 @@ public class UpdateCRL extends CMSServlet { Date revocationDate = CMS.getCurrentDate(); String err = null; - CRLExtensions entryExts = crlEntryExtensions(reason, - invalidity); + CRLExtensions entryExts = crlEntryExtensions (reason, invalidity); BigInteger serialNumber = startFrom; BigInteger counter = addLen; @@ -378,25 +379,22 @@ public class UpdateCRL extends CMSServlet { long t1 = System.currentTimeMillis(); long t2 = 0; - + while (counter.compareTo(BigInteger.ZERO) > 0) { - RevokedCertImpl revokedCert = new RevokedCertImpl( - serialNumber, revocationDate, entryExts); - crlIssuingPoint.addRevokedCert(serialNumber, - revokedCert); + RevokedCertImpl revokedCert = + new RevokedCertImpl(serialNumber, revocationDate, entryExts); + crlIssuingPoint.addRevokedCert(serialNumber, revokedCert); serialNumber = serialNumber.add(BigInteger.ONE); counter = counter.subtract(BigInteger.ONE); - if ((counter.compareTo(BigInteger.ZERO) == 0) - || (stepBy != null && ((counter.mod(stepBy)) - .compareTo(BigInteger.ZERO) == 0))) { + if ((counter.compareTo(BigInteger.ZERO) == 0) || + (stepBy != null && ((counter.mod(stepBy)).compareTo(BigInteger.ZERO) == 0))) { t2 = System.currentTimeMillis(); long t0 = t2 - t1; t1 = t2; try { if (signatureAlgorithm != null) { - crlIssuingPoint - .updateCRLNow(signatureAlgorithm); + crlIssuingPoint.updateCRLNow(signatureAlgorithm); } else { crlIssuingPoint.updateCRLNow(); } @@ -422,12 +420,12 @@ public class UpdateCRL extends CMSServlet { mTesting.remove(crlIssuingPointId); CMS.debug("CRL test finished."); - } else if (test != null && test.equals("true") - && crlIssuingPoint.isCRLCacheTestingEnabled() - && mTesting.contains(crlIssuingPointId)) { + } else if (test != null && test.equals("true") && + crlIssuingPoint.isCRLCacheTestingEnabled() && + mTesting.contains(crlIssuingPointId)) { header.addStringValue("crlUpdate", "testingInProgress"); - } else if (test != null && test.equals("true") - && (!crlIssuingPoint.isCRLCacheTestingEnabled())) { + } else if (test != null && test.equals("true") && + (!crlIssuingPoint.isCRLCacheTestingEnabled())) { header.addStringValue("crlUpdate", "testingNotEnabled"); } else { try { @@ -437,8 +435,7 @@ public class UpdateCRL extends CMSServlet { long now1 = System.currentTimeMillis(); if (signatureAlgorithm != null) { - crlIssuingPoint - .updateCRLNow(signatureAlgorithm); + crlIssuingPoint.updateCRLNow(signatureAlgorithm); } else { crlIssuingPoint.updateCRLNow(); } @@ -451,80 +448,60 @@ public class UpdateCRL extends CMSServlet { } if (lpm != null && lpm.enabled()) { - Enumeration rules = lpm - .getRules(IPublisherProcessor.PROP_LOCAL_CRL); + Enumeration rules = lpm.getRules(IPublisherProcessor.PROP_LOCAL_CRL); if (rules != null && rules.hasMoreElements()) { if (publishError != null) { - header.addStringValue("crlPublished", - "Failure"); - header.addStringValue("error", - publishError.toString(locale)); + header.addStringValue("crlPublished", "Failure"); + header.addStringValue("error", publishError.toString(locale)); } else { - header.addStringValue("crlPublished", - "Success"); + header.addStringValue("crlPublished", "Success"); } } } // for audit log SessionContext sContext = SessionContext.getContext(); - String agentId = (String) sContext - .get(SessionContext.USER_ID); - IAuthToken authToken = (IAuthToken) sContext - .get(SessionContext.AUTH_TOKEN); + String agentId = (String) sContext.get(SessionContext.USER_ID); + IAuthToken authToken = (IAuthToken) sContext.get(SessionContext.AUTH_TOKEN); String authMgr = AuditFormat.NOAUTH; - + if (authToken != null) { - authMgr = authToken - .getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); + authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); } long endTime = CMS.getCurrentDate().getTime(); if (crlIssuingPoint.getNextUpdate() != null) { - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.CRLUPDATEFORMAT, - new Object[] { - AuditFormat.FROMAGENT - + " agentID: " + agentId, - authMgr, - "completed", - crlIssuingPoint.getId(), - crlIssuingPoint.getCRLNumber(), - crlIssuingPoint.getLastUpdate(), - crlIssuingPoint.getNextUpdate(), - Long.toString(crlIssuingPoint - .getCRLSize()) - + " time: " - + (endTime - startTime) }); - } else { - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.CRLUPDATEFORMAT, - new Object[] { - AuditFormat.FROMAGENT - + " agentID: " + agentId, - authMgr, - "completed", - crlIssuingPoint.getId(), - crlIssuingPoint.getCRLNumber(), - crlIssuingPoint.getLastUpdate(), - "not set", - Long.toString(crlIssuingPoint - .getCRLSize()) - + " time: " - + (endTime - startTime) }); + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.CRLUPDATEFORMAT, + new Object[] { + AuditFormat.FROMAGENT + " agentID: " + agentId, + authMgr, + "completed", + crlIssuingPoint.getId(), + crlIssuingPoint.getCRLNumber(), + crlIssuingPoint.getLastUpdate(), + crlIssuingPoint.getNextUpdate(), + Long.toString(crlIssuingPoint.getCRLSize()) + " time: " + (endTime - startTime)} + ); + }else { + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.CRLUPDATEFORMAT, + new Object[] { + AuditFormat.FROMAGENT + " agentID: " + agentId, + authMgr, + "completed", + crlIssuingPoint.getId(), + crlIssuingPoint.getCRLNumber(), + crlIssuingPoint.getLastUpdate(), + "not set", + Long.toString(crlIssuingPoint.getCRLSize()) + " time: " + (endTime - startTime)} + ); } } catch (EBaseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_UPDATE_CRL", - e.toString())); - if ((lpm != null) && lpm.enabled() - && (e instanceof ELdapException)) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_UPDATE_CRL", e.toString())); + if ((lpm != null) && lpm.enabled() && (e instanceof ELdapException)) { header.addStringValue("crlPublished", "Failure"); header.addStringValue("error", e.toString(locale)); } else { @@ -533,10 +510,12 @@ public class UpdateCRL extends CMSServlet { } } } else { - if (crlIssuingPoint.isCRLIssuingPointInitialized() != ICRLIssuingPoint.CRL_IP_INITIALIZED) { + if (crlIssuingPoint.isCRLIssuingPointInitialized() + != ICRLIssuingPoint.CRL_IP_INITIALIZED) { header.addStringValue("crlUpdate", "notInitialized"); - } else if (crlIssuingPoint.isCRLUpdateInProgress() != ICRLIssuingPoint.CRL_UPDATE_DONE - || crlIssuingPoint.isManualUpdateSet()) { + } else if (crlIssuingPoint.isCRLUpdateInProgress() + != ICRLIssuingPoint.CRL_UPDATE_DONE || + crlIssuingPoint.isManualUpdateSet()) { header.addStringValue("crlUpdate", "inProgress"); } else if (!crlIssuingPoint.isCRLGenerationEnabled()) { header.addStringValue("crlUpdate", "Disabled"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateDir.java b/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateDir.java index 8ea34b1b..ccba3362 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateDir.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateDir.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; + import java.io.IOException; import java.math.BigInteger; import java.util.Enumeration; @@ -57,9 +58,10 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; + /** * Update the configured LDAP server with specified objects - * + * * @version $Revision$, $Date$ */ public class UpdateDir extends CMSServlet { @@ -83,10 +85,12 @@ public class UpdateDir extends CMSServlet { private final static int REVOKED_FROM = 10; private final static int REVOKED_TO = 11; private final static int CHECK_FLAG = 12; - private final static String[] updateName = { "updateAll", "updateCRL", - "updateCA", "updateValid", "validFrom", "validTo", "updateExpired", - "expiredFrom", "expiredTo", "updateRevoked", "revokedFrom", - "revokedTo", "checkFlag" }; + private final static String[] updateName = + {"updateAll", "updateCRL", "updateCA", + "updateValid", "validFrom", "validTo", + "updateExpired", "expiredFrom", "expiredTo", + "updateRevoked", "revokedFrom", "revokedTo", + "checkFlag"}; private String mFormPath = null; private ICertificateAuthority mCA = null; @@ -108,7 +112,7 @@ public class UpdateDir extends CMSServlet { public void init(ServletConfig sc) throws ServletException { super.init(sc); - if (mAuthority != null) { + if( mAuthority != null ) { mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; if (mAuthority instanceof ICertificateAuthority) { mCA = (ICertificateAuthority) mAuthority; @@ -125,8 +129,8 @@ public class UpdateDir extends CMSServlet { } /** - * Process the HTTP request. - * + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -138,14 +142,14 @@ public class UpdateDir extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "update"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "update"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -165,19 +169,18 @@ public class UpdateDir extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } try { String crlIssuingPointId = req.getParameter("crlIssuingPoint"); - if (mPublisherProcessor == null || !mPublisherProcessor.enabled()) - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_NO_PUB_MODULE")); + if (mPublisherProcessor == null || + !mPublisherProcessor.enabled()) + throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_PUB_MODULE")); String[] updateValue = new String[updateName.length]; @@ -185,17 +188,14 @@ public class UpdateDir extends CMSServlet { updateValue[i] = req.getParameter(updateName[i]); } - String masterHost = CMS.getConfigStore().getString( - "master.ca.agent.host", ""); - String masterPort = CMS.getConfigStore().getString( - "master.ca.agent.port", ""); - if (masterHost != null && masterHost.length() > 0 - && masterPort != null && masterPort.length() > 0) { + String masterHost = CMS.getConfigStore().getString("master.ca.agent.host", ""); + String masterPort = CMS.getConfigStore().getString("master.ca.agent.port", ""); + if (masterHost != null && masterHost.length() > 0 && + masterPort != null && masterPort.length() > 0) { mClonedCA = true; } - process(argSet, header, req, resp, crlIssuingPointId, updateValue, - locale[0]); + process(argSet, header, req, resp, crlIssuingPointId, updateValue, locale[0]); } catch (EBaseException e) { error = e; } @@ -206,28 +206,29 @@ public class UpdateDir extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } - private void updateCRLIssuingPoint(IArgBlock header, - String crlIssuingPointId, ICRLIssuingPoint crlIssuingPoint, - Locale locale) { + private void updateCRLIssuingPoint( + IArgBlock header, + String crlIssuingPointId, + ICRLIssuingPoint crlIssuingPoint, + Locale locale) { SessionContext sc = SessionContext.getContext(); sc.put(ICRLIssuingPoint.SC_ISSUING_POINT_ID, crlIssuingPointId); @@ -236,67 +237,53 @@ public class UpdateDir extends CMSServlet { try { if (mCRLRepository != null) { - crlRecord = (ICRLIssuingPointRecord) mCRLRepository - .readCRLIssuingPointRecord(crlIssuingPointId); + crlRecord = (ICRLIssuingPointRecord)mCRLRepository.readCRLIssuingPointRecord(crlIssuingPointId); } } catch (EBaseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_CRL_RECORD", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_CRL_RECORD", e.toString())); } if (crlRecord == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId)); header.addStringValue("crlPublished", "Failure"); - header.addStringValue( - "crlError", - new ECMSGWException(CMS.getUserMessage(locale, - "CMS_GW_CRL_NOT_YET_UPDATED")).toString()); + header.addStringValue("crlError", + new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString()); } else { - String publishDN = (crlIssuingPoint != null) ? crlIssuingPoint - .getPublishDN() : null; + String publishDN = (crlIssuingPoint != null)? crlIssuingPoint.getPublishDN(): null; byte[] crlbytes = crlRecord.getCRL(); if (crlbytes == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", "")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", "")); header.addStringValue("crlPublished", "Failure"); - header.addStringValue( - "crlError", - new ECMSGWException(CMS.getUserMessage(locale, - "CMS_GW_CRL_NOT_YET_UPDATED")).toString()); + header.addStringValue("crlError", + new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString()); } else { X509CRLImpl crl = null; try { crl = new X509CRLImpl(crlbytes); } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_DECODE_CRL", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_DECODE_CRL", e.toString())); } if (crl == null) { header.addStringValue("crlPublished", "Failure"); - header.addStringValue( - "crlError", - new ECMSGWException(CMS.getUserMessage(locale, - "CMS_GW_DECODE_CRL_FAILED")).toString()); + header.addStringValue("crlError", + new ECMSGWException(CMS.getUserMessage(locale,"CMS_GW_DECODE_CRL_FAILED")).toString()); } else { try { if (publishDN != null) { mPublisherProcessor.publishCRL(publishDN, crl); } else { - mPublisherProcessor.publishCRL(crl, - crlIssuingPointId); + mPublisherProcessor.publishCRL(crl,crlIssuingPointId); } header.addStringValue("crlPublished", "Success"); } catch (ELdapException e) { header.addStringValue("crlPublished", "Failure"); header.addStringValue("crlError", e.toString(locale)); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("LDAP_ERROR_PUBLISH_CRL", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("LDAP_ERROR_PUBLISH_CRL", e.toString())); } } } @@ -311,9 +298,7 @@ public class UpdateDir extends CMSServlet { try { deltaCrl = new X509CRLImpl(deltaCrlBytes); } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_DECODE_DELTA_CRL", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_DECODE_DELTA_CRL", e.toString())); } boolean goodDelta = false; @@ -321,26 +306,24 @@ public class UpdateDir extends CMSServlet { BigInteger crlNumber = crlRecord.getCRLNumber(); BigInteger deltaNumber = crlRecord.getDeltaCRLNumber(); Long deltaCRLSize = crlRecord.getDeltaCRLSize(); - if (deltaCRLSize != null && deltaCRLSize.longValue() > -1 - && crlNumber != null && deltaNumber != null - && deltaNumber.compareTo(crlNumber) >= 0) { + if (deltaCRLSize != null && deltaCRLSize.longValue() > -1 && + crlNumber != null && deltaNumber != null && + deltaNumber.compareTo(crlNumber) >= 0) { goodDelta = true; } } - if (deltaCrl != null - && ((mClonedCA && goodDelta) || (crlIssuingPoint != null && crlIssuingPoint - .isThisCurrentDeltaCRL(deltaCrl)))) { + if (deltaCrl != null && ((mClonedCA && goodDelta) || + (crlIssuingPoint != null && + crlIssuingPoint.isThisCurrentDeltaCRL(deltaCrl)))) { try { if (publishDN != null) { mPublisherProcessor.publishCRL(publishDN, deltaCrl); } else { - mPublisherProcessor.publishCRL(deltaCrl, - crlIssuingPointId); + mPublisherProcessor.publishCRL(deltaCrl,crlIssuingPointId); } } catch (ELdapException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERR_PUBLISH_DELTA_CRL", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_PUBLISH_DELTA_CRL", e.toString())); } } } @@ -348,14 +331,17 @@ public class UpdateDir extends CMSServlet { } private void process(CMSTemplateParams argSet, IArgBlock header, - HttpServletRequest req, HttpServletResponse resp, - String crlIssuingPointId, String[] updateValue, Locale locale) - throws EBaseException { + HttpServletRequest req, + HttpServletResponse resp, + String crlIssuingPointId, + String[] updateValue, + Locale locale) + throws EBaseException { // all or crl - if ((updateValue[UPDATE_ALL] != null && updateValue[UPDATE_ALL] - .equalsIgnoreCase("yes")) - || (updateValue[UPDATE_CRL] != null && updateValue[UPDATE_CRL] - .equalsIgnoreCase("yes"))) { + if ((updateValue[UPDATE_ALL] != null && + updateValue[UPDATE_ALL].equalsIgnoreCase("yes")) || + (updateValue[UPDATE_CRL] != null && + updateValue[UPDATE_CRL].equalsIgnoreCase("yes"))) { // check if received issuing point ID is known to the server if (crlIssuingPointId != null) { Enumeration ips = mCA.getCRLIssuingPoints(); @@ -366,8 +352,7 @@ public class UpdateDir extends CMSServlet { if (crlIssuingPointId.equals(ip.getId())) { break; } - if (!ips.hasMoreElements()) - crlIssuingPointId = null; + if (!ips.hasMoreElements()) crlIssuingPointId = null; } } if (crlIssuingPointId == null) { @@ -376,7 +361,7 @@ public class UpdateDir extends CMSServlet { Vector ipNames = mCRLRepository.getIssuingPointsNames(); if (ipNames != null && ipNames.size() > 0) { for (int i = 0; i < ipNames.size(); i++) { - String ipName = (String) ipNames.elementAt(i); + String ipName = (String)ipNames.elementAt(i); updateCRLIssuingPoint(header, ipName, null, locale); } @@ -385,49 +370,46 @@ public class UpdateDir extends CMSServlet { Enumeration oips = mCA.getCRLIssuingPoints(); while (oips.hasMoreElements()) { - ICRLIssuingPoint oip = (ICRLIssuingPoint) oips - .nextElement(); + ICRLIssuingPoint oip = (ICRLIssuingPoint) oips.nextElement(); updateCRLIssuingPoint(header, oip.getId(), oip, locale); } } } else { - ICRLIssuingPoint crlIssuingPoint = mCA - .getCRLIssuingPoint(crlIssuingPointId); + ICRLIssuingPoint crlIssuingPoint = + mCA.getCRLIssuingPoint(crlIssuingPointId); ICRLIssuingPointRecord crlRecord = null; - updateCRLIssuingPoint(header, crlIssuingPointId, - crlIssuingPoint, locale); + updateCRLIssuingPoint(header, crlIssuingPointId, + crlIssuingPoint, locale); } } - ICertificateRepository certificateRepository = (ICertificateRepository) mCA - .getCertificateRepository(); + ICertificateRepository certificateRepository = (ICertificateRepository) mCA.getCertificateRepository(); // all or ca - if ((updateValue[UPDATE_ALL] != null && updateValue[UPDATE_ALL] - .equalsIgnoreCase("yes")) - || (updateValue[UPDATE_CA] != null && updateValue[UPDATE_CA] - .equalsIgnoreCase("yes"))) { + if ((updateValue[UPDATE_ALL] != null && + updateValue[UPDATE_ALL].equalsIgnoreCase("yes")) || + (updateValue[UPDATE_CA] != null && + updateValue[UPDATE_CA].equalsIgnoreCase("yes"))) { X509CertImpl caCert = mCA.getSigningUnit().getCertImpl(); try { mPublisherProcessor.publishCACert(caCert); header.addStringValue("caCertPublished", "Success"); } catch (ELdapException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "LDAP_ERROR_PUBLISH_CACERT_1", caCert.getSerialNumber() - .toString(16), e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("LDAP_ERROR_PUBLISH_CACERT_1", + caCert.getSerialNumber().toString(16), e.toString())); header.addStringValue("caCertPublished", "Failure"); header.addStringValue("caCertError", e.toString(locale)); } } // all or valid - if ((updateValue[UPDATE_ALL] != null && updateValue[UPDATE_ALL] - .equalsIgnoreCase("yes")) - || (updateValue[UPDATE_VALID] != null && updateValue[UPDATE_VALID] - .equalsIgnoreCase("yes"))) { + if ((updateValue[UPDATE_ALL] != null && + updateValue[UPDATE_ALL].equalsIgnoreCase("yes")) || + (updateValue[UPDATE_VALID] != null && + updateValue[UPDATE_VALID].equalsIgnoreCase("yes"))) { if (certificateRepository != null) { if (updateValue[VALID_FROM].startsWith("0x")) { updateValue[VALID_FROM] = hexToDecimal(updateValue[VALID_FROM]); @@ -437,15 +419,17 @@ public class UpdateDir extends CMSServlet { } Enumeration validCerts = null; - if (updateValue[CHECK_FLAG] != null - && updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) { - validCerts = certificateRepository - .getValidNotPublishedCertificates( - updateValue[VALID_FROM], - updateValue[VALID_TO]); + if (updateValue[CHECK_FLAG] != null && + updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) { + validCerts = + certificateRepository.getValidNotPublishedCertificates( + updateValue[VALID_FROM], + updateValue[VALID_TO]); } else { - validCerts = certificateRepository.getValidCertificates( - updateValue[VALID_FROM], updateValue[VALID_TO]); + validCerts = + certificateRepository.getValidCertificates( + updateValue[VALID_FROM], + updateValue[VALID_TO]); } int i = 0; int l = 0; @@ -453,9 +437,9 @@ public class UpdateDir extends CMSServlet { if (validCerts != null) { while (validCerts.hasMoreElements()) { - ICertRecord certRecord = (ICertRecord) validCerts - .nextElement(); - // X509CertImpl cert = certRecord.getCertificate(); + ICertRecord certRecord = + (ICertRecord) validCerts.nextElement(); + //X509CertImpl cert = certRecord.getCertificate(); X509CertImpl cert = null; Object o = certRecord.getCertificate(); @@ -465,92 +449,84 @@ public class UpdateDir extends CMSServlet { MetaInfo metaInfo = null; String ridString = null; - metaInfo = (MetaInfo) certRecord - .get(ICertRecord.ATTR_META_INFO); + metaInfo = (MetaInfo) certRecord.get(ICertRecord.ATTR_META_INFO); if (metaInfo == null) { // ca's self signed signing cert and // server cert has no related request and // have no metaInfo - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_FAIL_GET_ICERT_RECORD", cert - .getSerialNumber().toString(16))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_FAIL_GET_ICERT_RECORD", + cert.getSerialNumber().toString(16))); } else { - ridString = (String) metaInfo - .get(ICertRecord.META_REQUEST_ID); + ridString = (String) metaInfo.get(ICertRecord.META_REQUEST_ID); } IRequest r = null; if (ridString != null) { RequestId rid = new RequestId(ridString); - + r = mCA.getRequestQueue().findRequest(rid); - } + } try { l++; - SessionContext sc = SessionContext.getContext(); + SessionContext sc = SessionContext.getContext(); if (r == null) { if (CMS.isEncryptionCert(cert)) - sc.put((Object) "isEncryptionCert", - (Object) "true"); - else - sc.put((Object) "isEncryptionCert", - (Object) "false"); + sc.put((Object) "isEncryptionCert", (Object) "true"); + else + sc.put((Object) "isEncryptionCert", (Object) "false"); mPublisherProcessor.publishCert(cert, null); } else { if (CMS.isEncryptionCert(cert)) r.setExtData("isEncryptionCert", "true"); - else + else r.setExtData("isEncryptionCert", "false"); mPublisherProcessor.publishCert(cert, r); } i++; } catch (Exception e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_FAIL_PUBLISH_CERT", certRecord - .getSerialNumber().toString(16), e - .toString())); - validCertsError += "Failed to publish certificate: 0x" - + certRecord.getSerialNumber().toString(16) - + ".\n <BR> "; + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_FAIL_PUBLISH_CERT", certRecord.getSerialNumber().toString(16), + e.toString())); + validCertsError += + "Failed to publish certificate: 0x" + + certRecord.getSerialNumber().toString(16) + + ".\n <BR> "; } } } if (i > 0 && i == l) { - header.addStringValue("validCertsPublished", "Success"); + header.addStringValue("validCertsPublished", + "Success"); if (i == 1) - header.addStringValue( - "validCertsError", - i - + " valid certificate is published in the directory."); + header.addStringValue("validCertsError", i + + " valid certificate is published in the directory."); else - header.addStringValue( - "validCertsError", - i - + " valid certificates are published in the directory."); + header.addStringValue("validCertsError", i + + " valid certificates are published in the directory."); } else { if (l == 0) { header.addStringValue("validCertsPublished", "No"); } else { header.addStringValue("validCertsPublished", "Failure"); - header.addStringValue("validCertsError", - validCertsError); + header.addStringValue("validCertsError", + validCertsError); } } } else { header.addStringValue("validCertsPublished", "Failure"); - header.addStringValue("validCertsError", - "Certificate repository is unavailable."); + header.addStringValue("validCertsError", "Certificate repository is unavailable."); } } // all or expired - if ((updateValue[UPDATE_ALL] != null && updateValue[UPDATE_ALL] - .equalsIgnoreCase("yes")) - || (updateValue[UPDATE_EXPIRED] != null && updateValue[UPDATE_EXPIRED] - .equalsIgnoreCase("yes"))) { + if ((updateValue[UPDATE_ALL] != null && + updateValue[UPDATE_ALL].equalsIgnoreCase("yes")) || + (updateValue[UPDATE_EXPIRED] != null && + updateValue[UPDATE_EXPIRED].equalsIgnoreCase("yes"))) { if (certificateRepository != null) { if (updateValue[EXPIRED_FROM].startsWith("0x")) { updateValue[EXPIRED_FROM] = hexToDecimal(updateValue[EXPIRED_FROM]); @@ -560,26 +536,27 @@ public class UpdateDir extends CMSServlet { } Enumeration expiredCerts = null; - if (updateValue[CHECK_FLAG] != null - && updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) { - expiredCerts = certificateRepository - .getExpiredPublishedCertificates( - updateValue[EXPIRED_FROM], - updateValue[EXPIRED_TO]); + if (updateValue[CHECK_FLAG] != null && + updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) { + expiredCerts = + certificateRepository.getExpiredPublishedCertificates( + updateValue[EXPIRED_FROM], + updateValue[EXPIRED_TO]); } else { - expiredCerts = certificateRepository - .getExpiredCertificates(updateValue[EXPIRED_FROM], - updateValue[EXPIRED_TO]); + expiredCerts = + certificateRepository.getExpiredCertificates( + updateValue[EXPIRED_FROM], + updateValue[EXPIRED_TO]); } int i = 0; int l = 0; StringBuffer expiredCertsError = new StringBuffer(); - if (expiredCerts != null) { + if (expiredCerts != null) { while (expiredCerts.hasMoreElements()) { - ICertRecord certRecord = (ICertRecord) expiredCerts - .nextElement(); - // X509CertImpl cert = certRecord.getCertificate(); + ICertRecord certRecord = + (ICertRecord) expiredCerts.nextElement(); + //X509CertImpl cert = certRecord.getCertificate(); X509CertImpl cert = null; Object o = certRecord.getCertificate(); @@ -589,27 +566,25 @@ public class UpdateDir extends CMSServlet { MetaInfo metaInfo = null; String ridString = null; - metaInfo = (MetaInfo) certRecord - .get(ICertRecord.ATTR_META_INFO); + metaInfo = (MetaInfo) certRecord.get(ICertRecord.ATTR_META_INFO); if (metaInfo == null) { // ca's self signed signing cert and // server cert has no related request and // have no metaInfo - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_FAIL_GET_ICERT_RECORD", cert - .getSerialNumber().toString(16))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_FAIL_GET_ICERT_RECORD", + cert.getSerialNumber().toString(16))); } else { - ridString = (String) metaInfo - .get(ICertRecord.META_REQUEST_ID); + ridString = (String) metaInfo.get(ICertRecord.META_REQUEST_ID); } IRequest r = null; if (ridString != null) { RequestId rid = new RequestId(ridString); - + r = mCA.getRequestQueue().findRequest(rid); - } + } try { l++; @@ -620,53 +595,47 @@ public class UpdateDir extends CMSServlet { } i++; } catch (Exception e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "LDAP_ERROR_UNPUBLISH_CERT", certRecord - .getSerialNumber().toString(16), e - .toString())); - expiredCertsError - .append("Failed to unpublish certificate: 0x"); - expiredCertsError.append(certRecord - .getSerialNumber().toString(16)); - expiredCertsError - .append(".\n <BR> "); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("LDAP_ERROR_UNPUBLISH_CERT", + certRecord.getSerialNumber().toString(16), + e.toString())); + expiredCertsError.append( + "Failed to unpublish certificate: 0x"); + expiredCertsError.append( + certRecord.getSerialNumber().toString(16)); + expiredCertsError.append( + ".\n <BR> "); } } } if (i > 0 && i == l) { header.addStringValue("expiredCertsUnpublished", "Success"); if (i == 1) - header.addStringValue( - "expiredCertsError", - i - + " expired certificate is unpublished in the directory."); + header.addStringValue("expiredCertsError", i + + " expired certificate is unpublished in the directory."); else - header.addStringValue( - "expiredCertsError", - i - + " expired certificates are unpublished in the directory."); + header.addStringValue("expiredCertsError", i + + " expired certificates are unpublished in the directory."); } else { if (l == 0) { header.addStringValue("expiredCertsUnpublished", "No"); } else { - header.addStringValue("expiredCertsUnpublished", - "Failure"); - header.addStringValue("expiredCertsError", - expiredCertsError.toString()); + header.addStringValue("expiredCertsUnpublished", "Failure"); + header.addStringValue("expiredCertsError", + expiredCertsError.toString()); } } } else { header.addStringValue("expiredCertsUnpublished", "Failure"); - header.addStringValue("expiredCertsError", - "Certificate repository is unavailable."); + header.addStringValue("expiredCertsError", "Certificate repository is unavailable."); } } // all or revoked - if ((updateValue[UPDATE_ALL] != null && updateValue[UPDATE_ALL] - .equalsIgnoreCase("yes")) - || (updateValue[UPDATE_REVOKED] != null && updateValue[UPDATE_REVOKED] - .equalsIgnoreCase("yes"))) { + if ((updateValue[UPDATE_ALL] != null && + updateValue[UPDATE_ALL].equalsIgnoreCase("yes")) || + (updateValue[UPDATE_REVOKED] != null && + updateValue[UPDATE_REVOKED].equalsIgnoreCase("yes"))) { if (certificateRepository != null) { if (updateValue[REVOKED_FROM].startsWith("0x")) { updateValue[REVOKED_FROM] = hexToDecimal(updateValue[REVOKED_FROM]); @@ -676,26 +645,27 @@ public class UpdateDir extends CMSServlet { } Enumeration revokedCerts = null; - if (updateValue[CHECK_FLAG] != null - && updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) { - revokedCerts = certificateRepository - .getRevokedPublishedCertificates( - updateValue[REVOKED_FROM], - updateValue[REVOKED_TO]); + if (updateValue[CHECK_FLAG] != null && + updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) { + revokedCerts = + certificateRepository.getRevokedPublishedCertificates( + updateValue[REVOKED_FROM], + updateValue[REVOKED_TO]); } else { - revokedCerts = certificateRepository - .getRevokedCertificates(updateValue[REVOKED_FROM], - updateValue[REVOKED_TO]); + revokedCerts = + certificateRepository.getRevokedCertificates( + updateValue[REVOKED_FROM], + updateValue[REVOKED_TO]); } int i = 0; int l = 0; String revokedCertsError = ""; - if (revokedCerts != null) { + if (revokedCerts != null) { while (revokedCerts.hasMoreElements()) { - ICertRecord certRecord = (ICertRecord) revokedCerts - .nextElement(); - // X509CertImpl cert = certRecord.getCertificate(); + ICertRecord certRecord = + (ICertRecord) revokedCerts.nextElement(); + //X509CertImpl cert = certRecord.getCertificate(); X509CertImpl cert = null; Object o = certRecord.getCertificate(); @@ -705,27 +675,25 @@ public class UpdateDir extends CMSServlet { MetaInfo metaInfo = null; String ridString = null; - metaInfo = (MetaInfo) certRecord - .get(ICertRecord.ATTR_META_INFO); + metaInfo = (MetaInfo) certRecord.get(ICertRecord.ATTR_META_INFO); if (metaInfo == null) { // ca's self signed signing cert and // server cert has no related request and // have no metaInfo - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_FAIL_GET_ICERT_RECORD", cert - .getSerialNumber().toString(16))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_FAIL_GET_ICERT_RECORD", + cert.getSerialNumber().toString(16))); } else { - ridString = (String) metaInfo - .get(ICertRecord.META_REQUEST_ID); + ridString = (String) metaInfo.get(ICertRecord.META_REQUEST_ID); } IRequest r = null; if (ridString != null) { RequestId rid = new RequestId(ridString); - + r = mCA.getRequestQueue().findRequest(rid); - } + } try { l++; @@ -736,42 +704,37 @@ public class UpdateDir extends CMSServlet { } i++; } catch (Exception e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "LDAP_ERROR_UNPUBLISH_CERT", certRecord - .getSerialNumber().toString(16), e - .toString())); - revokedCertsError += "Failed to unpublish certificate: 0x" - + certRecord.getSerialNumber().toString(16) - + ".\n <BR> "; + log(ILogger.LL_FAILURE, + CMS.getLogMessage("LDAP_ERROR_UNPUBLISH_CERT", + certRecord.getSerialNumber().toString(16), + e.toString())); + revokedCertsError += + "Failed to unpublish certificate: 0x" + + certRecord.getSerialNumber().toString(16) + + ".\n <BR> "; } } } if (i > 0 && i == l) { header.addStringValue("revokedCertsUnpublished", "Success"); if (i == 1) - header.addStringValue( - "revokedCertsError", - i - + " revoked certificate is unpublished in the directory."); + header.addStringValue("revokedCertsError", i + + " revoked certificate is unpublished in the directory."); else - header.addStringValue( - "revokedCertsError", - i - + " revoked certificates are unpublished in the directory."); + header.addStringValue("revokedCertsError", i + + " revoked certificates are unpublished in the directory."); } else { if (l == 0) { header.addStringValue("revokedCertsUnpublished", "No"); } else { - header.addStringValue("revokedCertsUnpublished", - "Failure"); - header.addStringValue("revokedCertsError", - revokedCertsError); + header.addStringValue("revokedCertsUnpublished", "Failure"); + header.addStringValue("revokedCertsError", + revokedCertsError); } } } else { header.addStringValue("revokedCertsUnpublished", "Failure"); - header.addStringValue("revokedCertsError", - "Certificate repository is unavailable."); + header.addStringValue("revokedCertsError", "Certificate repository is unavailable."); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java index fe2485a6..79151072 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java @@ -123,303 +123,298 @@ import com.netscape.certsrv.request.RequestStatus; import com.netscape.cms.servlet.profile.SSLClientCertProvider; import com.netscape.cmsutil.scep.CRSPKIMessage; + /** - * This servlet deals with PKCS#10-based certificate requests from CRS, now - * called SCEP, and defined at: - * http://search.ietf.org/internet-drafts/draft-nourse-scep-02.txt + * This servlet deals with PKCS#10-based certificate requests from + * CRS, now called SCEP, and defined at: + * http://search.ietf.org/internet-drafts/draft-nourse-scep-02.txt * * The router is hardcoded to look for the http://host:80/cgi-bin/pkiclient.exe - * - * The HTTP parameters are 'operation' and 'message' operation can be either - * 'GetCACert' or 'PKIOperation' - * + * + * The HTTP parameters are 'operation' and 'message' + * operation can be either 'GetCACert' or 'PKIOperation' + * * @version $Revision$, $Date$ */ -public class CRSEnrollment extends HttpServlet { - /** +public class CRSEnrollment extends HttpServlet +{ + /** * */ private static final long serialVersionUID = 8483002540957382369L; - protected IProfileSubsystem mProfileSubsystem = null; - protected String mProfileId = null; - protected ICertAuthority mAuthority; - protected IConfigStore mConfig = null; - protected IAuthSubsystem mAuthSubsystem; - protected String mAppendDN = null; - protected String mEntryObjectclass = null; - protected boolean mCreateEntry = false; - protected boolean mFlattenDN = false; - - private String mAuthManagerName; - private String mSubstoreName; - private boolean mEnabled = false; - private boolean mUseCA = true; - private String mNickname = null; - private String mTokenName = ""; - private String mHashAlgorithm = "SHA1"; - private String mHashAlgorithmList = null; - private String[] mAllowedHashAlgorithm; - private String mConfiguredEncryptionAlgorithm = "DES3"; - private String mEncryptionAlgorithm = "DES3"; - private String mEncryptionAlgorithmList = null; - private String[] mAllowedEncryptionAlgorithm; - private Random mRandom = null; - private int mNonceSizeLimit = 0; - protected ILogger mLogger = CMS.getLogger(); - private ICertificateAuthority ca; - /* for hashing challenge password */ - protected MessageDigest mSHADigest = null; - - private static final String PROP_SUBSTORENAME = "substorename"; - private static final String PROP_AUTHORITY = "authority"; - private static final String PROP_CRS = "crs"; - private static final String PROP_CRSCA = "casubsystem"; - private static final String PROP_CRSAUTHMGR = "authName"; - private static final String PROP_APPENDDN = "appendDN"; - private static final String PROP_CREATEENTRY = "createEntry"; - private static final String PROP_FLATTENDN = "flattenDN"; - private static final String PROP_ENTRYOC = "entryObjectclass"; - - // URL parameters - private static final String URL_OPERATION = "operation"; - private static final String URL_MESSAGE = "message"; - - // possible values for 'operation' - private static final String OP_GETCACERT = "GetCACert"; - private static final String OP_PKIOPERATION = "PKIOperation"; - - public static final String AUTH_PASSWORD = "pwd"; - - public static final String AUTH_CREDS = "AuthCreds"; - public static final String AUTH_TOKEN = "AuthToken"; - public static final String AUTH_FAILED = "AuthFailed"; - - public static final String SANE_DNSNAME = "DNSName"; - public static final String SANE_IPADDRESS = "IPAddress"; - - public static final String CERTINFO = "CertInfo"; - public static final String SUBJECTNAME = "SubjectName"; - - public static ObjectIdentifier OID_UNSTRUCTUREDNAME = null; - public static ObjectIdentifier OID_UNSTRUCTUREDADDRESS = null; - public static ObjectIdentifier OID_SERIALNUMBER = null; - - public CRSEnrollment() { +protected IProfileSubsystem mProfileSubsystem = null; + protected String mProfileId = null; + protected ICertAuthority mAuthority; + protected IConfigStore mConfig = null; + protected IAuthSubsystem mAuthSubsystem; + protected String mAppendDN=null; + protected String mEntryObjectclass=null; + protected boolean mCreateEntry=false; + protected boolean mFlattenDN=false; + + private String mAuthManagerName; + private String mSubstoreName; + private boolean mEnabled = false; + private boolean mUseCA = true; + private String mNickname = null; + private String mTokenName = ""; + private String mHashAlgorithm = "SHA1"; + private String mHashAlgorithmList = null; + private String[] mAllowedHashAlgorithm; + private String mConfiguredEncryptionAlgorithm = "DES3"; + private String mEncryptionAlgorithm = "DES3"; + private String mEncryptionAlgorithmList = null; + private String[] mAllowedEncryptionAlgorithm; + private Random mRandom = null; + private int mNonceSizeLimit = 0; + protected ILogger mLogger = CMS.getLogger(); + private ICertificateAuthority ca; + /* for hashing challenge password */ + protected MessageDigest mSHADigest = null; + + private static final String PROP_SUBSTORENAME = "substorename"; + private static final String PROP_AUTHORITY = "authority"; + private static final String PROP_CRS = "crs"; + private static final String PROP_CRSCA = "casubsystem"; + private static final String PROP_CRSAUTHMGR = "authName"; + private static final String PROP_APPENDDN = "appendDN"; + private static final String PROP_CREATEENTRY= "createEntry"; + private static final String PROP_FLATTENDN = "flattenDN"; + private static final String PROP_ENTRYOC = "entryObjectclass"; + + // URL parameters + private static final String URL_OPERATION = "operation"; + private static final String URL_MESSAGE = "message"; + + // possible values for 'operation' + private static final String OP_GETCACERT = "GetCACert"; + private static final String OP_PKIOPERATION = "PKIOperation"; + + public static final String AUTH_PASSWORD = "pwd"; + + public static final String AUTH_CREDS = "AuthCreds"; + public static final String AUTH_TOKEN = "AuthToken"; + public static final String AUTH_FAILED = "AuthFailed"; + + public static final String SANE_DNSNAME = "DNSName"; + public static final String SANE_IPADDRESS = "IPAddress"; + + public static final String CERTINFO = "CertInfo"; + public static final String SUBJECTNAME = "SubjectName"; + + + public static ObjectIdentifier OID_UNSTRUCTUREDNAME = null; + public static ObjectIdentifier OID_UNSTRUCTUREDADDRESS = null; + public static ObjectIdentifier OID_SERIALNUMBER = null; + + public CRSEnrollment(){} + + public static Hashtable toHashtable(HttpServletRequest req) { + Hashtable httpReqHash = new Hashtable(); + Enumeration names = req.getParameterNames(); + while (names.hasMoreElements()) { + String name = (String)names.nextElement(); + httpReqHash.put(name, req.getParameter(name)); + } + return httpReqHash; + } + + public void init(ServletConfig sc) { + // Find the CertificateAuthority we should use for CRS. + String crsCA = sc.getInitParameter(PROP_AUTHORITY); + if (crsCA == null) + crsCA = "ca"; + mAuthority = (ICertAuthority) CMS.getSubsystem(crsCA); + ca = (ICertificateAuthority)mAuthority; + + if (mAuthority == null) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CANT_FIND_AUTHORITY",crsCA)); + } + + try { + if (mAuthority instanceof ISubsystem) { + IConfigStore authorityConfig = ((ISubsystem)mAuthority).getConfigStore(); + IConfigStore scepConfig = authorityConfig.getSubStore("scep"); + mEnabled = scepConfig.getBoolean("enable", false); + mHashAlgorithm = scepConfig.getString("hashAlgorithm", "SHA1"); + mConfiguredEncryptionAlgorithm = scepConfig.getString("encryptionAlgorithm", "DES3"); + mNonceSizeLimit = scepConfig.getInteger("nonceSizeLimit", 0); + mHashAlgorithmList = scepConfig.getString("allowedHashAlgorithms", "SHA1,SHA256,SHA512"); + mAllowedHashAlgorithm = mHashAlgorithmList.split(","); + mEncryptionAlgorithmList = scepConfig.getString("allowedEncryptionAlgorithms", "DES3"); + mAllowedEncryptionAlgorithm = mEncryptionAlgorithmList.split(","); + mNickname = scepConfig.getString("nickname", ca.getNickname()); + if (mNickname.equals(ca.getNickname())) { + mTokenName = ca.getSigningUnit().getTokenName(); + } else { + mTokenName = scepConfig.getString("tokenname", ""); + mUseCA = false; + } + if (!(mTokenName.equalsIgnoreCase(Constants.PR_INTERNAL_TOKEN) || + mTokenName.equalsIgnoreCase("Internal Key Storage Token") || + mTokenName.length() == 0)) { + int i = mNickname.indexOf(':'); + if (!((i > -1) && (mTokenName.length() == i) && (mNickname.startsWith(mTokenName)))) { + mNickname = mTokenName + ":" + mNickname; + } + } + } + } catch (EBaseException e) { + CMS.debug("CRSEnrollment: init: EBaseException: "+e); + } + mEncryptionAlgorithm = mConfiguredEncryptionAlgorithm; + CMS.debug("CRSEnrollment: init: SCEP support is "+((mEnabled)?"enabled":"disabled")+"."); + CMS.debug("CRSEnrollment: init: SCEP nickname: "+mNickname); + CMS.debug("CRSEnrollment: init: CA nickname: "+ca.getNickname()); + CMS.debug("CRSEnrollment: init: Token name: "+mTokenName); + CMS.debug("CRSEnrollment: init: Is SCEP using CA keys: "+mUseCA); + CMS.debug("CRSEnrollment: init: mNonceSizeLimit: "+mNonceSizeLimit); + CMS.debug("CRSEnrollment: init: mHashAlgorithm: "+mHashAlgorithm); + CMS.debug("CRSEnrollment: init: mHashAlgorithmList: "+mHashAlgorithmList); + for (int i = 0; i < mAllowedHashAlgorithm.length; i++) { + mAllowedHashAlgorithm[i] = mAllowedHashAlgorithm[i].trim(); + CMS.debug("CRSEnrollment: init: mAllowedHashAlgorithm["+i+"]="+mAllowedHashAlgorithm[i]); + } + CMS.debug("CRSEnrollment: init: mEncryptionAlgorithm: "+mEncryptionAlgorithm); + CMS.debug("CRSEnrollment: init: mEncryptionAlgorithmList: "+mEncryptionAlgorithmList); + for (int i = 0; i < mAllowedEncryptionAlgorithm.length; i++) { + mAllowedEncryptionAlgorithm[i] = mAllowedEncryptionAlgorithm[i].trim(); + CMS.debug("CRSEnrollment: init: mAllowedEncryptionAlgorithm["+i+"]="+mAllowedEncryptionAlgorithm[i]); + } + + try { + mProfileSubsystem = (IProfileSubsystem)CMS.getSubsystem("profile"); + mProfileId = sc.getInitParameter("profileId"); + CMS.debug("CRSEnrollment: init: mProfileId="+mProfileId); + + mAuthSubsystem = (IAuthSubsystem)CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); + mAuthManagerName = sc.getInitParameter(PROP_CRSAUTHMGR); + mAppendDN = sc.getInitParameter(PROP_APPENDDN); + String tmp = sc.getInitParameter(PROP_CREATEENTRY); + if (tmp != null && tmp.trim().equalsIgnoreCase("true")) + mCreateEntry = true; + else + mCreateEntry = false; + tmp = sc.getInitParameter(PROP_FLATTENDN); + if (tmp != null && tmp.trim().equalsIgnoreCase("true")) + mFlattenDN = true; + else + mFlattenDN = false; + mEntryObjectclass = sc.getInitParameter(PROP_ENTRYOC); + if (mEntryObjectclass == null) + mEntryObjectclass = "cep"; + mSubstoreName = sc.getInitParameter(PROP_SUBSTORENAME); + if (mSubstoreName == null) + mSubstoreName = "default"; + } catch (Exception e) { + } + + OID_UNSTRUCTUREDNAME = X500NameAttrMap.getDefault().getOid("UNSTRUCTUREDNAME"); + OID_UNSTRUCTUREDADDRESS = X500NameAttrMap.getDefault().getOid("UNSTRUCTUREDADDRESS"); + OID_SERIALNUMBER = X500NameAttrMap.getDefault().getOid("SERIALNUMBER"); + + + try { + mSHADigest = MessageDigest.getInstance("SHA1"); } - - public static Hashtable toHashtable(HttpServletRequest req) { - Hashtable httpReqHash = new Hashtable(); - Enumeration names = req.getParameterNames(); - while (names.hasMoreElements()) { - String name = (String) names.nextElement(); - httpReqHash.put(name, req.getParameter(name)); - } - return httpReqHash; - } - - public void init(ServletConfig sc) { - // Find the CertificateAuthority we should use for CRS. - String crsCA = sc.getInitParameter(PROP_AUTHORITY); - if (crsCA == null) - crsCA = "ca"; - mAuthority = (ICertAuthority) CMS.getSubsystem(crsCA); - ca = (ICertificateAuthority) mAuthority; - - if (mAuthority == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_FIND_AUTHORITY", crsCA)); - } - - try { - if (mAuthority instanceof ISubsystem) { - IConfigStore authorityConfig = ((ISubsystem) mAuthority) - .getConfigStore(); - IConfigStore scepConfig = authorityConfig.getSubStore("scep"); - mEnabled = scepConfig.getBoolean("enable", false); - mHashAlgorithm = scepConfig.getString("hashAlgorithm", "SHA1"); - mConfiguredEncryptionAlgorithm = scepConfig.getString( - "encryptionAlgorithm", "DES3"); - mNonceSizeLimit = scepConfig.getInteger("nonceSizeLimit", 0); - mHashAlgorithmList = scepConfig.getString( - "allowedHashAlgorithms", "SHA1,SHA256,SHA512"); - mAllowedHashAlgorithm = mHashAlgorithmList.split(","); - mEncryptionAlgorithmList = scepConfig.getString( - "allowedEncryptionAlgorithms", "DES3"); - mAllowedEncryptionAlgorithm = mEncryptionAlgorithmList - .split(","); - mNickname = scepConfig.getString("nickname", ca.getNickname()); - if (mNickname.equals(ca.getNickname())) { - mTokenName = ca.getSigningUnit().getTokenName(); - } else { - mTokenName = scepConfig.getString("tokenname", ""); - mUseCA = false; - } - if (!(mTokenName.equalsIgnoreCase(Constants.PR_INTERNAL_TOKEN) - || mTokenName - .equalsIgnoreCase("Internal Key Storage Token") || mTokenName - .length() == 0)) { - int i = mNickname.indexOf(':'); - if (!((i > -1) && (mTokenName.length() == i) && (mNickname - .startsWith(mTokenName)))) { - mNickname = mTokenName + ":" + mNickname; - } - } - } - } catch (EBaseException e) { - CMS.debug("CRSEnrollment: init: EBaseException: " + e); - } - mEncryptionAlgorithm = mConfiguredEncryptionAlgorithm; - CMS.debug("CRSEnrollment: init: SCEP support is " - + ((mEnabled) ? "enabled" : "disabled") + "."); - CMS.debug("CRSEnrollment: init: SCEP nickname: " + mNickname); - CMS.debug("CRSEnrollment: init: CA nickname: " + ca.getNickname()); - CMS.debug("CRSEnrollment: init: Token name: " + mTokenName); - CMS.debug("CRSEnrollment: init: Is SCEP using CA keys: " + mUseCA); - CMS.debug("CRSEnrollment: init: mNonceSizeLimit: " + mNonceSizeLimit); - CMS.debug("CRSEnrollment: init: mHashAlgorithm: " + mHashAlgorithm); - CMS.debug("CRSEnrollment: init: mHashAlgorithmList: " - + mHashAlgorithmList); - for (int i = 0; i < mAllowedHashAlgorithm.length; i++) { - mAllowedHashAlgorithm[i] = mAllowedHashAlgorithm[i].trim(); - CMS.debug("CRSEnrollment: init: mAllowedHashAlgorithm[" + i + "]=" - + mAllowedHashAlgorithm[i]); - } - CMS.debug("CRSEnrollment: init: mEncryptionAlgorithm: " - + mEncryptionAlgorithm); - CMS.debug("CRSEnrollment: init: mEncryptionAlgorithmList: " - + mEncryptionAlgorithmList); - for (int i = 0; i < mAllowedEncryptionAlgorithm.length; i++) { - mAllowedEncryptionAlgorithm[i] = mAllowedEncryptionAlgorithm[i] - .trim(); - CMS.debug("CRSEnrollment: init: mAllowedEncryptionAlgorithm[" + i - + "]=" + mAllowedEncryptionAlgorithm[i]); - } - - try { - mProfileSubsystem = (IProfileSubsystem) CMS.getSubsystem("profile"); - mProfileId = sc.getInitParameter("profileId"); - CMS.debug("CRSEnrollment: init: mProfileId=" + mProfileId); - - mAuthSubsystem = (IAuthSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_AUTH); - mAuthManagerName = sc.getInitParameter(PROP_CRSAUTHMGR); - mAppendDN = sc.getInitParameter(PROP_APPENDDN); - String tmp = sc.getInitParameter(PROP_CREATEENTRY); - if (tmp != null && tmp.trim().equalsIgnoreCase("true")) - mCreateEntry = true; - else - mCreateEntry = false; - tmp = sc.getInitParameter(PROP_FLATTENDN); - if (tmp != null && tmp.trim().equalsIgnoreCase("true")) - mFlattenDN = true; - else - mFlattenDN = false; - mEntryObjectclass = sc.getInitParameter(PROP_ENTRYOC); - if (mEntryObjectclass == null) - mEntryObjectclass = "cep"; - mSubstoreName = sc.getInitParameter(PROP_SUBSTORENAME); - if (mSubstoreName == null) - mSubstoreName = "default"; - } catch (Exception e) { - } - - OID_UNSTRUCTUREDNAME = X500NameAttrMap.getDefault().getOid( - "UNSTRUCTUREDNAME"); - OID_UNSTRUCTUREDADDRESS = X500NameAttrMap.getDefault().getOid( - "UNSTRUCTUREDADDRESS"); - OID_SERIALNUMBER = X500NameAttrMap.getDefault().getOid("SERIALNUMBER"); - - try { - mSHADigest = MessageDigest.getInstance("SHA1"); - } catch (NoSuchAlgorithmException e) { - } - - mRandom = new Random(); - } - - /** - * - * Service a CRS Request. It all starts here. This is where the message from - * the router is processed - * - * @param httpReq The HttpServletRequest. - * @param httpResp The HttpServletResponse. - * - */ - public void service(HttpServletRequest httpReq, HttpServletResponse httpResp) - throws ServletException { - boolean running_state = CMS.isInRunningState(); - if (!running_state) - throw new ServletException("CMS server is not ready to serve."); + catch (NoSuchAlgorithmException e) { + } + + mRandom = new Random(); + } + + + /** + * + * Service a CRS Request. It all starts here. This is where the message from the + * router is processed + * + * @param httpReq The HttpServletRequest. + * @param httpResp The HttpServletResponse. + * + */ + public void service(HttpServletRequest httpReq, + HttpServletResponse httpResp) + throws ServletException + { + boolean running_state = CMS.isInRunningState(); + if (!running_state) + throw new ServletException( + "CMS server is not ready to serve."); String operation = null; - String message = null; + String message = null; mEncryptionAlgorithm = mConfiguredEncryptionAlgorithm; - + + // Parse the URL from the HTTP Request. Split it up into // a structure which enables us to read the form elements IArgBlock input = CMS.createArgBlock(toHashtable(httpReq)); - - try { + + try { // Read in two form parameters - the router sets these - operation = (String) input.get(URL_OPERATION); + operation = (String)input.get(URL_OPERATION); CMS.debug("operation=" + operation); - message = (String) input.get(URL_MESSAGE); + message = (String)input.get(URL_MESSAGE); CMS.debug("message=" + message); - + if (!mEnabled) { CMS.debug("CRSEnrollment: SCEP support is disabled."); throw new ServletException("SCEP support is disabled."); } if (operation == null) { // 'operation' is mandatory. - throw new ServletException( - "Bad request: operation missing from URL"); + throw new ServletException("Bad request: operation missing from URL"); } - - /** - * the router can make two kinds of requests 1) simple request for - * CA cert 2) encoded, signed, enveloped request for anything else - * (PKIOperation) + + /** + * the router can make two kinds of requests + * 1) simple request for CA cert + * 2) encoded, signed, enveloped request for anything else (PKIOperation) */ - + if (operation.equals(OP_GETCACERT)) { - handleGetCACert(httpReq, httpResp); - } else if (operation.equals(OP_PKIOPERATION)) { - String decodeMode = (String) input.get("decode"); + handleGetCACert(httpReq, httpResp); + } + else if (operation.equals(OP_PKIOPERATION)) { + String decodeMode = (String)input.get("decode"); if (decodeMode == null || decodeMode.equals("false")) { - handlePKIOperation(httpReq, httpResp, message); + handlePKIOperation(httpReq, httpResp, message); } else { - decodePKIMessage(httpReq, httpResp, message); + decodePKIMessage(httpReq, httpResp, message); } - } else { + } + else { CMS.debug("Invalid operation " + operation); - throw new ServletException("unknown operation requested: " - + operation); + throw new ServletException("unknown operation requested: "+operation); } - - } catch (ServletException e) { + + } + catch (ServletException e) + { CMS.debug("ServletException " + e); throw new ServletException(e.getMessage().toString()); - } catch (Exception e) { - CMS.debug("Service exception " + e); - log(ILogger.LL_FAILURE, e.getMessage()); } - + catch (Exception e) + { + CMS.debug("Service exception " + e); + log(ILogger.LL_FAILURE,e.getMessage()); + } + } /** - * Log a message to the system log + * Log a message to the system log */ - private void log(int level, String msg) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, - "CEP Enrollment: " + msg); + private void log(int level, String msg) { + + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + level, "CEP Enrollment: "+msg); } - private boolean isAlgorithmAllowed(String[] allowedAlgorithm, - String algorithm) { + private boolean isAlgorithmAllowed (String[] allowedAlgorithm, String algorithm) { boolean allowed = false; if (algorithm != null && algorithm.length() > 0) { @@ -433,9 +428,8 @@ public class CRSEnrollment extends HttpServlet { return allowed; } - public IAuthToken authenticate(AuthCredentials credentials, - IProfileAuthenticator authenticator, HttpServletRequest request) - throws EBaseException { + public IAuthToken authenticate(AuthCredentials credentials, IProfileAuthenticator authenticator, + HttpServletRequest request) throws EBaseException { // build credential Enumeration authNames = authenticator.getValueNames(); @@ -451,319 +445,313 @@ public class CRSEnrollment extends HttpServlet { credentials.set("clientHost", request.getRemoteHost()); IAuthToken authToken = authenticator.authenticate(credentials); if (authToken == null) { - return null; + return null; } SessionContext sc = SessionContext.getContext(); if (sc != null) { - sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName()); - String userid = authToken.getInString(IAuthToken.USER_ID); - if (userid != null) { - sc.put(SessionContext.USER_ID, userid); - } + sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName()); + String userid = authToken.getInString(IAuthToken.USER_ID); + if (userid != null) { + sc.put(SessionContext.USER_ID, userid); + } } return authToken; } - /** - * Return the CA certificate back to the requestor. This needs to be changed - * so that if the CA has a certificate chain, the whole thing should get - * packaged as a PKIMessage (degnerate PKCS7 - no signerInfo) - */ - - public void handleGetCACert(HttpServletRequest httpReq, - HttpServletResponse httpResp) throws ServletException { - java.security.cert.X509Certificate[] chain = null; - - CertificateChain certChain = mAuthority.getCACertChain(); - - try { - if (certChain == null) { - throw new ServletException("Internal Error: cannot get CA Cert"); - } - - chain = certChain.getChain(); - - byte[] bytes = null; - - int i = 0; - String message = (String) httpReq.getParameter(URL_MESSAGE); - CMS.debug("handleGetCACert message=" + message); - if (message != null) { - try { - int j = Integer.parseInt(message); - if (j < chain.length) { - i = j; - } - } catch (NumberFormatException e1) { - } - } - CMS.debug("handleGetCACert selected chain=" + i); - - if (mUseCA) { - bytes = chain[i].getEncoded(); - } else { - CryptoContext cx = new CryptoContext(); - bytes = cx.getSigningCert().getEncoded(); - } - - httpResp.setContentType("application/x-x509-ca-cert"); - - // The following code may be used one day to encode - // the RA/CA cert chain for RA mode, but it will need some - // work. - - /****** - * SET certs = new SET(); for (int i=0; i<chain.length; i++) { ANY - * cert = new ANY(chain[i].getEncoded()); certs.addElement(cert); } - * - * SignedData crsd = new SignedData( new SET(), // empty set of - * digestAlgorithmID's new ContentInfo( new OBJECT_IDENTIFIER(new - * long[] {1,2,840,113549,1,7,1}), null), //empty content certs, - * null, // no CRL's new SET() // empty SignerInfos ); - * - * ContentInfo wrap = new ContentInfo(ContentInfo.SIGNED_DATA, - * crsd); - * - * ByteArrayOutputStream baos = new ByteArrayOutputStream(); - * wrap.encode(baos); - * - * bytes = baos.toByteArray(); - * - * httpResp.setContentType("application/x-x509-ca-ra-cert"); - *****/ - - httpResp.setContentLength(bytes.length); - httpResp.getOutputStream().write(bytes); - httpResp.getOutputStream().flush(); - - CMS.debug("Output certificate chain:"); - CMS.debug(bytes); - } catch (Exception e) { - CMS.debug("handleGetCACert exception " + e); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_SENDING_DER_ENCODE_CERT", - e.getMessage())); - throw new ServletException( - "Failed sending DER encoded version of CA cert to client"); - } - - } - - public String getPasswordFromP10(PKCS10 p10) { - PKCS10Attributes p10atts = p10.getAttributes(); - Enumeration e = p10atts.getElements(); - - try { - while (e.hasMoreElements()) { - PKCS10Attribute p10a = (PKCS10Attribute) e.nextElement(); - CertAttrSet attr = p10a.getAttributeValue(); - - if (attr.getName().equals(ChallengePassword.NAME)) { - if (attr.get(ChallengePassword.PASSWORD) != null) { - return (String) attr.get(ChallengePassword.PASSWORD); - } - } - } - } catch (Exception e1) { - // do nothing - } - return null; - } - - /** - * If the 'operation' is 'PKIOperation', the 'message' part of the URL is a - * PKIMessage structure. We decode it to see what type message it is. - */ - - /** - * Decodes the PKI message and return information to RA. - */ - public void decodePKIMessage(HttpServletRequest httpReq, - HttpServletResponse httpResp, String msg) throws ServletException { - - CryptoContext cx = null; - - CRSPKIMessage req = null; - - byte[] decodedPKIMessage; - byte[] response = null; - String responseData = ""; - - decodedPKIMessage = com.netscape.osutil.OSUtil.AtoB(msg); - - try { - ByteArrayInputStream is = new ByteArrayInputStream( - decodedPKIMessage); - - // We make two CRSPKIMessages. One of them, is the request, so we - // initialize - // it from the DER given to us from the router. - // The second is the response, and we'll fill this in as we go. - - if (decodedPKIMessage.length < 50) { - throw new ServletException( - "CRS request is too small to be a real request (" - + decodedPKIMessage.length + " bytes)"); - } - try { - req = new CRSPKIMessage(is); - String ea = req.getEncryptionAlgorithm(); - if (!isAlgorithmAllowed(mAllowedEncryptionAlgorithm, ea)) { - CMS.debug("CRSEnrollment: decodePKIMessage: Encryption algorithm '" - + ea - + "' is not allowed (" - + mEncryptionAlgorithmList + ")."); - throw new ServletException("Encryption algorithm '" + ea - + "' is not allowed (" + mEncryptionAlgorithmList - + ")."); - } - String da = req.getDigestAlgorithmName(); - if (!isAlgorithmAllowed(mAllowedHashAlgorithm, da)) { - CMS.debug("CRSEnrollment: decodePKIMessage: Hashing algorithm '" - + da - + "' is not allowed (" - + mHashAlgorithmList - + ")."); - throw new ServletException("Hashing algorithm '" + da - + "' is not allowed (" + mHashAlgorithmList + ")."); - } - if (ea != null) { - mEncryptionAlgorithm = ea; - } - } catch (Exception e) { - CMS.debug(e); - throw new ServletException("Could not decode the request."); - } - - // Create a new crypto context for doing all the crypto operations - cx = new CryptoContext(); - - // Verify Signature on message (throws exception if sig bad) - verifyRequest(req, cx); - unwrapPKCS10(req, cx); - - IProfile profile = mProfileSubsystem.getProfile(mProfileId); - if (profile == null) { - CMS.debug("Profile '" + mProfileId + "' not found."); - throw new ServletException("Profile '" + mProfileId - + "' not found."); - } else { - CMS.debug("Found profile '" + mProfileId + "'."); - } - - IProfileAuthenticator authenticator = null; + /** + * Return the CA certificate back to the requestor. + * This needs to be changed so that if the CA has a certificate chain, + * the whole thing should get packaged as a PKIMessage (degnerate PKCS7 - no + * signerInfo) + */ + + public void handleGetCACert(HttpServletRequest httpReq, + HttpServletResponse httpResp) + throws ServletException { + java.security.cert.X509Certificate[] chain = null; + + CertificateChain certChain = mAuthority.getCACertChain(); + + try { + if (certChain == null) { + throw new ServletException("Internal Error: cannot get CA Cert"); + } + + chain = certChain.getChain(); + + byte[] bytes = null; + + int i = 0; + String message = (String)httpReq.getParameter(URL_MESSAGE); + CMS.debug("handleGetCACert message=" + message); + if (message != null) { try { - CMS.debug("Retrieving authenticator"); - authenticator = profile.getAuthenticator(); - if (authenticator == null) { - CMS.debug("Authenticator not found."); - throw new ServletException("Authenticator not found."); - } else { - CMS.debug("Got authenticator=" - + authenticator.getClass().getName()); - } - } catch (EProfileException e) { - throw new ServletException("Authenticator not found."); + int j = Integer.parseInt(message); + if (j < chain.length) { + i = j; + } + } catch (NumberFormatException e1) { } - AuthCredentials credentials = new AuthCredentials(); - IAuthToken authToken = null; - // for ssl authentication; pass in servlet for retrieving - // ssl client certificates - SessionContext context = SessionContext.getContext(); - - // insert profile context so that input parameter can be retrieved - context.put("sslClientCertProvider", new SSLClientCertProvider( - httpReq)); - - try { - authToken = authenticate(credentials, authenticator, httpReq); - } catch (Exception e) { - CMS.debug("Authentication failure: " + e.getMessage()); - throw new ServletException("Authentication failure: " - + e.getMessage()); + } + CMS.debug("handleGetCACert selected chain=" + i); + + if (mUseCA) { + bytes = chain[i].getEncoded(); + } else { + CryptoContext cx = new CryptoContext(); + bytes = cx.getSigningCert().getEncoded(); + } + + httpResp.setContentType("application/x-x509-ca-cert"); + + +// The following code may be used one day to encode +// the RA/CA cert chain for RA mode, but it will need some +// work. + + /****** + SET certs = new SET(); + for (int i=0; i<chain.length; i++) { + ANY cert = new ANY(chain[i].getEncoded()); + certs.addElement(cert); + } + + SignedData crsd = new SignedData( + new SET(), // empty set of digestAlgorithmID's + new ContentInfo( + new OBJECT_IDENTIFIER(new long[] {1,2,840,113549,1,7,1}), + null), //empty content + certs, + null, // no CRL's + new SET() // empty SignerInfos + ); + + ContentInfo wrap = new ContentInfo(ContentInfo.SIGNED_DATA, crsd); + + ByteArrayOutputStream baos = new ByteArrayOutputStream(); + wrap.encode(baos); + + bytes = baos.toByteArray(); + + httpResp.setContentType("application/x-x509-ca-ra-cert"); + *****/ + + httpResp.setContentLength(bytes.length); + httpResp.getOutputStream().write(bytes); + httpResp.getOutputStream().flush(); + + CMS.debug("Output certificate chain:"); + CMS.debug(bytes); + } + catch (Exception e) { + CMS.debug("handleGetCACert exception " + e); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_SENDING_DER_ENCODE_CERT",e.getMessage())); + throw new ServletException("Failed sending DER encoded version of CA cert to client"); + } + + } + + public String getPasswordFromP10(PKCS10 p10) + { + PKCS10Attributes p10atts = p10.getAttributes(); + Enumeration e = p10atts.getElements(); + + try { + while (e.hasMoreElements()) { + PKCS10Attribute p10a = (PKCS10Attribute)e.nextElement(); + CertAttrSet attr = p10a.getAttributeValue(); + + if (attr.getName().equals(ChallengePassword.NAME)) { + if (attr.get(ChallengePassword.PASSWORD) != null) { + return (String)attr.get(ChallengePassword.PASSWORD); + } + } + } + } catch(Exception e1) { + // do nothing + } + return null; + } + + /** + * If the 'operation' is 'PKIOperation', the 'message' part of the URL is a + * PKIMessage structure. We decode it to see what type message it is. + */ + + /** + * Decodes the PKI message and return information to RA. + */ + public void decodePKIMessage(HttpServletRequest httpReq, + HttpServletResponse httpResp, + String msg) + throws ServletException { + + CryptoContext cx=null; + + CRSPKIMessage req=null; + + byte[] decodedPKIMessage; + byte[] response=null; + String responseData = ""; + + decodedPKIMessage = com.netscape.osutil.OSUtil.AtoB(msg); + + try { + ByteArrayInputStream is = new ByteArrayInputStream(decodedPKIMessage); + + // We make two CRSPKIMessages. One of them, is the request, so we initialize + // it from the DER given to us from the router. + // The second is the response, and we'll fill this in as we go. + + if (decodedPKIMessage.length < 50) { + throw new ServletException("CRS request is too small to be a real request ("+ + decodedPKIMessage.length+" bytes)"); + } + try { + req = new CRSPKIMessage(is); + String ea = req.getEncryptionAlgorithm(); + if (!isAlgorithmAllowed (mAllowedEncryptionAlgorithm, ea)) { + CMS.debug("CRSEnrollment: decodePKIMessage: Encryption algorithm '"+ea+ + "' is not allowed ("+mEncryptionAlgorithmList+")."); + throw new ServletException("Encryption algorithm '"+ea+ + "' is not allowed ("+mEncryptionAlgorithmList+")."); } - if (authToken == null) { - CMS.debug("Authentication failure."); - throw new ServletException("Authentication failure."); + String da = req.getDigestAlgorithmName(); + if (!isAlgorithmAllowed (mAllowedHashAlgorithm, da)) { + CMS.debug("CRSEnrollment: decodePKIMessage: Hashing algorithm '"+da+ + "' is not allowed ("+mHashAlgorithmList+")."); + throw new ServletException("Hashing algorithm '"+da+ + "' is not allowed ("+mHashAlgorithmList+")."); } - - // Deal with Transaction ID - String transactionID = req.getTransactionID(); - responseData = responseData + "<TransactionID>" + transactionID - + "</TransactionID>"; - - // End-User or RA's IP address - responseData = responseData + "<RemoteAddr>" - + httpReq.getRemoteAddr() + "</RemoteAddr>"; - - responseData = responseData + "<RemoteHost>" - + httpReq.getRemoteHost() + "</RemoteHost>"; - - // Deal with Nonces - byte[] sn = req.getSenderNonce(); - - // Deal with message type - String mt = req.getMessageType(); - responseData = responseData + "<MessageType>" + mt - + "</MessageType>"; - - PKCS10 p10 = (PKCS10) req.getP10(); - X500Name p10subject = p10.getSubjectName(); - responseData = responseData + "<SubjectName>" - + p10subject.toString() + "</SubjectName>"; - - String pkcs10Attr = ""; - PKCS10Attributes p10atts = p10.getAttributes(); - Enumeration e = p10atts.getElements(); - - while (e.hasMoreElements()) { - PKCS10Attribute p10a = (PKCS10Attribute) e.nextElement(); - CertAttrSet attr = p10a.getAttributeValue(); - - if (attr.getName().equals(ChallengePassword.NAME)) { - if (attr.get(ChallengePassword.PASSWORD) != null) { - pkcs10Attr = pkcs10Attr - + "<ChallengePassword><Password>" - + (String) attr.get(ChallengePassword.PASSWORD) - + "</Password></ChallengePassword>"; - } - - } - String extensionsStr = ""; - if (attr.getName().equals(ExtensionsRequested.NAME)) { - - Enumeration exts = ((ExtensionsRequested) attr) - .getExtensions().elements(); - while (exts.hasMoreElements()) { - Extension ext = (Extension) exts.nextElement(); - - if (ext.getExtensionId() - .equals(OIDMap - .getOID(SubjectAlternativeNameExtension.IDENT))) { - DerOutputStream dos = new DerOutputStream(); - SubjectAlternativeNameExtension sane = new SubjectAlternativeNameExtension( - Boolean.valueOf(false), // noncritical - ext.getExtensionValue()); - - Vector v = (Vector) sane - .get(SubjectAlternativeNameExtension.SUBJECT_NAME); - - Enumeration gne = v.elements(); + if (ea != null) { + mEncryptionAlgorithm = ea; + } + } + catch (Exception e) { + CMS.debug(e); + throw new ServletException("Could not decode the request."); + } + + // Create a new crypto context for doing all the crypto operations + cx = new CryptoContext(); + + // Verify Signature on message (throws exception if sig bad) + verifyRequest(req,cx); + unwrapPKCS10(req,cx); + + IProfile profile = mProfileSubsystem.getProfile(mProfileId); + if (profile == null) { + CMS.debug("Profile '" + mProfileId + "' not found."); + throw new ServletException("Profile '" + mProfileId + "' not found."); + } else { + CMS.debug("Found profile '" + mProfileId + "'."); + } + + IProfileAuthenticator authenticator = null; + try { + CMS.debug("Retrieving authenticator"); + authenticator = profile.getAuthenticator(); + if (authenticator == null) { + CMS.debug("Authenticator not found."); + throw new ServletException("Authenticator not found."); + } else { + CMS.debug("Got authenticator=" + authenticator.getClass().getName()); + } + } catch (EProfileException e) { + throw new ServletException("Authenticator not found."); + } + AuthCredentials credentials = new AuthCredentials(); + IAuthToken authToken = null; + // for ssl authentication; pass in servlet for retrieving + // ssl client certificates + SessionContext context = SessionContext.getContext(); + + // insert profile context so that input parameter can be retrieved + context.put("sslClientCertProvider", new SSLClientCertProvider(httpReq)); + + try { + authToken = authenticate(credentials, authenticator, httpReq); + } catch (Exception e) { + CMS.debug("Authentication failure: "+ e.getMessage()); + throw new ServletException("Authentication failure: "+ e.getMessage()); + } + if (authToken == null) { + CMS.debug("Authentication failure."); + throw new ServletException("Authentication failure."); + } + + // Deal with Transaction ID + String transactionID = req.getTransactionID(); + responseData = responseData + + "<TransactionID>" + transactionID + "</TransactionID>"; + + // End-User or RA's IP address + responseData = responseData + + "<RemoteAddr>" + httpReq.getRemoteAddr() + "</RemoteAddr>"; + + responseData = responseData + + "<RemoteHost>" + httpReq.getRemoteHost() + "</RemoteHost>"; + + // Deal with Nonces + byte[] sn = req.getSenderNonce(); + + // Deal with message type + String mt = req.getMessageType(); + responseData = responseData + + "<MessageType>" + mt + "</MessageType>"; + + PKCS10 p10 = (PKCS10)req.getP10(); + X500Name p10subject = p10.getSubjectName(); + responseData = responseData + + "<SubjectName>" + p10subject.toString() + "</SubjectName>"; + + String pkcs10Attr = ""; + PKCS10Attributes p10atts = p10.getAttributes(); + Enumeration e = p10atts.getElements(); + + while (e.hasMoreElements()) { + PKCS10Attribute p10a = (PKCS10Attribute)e.nextElement(); + CertAttrSet attr = p10a.getAttributeValue(); + + + if (attr.getName().equals(ChallengePassword.NAME)) { + if (attr.get(ChallengePassword.PASSWORD) != null) { + pkcs10Attr = pkcs10Attr + + "<ChallengePassword><Password>" + (String)attr.get(ChallengePassword.PASSWORD) + "</Password></ChallengePassword>"; + } + + } + String extensionsStr = ""; + if (attr.getName().equals(ExtensionsRequested.NAME)) { + + Enumeration exts = ((ExtensionsRequested)attr).getExtensions().elements(); + while (exts.hasMoreElements()) { + Extension ext = (Extension) exts.nextElement(); + + if (ext.getExtensionId().equals( + OIDMap.getOID(SubjectAlternativeNameExtension.IDENT)) ) { + DerOutputStream dos = new DerOutputStream(); + SubjectAlternativeNameExtension sane = new SubjectAlternativeNameExtension( + Boolean.valueOf(false), // noncritical + ext.getExtensionValue()); + + + Vector v = + (Vector) sane.get(SubjectAlternativeNameExtension. SUBJECT_NAME); + + Enumeration gne = v.elements(); StringBuffer subjAltNameStr = new StringBuffer(); - while (gne.hasMoreElements()) { - GeneralNameInterface gni = (GeneralNameInterface) gne - .nextElement(); - if (gni instanceof GeneralName) { - GeneralName genName = (GeneralName) gni; - - String gn = genName.toString(); - int colon = gn.indexOf(':'); - String gnType = gn.substring(0, colon) - .trim(); - String gnValue = gn.substring(colon + 1) - .trim(); + while (gne.hasMoreElements()) { + GeneralNameInterface gni = (GeneralNameInterface) gne.nextElement(); + if (gni instanceof GeneralName) { + GeneralName genName = (GeneralName) gni; + + String gn = genName.toString(); + int colon = gn.indexOf(':'); + String gnType = gn.substring(0,colon).trim(); + String gnValue = gn.substring(colon+1).trim(); subjAltNameStr.append("<"); subjAltNameStr.append(gnType); @@ -772,1460 +760,1465 @@ public class CRSEnrollment extends HttpServlet { subjAltNameStr.append("</"); subjAltNameStr.append(gnType); subjAltNameStr.append(">"); - } - } // while - extensionsStr = "<SubjAltName>" - + subjAltNameStr.toString() - + "</SubjAltName>"; - } // if - } // while - pkcs10Attr = pkcs10Attr + "<Extensions>" + extensionsStr - + "</Extensions>"; - } // if extensions - } // while - responseData = responseData + "<PKCS10>" + pkcs10Attr + "</PKCS10>"; - - } catch (ServletException e) { - throw new ServletException(e.getMessage().toString()); - } catch (CRSInvalidSignatureException e) { - CMS.debug("handlePKIMessage exception " + e); - CMS.debug(e); - } catch (Exception e) { - CMS.debug("handlePKIMessage exception " + e); - CMS.debug(e); - throw new ServletException( - "Failed to process message in CEP servlet: " - + e.getMessage()); - } - - // We have now processed the request, and need to make the response - // message - - try { - - responseData = "<XMLResponse>" + responseData + "</XMLResponse>"; - // Get the response coding - response = responseData.getBytes(); - - // Encode the httpResp into B64 - httpResp.setContentType("application/xml"); - httpResp.setContentLength(response.length); - httpResp.getOutputStream().write(response); - httpResp.getOutputStream().flush(); - - int i1 = responseData.indexOf("<Password>"); - if (i1 > -1) { - i1 += 10; // 10 is a length of "<Password>" - int i2 = responseData.indexOf("</Password>", i1); - if (i2 > -1) { - responseData = responseData.substring(0, i1) + "********" - + responseData.substring(i2, responseData.length()); - } - } - - CMS.debug("Output (decoding) PKIOperation response:"); - CMS.debug(responseData); - } catch (Exception e) { - throw new ServletException( - "Failed to create response for CEP message" - + e.getMessage()); - } - - } - - /** - * finds a request with this transaction ID. If could not find any request - - * return null If could only find 'rejected' or 'cancelled' requests, return - * null If found 'pending' or 'completed' request - return that request - */ - - public void handlePKIOperation(HttpServletRequest httpReq, - HttpServletResponse httpResp, String msg) throws ServletException { - - CryptoContext cx = null; - - CRSPKIMessage req = null; - CRSPKIMessage crsResp = null; - - byte[] decodedPKIMessage; - byte[] response = null; - X509CertImpl cert = null; - - decodedPKIMessage = com.netscape.osutil.OSUtil.AtoB(msg); - - try { - ByteArrayInputStream is = new ByteArrayInputStream( - decodedPKIMessage); - - // We make two CRSPKIMessages. One of them, is the request, so we - // initialize - // it from the DER given to us from the router. - // The second is the response, and we'll fill this in as we go. - - if (decodedPKIMessage.length < 50) { - throw new ServletException( - "CRS request is too small to be a real request (" - + decodedPKIMessage.length + " bytes)"); - } - try { - req = new CRSPKIMessage(is); - String ea = req.getEncryptionAlgorithm(); - if (!isAlgorithmAllowed(mAllowedEncryptionAlgorithm, ea)) { - CMS.debug("CRSEnrollment: handlePKIOperation: Encryption algorithm '" - + ea - + "' is not allowed (" - + mEncryptionAlgorithmList + ")."); - throw new ServletException("Encryption algorithm '" + ea - + "' is not allowed (" + mEncryptionAlgorithmList - + ")."); - } - String da = req.getDigestAlgorithmName(); - if (!isAlgorithmAllowed(mAllowedHashAlgorithm, da)) { - CMS.debug("CRSEnrollment: handlePKIOperation: Hashing algorithm '" - + da - + "' is not allowed (" - + mHashAlgorithmList - + ")."); - throw new ServletException("Hashing algorithm '" + da - + "' is not allowed (" + mHashAlgorithmList + ")."); - } - if (ea != null) { - mEncryptionAlgorithm = ea; - } - crsResp = new CRSPKIMessage(); - } catch (ServletException e) { - throw new ServletException(e.getMessage().toString()); - } catch (Exception e) { - CMS.debug(e); - throw new ServletException("Could not decode the request."); - } - crsResp.setMessageType(CRSPKIMessage.mType_CertRep); - - // Create a new crypto context for doing all the crypto operations - cx = new CryptoContext(); - - // Verify Signature on message (throws exception if sig bad) - verifyRequest(req, cx); - - // Deal with Transaction ID - String transactionID = req.getTransactionID(); - if (transactionID == null) { - throw new ServletException( - "Error: malformed PKIMessage - missing transactionID"); - } else { - crsResp.setTransactionID(transactionID); - } - - // Deal with Nonces - byte[] sn = req.getSenderNonce(); - if (sn == null) { - throw new ServletException( - "Error: malformed PKIMessage - missing sendernonce"); - } else { - if (mNonceSizeLimit > 0 && sn.length > mNonceSizeLimit) { - byte[] snLimited = (mNonceSizeLimit > 0) ? new byte[mNonceSizeLimit] - : null; - System.arraycopy(sn, 0, snLimited, 0, mNonceSizeLimit); - crsResp.setRecipientNonce(snLimited); - } else { - crsResp.setRecipientNonce(sn); - } - byte[] serverNonce = new byte[16]; - mRandom.nextBytes(serverNonce); - crsResp.setSenderNonce(serverNonce); - // crsResp.setSenderNonce(new byte[] {0}); - } - - // Deal with message type - String mt = req.getMessageType(); - if (mt == null) { - throw new ServletException( - "Error: malformed PKIMessage - missing messageType"); + } + } // while + extensionsStr = "<SubjAltName>" + + subjAltNameStr.toString() + "</SubjAltName>"; + } // if + } // while + pkcs10Attr = pkcs10Attr + + "<Extensions>" + extensionsStr + "</Extensions>"; + } // if extensions + } // while + responseData = responseData + + "<PKCS10>" + pkcs10Attr + "</PKCS10>"; + + } catch (ServletException e) { + throw new ServletException(e.getMessage().toString()); + } catch (CRSInvalidSignatureException e) { + CMS.debug("handlePKIMessage exception " + e); + CMS.debug(e); + } catch (Exception e) { + CMS.debug("handlePKIMessage exception " + e); + CMS.debug(e); + throw new ServletException("Failed to process message in CEP servlet: "+ e.getMessage()); + } + + // We have now processed the request, and need to make the response message + + try { + + responseData = "<XMLResponse>" + responseData + "</XMLResponse>"; + // Get the response coding + response = responseData.getBytes(); + + // Encode the httpResp into B64 + httpResp.setContentType("application/xml"); + httpResp.setContentLength(response.length); + httpResp.getOutputStream().write(response); + httpResp.getOutputStream().flush(); + + int i1 = responseData.indexOf("<Password>"); + if (i1 > -1) { + i1 += 10; // 10 is a length of "<Password>" + int i2 = responseData.indexOf("</Password>", i1); + if (i2 > -1) { + responseData = responseData.substring(0, i1) + "********" + + responseData.substring(i2, responseData.length()); + } + } + + CMS.debug("Output (decoding) PKIOperation response:"); + CMS.debug(responseData); + } + catch (Exception e) { + throw new ServletException("Failed to create response for CEP message"+e.getMessage()); + } + + } + + + /** + * finds a request with this transaction ID. + * If could not find any request - return null + * If could only find 'rejected' or 'cancelled' requests, return null + * If found 'pending' or 'completed' request - return that request + */ + + + public void handlePKIOperation(HttpServletRequest httpReq, + HttpServletResponse httpResp, + String msg) + throws ServletException { + + + CryptoContext cx=null; + + CRSPKIMessage req=null; + CRSPKIMessage crsResp=null; + + byte[] decodedPKIMessage; + byte[] response=null; + X509CertImpl cert = null; + + decodedPKIMessage = com.netscape.osutil.OSUtil.AtoB(msg); + + try { + ByteArrayInputStream is = new ByteArrayInputStream(decodedPKIMessage); + + // We make two CRSPKIMessages. One of them, is the request, so we initialize + // it from the DER given to us from the router. + // The second is the response, and we'll fill this in as we go. + + if (decodedPKIMessage.length < 50) { + throw new ServletException("CRS request is too small to be a real request ("+ + decodedPKIMessage.length+" bytes)"); + } + try { + req = new CRSPKIMessage(is); + String ea = req.getEncryptionAlgorithm(); + if (!isAlgorithmAllowed (mAllowedEncryptionAlgorithm, ea)) { + CMS.debug("CRSEnrollment: handlePKIOperation: Encryption algorithm '"+ea+ + "' is not allowed ("+mEncryptionAlgorithmList+")."); + throw new ServletException("Encryption algorithm '"+ea+ + "' is not allowed ("+mEncryptionAlgorithmList+")."); } - - // now run appropriate code, depending on message type - if (mt.equals(CRSPKIMessage.mType_PKCSReq)) { - CMS.debug("Processing PKCSReq"); - try { - // Check if there is an existing request. If this returns - // non-null, - // then the request is 'active' (either pending or - // completed) in - // which case, we compare the hash of the new request to the - // hash of the - // one in the queue - if they are the same, I return the - // state of the - // original request - as if it was 'getCertInitial' message. - // If the hashes are different, then the user attempted to - // enroll - // for a new request with the same txid, which is not - // allowed - - // so we return 'failure'. - - IRequest cmsRequest = findRequestByTransactionID( - req.getTransactionID(), true); - - // If there was no request (with a cert) with this - // transaction ID, - // process it as a new request - - cert = handlePKCSReq(httpReq, cmsRequest, req, crsResp, cx); - - } catch (CRSFailureException e) { - throw new ServletException( - "Couldn't handle CEP request (PKCSReq) - " - + e.getMessage()); - } - } else if (mt.equals(CRSPKIMessage.mType_GetCertInitial)) { - CMS.debug("Processing GetCertInitial"); - cert = handleGetCertInitial(req, crsResp); - } else { - CMS.debug("Invalid request type " + mt); + String da = req.getDigestAlgorithmName(); + if (!isAlgorithmAllowed (mAllowedHashAlgorithm, da)) { + CMS.debug("CRSEnrollment: handlePKIOperation: Hashing algorithm '"+da+ + "' is not allowed ("+mHashAlgorithmList+")."); + throw new ServletException("Hashing algorithm '"+da+ + "' is not allowed ("+mHashAlgorithmList+")."); } - } catch (ServletException e) { - throw new ServletException(e.getMessage().toString()); - } catch (CRSInvalidSignatureException e) { - CMS.debug("handlePKIMessage exception " + e); + if (ea != null) { + mEncryptionAlgorithm = ea; + } + crsResp = new CRSPKIMessage(); + } + catch (ServletException e) { + throw new ServletException(e.getMessage().toString()); + } + catch (Exception e) { CMS.debug(e); - crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck); - } catch (Exception e) { - CMS.debug("handlePKIMessage exception " + e); - CMS.debug(e); - throw new ServletException( - "Failed to process message in CEP servlet: " - + e.getMessage()); - } - - // We have now processed the request, and need to make the response - // message - - try { - // make the response - processCertRep(cx, cert, crsResp, req); - - // Get the response coding - response = crsResp.getResponse(); - - // Encode the crsResp into B64 - httpResp.setContentType("application/x-pki-message"); - httpResp.setContentLength(response.length); - httpResp.getOutputStream().write(response); - httpResp.getOutputStream().flush(); - - CMS.debug("Output PKIOperation response:"); - CMS.debug(CMS.BtoA(response)); - } catch (Exception e) { - throw new ServletException( - "Failed to create response for CEP message" - + e.getMessage()); - } - - } - - /** - * finds a request with this transaction ID. If could not find any request - - * return null If could only find 'rejected' or 'cancelled' requests, return - * null If found 'pending' or 'completed' request - return that request - */ - - public IRequest findRequestByTransactionID(String txid, - boolean ignoreRejected) throws EBaseException { - - /* Check if certificate request has been completed */ - - IRequestQueue rq = ca.getRequestQueue(); - IRequest foundRequest = null; - - Enumeration rids = rq.findRequestsBySourceId(txid); - if (rids == null) { - return null; - } - - int count = 0; - while (rids.hasMoreElements()) { - RequestId rid = (RequestId) rids.nextElement(); - if (rid == null) { - continue; - } - - IRequest request = rq.findRequest(rid); - if (request == null) { - continue; - } - if (!ignoreRejected - || request.getRequestStatus().equals(RequestStatus.PENDING) - || request.getRequestStatus() - .equals(RequestStatus.COMPLETE)) { - if (foundRequest != null) { - } - foundRequest = request; - } - } - return foundRequest; - } - - /** - * Called if the router is requesting us to send it its certificate Examine - * request queue for a request matching the transaction ID. Ignore any - * rejected or cancelled requests. - * - * If a request is found in the pending state, the response should be - * 'pending' - * - * If a request is found in the completed state, the response should be to - * return the certificate - * - * If no request is found, the response should be to return null - * - */ - - public X509CertImpl handleGetCertInitial(CRSPKIMessage req, - CRSPKIMessage resp) { - IRequest foundRequest = null; - - // already done by handlePKIOperation - // resp.setRecipientNonce(req.getSenderNonce()); - // resp.setSenderNonce(null); - - try { - foundRequest = findRequestByTransactionID(req.getTransactionID(), - false); - } catch (EBaseException e) { - } - - if (foundRequest == null) { - resp.setFailInfo(CRSPKIMessage.mFailInfo_badCertId); - resp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); - return null; - } - - return makeResponseFromRequest(req, resp, foundRequest); - } - - public void verifyRequest(CRSPKIMessage req, CryptoContext cx) - throws CRSInvalidSignatureException { - - // Get Signed Data - - byte[] reqAAbytes = req.getAA(); - byte[] reqAAsig = req.getAADigest(); - - } - - /** - * Create an entry for this user in the publishing directory - * - */ - - private boolean createEntry(String dn) { - boolean result = false; - - IPublisherProcessor ldapPub = mAuthority.getPublisherProcessor(); - if (ldapPub == null || !ldapPub.enabled()) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CREATE_ENTRY_FROM_CEP")); - - return result; - } - - ILdapConnFactory connFactory = ((IPublisherProcessor) ldapPub) - .getLdapConnModule().getLdapConnFactory(); - if (connFactory == null) { - return result; - } - - LDAPConnection connection = null; - try { - connection = connFactory.getConn(); - String[] objectclasses = { "top", mEntryObjectclass }; - LDAPAttribute ocAttrs = new LDAPAttribute("objectclass", - objectclasses); - - LDAPAttributeSet attrSet = new LDAPAttributeSet(); - attrSet.add(ocAttrs); - - LDAPEntry newEntry = new LDAPEntry(dn, attrSet); - connection.add(newEntry); - result = true; - } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAIL_CREAT_ENTRY_EXISTS", dn)); - } finally { - try { - connFactory.returnConn(connection); - } catch (Exception f) { - } - } - return result; - } - - /** - * Here we decrypt the PKCS10 message from the client - * - */ - - public void unwrapPKCS10(CRSPKIMessage req, CryptoContext cx) - throws ServletException, CryptoManager.NotInitializedException, - CryptoContext.CryptoContextException, CRSFailureException { - - byte[] decryptedP10bytes = null; - SymmetricKey sk; - SymmetricKey skinternal; - SymmetricKey.Type skt; - KeyWrapper kw; - Cipher cip; - EncryptionAlgorithm ea; - boolean errorInRequest = false; - - // Unwrap the session key with the Cert server key - try { - kw = cx.getKeyWrapper(); - - kw.initUnwrap(cx.getPrivateKey(), null); - - skt = SymmetricKey.Type.DES; - ea = EncryptionAlgorithm.DES_CBC; - if (mEncryptionAlgorithm != null - && mEncryptionAlgorithm.equals("DES3")) { - skt = SymmetricKey.Type.DES3; - ea = EncryptionAlgorithm.DES3_CBC; - } - - sk = kw.unwrapSymmetric(req.getWrappedKey(), skt, - SymmetricKey.Usage.DECRYPT, 0); // keylength is ignored - - skinternal = cx.getDESKeyGenerator().clone(sk); - - cip = skinternal.getOwningToken().getCipherContext(ea); - - cip.initDecrypt(skinternal, (new IVParameterSpec(req.getIV()))); - - decryptedP10bytes = cip.doFinal(req.getEncryptedPkcs10()); - CMS.debug("decryptedP10bytes:"); - CMS.debug(decryptedP10bytes); - - req.setP10(new PKCS10(decryptedP10bytes)); - } catch (Exception e) { - CMS.debug("failed to unwrap PKCS10 " + e); - throw new CRSFailureException("Could not unwrap PKCS10 blob: " - + e.getMessage()); - } - - } - - private void getDetailFromRequest(CRSPKIMessage req, CRSPKIMessage crsResp) - throws CRSFailureException { - - IRequest issueReq = null; - X509CertImpl issuedCert = null; - Vector extensionsRequested = null; - SubjectAlternativeNameExtension sane = null; - CertAttrSet requested_ext = null; - - try { - PKCS10 p10 = (PKCS10) req.getP10(); - - if (p10 == null) { - crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck); - crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); - throw new CRSFailureException( - "Failed to decode pkcs10 from CEP request"); - } - - AuthCredentials authCreds = new AuthCredentials(); - - String challengePassword = null; - // Here, we make a new CertInfo - it's a new start for a certificate - - X509CertInfo certInfo = CMS.getDefaultX509CertInfo(); - - // get some stuff out of the request - X509Key key = p10.getSubjectPublicKeyInfo(); - X500Name p10subject = p10.getSubjectName(); - - X500Name subject = null; - - // The following code will copy all the attributes - // into the AuthCredentials so they can be used for - // authentication - // - // Optionally, you can re-map the subject name from: - // one RDN, with many AVA's to - // many RDN's with one AVA in each. - - Enumeration rdne = p10subject.getRDNs(); - Vector rdnv = new Vector(); - - Hashtable sanehash = new Hashtable(); - - X500NameAttrMap xnap = X500NameAttrMap.getDefault(); - while (rdne.hasMoreElements()) { - RDN rdn = (RDN) rdne.nextElement(); - int i = 0; - AVA[] oldavas = rdn.getAssertion(); - for (i = 0; i < rdn.getAssertionLength(); i++) { - AVA[] newavas = new AVA[1]; - newavas[0] = oldavas[i]; - - authCreds.set(xnap.getName(oldavas[i].getOid()), oldavas[i] - .getValue().getAsString()); - - if (oldavas[i].getOid().equals(OID_UNSTRUCTUREDNAME)) { - - sanehash.put(SANE_DNSNAME, oldavas[i].getValue() - .getAsString()); - } - if (oldavas[i].getOid().equals(OID_UNSTRUCTUREDADDRESS)) { - sanehash.put(SANE_IPADDRESS, oldavas[i].getValue() - .getAsString()); - } - - RDN newrdn = new RDN(newavas); - if (mFlattenDN) { - rdnv.addElement(newrdn); - } - } - } - - if (mFlattenDN) - subject = new X500Name(rdnv); - else - subject = p10subject; - - // create default key usage extension - KeyUsageExtension kue = new KeyUsageExtension(); - kue.set(KeyUsageExtension.DIGITAL_SIGNATURE, Boolean.valueOf(true)); - kue.set(KeyUsageExtension.KEY_ENCIPHERMENT, Boolean.valueOf(true)); - - PKCS10Attributes p10atts = p10.getAttributes(); - Enumeration e = p10atts.getElements(); - - while (e.hasMoreElements()) { - PKCS10Attribute p10a = (PKCS10Attribute) e.nextElement(); - CertAttrSet attr = p10a.getAttributeValue(); - - if (attr.getName().equals(ChallengePassword.NAME)) { - if (attr.get(ChallengePassword.PASSWORD) != null) { - req.put(AUTH_PASSWORD, - (String) attr.get(ChallengePassword.PASSWORD)); - req.put(ChallengePassword.NAME, - hashPassword((String) attr - .get(ChallengePassword.PASSWORD))); - } - } - - if (attr.getName().equals(ExtensionsRequested.NAME)) { - - Enumeration exts = ((ExtensionsRequested) attr) - .getExtensions().elements(); - while (exts.hasMoreElements()) { - Extension ext = (Extension) exts.nextElement(); - - if (ext.getExtensionId().equals( - OIDMap.getOID(KeyUsageExtension.IDENT))) { - - kue = new KeyUsageExtension(new Boolean(false), // noncritical - ext.getExtensionValue()); - } - - if (ext.getExtensionId() - .equals(OIDMap - .getOID(SubjectAlternativeNameExtension.IDENT))) { - DerOutputStream dos = new DerOutputStream(); - sane = new SubjectAlternativeNameExtension( - new Boolean(false), // noncritical - ext.getExtensionValue()); - - Vector v = (Vector) sane - .get(SubjectAlternativeNameExtension.SUBJECT_NAME); - - Enumeration gne = v.elements(); - - while (gne.hasMoreElements()) { - GeneralNameInterface gni = (GeneralNameInterface) gne - .nextElement(); - if (gni instanceof GeneralName) { - GeneralName genName = (GeneralName) gni; - - String gn = genName.toString(); - int colon = gn.indexOf(':'); - String gnType = gn.substring(0, colon) - .trim(); - String gnValue = gn.substring(colon + 1) - .trim(); - - authCreds.set(gnType, gnValue); - } - } - } - } - } - } - - if (authCreds != null) - req.put(AUTH_CREDS, authCreds); - - try { - if (sane == null) - sane = makeDefaultSubjectAltName(sanehash); - } catch (Exception sane_e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ENROLL_FAIL_NO_SUBJ_ALT_NAME", - sane_e.getMessage())); - } - - try { - if (mAppendDN != null && !mAppendDN.equals("")) { - - X500Name newSubject = new X500Name(subject.toString()); - subject = new X500Name(subject.toString().concat( - "," + mAppendDN)); - } - - } catch (Exception sne) { - log(ILogger.LL_INFO, "Unable to use appendDN parameter: " - + mAppendDN + ". Error is " + sne.getMessage() - + " Using unmodified subjectname"); - } - - if (subject != null) - req.put(SUBJECTNAME, subject); - - if (key == null || subject == null) { - // log - // throw new - // ERegistrationException(RegistrationResources.ERROR_MALFORMED_P10); - } - - certInfo.set(X509CertInfo.VERSION, new CertificateVersion( - CertificateVersion.V3)); - - certInfo.set(X509CertInfo.SUBJECT, new CertificateSubjectName( - subject)); - - certInfo.set(X509CertInfo.KEY, new CertificateX509Key(key)); - - CertificateExtensions ext = new CertificateExtensions(); - - if (kue != null) { - ext.set(KeyUsageExtension.NAME, kue); - } - - // add subjectAltName extension, if present - if (sane != null) { - ext.set(SubjectAlternativeNameExtension.NAME, sane); - } - - certInfo.set(X509CertInfo.EXTENSIONS, ext); - - req.put(CERTINFO, certInfo); - } catch (Exception e) { - crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck); - crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); - return; - } // NEED TO FIX - } - - private SubjectAlternativeNameExtension makeDefaultSubjectAltName( - Hashtable ht) { - - // if no subjectaltname extension was requested, we try to make it up - // from some of the elements of the subject name - - int itemCount = ht.size(); - GeneralNameInterface[] gn = new GeneralNameInterface[ht.size()]; - - itemCount = 0; - Enumeration en = ht.keys(); - while (en.hasMoreElements()) { - String key = (String) en.nextElement(); - if (key.equals(SANE_DNSNAME)) { - gn[itemCount++] = new DNSName((String) ht.get(key)); - } - if (key.equals(SANE_IPADDRESS)) { - gn[itemCount++] = new IPAddressName((String) ht.get(key)); - } - } - - try { - return new SubjectAlternativeNameExtension(new GeneralNames(gn)); - } catch (Exception e) { - log(ILogger.LL_INFO, - CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_SUBJ_ALT_NAME", - e.getMessage())); - return null; - } + throw new ServletException("Could not decode the request."); + } + crsResp.setMessageType(CRSPKIMessage.mType_CertRep); + + // Create a new crypto context for doing all the crypto operations + cx = new CryptoContext(); + + // Verify Signature on message (throws exception if sig bad) + verifyRequest(req,cx); + + // Deal with Transaction ID + String transactionID = req.getTransactionID(); + if (transactionID == null) { + throw new ServletException("Error: malformed PKIMessage - missing transactionID"); + } + else { + crsResp.setTransactionID(transactionID); + } + + // Deal with Nonces + byte[] sn = req.getSenderNonce(); + if (sn == null) { + throw new ServletException("Error: malformed PKIMessage - missing sendernonce"); + } + else { + if (mNonceSizeLimit > 0 && sn.length > mNonceSizeLimit) { + byte[] snLimited = (mNonceSizeLimit > 0)? new byte[mNonceSizeLimit]: null; + System.arraycopy(sn, 0, snLimited, 0, mNonceSizeLimit); + crsResp.setRecipientNonce(snLimited); + } else { + crsResp.setRecipientNonce(sn); + } + byte[] serverNonce = new byte[16]; + mRandom.nextBytes(serverNonce); + crsResp.setSenderNonce(serverNonce); + // crsResp.setSenderNonce(new byte[] {0}); + } + + // Deal with message type + String mt = req.getMessageType(); + if (mt == null) { + throw new ServletException("Error: malformed PKIMessage - missing messageType"); + } + + // now run appropriate code, depending on message type + if (mt.equals(CRSPKIMessage.mType_PKCSReq)) { + CMS.debug("Processing PKCSReq"); + try { + // Check if there is an existing request. If this returns non-null, + // then the request is 'active' (either pending or completed) in + // which case, we compare the hash of the new request to the hash of the + // one in the queue - if they are the same, I return the state of the + // original request - as if it was 'getCertInitial' message. + // If the hashes are different, then the user attempted to enroll + // for a new request with the same txid, which is not allowed - + // so we return 'failure'. + + IRequest cmsRequest= findRequestByTransactionID(req.getTransactionID(),true); + + // If there was no request (with a cert) with this transaction ID, + // process it as a new request + + cert = handlePKCSReq(httpReq, cmsRequest,req,crsResp,cx); + + } + catch (CRSFailureException e) { + throw new ServletException("Couldn't handle CEP request (PKCSReq) - "+e.getMessage()); + } + } + else if (mt.equals(CRSPKIMessage.mType_GetCertInitial)) { + CMS.debug("Processing GetCertInitial"); + cert = handleGetCertInitial(req,crsResp); + } else { + CMS.debug("Invalid request type " + mt); + } + } + catch (ServletException e) { + throw new ServletException(e.getMessage().toString()); + } + catch (CRSInvalidSignatureException e) { + CMS.debug("handlePKIMessage exception " + e); + CMS.debug(e); + crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck); + } + catch (Exception e) { + CMS.debug("handlePKIMessage exception " + e); + CMS.debug(e); + throw new ServletException("Failed to process message in CEP servlet: "+ e.getMessage()); + } + + // We have now processed the request, and need to make the response message + + try { + // make the response + processCertRep(cx, cert,crsResp, req); + + // Get the response coding + response = crsResp.getResponse(); + + // Encode the crsResp into B64 + httpResp.setContentType("application/x-pki-message"); + httpResp.setContentLength(response.length); + httpResp.getOutputStream().write(response); + httpResp.getOutputStream().flush(); + + CMS.debug("Output PKIOperation response:"); + CMS.debug(CMS.BtoA(response)); + } + catch (Exception e) { + throw new ServletException("Failed to create response for CEP message"+e.getMessage()); + } + + } + + + /** + * finds a request with this transaction ID. + * If could not find any request - return null + * If could only find 'rejected' or 'cancelled' requests, return null + * If found 'pending' or 'completed' request - return that request + */ + + public IRequest findRequestByTransactionID(String txid, boolean ignoreRejected) + throws EBaseException { + + /* Check if certificate request has been completed */ + + IRequestQueue rq = ca.getRequestQueue(); + IRequest foundRequest = null; + + Enumeration rids = rq.findRequestsBySourceId(txid); + if (rids == null) { return null; } + + int count=0; + while (rids.hasMoreElements()) { + RequestId rid = (RequestId) rids.nextElement(); + if (rid == null) { + continue; + } + + IRequest request = rq.findRequest(rid); + if (request == null) { + continue; + } + if ( !ignoreRejected || + request.getRequestStatus().equals(RequestStatus.PENDING) || + request.getRequestStatus().equals(RequestStatus.COMPLETE)) { + if (foundRequest != null) { + } + foundRequest = request; + } + } + return foundRequest; + } + + /** + * Called if the router is requesting us to send it its certificate + * Examine request queue for a request matching the transaction ID. + * Ignore any rejected or cancelled requests. + * + * If a request is found in the pending state, the response should be + * 'pending' + * + * If a request is found in the completed state, the response should be + * to return the certificate + * + * If no request is found, the response should be to return null + * + */ + + public X509CertImpl handleGetCertInitial(CRSPKIMessage req,CRSPKIMessage resp) + { + IRequest foundRequest=null; + + // already done by handlePKIOperation + // resp.setRecipientNonce(req.getSenderNonce()); + // resp.setSenderNonce(null); + + try { + foundRequest = findRequestByTransactionID(req.getTransactionID(),false); + } catch (EBaseException e) { + } + + if (foundRequest == null) { + resp.setFailInfo(CRSPKIMessage.mFailInfo_badCertId); + resp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); + return null; + } + + return makeResponseFromRequest(req,resp,foundRequest); + } + + + public void verifyRequest(CRSPKIMessage req, CryptoContext cx) + throws CRSInvalidSignatureException { + + // Get Signed Data + + byte[] reqAAbytes = req.getAA(); + byte[] reqAAsig = req.getAADigest(); + + } + + + /** + * Create an entry for this user in the publishing directory + * + */ + + private boolean createEntry(String dn) + { + boolean result = false; + + IPublisherProcessor ldapPub = mAuthority.getPublisherProcessor(); + if (ldapPub == null || !ldapPub.enabled()) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_CREATE_ENTRY_FROM_CEP")); + + return result; + } + + ILdapConnFactory connFactory = ((IPublisherProcessor)ldapPub).getLdapConnModule().getLdapConnFactory(); + if (connFactory == null) { + return result; + } + + LDAPConnection connection=null; + try { + connection = connFactory.getConn(); + String[] objectclasses = { "top", mEntryObjectclass }; + LDAPAttribute ocAttrs = new LDAPAttribute("objectclass",objectclasses); + + LDAPAttributeSet attrSet = new LDAPAttributeSet(); + attrSet.add(ocAttrs); + + LDAPEntry newEntry = new LDAPEntry(dn, attrSet); + connection.add(newEntry); + result=true; + } + catch (Exception e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_FAIL_CREAT_ENTRY_EXISTS",dn)); + } + finally { + try { + connFactory.returnConn(connection); + } + catch (Exception f) {} + } + return result; } - // Perform authentication - - /* - * if the authentication is set up for CEP, and the user provides some - * credential, an attempt is made to authenticate the user If this fails, - * this method will return true If it is sucessful, this method will return - * true and an authtoken will be in the request - * - * If authentication is not configured, this method will return false. The - * request will be processed in the usual way, but no authtoken will be in - * the request. - * - * In other word, this method returns true if the request should be aborted, - * false otherwise. - */ - - private boolean authenticateUser(CRSPKIMessage req) { - boolean authenticationFailed = true; - - if (mAuthManagerName == null) { - return false; - } - - String password = (String) req.get(AUTH_PASSWORD); - - AuthCredentials authCreds = (AuthCredentials) req.get(AUTH_CREDS); - - if (authCreds == null) { - authCreds = new AuthCredentials(); - } - - // authtoken starts as null - AuthToken token = null; - - if (password != null && !password.equals("")) { - try { - authCreds.set(AUTH_PASSWORD, password); - } catch (Exception e) { - } - } - try { - token = (AuthToken) mAuthSubsystem.authenticate(authCreds, - mAuthManagerName); - authCreds.delete(AUTH_PASSWORD); - // if we got here, the authenticate call must not have thrown - // an exception - authenticationFailed = false; - } catch (EInvalidCredentials ex) { - // Invalid credentials - we must reject the request - authenticationFailed = true; - } catch (EMissingCredential mc) { - // Misssing credential - we'll log, and process manually - authenticationFailed = false; - } catch (EBaseException ex) { - // If there's some other error, we'll reject - // So, we just continue on, - AUTH_TOKEN will not be set. - } - if (token != null) { - req.put(AUTH_TOKEN, token); + /** + * Here we decrypt the PKCS10 message from the client + * + */ + + public void unwrapPKCS10(CRSPKIMessage req, CryptoContext cx) + throws ServletException, + CryptoManager.NotInitializedException, + CryptoContext.CryptoContextException, + CRSFailureException { + + byte[] decryptedP10bytes = null; + SymmetricKey sk; + SymmetricKey skinternal; + SymmetricKey.Type skt; + KeyWrapper kw; + Cipher cip; + EncryptionAlgorithm ea; + boolean errorInRequest = false; + + // Unwrap the session key with the Cert server key + try { + kw = cx.getKeyWrapper(); + + kw.initUnwrap(cx.getPrivateKey(),null); + + skt = SymmetricKey.Type.DES; + ea = EncryptionAlgorithm.DES_CBC; + if (mEncryptionAlgorithm != null && mEncryptionAlgorithm.equals("DES3")) { + skt = SymmetricKey.Type.DES3; + ea = EncryptionAlgorithm.DES3_CBC; + } + + sk = kw.unwrapSymmetric(req.getWrappedKey(), + skt, + SymmetricKey.Usage.DECRYPT, + 0); // keylength is ignored + + skinternal = cx.getDESKeyGenerator().clone(sk); + + cip = skinternal.getOwningToken().getCipherContext(ea); + + cip.initDecrypt(skinternal,(new IVParameterSpec(req.getIV()))); + + decryptedP10bytes = cip.doFinal(req.getEncryptedPkcs10()); + CMS.debug("decryptedP10bytes:"); + CMS.debug(decryptedP10bytes); + + req.setP10(new PKCS10(decryptedP10bytes)); + } catch (Exception e) { + CMS.debug("failed to unwrap PKCS10 " + e); + throw new CRSFailureException("Could not unwrap PKCS10 blob: "+e.getMessage()); + } + + } + + + +private void getDetailFromRequest(CRSPKIMessage req, CRSPKIMessage crsResp) + throws CRSFailureException { + + IRequest issueReq = null; + X509CertImpl issuedCert=null; + Vector extensionsRequested = null; + SubjectAlternativeNameExtension sane = null; + CertAttrSet requested_ext = null; + + try { + PKCS10 p10 = (PKCS10)req.getP10(); + + if (p10 == null) { + crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck); + crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); + throw new CRSFailureException("Failed to decode pkcs10 from CEP request"); + } + + AuthCredentials authCreds = new AuthCredentials(); + + String challengePassword = null; + // Here, we make a new CertInfo - it's a new start for a certificate + + X509CertInfo certInfo = CMS.getDefaultX509CertInfo(); + + // get some stuff out of the request + X509Key key = p10.getSubjectPublicKeyInfo(); + X500Name p10subject = p10.getSubjectName(); + + X500Name subject=null; + + // The following code will copy all the attributes + // into the AuthCredentials so they can be used for + // authentication + // + // Optionally, you can re-map the subject name from: + // one RDN, with many AVA's to + // many RDN's with one AVA in each. + + Enumeration rdne = p10subject.getRDNs(); + Vector rdnv = new Vector(); + + Hashtable sanehash = new Hashtable(); + + X500NameAttrMap xnap = X500NameAttrMap.getDefault(); + while (rdne.hasMoreElements()) { + RDN rdn = (RDN) rdne.nextElement(); + int i=0; + AVA[] oldavas = rdn.getAssertion(); + for (i=0; i<rdn.getAssertionLength(); i++) { + AVA[] newavas = new AVA[1]; + newavas[0] = oldavas[i]; + + authCreds.set(xnap.getName(oldavas[i].getOid()), + oldavas[i].getValue().getAsString()); + + if (oldavas[i].getOid().equals(OID_UNSTRUCTUREDNAME)) { + + sanehash.put(SANE_DNSNAME,oldavas[i].getValue().getAsString()); + } + if (oldavas[i].getOid().equals(OID_UNSTRUCTUREDADDRESS)) { + sanehash.put(SANE_IPADDRESS,oldavas[i].getValue().getAsString()); + } + + RDN newrdn = new RDN(newavas); + if (mFlattenDN) { + rdnv.addElement(newrdn); + } + } + } + + if (mFlattenDN) subject = new X500Name(rdnv); + else subject = p10subject; + + + // create default key usage extension + KeyUsageExtension kue = new KeyUsageExtension(); + kue.set(KeyUsageExtension.DIGITAL_SIGNATURE, Boolean.valueOf(true)); + kue.set(KeyUsageExtension.KEY_ENCIPHERMENT, Boolean.valueOf(true)); + + + PKCS10Attributes p10atts = p10.getAttributes(); + Enumeration e = p10atts.getElements(); + + while (e.hasMoreElements()) { + PKCS10Attribute p10a = (PKCS10Attribute)e.nextElement(); + CertAttrSet attr = p10a.getAttributeValue(); + + + if (attr.getName().equals(ChallengePassword.NAME)) { + if (attr.get(ChallengePassword.PASSWORD) != null) { + req.put(AUTH_PASSWORD, + (String)attr.get(ChallengePassword.PASSWORD)); + req.put(ChallengePassword.NAME, + hashPassword( + (String)attr.get(ChallengePassword.PASSWORD))); + } + } + + if (attr.getName().equals(ExtensionsRequested.NAME)) { + + Enumeration exts = ((ExtensionsRequested)attr).getExtensions().elements(); + while (exts.hasMoreElements()) { + Extension ext = (Extension) exts.nextElement(); + + if (ext.getExtensionId().equals( + OIDMap.getOID(KeyUsageExtension.IDENT)) ) { + + kue = new KeyUsageExtension( + new Boolean(false), // noncritical + ext.getExtensionValue()); + } + + if (ext.getExtensionId().equals( + OIDMap.getOID(SubjectAlternativeNameExtension.IDENT)) ) { + DerOutputStream dos = new DerOutputStream(); + sane = new SubjectAlternativeNameExtension( + new Boolean(false), // noncritical + ext.getExtensionValue()); + + + Vector v = + (Vector) sane.get(SubjectAlternativeNameExtension. SUBJECT_NAME); + + Enumeration gne = v.elements(); + + while (gne.hasMoreElements()) { + GeneralNameInterface gni = (GeneralNameInterface) gne.nextElement(); + if (gni instanceof GeneralName) { + GeneralName genName = (GeneralName) gni; + + String gn = genName.toString(); + int colon = gn.indexOf(':'); + String gnType = gn.substring(0,colon).trim(); + String gnValue = gn.substring(colon+1).trim(); + + authCreds.set(gnType,gnValue); + } + } + } + } + } + } + + if (authCreds != null) req.put(AUTH_CREDS,authCreds); + + try { + if (sane == null) sane = makeDefaultSubjectAltName(sanehash); + } catch (Exception sane_e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_SUBJ_ALT_NAME", + sane_e.getMessage())); + } + + + + try { + if (mAppendDN != null && ! mAppendDN.equals("")) { + + X500Name newSubject = new X500Name(subject.toString()); + subject = new X500Name( subject.toString().concat(","+mAppendDN)); + } + + } catch (Exception sne) { + log(ILogger.LL_INFO, "Unable to use appendDN parameter: "+mAppendDN+". Error is "+sne.getMessage()+" Using unmodified subjectname"); + } + + if (subject != null) req.put(SUBJECTNAME, subject); + + if (key == null || subject == null) { + // log + //throw new ERegistrationException(RegistrationResources.ERROR_MALFORMED_P10); + } + + + + certInfo.set(X509CertInfo.VERSION, + new CertificateVersion(CertificateVersion.V3)); + + certInfo.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(subject)); + + certInfo.set(X509CertInfo.KEY, + new CertificateX509Key(key)); + + CertificateExtensions ext = new CertificateExtensions(); + + if (kue != null) { + ext.set(KeyUsageExtension.NAME, kue); + } + + // add subjectAltName extension, if present + if (sane != null) { + ext.set(SubjectAlternativeNameExtension.NAME, sane); + } + + certInfo.set(X509CertInfo.EXTENSIONS,ext); + + req.put(CERTINFO, certInfo); + } catch (Exception e) { + crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck); + crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); + return ; + } // NEED TO FIX + } + + + private SubjectAlternativeNameExtension makeDefaultSubjectAltName(Hashtable ht) { + + // if no subjectaltname extension was requested, we try to make it up + // from some of the elements of the subject name + + int itemCount = ht.size(); + GeneralNameInterface[] gn = new GeneralNameInterface[ht.size()]; + + itemCount = 0; + Enumeration en = ht.keys(); + while (en.hasMoreElements()) { + String key = (String) en.nextElement(); + if (key.equals(SANE_DNSNAME)) { + gn[itemCount++] = new DNSName((String)ht.get(key)); + } + if (key.equals(SANE_IPADDRESS)) { + gn[itemCount++] = new IPAddressName((String)ht.get(key)); } - - return authenticationFailed; } - private boolean areFingerprintsEqual(IRequest req, Hashtable fingerprints) { - - Hashtable old_fprints = req - .getExtDataInHashtable(IRequest.FINGERPRINTS); - if (old_fprints == null) { - return false; - } - - byte[] old_md5 = CMS.AtoB((String) old_fprints.get("MD5")); - byte[] new_md5 = (byte[]) fingerprints.get("MD5"); - - if (old_md5.length != new_md5.length) - return false; - - for (int i = 0; i < old_md5.length; i++) { - if (old_md5[i] != new_md5[i]) - return false; - } - return true; - } - - public X509CertImpl handlePKCSReq(HttpServletRequest httpReq, - IRequest cmsRequest, CRSPKIMessage req, CRSPKIMessage crsResp, - CryptoContext cx) throws ServletException, - CryptoManager.NotInitializedException, CRSFailureException { - - try { - unwrapPKCS10(req, cx); - Hashtable fingerprints = makeFingerPrints(req); - - if (cmsRequest != null) { - if (areFingerprintsEqual(cmsRequest, fingerprints)) { - CMS.debug("created response from request"); - return makeResponseFromRequest(req, crsResp, cmsRequest); - } else { - CMS.debug("duplicated transaction id"); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ENROLL_FAIL_DUP_TRANS_ID")); - crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badRequest); - crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); - return null; - } - } - - getDetailFromRequest(req, crsResp); - boolean authFailed = authenticateUser(req); - - if (authFailed) { - CMS.debug("authentication failed"); - log(ILogger.LL_SECURITY, - CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_AUTH")); - crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badIdentity); - crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); - - // perform audit log - String auditMessage = CMS.getLogMessage( - "LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST_5", - httpReq.getRemoteAddr(), ILogger.FAILURE, - req.getTransactionID(), "CRSEnrollment", - ILogger.SIGNED_AUDIT_EMPTY_VALUE); - ILogger signedAuditLogger = CMS.getSignedAuditLogger(); - if (signedAuditLogger != null) { - signedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, null, - ILogger.S_SIGNED_AUDIT, ILogger.LL_SECURITY, - auditMessage); - } - - return null; - } else { - IRequest ireq = postRequest(httpReq, req, crsResp); - - CMS.debug("created response"); - return makeResponseFromRequest(req, crsResp, ireq); - } - } catch (CryptoContext.CryptoContextException e) { - CMS.debug("failed to decrypt the request " + e); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_DECRYPT_PKCS10", - e.getMessage())); - crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck); - crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); - } catch (EBaseException e) { - CMS.debug("operation failure - " + e); - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERNOLL_FAIL_NO_NEW_REQUEST_POSTED", e.getMessage())); - crsResp.setFailInfo(CRSPKIMessage.mFailInfo_internalCAError); - crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); - } - return null; - } - - // //// post the request - - /* - * needed: - * - * token (authtoken) certInfo fingerprints x req.transactionID crsResp - */ - - private IRequest postRequest(HttpServletRequest httpReq, CRSPKIMessage req, - CRSPKIMessage crsResp) throws EBaseException { - X500Name subject = (X500Name) req.get(SUBJECTNAME); - - if (mCreateEntry) { - if (subject == null) { - CMS.debug("CRSEnrollment::postRequest() - subject is null!"); - return null; - } - createEntry(subject.toString()); - } - - // use profile framework to handle SCEP - if (mProfileId != null) { - PKCS10 pkcs10data = (PKCS10) req.getP10(); - String pkcs10blob = CMS.BtoA(pkcs10data.toByteArray()); - - // XXX authentication handling - CMS.debug("Found profile=" + mProfileId); - IProfile profile = mProfileSubsystem.getProfile(mProfileId); - if (profile == null) { - CMS.debug("profile " + mProfileId + " not found"); - return null; - } - IProfileContext ctx = profile.createContext(); - - IProfileAuthenticator authenticator = null; - try { - CMS.debug("Retrieving authenticator"); - authenticator = profile.getAuthenticator(); - if (authenticator == null) { - CMS.debug("No authenticator Found"); - } else { - CMS.debug("Got authenticator=" - + authenticator.getClass().getName()); - } - } catch (EProfileException e) { - // authenticator not installed correctly - } - - IAuthToken authToken = null; - - // for ssl authentication; pass in servlet for retrieving - // ssl client certificates - SessionContext context = SessionContext.getContext(); - - // insert profile context so that input parameter can be retrieved - context.put("profileContext", ctx); - context.put("sslClientCertProvider", new SSLClientCertProvider( - httpReq)); - - String p10Password = getPasswordFromP10(pkcs10data); - AuthCredentials credentials = new AuthCredentials(); - credentials.set("UID", httpReq.getRemoteAddr()); - credentials.set("PWD", p10Password); + try { + return new SubjectAlternativeNameExtension( new GeneralNames(gn) ); + } catch (Exception e) { + log(ILogger.LL_INFO, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_SUBJ_ALT_NAME", + e.getMessage())); + return null; + } + } + + + + // Perform authentication + + /* + * if the authentication is set up for CEP, and the user provides + * some credential, an attempt is made to authenticate the user + * If this fails, this method will return true + * If it is sucessful, this method will return true and + * an authtoken will be in the request + * + * If authentication is not configured, this method will + * return false. The request will be processed in the usual + * way, but no authtoken will be in the request. + * + * In other word, this method returns true if the request + * should be aborted, false otherwise. + */ + + private boolean authenticateUser(CRSPKIMessage req) { + boolean authenticationFailed = true; + + if (mAuthManagerName == null) { + return false; + } + + String password = (String)req.get(AUTH_PASSWORD); + + AuthCredentials authCreds = (AuthCredentials)req.get(AUTH_CREDS); + + if (authCreds == null) { + authCreds = new AuthCredentials(); + } + + // authtoken starts as null + AuthToken token = null; + + if (password != null && !password.equals("")) { + try { + authCreds.set(AUTH_PASSWORD,password); + } catch (Exception e) {} + } + + try { + token = (AuthToken)mAuthSubsystem.authenticate(authCreds,mAuthManagerName); + authCreds.delete(AUTH_PASSWORD); + // if we got here, the authenticate call must not have thrown + // an exception + authenticationFailed = false; + } + catch (EInvalidCredentials ex) { + // Invalid credentials - we must reject the request + authenticationFailed = true; + } + catch (EMissingCredential mc) { + // Misssing credential - we'll log, and process manually + authenticationFailed = false; + } + catch (EBaseException ex) { + // If there's some other error, we'll reject + // So, we just continue on, - AUTH_TOKEN will not be set. + } + + if (token != null) { + req.put(AUTH_TOKEN,token); + } + + return authenticationFailed; + } + + private boolean areFingerprintsEqual(IRequest req, Hashtable fingerprints) + { + + Hashtable old_fprints = req.getExtDataInHashtable(IRequest.FINGERPRINTS); + if (old_fprints == null) { return false; } + + byte[] old_md5 = CMS.AtoB((String) old_fprints.get("MD5")); + byte[] new_md5 = (byte[]) fingerprints.get("MD5"); + + if (old_md5.length != new_md5.length) return false; + + for (int i=0;i<old_md5.length; i++) { + if (old_md5[i] != new_md5[i]) return false; + } + return true; + } + + public X509CertImpl handlePKCSReq(HttpServletRequest httpReq, + IRequest cmsRequest, CRSPKIMessage req, + CRSPKIMessage crsResp, CryptoContext cx) + throws ServletException, + CryptoManager.NotInitializedException, + CRSFailureException { + + try { + unwrapPKCS10(req,cx); + Hashtable fingerprints = makeFingerPrints(req); + + if (cmsRequest != null) { + if (areFingerprintsEqual(cmsRequest, fingerprints)) { + CMS.debug("created response from request"); + return makeResponseFromRequest(req,crsResp,cmsRequest); + } + else { + CMS.debug("duplicated transaction id"); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ENROLL_FAIL_DUP_TRANS_ID")); + crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badRequest); + crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); + return null; + } + } + + getDetailFromRequest(req,crsResp); + boolean authFailed = authenticateUser(req); + + if (authFailed) { + CMS.debug("authentication failed"); + log(ILogger.LL_SECURITY, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_AUTH")); + crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badIdentity); + crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); + + + // perform audit log + String auditMessage = CMS.getLogMessage( + "LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST_5", + httpReq.getRemoteAddr(), + ILogger.FAILURE, + req.getTransactionID(), + "CRSEnrollment", + ILogger.SIGNED_AUDIT_EMPTY_VALUE); + ILogger signedAuditLogger = CMS.getSignedAuditLogger(); + if (signedAuditLogger != null) { + signedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, + null, ILogger.S_SIGNED_AUDIT, + ILogger.LL_SECURITY, auditMessage); + } + + return null; + } + else { + IRequest ireq = postRequest(httpReq, req,crsResp); + + + CMS.debug("created response"); + return makeResponseFromRequest(req,crsResp, ireq); + } + } catch (CryptoContext.CryptoContextException e) { + CMS.debug("failed to decrypt the request " + e); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_DECRYPT_PKCS10", + e.getMessage())); + crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck); + crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); + } catch (EBaseException e) { + CMS.debug("operation failure - " + e); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERNOLL_FAIL_NO_NEW_REQUEST_POSTED", + e.getMessage())); + crsResp.setFailInfo(CRSPKIMessage.mFailInfo_internalCAError); + crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); + } + return null; + } + + +////// post the request + +/* + needed: + + token (authtoken) + certInfo + fingerprints x + req.transactionID + crsResp +*/ + +private IRequest postRequest(HttpServletRequest httpReq, CRSPKIMessage req, CRSPKIMessage crsResp) +throws EBaseException { + X500Name subject = (X500Name)req.get(SUBJECTNAME); + + if (mCreateEntry) { + if (subject == null) { + CMS.debug( "CRSEnrollment::postRequest() - subject is null!" ); + return null; + } + createEntry(subject.toString()); + } + + // use profile framework to handle SCEP + if (mProfileId != null) { + PKCS10 pkcs10data = (PKCS10)req.getP10(); + String pkcs10blob = CMS.BtoA(pkcs10data.toByteArray()); + + // XXX authentication handling + CMS.debug("Found profile=" + mProfileId); + IProfile profile = mProfileSubsystem.getProfile(mProfileId); + if (profile == null) { + CMS.debug("profile " + mProfileId + " not found"); + return null; + } + IProfileContext ctx = profile.createContext(); + + IProfileAuthenticator authenticator = null; + try { + CMS.debug("Retrieving authenticator"); + authenticator = profile.getAuthenticator(); if (authenticator == null) { - // XXX - to help caRouterCert to work, we need to - // add authentication to caRouterCert - authToken = new AuthToken(null); - } else { - authToken = authenticate(credentials, authenticator, httpReq); - } - - IRequest reqs[] = null; - CMS.debug("CRSEnrollment: Creating profile requests"); - ctx.set(IEnrollProfile.CTX_CERT_REQUEST_TYPE, "pkcs10"); - ctx.set(IEnrollProfile.CTX_CERT_REQUEST, pkcs10blob); - Locale locale = Locale.getDefault(); - reqs = profile.createRequests(ctx, locale); - if (reqs == null) { - CMS.debug("CRSEnrollment: No request has been created"); - return null; + CMS.debug("No authenticator Found"); } else { - CMS.debug("CRSEnrollment: Request (" + reqs.length - + ") have been created"); - } - // set transaction id - reqs[0].setSourceId(req.getTransactionID()); - reqs[0].setExtData("profile", "true"); - reqs[0].setExtData("profileId", mProfileId); - reqs[0].setExtData(IEnrollProfile.CTX_CERT_REQUEST_TYPE, - IEnrollProfile.REQ_TYPE_PKCS10); - reqs[0].setExtData(IEnrollProfile.CTX_CERT_REQUEST, pkcs10blob); - reqs[0].setExtData("requestor_name", ""); - reqs[0].setExtData("requestor_email", ""); - reqs[0].setExtData("requestor_phone", ""); - reqs[0].setExtData("profileRemoteHost", httpReq.getRemoteHost()); - reqs[0].setExtData("profileRemoteAddr", httpReq.getRemoteAddr()); - reqs[0].setExtData("profileApprovedBy", profile.getApprovedBy()); - - CMS.debug("CRSEnrollment: Populating inputs"); - profile.populateInput(ctx, reqs[0]); - CMS.debug("CRSEnrollment: Populating requests"); - profile.populate(reqs[0]); - - CMS.debug("CRSEnrollment: Submitting request"); - profile.submit(authToken, reqs[0]); - CMS.debug("CRSEnrollment: Done submitting request"); - profile.getRequestQueue().markAsServiced(reqs[0]); - CMS.debug("CRSEnrollment: Request marked as serviced"); - - return reqs[0]; - - } - - IRequestQueue rq = ca.getRequestQueue(); - IRequest pkiReq = rq.newRequest(IRequest.ENROLLMENT_REQUEST); - - AuthToken token = (AuthToken) req.get(AUTH_TOKEN); - if (token != null) { - pkiReq.setExtData(IRequest.AUTH_TOKEN, token); - } - - pkiReq.setExtData(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE, - IRequest.CEP_CERT); - X509CertInfo certInfo = (X509CertInfo) req.get(CERTINFO); - pkiReq.setExtData(IRequest.CERT_INFO, new X509CertInfo[] { certInfo }); - pkiReq.setExtData("cepsubstore", mSubstoreName); - - try { - String chpwd = (String) req.get(ChallengePassword.NAME); - if (chpwd != null) { - pkiReq.setExtData("challengePhrase", chpwd); - } - } catch (Exception pwex) { - } - - Hashtable fingerprints = (Hashtable) req.get(IRequest.FINGERPRINTS); - if (fingerprints.size() > 0) { - Hashtable encodedPrints = new Hashtable(fingerprints.size()); - Enumeration e = fingerprints.keys(); - while (e.hasMoreElements()) { - String key = (String) e.nextElement(); - byte[] value = (byte[]) fingerprints.get(key); - encodedPrints.put(key, CMS.BtoA(value)); + CMS.debug("Got authenticator=" + authenticator.getClass().getName()); } - pkiReq.setExtData(IRequest.FINGERPRINTS, encodedPrints); - } - - pkiReq.setSourceId(req.getTransactionID()); - - rq.processRequest(pkiReq); - - crsResp.setPKIStatus(CRSPKIMessage.mStatus_SUCCESS); - - mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, AuditFormat.LEVEL, - AuditFormat.ENROLLMENTFORMAT, - new Object[] { - pkiReq.getRequestId(), - AuditFormat.FROMROUTER, - mAuthManagerName == null ? AuditFormat.NOAUTH - : mAuthManagerName, "pending", subject, "" }); - - return pkiReq; - } - - public Hashtable makeFingerPrints(CRSPKIMessage req) { + } catch (EProfileException e) { + // authenticator not installed correctly + } + + IAuthToken authToken = null; + + // for ssl authentication; pass in servlet for retrieving + // ssl client certificates + SessionContext context = SessionContext.getContext(); + + + // insert profile context so that input parameter can be retrieved + context.put("profileContext", ctx); + context.put("sslClientCertProvider", + new SSLClientCertProvider(httpReq)); + + String p10Password = getPasswordFromP10(pkcs10data); + AuthCredentials credentials = new AuthCredentials(); + credentials.set("UID", httpReq.getRemoteAddr()); + credentials.set("PWD", p10Password); + + if (authenticator == null) { + // XXX - to help caRouterCert to work, we need to + // add authentication to caRouterCert + authToken = new AuthToken(null); + } else { + authToken = authenticate(credentials, authenticator, httpReq); + } + + IRequest reqs[] = null; + CMS.debug("CRSEnrollment: Creating profile requests"); + ctx.set(IEnrollProfile.CTX_CERT_REQUEST_TYPE, "pkcs10"); + ctx.set(IEnrollProfile.CTX_CERT_REQUEST, pkcs10blob); + Locale locale = Locale.getDefault(); + reqs = profile.createRequests(ctx, locale); + if (reqs == null) { + CMS.debug("CRSEnrollment: No request has been created"); + return null; + } else { + CMS.debug("CRSEnrollment: Request (" + reqs.length + ") have been created"); + } + // set transaction id + reqs[0].setSourceId(req.getTransactionID()); + reqs[0].setExtData("profile", "true"); + reqs[0].setExtData("profileId", mProfileId); + reqs[0].setExtData(IEnrollProfile.CTX_CERT_REQUEST_TYPE, IEnrollProfile.REQ_TYPE_PKCS10); + reqs[0].setExtData(IEnrollProfile.CTX_CERT_REQUEST, pkcs10blob); + reqs[0].setExtData("requestor_name", ""); + reqs[0].setExtData("requestor_email", ""); + reqs[0].setExtData("requestor_phone", ""); + reqs[0].setExtData("profileRemoteHost", httpReq.getRemoteHost()); + reqs[0].setExtData("profileRemoteAddr", httpReq.getRemoteAddr()); + reqs[0].setExtData("profileApprovedBy", profile.getApprovedBy()); + + CMS.debug("CRSEnrollment: Populating inputs"); + profile.populateInput(ctx, reqs[0]); + CMS.debug("CRSEnrollment: Populating requests"); + profile.populate(reqs[0]); + + CMS.debug("CRSEnrollment: Submitting request"); + profile.submit(authToken, reqs[0]); + CMS.debug("CRSEnrollment: Done submitting request"); + profile.getRequestQueue().markAsServiced(reqs[0]); + CMS.debug("CRSEnrollment: Request marked as serviced"); + + return reqs[0]; + + } + + IRequestQueue rq = ca.getRequestQueue(); + IRequest pkiReq = rq.newRequest(IRequest.ENROLLMENT_REQUEST); + + AuthToken token = (AuthToken) req.get(AUTH_TOKEN); + if (token != null) { + pkiReq.setExtData(IRequest.AUTH_TOKEN,token); + } + + pkiReq.setExtData(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE, IRequest.CEP_CERT); + X509CertInfo certInfo = (X509CertInfo) req.get(CERTINFO); + pkiReq.setExtData(IRequest.CERT_INFO, new X509CertInfo[] { certInfo } ); + pkiReq.setExtData("cepsubstore", mSubstoreName); + + try { + String chpwd = (String)req.get(ChallengePassword.NAME); + if (chpwd != null) { + pkiReq.setExtData("challengePhrase", + chpwd ); + } + } catch (Exception pwex) { + } + + Hashtable fingerprints = (Hashtable)req.get(IRequest.FINGERPRINTS); + if (fingerprints.size() > 0) { + Hashtable encodedPrints = new Hashtable(fingerprints.size()); + Enumeration e = fingerprints.keys(); + while (e.hasMoreElements()) { + String key = (String)e.nextElement(); + byte[] value = (byte[])fingerprints.get(key); + encodedPrints.put(key, CMS.BtoA(value)); + } + pkiReq.setExtData(IRequest.FINGERPRINTS, encodedPrints); + } + + pkiReq.setSourceId(req.getTransactionID()); + + rq.processRequest(pkiReq); + + crsResp.setPKIStatus(CRSPKIMessage.mStatus_SUCCESS); + + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.ENROLLMENTFORMAT, + new Object[] { + pkiReq.getRequestId(), + AuditFormat.FROMROUTER, + mAuthManagerName == null ? AuditFormat.NOAUTH : mAuthManagerName, + "pending", + subject , + ""} + ); + + return pkiReq; + } + + + + public Hashtable makeFingerPrints(CRSPKIMessage req) { Hashtable fingerprints = new Hashtable(); MessageDigest md; - String[] hashes = new String[] { "MD2", "MD5", "SHA1", "SHA256", - "SHA512" }; - PKCS10 p10 = (PKCS10) req.getP10(); + String[] hashes = new String[] {"MD2", "MD5", "SHA1", "SHA256", "SHA512"}; + PKCS10 p10 = (PKCS10)req.getP10(); - for (int i = 0; i < hashes.length; i++) { - try { - md = MessageDigest.getInstance(hashes[i]); - md.update(p10.getCertRequestInfo()); - fingerprints.put(hashes[i], md.digest()); - } catch (NoSuchAlgorithmException nsa) { - } + for (int i=0;i<hashes.length;i++) { + try { + md = MessageDigest.getInstance(hashes[i]); + md.update(p10.getCertRequestInfo()); + fingerprints.put(hashes[i],md.digest()); + } + catch (NoSuchAlgorithmException nsa) {} } - if (fingerprints != null) { - req.put(IRequest.FINGERPRINTS, fingerprints); - } - return fingerprints; - } + if (fingerprints != null) { + req.put(IRequest.FINGERPRINTS,fingerprints); + } + return fingerprints; + } + + + // Take a look to see if the request was successful, and fill + // in the response message - // Take a look to see if the request was successful, and fill - // in the response message - private X509CertImpl makeResponseFromRequest(CRSPKIMessage crsReq, - CRSPKIMessage crsResp, IRequest pkiReq) { + private X509CertImpl makeResponseFromRequest(CRSPKIMessage crsReq, CRSPKIMessage crsResp, + IRequest pkiReq) + { - X509CertImpl issuedCert = null; + X509CertImpl issuedCert=null; RequestStatus status = pkiReq.getRequestStatus(); String profileId = pkiReq.getExtDataInString("profileId"); if (profileId != null) { - CMS.debug("CRSEnrollment: Found profile request"); - X509CertImpl cert = pkiReq - .getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT); - if (cert == null) { - CMS.debug("CRSEnrollment: No certificate has been found"); - } else { - CMS.debug("CRSEnrollment: Found certificate"); - } - crsResp.setPKIStatus(CRSPKIMessage.mStatus_SUCCESS); - return cert; + CMS.debug("CRSEnrollment: Found profile request"); + X509CertImpl cert = + pkiReq.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT); + if (cert == null) { + CMS.debug("CRSEnrollment: No certificate has been found"); + } else { + CMS.debug("CRSEnrollment: Found certificate"); + } + crsResp.setPKIStatus(CRSPKIMessage.mStatus_SUCCESS); + return cert; } - if (status.equals(RequestStatus.COMPLETE)) { + + if ( status.equals(RequestStatus.COMPLETE)) { Integer success = pkiReq.getExtDataInInteger(IRequest.RESULT); + if (success.equals(IRequest.RES_SUCCESS)) { // The cert was issued, lets send it back to the router - X509CertImpl[] issuedCertBuf = pkiReq - .getExtDataInCertArray(IRequest.ISSUED_CERTS); + X509CertImpl[] issuedCertBuf = + pkiReq.getExtDataInCertArray(IRequest.ISSUED_CERTS); if (issuedCertBuf == null || issuedCertBuf.length == 0) { - // writeError("Internal Error: Bad operation",httpReq,httpResp); - CMS.debug("CRSEnrollment::makeResponseFromRequest() - " - + "Bad operation"); + // writeError("Internal Error: Bad operation",httpReq,httpResp); + CMS.debug( "CRSEnrollment::makeResponseFromRequest() - " + + "Bad operation" ); return null; } issuedCert = issuedCertBuf[0]; crsResp.setPKIStatus(CRSPKIMessage.mStatus_SUCCESS); - - } else { // status is not 'success' - there must've been a problem - + + } + else { // status is not 'success' - there must've been a problem + crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badAlg); } - } else if (status.equals(RequestStatus.REJECTED_STRING) - || status.equals(RequestStatus.CANCELED_STRING)) { - crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); - crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badRequest); - } else { // not complete + } + else if (status.equals(RequestStatus.REJECTED_STRING) || + status.equals(RequestStatus.CANCELED_STRING)) { + crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); + crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badRequest); + } + else { // not complete crsResp.setPKIStatus(CRSPKIMessage.mStatus_PENDING); } return issuedCert; } - /** - * This needs to be re-written to log the messages to the system log, since - * there will be no visual webpage feedback for the user. (he's using a - * router) - */ - - private void writeError(String errMsg, HttpServletRequest httpReq, - HttpServletResponse httpResp) throws IOException { - } - - protected String hashPassword(String pwd) { - String salt = "lala123"; - byte[] pwdDigest = mSHADigest.digest((salt + pwd).getBytes()); - String b64E = com.netscape.osutil.OSUtil.BtoA(pwdDigest); - return "{SHA}" + b64E; - } - - /** - * Make the CRSPKIMESSAGE response - */ - - private void processCertRep(CryptoContext cx, X509CertImpl issuedCert, - CRSPKIMessage crsResp, CRSPKIMessage crsReq) - throws CRSFailureException { - byte[] msgdigest = null; - byte[] encryptedDesKey = null; - - try { - if (issuedCert != null) { - - SymmetricKey sk; - SymmetricKey skinternal; - - KeyGenAlgorithm kga = KeyGenAlgorithm.DES; - EncryptionAlgorithm ea = EncryptionAlgorithm.DES_CBC; - if (mEncryptionAlgorithm != null - && mEncryptionAlgorithm.equals("DES3")) { - kga = KeyGenAlgorithm.DES3; - ea = EncryptionAlgorithm.DES3_CBC; - } - - // 1. Make the Degenerated PKCS7 with the recipient's - // certificate in it - - byte toBeEncrypted[] = crsResp.makeSignedRep(1, // version - issuedCert.getEncoded()); - - // 2. Encrypt the above byte array with a new random DES key - - sk = cx.getDESKeyGenerator().generate(); - - skinternal = cx.getInternalToken().getKeyGenerator(kga) - .clone(sk); - - byte[] padded = Cipher.pad(toBeEncrypted, ea.getBlockSize()); - - // This should be changed to generate proper DES IV. - - Cipher cipher = cx.getInternalToken().getCipherContext(ea); - IVParameterSpec desIV = new IVParameterSpec(new byte[] { - (byte) 0xff, (byte) 0x00, (byte) 0xff, (byte) 0x00, - (byte) 0xff, (byte) 0x00, (byte) 0xff, (byte) 0x00 }); - - cipher.initEncrypt(sk, desIV); - byte[] encryptedData = cipher.doFinal(padded); - - crsResp.makeEncryptedContentInfo(desIV.getIV(), encryptedData, - mEncryptionAlgorithm); - - // 3. Extract the recipient's public key - - PublicKey rcpPK = crsReq.getSignerPublicKey(); - - // 4. Encrypt the DES key with the public key - - // we have to move the key onto the interal token. - // skinternal = cx.getInternalKeyStorageToken().cloneKey(sk); - skinternal = cx.getInternalToken().cloneKey(sk); - - KeyWrapper kw = cx.getInternalKeyWrapper(); - kw.initWrap(rcpPK, null); - encryptedDesKey = kw.wrap(skinternal); - crsResp.setRcpIssuerAndSerialNumber(crsReq - .getSgnIssuerAndSerialNumber()); - crsResp.makeRecipientInfo(0, encryptedDesKey); - } - - byte[] ed = crsResp.makeEnvelopedData(0); - - // 7. Make Digest of SignedData Content - MessageDigest md = MessageDigest.getInstance(mHashAlgorithm); - msgdigest = md.digest(ed); - - crsResp.setMsgDigest(msgdigest); - - } - - catch (Exception e) { - throw new CRSFailureException( - "Failed to create inner response to CEP message: " - + e.getMessage()); - } - // 5. Make a RecipientInfo - // The issuer name & serial number here, should be that of - // the EE's self-signed Certificate - // [I can get it from the req blob, but later, I should - // store the recipient's self-signed certificate with the request - // so I can get at it later. I need to do this to support - // 'PENDING'] - try { - - // 8. Make Authenticated Attributes - // we can just pull the transaction ID out of the request. - // Later, we will have to put it out of the Request queue, - // so we can support PENDING - crsResp.setTransactionID(crsReq.getTransactionID()); - // recipientNonce and SenderNonce have already been set - - crsResp.makeAuthenticatedAttributes(); - // crsResp.makeAuthenticatedAttributes_old(); - - // now package up the rest of the SignerInfo - { - byte[] signingcertbytes = cx.getSigningCert().getEncoded(); - - Certificate.Template sgncert_t = new Certificate.Template(); - Certificate sgncert = (Certificate) sgncert_t - .decode(new ByteArrayInputStream(signingcertbytes)); + /** + * This needs to be re-written to log the messages to the system log, since there + * will be no visual webpage feedback for the user. (he's using a router) + */ - IssuerAndSerialNumber sgniasn = new IssuerAndSerialNumber( - sgncert.getInfo().getIssuer(), sgncert.getInfo() - .getSerialNumber()); - - crsResp.setSgnIssuerAndSerialNumber(sgniasn); + private void writeError(String errMsg, HttpServletRequest httpReq, + HttpServletResponse httpResp) + throws IOException + { + } - // 10. Make SignerInfo - crsResp.makeSignerInfo(1, cx.getPrivateKey(), mHashAlgorithm); - // 11. Make SignedData - crsResp.makeSignedData(1, signingcertbytes, mHashAlgorithm); + protected String hashPassword(String pwd) { + String salt = "lala123"; + byte[] pwdDigest = mSHADigest.digest((salt+pwd).getBytes()); + String b64E = com.netscape.osutil.OSUtil.BtoA(pwdDigest); + return "{SHA}"+b64E; + } - crsResp.debug(); - } - } catch (Exception e) { - throw new CRSFailureException( - "Failed to create outer response to CEP request: " - + e.getMessage()); - } - // if debugging, dump out the response into a file - } - class CryptoContext { - private CryptoManager cm; - private CryptoToken internalToken; - private CryptoToken keyStorageToken; - private CryptoToken internalKeyStorageToken; - private KeyGenerator DESkg; - private Enumeration externalTokens = null; - private org.mozilla.jss.crypto.X509Certificate signingCert; - private org.mozilla.jss.crypto.PrivateKey signingCertPrivKey; - private int signingCertKeySize = 0; - - class CryptoContextException extends Exception { - /** + /** + * Make the CRSPKIMESSAGE response + */ + + + private void processCertRep(CryptoContext cx, + X509CertImpl issuedCert, + CRSPKIMessage crsResp, + CRSPKIMessage crsReq) + throws CRSFailureException { + byte[] msgdigest = null; + byte[] encryptedDesKey = null; + + try { + if (issuedCert != null) { + + SymmetricKey sk; + SymmetricKey skinternal; + + KeyGenAlgorithm kga = KeyGenAlgorithm.DES; + EncryptionAlgorithm ea = EncryptionAlgorithm.DES_CBC; + if (mEncryptionAlgorithm != null && mEncryptionAlgorithm.equals("DES3")) { + kga = KeyGenAlgorithm.DES3; + ea = EncryptionAlgorithm.DES3_CBC; + } + + // 1. Make the Degenerated PKCS7 with the recipient's certificate in it + + byte toBeEncrypted[] = + crsResp.makeSignedRep(1, // version + issuedCert.getEncoded() + ); + + // 2. Encrypt the above byte array with a new random DES key + + sk = cx.getDESKeyGenerator().generate(); + + skinternal = cx.getInternalToken().getKeyGenerator(kga).clone(sk); + + byte[] padded = Cipher.pad(toBeEncrypted, ea.getBlockSize()); + + + // This should be changed to generate proper DES IV. + + Cipher cipher = cx.getInternalToken().getCipherContext(ea); + IVParameterSpec desIV = + new IVParameterSpec(new byte[]{ + (byte)0xff, (byte)0x00, + (byte)0xff, (byte)0x00, + (byte)0xff, (byte)0x00, + (byte)0xff, (byte)0x00 } ); + + cipher.initEncrypt(sk,desIV); + byte[] encryptedData = cipher.doFinal(padded); + + crsResp.makeEncryptedContentInfo(desIV.getIV(),encryptedData, mEncryptionAlgorithm); + + // 3. Extract the recipient's public key + + PublicKey rcpPK = crsReq.getSignerPublicKey(); + + + // 4. Encrypt the DES key with the public key + + // we have to move the key onto the interal token. + //skinternal = cx.getInternalKeyStorageToken().cloneKey(sk); + skinternal = cx.getInternalToken().cloneKey(sk); + + KeyWrapper kw = cx.getInternalKeyWrapper(); + kw.initWrap(rcpPK, null); + encryptedDesKey = kw.wrap(skinternal); + + crsResp.setRcpIssuerAndSerialNumber(crsReq.getSgnIssuerAndSerialNumber()); + crsResp.makeRecipientInfo(0, encryptedDesKey ); + + } + + + byte[] ed = crsResp.makeEnvelopedData(0); + + // 7. Make Digest of SignedData Content + MessageDigest md = MessageDigest.getInstance(mHashAlgorithm); + msgdigest = md.digest(ed); + + crsResp.setMsgDigest(msgdigest); + + } + + catch (Exception e) { + throw new CRSFailureException("Failed to create inner response to CEP message: "+e.getMessage()); + } + + + // 5. Make a RecipientInfo + + // The issuer name & serial number here, should be that of + // the EE's self-signed Certificate + // [I can get it from the req blob, but later, I should + // store the recipient's self-signed certificate with the request + // so I can get at it later. I need to do this to support + // 'PENDING'] + + + try { + + // 8. Make Authenticated Attributes + // we can just pull the transaction ID out of the request. + // Later, we will have to put it out of the Request queue, + // so we can support PENDING + crsResp.setTransactionID(crsReq.getTransactionID()); + // recipientNonce and SenderNonce have already been set + + crsResp.makeAuthenticatedAttributes(); + // crsResp.makeAuthenticatedAttributes_old(); + + + + // now package up the rest of the SignerInfo + { + byte[] signingcertbytes = cx.getSigningCert().getEncoded(); + + + Certificate.Template sgncert_t = new Certificate.Template(); + Certificate sgncert = + (Certificate) sgncert_t.decode(new ByteArrayInputStream(signingcertbytes)); + + IssuerAndSerialNumber sgniasn = + new IssuerAndSerialNumber(sgncert.getInfo().getIssuer(), + sgncert.getInfo().getSerialNumber()); + + crsResp.setSgnIssuerAndSerialNumber(sgniasn); + + // 10. Make SignerInfo + crsResp.makeSignerInfo(1, cx.getPrivateKey(), mHashAlgorithm); + + // 11. Make SignedData + crsResp.makeSignedData(1, signingcertbytes, mHashAlgorithm); + + crsResp.debug(); + } + } + catch (Exception e) { + throw new CRSFailureException("Failed to create outer response to CEP request: "+e.getMessage()); + } + + + // if debugging, dump out the response into a file + + } + + + + class CryptoContext { + private CryptoManager cm; + private CryptoToken internalToken; + private CryptoToken keyStorageToken; + private CryptoToken internalKeyStorageToken; + private KeyGenerator DESkg; + private Enumeration externalTokens = null; + private org.mozilla.jss.crypto.X509Certificate signingCert; + private org.mozilla.jss.crypto.PrivateKey signingCertPrivKey; + private int signingCertKeySize = 0; + + + class CryptoContextException extends Exception { + /** * */ - private static final long serialVersionUID = -1124116326126256475L; + private static final long serialVersionUID = -1124116326126256475L; + public CryptoContextException() { super(); } + public CryptoContextException(String s) { super(s); } + } - public CryptoContextException() { - super(); - } + public CryptoContext() + throws CryptoContextException + { + try { + KeyGenAlgorithm kga = KeyGenAlgorithm.DES; + if (mEncryptionAlgorithm != null && mEncryptionAlgorithm.equals("DES3")) { + kga = KeyGenAlgorithm.DES3; + } + cm = CryptoManager.getInstance(); + internalToken = cm.getInternalCryptoToken(); + DESkg = internalToken.getKeyGenerator(kga); + if (mTokenName.equalsIgnoreCase(Constants.PR_INTERNAL_TOKEN) || + mTokenName.equalsIgnoreCase("Internal Key Storage Token") || + mTokenName.length() == 0) { + keyStorageToken = cm.getInternalKeyStorageToken(); + internalKeyStorageToken = keyStorageToken; + CMS.debug("CRSEnrollment: CryptoContext: internal token name: '"+mTokenName+"'"); + } else { + keyStorageToken = cm.getTokenByName(mTokenName); + internalKeyStorageToken = null; + } + if (!mUseCA && internalKeyStorageToken == null) { + PasswordCallback cb = CMS.getPasswordCallback(); + keyStorageToken.login(cb); // ONE_TIME by default. + } + signingCert = cm.findCertByNickname(mNickname); + signingCertPrivKey = cm.findPrivKeyByCert(signingCert); + byte[] encPubKeyInfo = signingCert.getPublicKey().getEncoded(); + SEQUENCE.Template outer = SEQUENCE.getTemplate(); + outer.addElement( ANY.getTemplate() ); // algid + outer.addElement( BIT_STRING.getTemplate() ); + SEQUENCE outerSeq = (SEQUENCE) ASN1Util.decode(outer, encPubKeyInfo); + BIT_STRING bs = (BIT_STRING) outerSeq.elementAt(1); + byte[] encPubKey = bs.getBits(); + if( bs.getPadCount() != 0) { + throw new CryptoContextException("Internal error: Invalid Public key. Not an integral number of bytes."); + } + SEQUENCE.Template inner = new SEQUENCE.Template(); + inner.addElement( INTEGER.getTemplate()); + inner.addElement( INTEGER.getTemplate()); + SEQUENCE pubKeySeq = (SEQUENCE) ASN1Util.decode(inner, encPubKey); + INTEGER modulus = (INTEGER) pubKeySeq.elementAt(0); + signingCertKeySize = modulus.bitLength(); + + try { + FileOutputStream fos = new FileOutputStream("pubkey.der"); + fos.write(signingCert.getPublicKey().getEncoded()); + fos.close(); + } catch (Exception e) {} + + } + catch (InvalidBERException e) { + throw new CryptoContextException("Internal Error: Bad internal Certificate Representation. Not a valid RSA-signed certificate"); + } + catch (CryptoManager.NotInitializedException e) { + throw new CryptoContextException("Crypto Manager not initialized"); + } + catch (NoSuchAlgorithmException e) { + throw new CryptoContextException("Cannot create DES key generator"); + } + catch (ObjectNotFoundException e) { + throw new CryptoContextException("Certificate not found: "+ca.getNickname()); + } + catch (TokenException e) { + throw new CryptoContextException("Problem with Crypto Token: "+e.getMessage()); + } + catch (NoSuchTokenException e) { + throw new CryptoContextException("Crypto Token not found: "+e.getMessage()); + } + catch (IncorrectPasswordException e) { + throw new CryptoContextException("Incorrect Password."); + } + } + + + public KeyGenerator getDESKeyGenerator() { + return DESkg; + } - public CryptoContextException(String s) { - super(s); - } - } + public CryptoToken getInternalToken() { + return internalToken; + } - public CryptoContext() throws CryptoContextException { - try { - KeyGenAlgorithm kga = KeyGenAlgorithm.DES; - if (mEncryptionAlgorithm != null - && mEncryptionAlgorithm.equals("DES3")) { - kga = KeyGenAlgorithm.DES3; - } - cm = CryptoManager.getInstance(); - internalToken = cm.getInternalCryptoToken(); - DESkg = internalToken.getKeyGenerator(kga); - if (mTokenName.equalsIgnoreCase(Constants.PR_INTERNAL_TOKEN) - || mTokenName - .equalsIgnoreCase("Internal Key Storage Token") - || mTokenName.length() == 0) { - keyStorageToken = cm.getInternalKeyStorageToken(); - internalKeyStorageToken = keyStorageToken; - CMS.debug("CRSEnrollment: CryptoContext: internal token name: '" - + mTokenName + "'"); - } else { - keyStorageToken = cm.getTokenByName(mTokenName); - internalKeyStorageToken = null; - } - if (!mUseCA && internalKeyStorageToken == null) { - PasswordCallback cb = CMS.getPasswordCallback(); - keyStorageToken.login(cb); // ONE_TIME by default. - } - signingCert = cm.findCertByNickname(mNickname); - signingCertPrivKey = cm.findPrivKeyByCert(signingCert); - byte[] encPubKeyInfo = signingCert.getPublicKey().getEncoded(); - SEQUENCE.Template outer = SEQUENCE.getTemplate(); - outer.addElement(ANY.getTemplate()); // algid - outer.addElement(BIT_STRING.getTemplate()); - SEQUENCE outerSeq = (SEQUENCE) ASN1Util.decode(outer, - encPubKeyInfo); - BIT_STRING bs = (BIT_STRING) outerSeq.elementAt(1); - byte[] encPubKey = bs.getBits(); - if (bs.getPadCount() != 0) { - throw new CryptoContextException( - "Internal error: Invalid Public key. Not an integral number of bytes."); - } - SEQUENCE.Template inner = new SEQUENCE.Template(); - inner.addElement(INTEGER.getTemplate()); - inner.addElement(INTEGER.getTemplate()); - SEQUENCE pubKeySeq = (SEQUENCE) ASN1Util.decode(inner, - encPubKey); - INTEGER modulus = (INTEGER) pubKeySeq.elementAt(0); - signingCertKeySize = modulus.bitLength(); + public void setExternalTokens( Enumeration tokens ) { + externalTokens = tokens; + } - try { - FileOutputStream fos = new FileOutputStream("pubkey.der"); - fos.write(signingCert.getPublicKey().getEncoded()); - fos.close(); - } catch (Exception e) { - } + public Enumeration getExternalTokens() { + return externalTokens; + } - } catch (InvalidBERException e) { - throw new CryptoContextException( - "Internal Error: Bad internal Certificate Representation. Not a valid RSA-signed certificate"); - } catch (CryptoManager.NotInitializedException e) { - throw new CryptoContextException( - "Crypto Manager not initialized"); - } catch (NoSuchAlgorithmException e) { - throw new CryptoContextException( - "Cannot create DES key generator"); - } catch (ObjectNotFoundException e) { - throw new CryptoContextException("Certificate not found: " - + ca.getNickname()); - } catch (TokenException e) { - throw new CryptoContextException("Problem with Crypto Token: " - + e.getMessage()); - } catch (NoSuchTokenException e) { - throw new CryptoContextException("Crypto Token not found: " - + e.getMessage()); - } catch (IncorrectPasswordException e) { - throw new CryptoContextException("Incorrect Password."); - } - } + public CryptoToken getInternalKeyStorageToken() { + return internalKeyStorageToken; + } - public KeyGenerator getDESKeyGenerator() { - return DESkg; - } + public CryptoToken getKeyStorageToken() { + return keyStorageToken; + } - public CryptoToken getInternalToken() { - return internalToken; - } + public CryptoManager getCryptoManager() { + return cm; + } - public void setExternalTokens(Enumeration tokens) { - externalTokens = tokens; + public KeyWrapper getKeyWrapper() + throws CryptoContextException { + try { + return signingCertPrivKey.getOwningToken().getKeyWrapper(KeyWrapAlgorithm.RSA); } - - public Enumeration getExternalTokens() { - return externalTokens; + catch (TokenException e) { + throw new CryptoContextException("Problem with Crypto Token: "+e.getMessage()); } - - public CryptoToken getInternalKeyStorageToken() { - return internalKeyStorageToken; + catch (NoSuchAlgorithmException e) { + throw new CryptoContextException(e.getMessage()); } + } - public CryptoToken getKeyStorageToken() { - return keyStorageToken; + public KeyWrapper getInternalKeyWrapper() + throws CryptoContextException { + try { + return getInternalToken().getKeyWrapper(KeyWrapAlgorithm.RSA); } - - public CryptoManager getCryptoManager() { - return cm; + catch (TokenException e) { + throw new CryptoContextException("Problem with Crypto Token: "+e.getMessage()); } - - public KeyWrapper getKeyWrapper() throws CryptoContextException { - try { - return signingCertPrivKey.getOwningToken().getKeyWrapper( - KeyWrapAlgorithm.RSA); - } catch (TokenException e) { - throw new CryptoContextException("Problem with Crypto Token: " - + e.getMessage()); - } catch (NoSuchAlgorithmException e) { - throw new CryptoContextException(e.getMessage()); - } + catch (NoSuchAlgorithmException e) { + throw new CryptoContextException(e.getMessage()); } + } - public KeyWrapper getInternalKeyWrapper() throws CryptoContextException { - try { - return getInternalToken().getKeyWrapper(KeyWrapAlgorithm.RSA); - } catch (TokenException e) { - throw new CryptoContextException("Problem with Crypto Token: " - + e.getMessage()); - } catch (NoSuchAlgorithmException e) { - throw new CryptoContextException(e.getMessage()); - } - } + public org.mozilla.jss.crypto.PrivateKey getPrivateKey() { + return signingCertPrivKey; + } - public org.mozilla.jss.crypto.PrivateKey getPrivateKey() { - return signingCertPrivKey; - } + public org.mozilla.jss.crypto.X509Certificate getSigningCert() { + return signingCert; + } + + } - public org.mozilla.jss.crypto.X509Certificate getSigningCert() { - return signingCert; - } - } + /* General failure. The request/response cannot be processed. */ - /* General failure. The request/response cannot be processed. */ - class CRSFailureException extends Exception { - /** + class CRSFailureException extends Exception { + /** * */ - private static final long serialVersionUID = 1962741611501549051L; + private static final long serialVersionUID = 1962741611501549051L; + public CRSFailureException() { super(); } + public CRSFailureException(String s) { super(s); } + } - public CRSFailureException() { - super(); - } - - public CRSFailureException(String s) { - super(s); - } - } - - class CRSInvalidSignatureException extends Exception { - /** + class CRSInvalidSignatureException extends Exception { + /** * */ - private static final long serialVersionUID = 9096408193567657944L; - - public CRSInvalidSignatureException() { - super(); - } + private static final long serialVersionUID = 9096408193567657944L; + public CRSInvalidSignatureException() { super(); } + public CRSInvalidSignatureException(String s) { super(s); } + } - public CRSInvalidSignatureException(String s) { - super(s); - } - } + - class CRSPolicyException extends Exception { - /** + class CRSPolicyException extends Exception { + /** * */ - private static final long serialVersionUID = 5846593800658787396L; - - public CRSPolicyException() { - super(); - } - - public CRSPolicyException(String s) { - super(s); - } - } + private static final long serialVersionUID = 5846593800658787396L; + public CRSPolicyException() { super(); } + public CRSPolicyException(String s) { super(s); } + } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java index 0456071f..b449a8bd 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java @@ -29,109 +29,115 @@ import netscape.security.util.DerValue; import netscape.security.x509.CertAttrSet; /** - * Class for handling the decoding of a SCEP Challenge Password object. - * Currently this class cannot be used for encoding thus some fo the methods are - * unimplemented + * Class for handling the decoding of a SCEP Challenge Password + * object. Currently this class cannot be used for encoding + * thus some fo the methods are unimplemented */ public class ChallengePassword implements CertAttrSet { - public static final String NAME = "ChallengePassword"; - public static final String PASSWORD = "password"; - - private String cpw; - - /** - * Get the password marshalled in this object - * - * @return the challenge password - */ - public String toString() { - return cpw; - } - - /** - * Create a ChallengePassword object - * - * @param stuff (must be of type byte[]) a DER-encoded by array following - * The ASN.1 template for ChallenegePassword specified in the - * SCEP documentation - * @throws IOException if the DER encoded byt array was malformed, or if it - * did not match the template - */ - - public ChallengePassword(Object stuff) throws IOException { - - ByteArrayInputStream is = new ByteArrayInputStream((byte[]) stuff); - try { - decode(is); - } catch (Exception e) { - throw new IOException(e.getMessage()); - } - - } - - /** - * Currently Unimplemented - */ - public void encode(OutputStream out) throws CertificateException, - IOException { - } - - public void decode(InputStream in) throws CertificateException, IOException { + public static final String NAME = "ChallengePassword"; + public static final String PASSWORD = "password"; + + private String cpw; + + + /** + * Get the password marshalled in this object + * @return the challenge password + */ + public String toString() { + return cpw; + } + + /** + * Create a ChallengePassword object + * @param stuff (must be of type byte[]) a DER-encoded by array following + * The ASN.1 template for ChallenegePassword specified in the SCEP + * documentation + * @throws IOException if the DER encoded byt array was malformed, or if it + * did not match the template + */ + + public ChallengePassword(Object stuff) + throws IOException { + + ByteArrayInputStream is = new ByteArrayInputStream((byte[])stuff); + try { + decode(is); + } catch (Exception e) { + throw new IOException(e.getMessage()); + } + + } + + /** + * Currently Unimplemented + */ + public void encode(OutputStream out) + throws CertificateException, IOException + { } + + public void decode(InputStream in) + throws CertificateException, IOException + { DerValue derVal = new DerValue(in); construct(derVal); - - } - - private void construct(DerValue derVal) throws IOException { - try { - cpw = derVal.getPrintableString(); - } catch (NullPointerException e) { - cpw = ""; - } - } - - /** - * Currently Unimplemented - */ - public void set(String name, Object obj) throws CertificateException, - IOException { + } - /** - * Get an attribute of this object. - * - * @param name the name of the attribute of this object to get. The only - * supported attribute is "password" - */ - public Object get(String name) throws CertificateException, IOException { + private void construct(DerValue derVal) throws IOException { + try { + cpw = derVal.getPrintableString(); + } + catch (NullPointerException e) { + cpw = ""; + } + } + + + /** + * Currently Unimplemented + */ + public void set(String name, Object obj) + throws CertificateException, IOException + { } + + /** + * Get an attribute of this object. + * @param name the name of the attribute of this object to get. The only + * supported attribute is "password" + */ + public Object get(String name) + throws CertificateException, IOException + { if (name.equalsIgnoreCase(PASSWORD)) { return cpw; - } else { - throw new IOException("Attribute name not recognized by " - + "CertAttrSet: ChallengePassword"); + } + else { + throw new IOException("Attribute name not recognized by "+ + "CertAttrSet: ChallengePassword"); } } - - /** - * Currently Unimplemented - */ - public void delete(String name) throws CertificateException, IOException { - } - - /** - * @return an empty set of elements - */ - public Enumeration getElements() { - return (new Hashtable()).elements(); - } - - /** - * @return the String "ChallengePassword" - */ - public String getName() { - return NAME; - } - + + /** + * Currently Unimplemented + */ + public void delete(String name) + throws CertificateException, IOException + { } + + /** + * @return an empty set of elements + */ + public Enumeration getElements() + { return (new Hashtable()).elements();} + + /** + * @return the String "ChallengePassword" + */ + public String getName() + { return NAME;} + + } diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ExtensionsRequested.java b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ExtensionsRequested.java index e0c0c347..a8757e74 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ExtensionsRequested.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ExtensionsRequested.java @@ -31,44 +31,51 @@ import netscape.security.util.DerValue; import netscape.security.x509.CertAttrSet; import netscape.security.x509.Extension; + public class ExtensionsRequested implements CertAttrSet { - public static final String NAME = "EXTENSIONS_REQUESTED"; + public static final String NAME = "EXTENSIONS_REQUESTED"; + public static final String KUE_DIGITAL_SIGNATURE = "kue_digital_signature"; - public static final String KUE_KEY_ENCIPHERMENT = "kue_key_encipherment"; + public static final String KUE_KEY_ENCIPHERMENT = "kue_key_encipherment"; private String kue_digital_signature = "false"; - private String kue_key_encipherment = "false"; - + private String kue_key_encipherment = "false"; + private Vector exts = new Vector(); public ExtensionsRequested(Object stuff) throws IOException { ByteArrayInputStream is = new ByteArrayInputStream((byte[]) stuff); - + try { decode(is); - } catch (Exception e) { + } + catch (Exception e) { e.printStackTrace(); throw new IOException(e.getMessage()); } } - - public void encode(OutputStream out) throws CertificateException, - IOException { - } - - public void decode(InputStream in) throws CertificateException, IOException { + + public void encode(OutputStream out) + throws CertificateException, IOException + { } + + public void decode(InputStream in) + throws CertificateException, IOException + { DerValue derVal = new DerValue(in); - + construct(derVal); } - - public void set(String name, Object obj) throws CertificateException, - IOException { - } - - public Object get(String name) throws CertificateException, IOException { + + public void set(String name, Object obj) + throws CertificateException, IOException + { } + + public Object get(String name) + throws CertificateException, IOException + { if (name.equalsIgnoreCase(KUE_DIGITAL_SIGNATURE)) { return kue_digital_signature; } @@ -78,82 +85,107 @@ public class ExtensionsRequested implements CertAttrSet { throw new IOException("Unsupported attribute queried"); } - - public void delete(String name) throws CertificateException, IOException { - } - - public Enumeration getElements() { - return (new Hashtable()).elements(); - } - - public String getName() { - return NAME; + + public void delete(String name) + throws CertificateException, IOException + { } - /** - * construct - expects this in the inputstream (from the router): - * - * 211 30 31: SEQUENCE { 213 06 10: OBJECT IDENTIFIER '2 16 840 1 113733 1 9 - * 8' 225 31 17: SET { 227 04 15: OCTET STRING, encapsulates { 229 30 13: - * SEQUENCE { 231 30 11: SEQUENCE { 233 06 3: OBJECT IDENTIFIER keyUsage (2 - * 5 29 15) 238 04 4: OCTET STRING : 03 02 05 A0 : } : } : } - * - * or this (from IRE client): - * - * 262 30 51: SEQUENCE { 264 06 9: OBJECT IDENTIFIER extensionReq (1 2 840 - * 113549 1 9 14) 275 31 38: SET { 277 30 36: SEQUENCE { 279 30 34: SEQUENCE - * { 281 06 3: OBJECT IDENTIFIER subjectAltName (2 5 29 17) 286 04 27: OCTET - * STRING : 30 19 87 04 D0 0C 3E 6F 81 03 61 61 61 82 0C 61 : 61 61 2E 6D 63 - * 6F 6D 2E 63 6F 6D : } : } : } : } - */ + public Enumeration getElements() + { return (new Hashtable()).elements();} + + public String getName() + { return NAME;} + + + +/** + construct - expects this in the inputstream (from the router): + + 211 30 31: SEQUENCE { + 213 06 10: OBJECT IDENTIFIER '2 16 840 1 113733 1 9 8' + 225 31 17: SET { + 227 04 15: OCTET STRING, encapsulates { + 229 30 13: SEQUENCE { + 231 30 11: SEQUENCE { + 233 06 3: OBJECT IDENTIFIER keyUsage (2 5 29 15) + 238 04 4: OCTET STRING + : 03 02 05 A0 + : } + : } + : } + + or this (from IRE client): + + 262 30 51: SEQUENCE { + 264 06 9: OBJECT IDENTIFIER extensionReq (1 2 840 113549 1 9 14) + 275 31 38: SET { + 277 30 36: SEQUENCE { + 279 30 34: SEQUENCE { + 281 06 3: OBJECT IDENTIFIER subjectAltName (2 5 29 17) + 286 04 27: OCTET STRING + : 30 19 87 04 D0 0C 3E 6F 81 03 61 61 61 82 0C 61 + : 61 61 2E 6D 63 6F 6D 2E 63 6F 6D + : } + : } + : } + : } + + + */ private void construct(DerValue dv) throws IOException { - DerInputStream stream = null; - DerValue[] dvs; + DerInputStream stream = null; + DerValue[] dvs; - try { // try decoding as sequence first + try { // try decoding as sequence first - stream = dv.toDerInputStream(); + stream = dv.toDerInputStream(); - DerValue stream_dv = stream.getDerValue(); - stream.reset(); + DerValue stream_dv = stream.getDerValue(); + stream.reset(); + - dvs = stream.getSequence(2); - } catch (IOException ioe) { - // if it failed, the outer sequence may be - // encapsulated in an octet string, as in the first - // example above + dvs = stream.getSequence(2); + } + catch (IOException ioe) { + // if it failed, the outer sequence may be + // encapsulated in an octet string, as in the first + // example above - byte[] octet_string = dv.getOctetString(); + byte[] octet_string = dv.getOctetString(); - // Make a new input stream from the byte array, - // and re-parse it as a sequence. + // Make a new input stream from the byte array, + // and re-parse it as a sequence. - dv = new DerValue(octet_string); + dv = new DerValue(octet_string); - stream = dv.toDerInputStream(); - dvs = stream.getSequence(2); - } + stream = dv.toDerInputStream(); + dvs = stream.getSequence(2); + } - // now, the stream will be in the correct format - stream.reset(); + // now, the stream will be in the correct format + stream.reset(); - while (true) { - DerValue ext_dv = null; - try { - ext_dv = stream.getDerValue(); - } catch (IOException ex) { - break; - } + while (true) { + DerValue ext_dv=null; + try { + ext_dv = stream.getDerValue(); + } + catch (IOException ex) { + break; + } - Extension ext = new Extension(ext_dv); - exts.addElement(ext); - } + Extension ext = new Extension(ext_dv); + exts.addElement(ext); + } } - public Vector getExtensions() { - return exts; - } + public Vector getExtensions() { + return exts; + } } + + diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/AuthCredentials.java b/pki/base/common/src/com/netscape/cms/servlet/common/AuthCredentials.java index 3d0f788e..759238d9 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/AuthCredentials.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/AuthCredentials.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; + import java.util.Enumeration; import java.util.Hashtable; @@ -24,10 +25,11 @@ import com.netscape.certsrv.authentication.IAuthCredentials; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IArgBlock; + /** * Authentication Credentials as input to the authMgr * <P> - * + * * @version $Revision$, $Date$ */ public class AuthCredentials implements IAuthCredentials { @@ -36,23 +38,21 @@ public class AuthCredentials implements IAuthCredentials { */ private static final long serialVersionUID = -5995164231849154265L; private Hashtable authCreds = null; - // Inserted by bskim + // Inserted by bskim private IArgBlock argblk = null; - // Insert end - + public AuthCredentials() { authCreds = new Hashtable(); } /** * sets a credential with credential name and the credential - * * @param name credential name * @param cred credential * @exception com.netscape.certsrv.base.EBaseException NullPointerException */ - public void set(String name, Object cred) throws EBaseException { + public void set(String name, Object cred)throws EBaseException { if (cred == null) { throw new EBaseException("AuthCredentials.set()"); } @@ -62,8 +62,7 @@ public class AuthCredentials implements IAuthCredentials { /** * returns the credential to which the specified name is mapped in this - * credential set - * + * credential set * @param name credential name * @return the named authentication credential */ @@ -72,10 +71,9 @@ public class AuthCredentials implements IAuthCredentials { } /** - * removes the name and its corresponding credential from this credential - * set. This method does nothing if the named credential is not in the - * credential set. - * + * removes the name and its corresponding credential from this + * credential set. This method does nothing if the named + * credential is not in the credential set. * @param name credential name */ public void delete(String name) { @@ -83,27 +81,27 @@ public class AuthCredentials implements IAuthCredentials { } /** - * returns an enumeration of the credentials in this credential set. Use the - * Enumeration methods on the returned object to fetch the elements - * sequentially. - * + * returns an enumeration of the credentials in this credential + * set. Use the Enumeration methods on the returned object to + * fetch the elements sequentially. * @return an enumeration of the values in this credential set * @see java.util.Enumeration */ public Enumeration getElements() { return (authCreds.elements()); } - + // Inserted by bskim public void setArgBlock(IArgBlock blk) { argblk = blk; return; - } + } // Insert end - + public IArgBlock getArgBlock() { return argblk; - } + } // Insert end } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java index 1eabe780..03cb83f6 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; + import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -93,31 +94,33 @@ import com.netscape.certsrv.request.RequestStatus; /** * Utility CMCOutputTemplate - * + * * @version $ $, $Date$ */ public class CMCOutputTemplate { public CMCOutputTemplate() { } - public void createFullResponseWithFailedStatus(HttpServletResponse resp, - SEQUENCE bpids, int code, UTF8String s) { + public void createFullResponseWithFailedStatus(HttpServletResponse resp, + SEQUENCE bpids, int code, UTF8String s) { SEQUENCE controlSeq = new SEQUENCE(); SEQUENCE cmsSeq = new SEQUENCE(); SEQUENCE otherMsgSeq = new SEQUENCE(); int bpid = 1; - OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(code), - null); - CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(new INTEGER( - CMCStatusInfo.FAILED), bpids, s, otherInfo); - TaggedAttribute tagattr = new TaggedAttribute(new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, + new INTEGER(code), null); + CMCStatusInfo cmcStatusInfo = new CMCStatusInfo( + new INTEGER(CMCStatusInfo.FAILED), + bpids, s, otherInfo); + TaggedAttribute tagattr = new TaggedAttribute( + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); try { - ResponseBody respBody = new ResponseBody(controlSeq, cmsSeq, - otherMsgSeq); + ResponseBody respBody = new ResponseBody(controlSeq, + cmsSeq, otherMsgSeq); SET certs = new SET(); ContentInfo contentInfo = getContentInfo(respBody, certs); @@ -134,14 +137,13 @@ public class CMCOutputTemplate { os.write(contentBytes); os.flush(); } catch (Exception e) { - CMS.debug("CMCOutputTemplate createFullResponseWithFailedStatus Exception: " - + e.toString()); + CMS.debug("CMCOutputTemplate createFullResponseWithFailedStatus Exception: "+e.toString()); return; } } - public void createFullResponse(HttpServletResponse resp, IRequest[] reqs, - String cert_request_type, int[] error_codes) { + public void createFullResponse(HttpServletResponse resp, IRequest []reqs, + String cert_request_type, int[] error_codes) { SEQUENCE controlSeq = new SEQUENCE(); SEQUENCE cmsSeq = new SEQUENCE(); @@ -154,106 +156,113 @@ public class CMCOutputTemplate { SEQUENCE pending_bpids = null; SEQUENCE success_bpids = null; SEQUENCE failed_bpids = null; - if (cert_request_type.equals("crmf") - || cert_request_type.equals("pkcs10")) { + if (cert_request_type.equals("crmf") || + cert_request_type.equals("pkcs10")) { String reqId = reqs[0].getRequestId().toString(); OtherInfo otherInfo = null; if (error_codes[0] == 2) { PendInfo pendInfo = new PendInfo(reqId, new Date()); - otherInfo = new OtherInfo(OtherInfo.PEND, null, pendInfo); + otherInfo = new OtherInfo(OtherInfo.PEND, null, + pendInfo); } else { - otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER( - OtherInfo.BAD_REQUEST), null); + otherInfo = new OtherInfo(OtherInfo.FAIL, + new INTEGER(OtherInfo.BAD_REQUEST), null); } - + SEQUENCE bpids = new SEQUENCE(); bpids.addElement(new INTEGER(1)); - CMCStatusInfo cmcStatusInfo = new CMCStatusInfo( - CMCStatusInfo.PENDING, bpids, (String) null, otherInfo); - TaggedAttribute tagattr = new TaggedAttribute(new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.PENDING, + bpids, (String)null, otherInfo); + TaggedAttribute tagattr = new TaggedAttribute( + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); } else if (cert_request_type.equals("cmc")) { pending_bpids = new SEQUENCE(); success_bpids = new SEQUENCE(); failed_bpids = new SEQUENCE(); if (reqs != null) { - for (int i = 0; i < reqs.length; i++) { + for (int i=0; i<reqs.length; i++) { if (error_codes[i] == 0) { - success_bpids.addElement(new INTEGER(reqs[i] - .getExtDataInBigInteger("bodyPartId"))); + success_bpids.addElement(new INTEGER( + reqs[i].getExtDataInBigInteger("bodyPartId"))); } else if (error_codes[i] == 2) { - pending_bpids.addElement(new INTEGER(reqs[i] - .getExtDataInBigInteger("bodyPartId"))); + pending_bpids.addElement(new INTEGER( + reqs[i].getExtDataInBigInteger("bodyPartId"))); } else { - failed_bpids.addElement(new INTEGER(reqs[i] - .getExtDataInBigInteger("bodyPartId"))); - } + failed_bpids.addElement(new INTEGER( + reqs[i].getExtDataInBigInteger("bodyPartId"))); + } } } TaggedAttribute tagattr = null; CMCStatusInfo cmcStatusInfo = null; - SEQUENCE identityBpids = (SEQUENCE) context.get("identityProof"); + SEQUENCE identityBpids = (SEQUENCE)context.get("identityProof"); if (identityBpids != null && identityBpids.size() > 0) { - OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, - new INTEGER(OtherInfo.BAD_IDENTITY), null); + OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, + new INTEGER(OtherInfo.BAD_IDENTITY), null); cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, - identityBpids, (String) null, otherInfo); - tagattr = new TaggedAttribute(new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + identityBpids, (String)null, otherInfo); + tagattr = new TaggedAttribute( + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); } - SEQUENCE POPLinkWitnessBpids = (SEQUENCE) context - .get("POPLinkWitness"); + SEQUENCE POPLinkWitnessBpids = (SEQUENCE)context.get("POPLinkWitness"); if (POPLinkWitnessBpids != null && POPLinkWitnessBpids.size() > 0) { OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, - new INTEGER(OtherInfo.BAD_REQUEST), null); + new INTEGER(OtherInfo.BAD_REQUEST), null); cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, - POPLinkWitnessBpids, (String) null, otherInfo); - tagattr = new TaggedAttribute(new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + POPLinkWitnessBpids, (String)null, otherInfo); + tagattr = new TaggedAttribute( + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); } if (pending_bpids.size() > 0) { - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.PENDING, - pending_bpids, (String) null, null); - tagattr = new TaggedAttribute(new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); - controlSeq.addElement(tagattr); - } + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.PENDING, + pending_bpids, (String)null, null); + tagattr = new TaggedAttribute( + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + controlSeq.addElement(tagattr); + } if (success_bpids.size() > 0) { boolean confirmRequired = false; try { - confirmRequired = CMS.getConfigStore().getBoolean( - "cmc.cert.confirmRequired", false); - } catch (Exception e) { + confirmRequired = + CMS.getConfigStore().getBoolean("cmc.cert.confirmRequired", + false); + } catch (Exception e) { } if (confirmRequired) { CMS.debug("CMCOutputTemplate: confirmRequired in the request"); - cmcStatusInfo = new CMCStatusInfo( - CMCStatusInfo.CONFIRM_REQUIRED, success_bpids, - (String) null, null); + cmcStatusInfo = + new CMCStatusInfo(CMCStatusInfo.CONFIRM_REQUIRED, + success_bpids, (String)null, null); } else { - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.SUCCESS, - success_bpids, (String) null, null); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.SUCCESS, + success_bpids, (String)null, null); } - tagattr = new TaggedAttribute(new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); - controlSeq.addElement(tagattr); + tagattr = new TaggedAttribute( + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + controlSeq.addElement(tagattr); } if (failed_bpids.size() > 0) { - OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, - new INTEGER(OtherInfo.BAD_REQUEST), null); - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, - failed_bpids, (String) null, otherInfo); - tagattr = new TaggedAttribute(new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); - controlSeq.addElement(tagattr); + OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, + new INTEGER(OtherInfo.BAD_REQUEST), null); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, + failed_bpids, (String)null, otherInfo); + tagattr = new TaggedAttribute( + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + controlSeq.addElement(tagattr); } } @@ -261,80 +270,80 @@ public class CMCOutputTemplate { try { // deal with controls - Integer nums = (Integer) (context.get("numOfControls")); + Integer nums = (Integer)(context.get("numOfControls")); if (nums != null && nums.intValue() > 0) { - TaggedAttribute attr = (TaggedAttribute) (context - .get(OBJECT_IDENTIFIER.id_cmc_getCert)); + TaggedAttribute attr = + (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_getCert)); if (attr != null) { try { processGetCertControl(attr, certs); } catch (EBaseException ee) { - CMS.debug("CMCOutputTemplate: " + ee.toString()); + CMS.debug("CMCOutputTemplate: "+ee.toString()); OtherInfo otherInfo1 = new OtherInfo(OtherInfo.FAIL, - new INTEGER(OtherInfo.BAD_CERT_ID), null); + new INTEGER(OtherInfo.BAD_CERT_ID), null); SEQUENCE bpids1 = new SEQUENCE(); bpids1.addElement(attr.getBodyPartID()); CMCStatusInfo cmcStatusInfo1 = new CMCStatusInfo( - new INTEGER(CMCStatusInfo.FAILED), bpids1, - null, otherInfo1); + new INTEGER(CMCStatusInfo.FAILED), + bpids1, null, otherInfo1); TaggedAttribute tagattr1 = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, - cmcStatusInfo1); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo1); controlSeq.addElement(tagattr1); } } - attr = (TaggedAttribute) (context - .get(OBJECT_IDENTIFIER.id_cmc_dataReturn)); + attr = + (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_dataReturn)); if (attr != null) bpid = processDataReturnControl(attr, controlSeq, bpid); - attr = (TaggedAttribute) context - .get(OBJECT_IDENTIFIER.id_cmc_transactionId); + attr = + (TaggedAttribute)context.get(OBJECT_IDENTIFIER.id_cmc_transactionId); if (attr != null) bpid = processTransactionControl(attr, controlSeq, bpid); - attr = (TaggedAttribute) context - .get(OBJECT_IDENTIFIER.id_cmc_senderNonce); + attr = + (TaggedAttribute)context.get(OBJECT_IDENTIFIER.id_cmc_senderNonce); if (attr != null) bpid = processSenderNonceControl(attr, controlSeq, bpid); - attr = (TaggedAttribute) context - .get(OBJECT_IDENTIFIER.id_cmc_QueryPending); + attr = + (TaggedAttribute)context.get(OBJECT_IDENTIFIER.id_cmc_QueryPending); if (attr != null) - bpid = processQueryPendingControl(attr, controlSeq, bpid); + bpid = processQueryPendingControl(attr, controlSeq, bpid); - attr = (TaggedAttribute) context - .get(OBJECT_IDENTIFIER.id_cmc_idConfirmCertAcceptance); + attr = + (TaggedAttribute)context.get(OBJECT_IDENTIFIER.id_cmc_idConfirmCertAcceptance); - if (attr != null) - bpid = processConfirmCertAcceptanceControl(attr, - controlSeq, bpid); + if (attr != null) + bpid = processConfirmCertAcceptanceControl(attr, controlSeq, + bpid); - attr = (TaggedAttribute) context - .get(OBJECT_IDENTIFIER.id_cmc_revokeRequest); + attr = + (TaggedAttribute)context.get(OBJECT_IDENTIFIER.id_cmc_revokeRequest); - if (attr != null) - bpid = processRevokeRequestControl(attr, controlSeq, bpid); + if (attr != null) + bpid = processRevokeRequestControl(attr, controlSeq, + bpid); } if (success_bpids != null && success_bpids.size() > 0) { - for (int i = 0; i < reqs.length; i++) { + for (int i=0; i<reqs.length; i++) { if (error_codes[i] == 0) { - X509CertImpl impl = (reqs[i] - .getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT)); + X509CertImpl impl = + (reqs[i].getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT)); byte[] bin = impl.getEncoded(); Certificate.Template certTemplate = new Certificate.Template(); - Certificate cert = (Certificate) certTemplate - .decode(new ByteArrayInputStream(bin)); + Certificate cert = (Certificate)certTemplate.decode( + new ByteArrayInputStream(bin)); certs.addElement(cert); } } } - ResponseBody respBody = new ResponseBody(controlSeq, cmsSeq, - otherMsgSeq); + ResponseBody respBody = new ResponseBody(controlSeq, + cmsSeq, otherMsgSeq); ContentInfo contentInfo = getContentInfo(respBody, certs); ByteArrayOutputStream fos = new ByteArrayOutputStream(); @@ -345,16 +354,16 @@ public class CMCOutputTemplate { resp.setContentType("application/pkcs7-mime"); resp.setContentLength(contentBytes.length); OutputStream os = resp.getOutputStream(); - os.write(contentBytes); + os.write(contentBytes); os.flush(); } catch (java.security.cert.CertificateEncodingException e) { - CMS.debug("CMCOutputTemplate exception: " + e.toString()); + CMS.debug("CMCOutputTemplate exception: "+e.toString()); } catch (InvalidBERException e) { - CMS.debug("CMCOutputTemplate exception: " + e.toString()); + CMS.debug("CMCOutputTemplate exception: "+e.toString()); } catch (IOException e) { - CMS.debug("CMCOutputTemplate exception: " + e.toString()); + CMS.debug("CMCOutputTemplate exception: "+e.toString()); } catch (Exception e) { - CMS.debug("Exception: " + e.toString()); + CMS.debug("Exception: "+e.toString()); } } @@ -362,46 +371,48 @@ public class CMCOutputTemplate { try { ICertificateAuthority ca = null; // add CA cert chain - ca = (ICertificateAuthority) CMS.getSubsystem("ca"); + ca = (ICertificateAuthority)CMS.getSubsystem("ca"); CertificateChain certchains = ca.getCACertChain(); java.security.cert.X509Certificate[] chains = certchains.getChain(); - for (int i = 0; i < chains.length; i++) { + for (int i=0; i<chains.length; i++) { Certificate.Template certTemplate = new Certificate.Template(); - Certificate cert = (Certificate) certTemplate - .decode(new ByteArrayInputStream(chains[i].getEncoded())); + Certificate cert = (Certificate)certTemplate.decode( + new ByteArrayInputStream(chains[i].getEncoded())); certs.addElement(cert); } - + EncapsulatedContentInfo enContentInfo = new EncapsulatedContentInfo( - OBJECT_IDENTIFIER.id_cct_PKIResponse, respBody); + OBJECT_IDENTIFIER.id_cct_PKIResponse, respBody); org.mozilla.jss.crypto.X509Certificate x509CAcert = null; x509CAcert = ca.getCaX509Cert(); X509CertImpl caimpl = new X509CertImpl(x509CAcert.getEncoded()); - X500Name issuerName = (X500Name) caimpl.getIssuerDN(); + X500Name issuerName = (X500Name)caimpl.getIssuerDN(); byte[] issuerByte = issuerName.getEncoded(); - ByteArrayInputStream istream = new ByteArrayInputStream(issuerByte); + ByteArrayInputStream istream = new ByteArrayInputStream(issuerByte); Name issuer = (Name) Name.getTemplate().decode(istream); - IssuerAndSerialNumber ias = new IssuerAndSerialNumber(issuer, - new INTEGER(x509CAcert.getSerialNumber().toString())); + IssuerAndSerialNumber ias = new IssuerAndSerialNumber( + issuer, new INTEGER(x509CAcert.getSerialNumber().toString())); SignerIdentifier si = new SignerIdentifier( - SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null); + SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null); // use CA instance's default signature and digest algorithm SignatureAlgorithm signAlg = ca.getDefaultSignatureAlgorithm(); - org.mozilla.jss.crypto.PrivateKey privKey = CryptoManager - .getInstance().findPrivKeyByCert(x509CAcert); - /* - * org.mozilla.jss.crypto.PrivateKey.Type keyType = - * privKey.getType(); if( keyType.equals( - * org.mozilla.jss.crypto.PrivateKey.RSA ) ) { signAlg = - * SignatureAlgorithm.RSASignatureWithSHA1Digest; } else if( - * keyType.equals( org.mozilla.jss.crypto.PrivateKey.DSA ) ) { - * signAlg = SignatureAlgorithm.DSASignatureWithSHA1Digest; } else - * if( keyType.equals( org.mozilla.jss.crypto.PrivateKey.EC ) ) { - * signAlg = SignatureAlgorithm.ECSignatureWithSHA1Digest; } else { - * CMS.debug( "CMCOutputTemplate::getContentInfo() - " + - * "signAlg is unsupported!" ); return null; } - */ + org.mozilla.jss.crypto.PrivateKey privKey = + CryptoManager.getInstance().findPrivKeyByCert(x509CAcert); +/* + org.mozilla.jss.crypto.PrivateKey.Type keyType = privKey.getType(); + if( keyType.equals( org.mozilla.jss.crypto.PrivateKey.RSA ) ) { + signAlg = SignatureAlgorithm.RSASignatureWithSHA1Digest; + } else if( keyType.equals( org.mozilla.jss.crypto.PrivateKey.DSA ) ) { + signAlg = SignatureAlgorithm.DSASignatureWithSHA1Digest; + } else if( keyType.equals( org.mozilla.jss.crypto.PrivateKey.EC ) ) { + signAlg = SignatureAlgorithm.ECSignatureWithSHA1Digest; + } else { + CMS.debug( "CMCOutputTemplate::getContentInfo() - " + + "signAlg is unsupported!" ); + return null; + } +*/ DigestAlgorithm digestAlg = signAlg.getDigestAlg(); MessageDigest msgDigest = null; byte[] digest = null; @@ -413,9 +424,10 @@ public class CMCOutputTemplate { respBody.encode((OutputStream) ostream); digest = msgDigest.digest(ostream.toByteArray()); - SignerInfo signInfo = new SignerInfo(si, null, null, - OBJECT_IDENTIFIER.id_cct_PKIResponse, digest, signAlg, - privKey); + SignerInfo signInfo = new + SignerInfo(si, null, null, + OBJECT_IDENTIFIER.id_cct_PKIResponse, + digest, signAlg, privKey); SET signInfos = new SET(); signInfos.addElement(signInfo); @@ -423,32 +435,31 @@ public class CMCOutputTemplate { SET digestAlgs = new SET(); if (digestAlg != null) { - AlgorithmIdentifier ai = new AlgorithmIdentifier( - digestAlg.toOID(), null); - + AlgorithmIdentifier ai = new + AlgorithmIdentifier(digestAlg.toOID(), null); + digestAlgs.addElement(ai); } - SignedData signedData = new SignedData(digestAlgs, enContentInfo, - certs, null, signInfos); + SignedData signedData = new SignedData(digestAlgs, + enContentInfo, certs, null, signInfos); ContentInfo contentInfo = new ContentInfo(signedData); CMS.debug("CMCOutputTemplate::getContentInfo() - done"); return contentInfo; } catch (Exception e) { - CMS.debug("CMCOutputTemplate: Failed to create CMCContentInfo. Exception: " - + e.toString()); + CMS.debug("CMCOutputTemplate: Failed to create CMCContentInfo. Exception: "+e.toString()); } - return null; + return null; } - public void createSimpleResponse(HttpServletResponse resp, IRequest[] reqs) { + public void createSimpleResponse(HttpServletResponse resp, IRequest []reqs) { SET certs = new SET(); SessionContext context = SessionContext.getContext(); try { - TaggedAttribute attr = (TaggedAttribute) (context - .get(OBJECT_IDENTIFIER.id_cmc_getCert)); + TaggedAttribute attr = + (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_getCert)); processGetCertControl(attr, certs); - } catch (Exception e) { + } catch (Exception e) { CMS.debug("CMCOutputTemplate: No certificate is found."); } @@ -457,42 +468,38 @@ public class CMCOutputTemplate { // oid for id-data OBJECT_IDENTIFIER oid = new OBJECT_IDENTIFIER("1.2.840.113549.1.7.1"); - EncapsulatedContentInfo enContentInfo = new EncapsulatedContentInfo( - oid, null); + EncapsulatedContentInfo enContentInfo = new EncapsulatedContentInfo(oid, null); try { if (reqs != null) { - for (int i = 0; i < reqs.length; i++) { - X509CertImpl impl = (reqs[i] - .getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT)); + for (int i=0; i<reqs.length; i++) { + X509CertImpl impl = + (reqs[i].getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT)); byte[] bin = impl.getEncoded(); Certificate.Template certTemplate = new Certificate.Template(); - Certificate cert = (Certificate) certTemplate - .decode(new ByteArrayInputStream(bin)); + Certificate cert = + (Certificate)certTemplate.decode(new ByteArrayInputStream(bin)); certs.addElement(cert); } // Get CA certs - ICertificateAuthority ca = (ICertificateAuthority) CMS - .getSubsystem("ca"); + ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca"); CertificateChain certchains = ca.getCACertChain(); - java.security.cert.X509Certificate[] chains = certchains - .getChain(); + java.security.cert.X509Certificate[] chains = certchains.getChain(); - for (int i = 0; i < chains.length; i++) { + for (int i=0; i<chains.length; i++) { Certificate.Template certTemplate = new Certificate.Template(); - Certificate cert = (Certificate) certTemplate - .decode(new ByteArrayInputStream(chains[i] - .getEncoded())); + Certificate cert = (Certificate)certTemplate.decode( + new ByteArrayInputStream(chains[i].getEncoded())); certs.addElement(cert); } } - + if (certs.size() == 0) return; SignedData signedData = new SignedData(digestAlgorithms, - enContentInfo, certs, null, signedInfos); + enContentInfo, certs, null, signedInfos); ContentInfo contentInfo = new ContentInfo(signedData); ByteArrayOutputStream fos = new ByteArrayOutputStream(); @@ -503,47 +510,48 @@ public class CMCOutputTemplate { resp.setContentType("application/pkcs7-mime"); resp.setContentLength(contentBytes.length); OutputStream os = resp.getOutputStream(); - os.write(contentBytes); + os.write(contentBytes); os.flush(); } catch (java.security.cert.CertificateEncodingException e) { - CMS.debug("CMCOutputTemplate exception: " + e.toString()); + CMS.debug("CMCOutputTemplate exception: "+e.toString()); } catch (InvalidBERException e) { - CMS.debug("CMCOutputTemplate exception: " + e.toString()); + CMS.debug("CMCOutputTemplate exception: "+e.toString()); } catch (IOException e) { - CMS.debug("CMCOutputTemplate exception: " + e.toString()); + CMS.debug("CMCOutputTemplate exception: "+e.toString()); } } - private int processConfirmCertAcceptanceControl(TaggedAttribute attr, - SEQUENCE controlSeq, int bpid) { + private int processConfirmCertAcceptanceControl( + TaggedAttribute attr, SEQUENCE controlSeq, int bpid) { if (attr != null) { INTEGER bodyId = attr.getBodyPartID(); SEQUENCE seq = new SEQUENCE(); - seq.addElement(bodyId); + seq.addElement(bodyId); SET values = attr.getValues(); if (values != null && values.size() > 0) { try { - CMCCertId cmcCertId = (CMCCertId) (ASN1Util.decode( - CMCCertId.getTemplate(), - ASN1Util.encode(values.elementAt(0)))); - BigInteger serialno = (BigInteger) (cmcCertId.getSerial()); - SEQUENCE issuers = cmcCertId.getIssuer(); - // ANY issuer = (ANY)issuers.elementAt(0); - ANY issuer = (ANY) (ASN1Util.decode(ANY.getTemplate(), - ASN1Util.encode(issuers.elementAt(0)))); + CMCCertId cmcCertId = + (CMCCertId)(ASN1Util.decode(CMCCertId.getTemplate(), + ASN1Util.encode(values.elementAt(0)))); + BigInteger serialno = (BigInteger)(cmcCertId.getSerial()); + SEQUENCE issuers = cmcCertId.getIssuer(); + //ANY issuer = (ANY)issuers.elementAt(0); + ANY issuer = + (ANY)(ASN1Util.decode(ANY.getTemplate(), + ASN1Util.encode(issuers.elementAt(0)))); byte[] b = issuer.getEncoded(); X500Name n = new X500Name(b); ICertificateAuthority ca = null; - ca = (ICertificateAuthority) CMS.getSubsystem("ca"); + ca = (ICertificateAuthority)CMS.getSubsystem("ca"); X500Name caName = ca.getX500Name(); boolean confirmAccepted = false; if (n.toString().equalsIgnoreCase(caName.toString())) { CMS.debug("CMCOutputTemplate: Issuer names are equal"); - ICertificateRepository repository = (ICertificateRepository) ca - .getCertificateRepository(); + ICertificateRepository repository = + (ICertificateRepository)ca.getCertificateRepository(); X509CertImpl impl = null; try { - repository.getX509Certificate(serialno); + repository.getX509Certificate(serialno); } catch (EBaseException ee) { CMS.debug("CMCOutputTemplate: Certificate in the confirm acceptance control was not found"); } @@ -551,85 +559,81 @@ public class CMCOutputTemplate { CMCStatusInfo cmcStatusInfo = null; if (confirmAccepted) { CMS.debug("CMCOutputTemplate: Confirm Acceptance received. The certificate exists in the certificate repository."); - cmcStatusInfo = new CMCStatusInfo( - CMCStatusInfo.SUCCESS, seq, (String) null, null); + cmcStatusInfo = + new CMCStatusInfo(CMCStatusInfo.SUCCESS, seq, + (String)null, null); } else { CMS.debug("CMCOutputTemplate: Confirm Acceptance received. The certificate does not exist in the certificate repository."); - OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, - new INTEGER(OtherInfo.BAD_CERT_ID), null); - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, - seq, (String) null, otherInfo); + OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, + new INTEGER(OtherInfo.BAD_CERT_ID), null); + cmcStatusInfo = + new CMCStatusInfo(CMCStatusInfo.FAILED, seq, + (String)null, otherInfo); } TaggedAttribute statustagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, - cmcStatusInfo); - controlSeq.addElement(statustagattr); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + controlSeq.addElement(statustagattr); } catch (Exception e) { - CMS.debug("CMCOutputTemplate exception: " + e.toString()); + CMS.debug("CMCOutputTemplate exception: "+e.toString()); } - } + } } return bpid; } private void processGetCertControl(TaggedAttribute attr, SET certs) - throws InvalidBERException, - java.security.cert.CertificateEncodingException, IOException, - EBaseException { + throws InvalidBERException, java.security.cert.CertificateEncodingException, + IOException, EBaseException { if (attr != null) { SET vals = attr.getValues(); if (vals.size() == 1) { - GetCert getCert = (GetCert) (ASN1Util.decode( - GetCert.getTemplate(), - ASN1Util.encode(vals.elementAt(0)))); - BigInteger serialno = (BigInteger) (getCert.getSerialNumber()); - ANY issuer = (ANY) getCert.getIssuer(); + GetCert getCert = + (GetCert)(ASN1Util.decode(GetCert.getTemplate(), + ASN1Util.encode(vals.elementAt(0)))); + BigInteger serialno = (BigInteger)(getCert.getSerialNumber()); + ANY issuer = (ANY)getCert.getIssuer(); byte b[] = issuer.getEncoded(); X500Name n = new X500Name(b); - ICertificateAuthority ca = (ICertificateAuthority) CMS - .getSubsystem("ca"); + ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca"); X500Name caName = ca.getX500Name(); if (!n.toString().equalsIgnoreCase(caName.toString())) { CMS.debug("CMCOutputTemplate: Issuer names are equal in the GetCert Control"); throw new EBaseException("Certificate is not found"); } - ICertificateRepository repository = (ICertificateRepository) ca - .getCertificateRepository(); + ICertificateRepository repository = + (ICertificateRepository)ca.getCertificateRepository(); X509CertImpl impl = repository.getX509Certificate(serialno); byte[] bin = impl.getEncoded(); Certificate.Template certTemplate = new Certificate.Template(); - Certificate cert = (Certificate) certTemplate - .decode(new ByteArrayInputStream(bin)); + Certificate cert = + (Certificate)certTemplate.decode(new ByteArrayInputStream(bin)); certs.addElement(cert); } } } - + private int processQueryPendingControl(TaggedAttribute attr, - SEQUENCE controlSeq, int bpid) { + SEQUENCE controlSeq, int bpid) { if (attr != null) { SET values = attr.getValues(); - if (values != null && values.size() > 0) { + if (values != null && values.size() > 0) { SEQUENCE pending_bpids = new SEQUENCE(); SEQUENCE success_bpids = new SEQUENCE(); SEQUENCE failed_bpids = new SEQUENCE(); - for (int i = 0; i < values.size(); i++) { + for (int i=0; i<values.size(); i++) { try { - INTEGER reqId = (INTEGER) ASN1Util.decode( - INTEGER.getTemplate(), - ASN1Util.encode(values.elementAt(i))); + INTEGER reqId = (INTEGER) + ASN1Util.decode(INTEGER.getTemplate(), + ASN1Util.encode(values.elementAt(i))); String requestId = new String(reqId.toByteArray()); - ICertificateAuthority ca = (ICertificateAuthority) CMS - .getSubsystem("ca"); + ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca"); IRequestQueue queue = ca.getRequestQueue(); - IRequest r = queue - .findRequest(new RequestId(requestId)); + IRequest r = queue.findRequest(new RequestId(requestId)); if (r != null) { - Integer result = r - .getExtDataInInteger(IRequest.RESULT); + Integer result = r.getExtDataInInteger(IRequest.RESULT); RequestStatus status = r.getRequestStatus(); if (status.equals(RequestStatus.PENDING)) { pending_bpids.addElement(reqId); @@ -644,47 +648,44 @@ public class CMCOutputTemplate { } if (pending_bpids.size() > 0) { - CMCStatusInfo cmcStatusInfo = new CMCStatusInfo( - CMCStatusInfo.PENDING, pending_bpids, - (String) null, null); - TaggedAttribute tagattr = new TaggedAttribute(new INTEGER( - bpid++), OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, - cmcStatusInfo); + CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.PENDING, + pending_bpids, (String)null, null); + TaggedAttribute tagattr = new TaggedAttribute( + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); } if (success_bpids.size() > 0) { - CMCStatusInfo cmcStatusInfo = new CMCStatusInfo( - CMCStatusInfo.SUCCESS, pending_bpids, - (String) null, null); - TaggedAttribute tagattr = new TaggedAttribute(new INTEGER( - bpid++), OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, - cmcStatusInfo); + CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.SUCCESS, + pending_bpids, (String)null, null); + TaggedAttribute tagattr = new TaggedAttribute( + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); } if (failed_bpids.size() > 0) { - CMCStatusInfo cmcStatusInfo = new CMCStatusInfo( - CMCStatusInfo.FAILED, pending_bpids, (String) null, - null); - TaggedAttribute tagattr = new TaggedAttribute(new INTEGER( - bpid++), OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, - cmcStatusInfo); + CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, + pending_bpids, (String)null, null); + TaggedAttribute tagattr = new TaggedAttribute( + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); } - } + } } return bpid; } - private int processTransactionControl(TaggedAttribute attr, - SEQUENCE controlSeq, int bpid) { + private int processTransactionControl(TaggedAttribute attr, + SEQUENCE controlSeq, int bpid) { if (attr != null) { SET transIds = attr.getValues(); if (transIds != null) { - TaggedAttribute tagattr = new TaggedAttribute(new INTEGER( - bpid++), OBJECT_IDENTIFIER.id_cmc_transactionId, - transIds); + TaggedAttribute tagattr = new TaggedAttribute( + new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_transactionId, + transIds); controlSeq.addElement(tagattr); } } @@ -693,29 +694,28 @@ public class CMCOutputTemplate { } private int processSenderNonceControl(TaggedAttribute attr, - SEQUENCE controlSeq, int bpid) { + SEQUENCE controlSeq, int bpid) { if (attr != null) { SET sNonce = attr.getValues(); if (sNonce != null) { - TaggedAttribute tagattr = new TaggedAttribute(new INTEGER( - bpid++), OBJECT_IDENTIFIER.id_cmc_recipientNonce, - sNonce); + TaggedAttribute tagattr = new TaggedAttribute( + new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_recipientNonce, + sNonce); controlSeq.addElement(tagattr); Date date = new Date(); - String salt = "lala123" + date.toString(); + String salt = "lala123"+date.toString(); byte[] dig; try { - MessageDigest SHA1Digest = MessageDigest - .getInstance("SHA1"); + MessageDigest SHA1Digest = MessageDigest.getInstance("SHA1"); dig = SHA1Digest.digest(salt.getBytes()); } catch (NoSuchAlgorithmException ex) { dig = salt.getBytes(); } String b64E = CMS.BtoA(dig); - tagattr = new TaggedAttribute(new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_senderNonce, new OCTET_STRING( - b64E.getBytes())); + tagattr = new TaggedAttribute( + new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_senderNonce, + new OCTET_STRING(b64E.getBytes())); controlSeq.addElement(tagattr); } } @@ -723,28 +723,29 @@ public class CMCOutputTemplate { return bpid; } - private int processDataReturnControl(TaggedAttribute attr, - SEQUENCE controlSeq, int bpid) throws InvalidBERException { + private int processDataReturnControl(TaggedAttribute attr, + SEQUENCE controlSeq, int bpid) throws InvalidBERException { if (attr != null) { SET vals = attr.getValues(); - + if (vals.size() > 0) { - OCTET_STRING str = (OCTET_STRING) (ASN1Util.decode( - OCTET_STRING.getTemplate(), - ASN1Util.encode(vals.elementAt(0)))); - TaggedAttribute tagattr = new TaggedAttribute(new INTEGER( - bpid++), OBJECT_IDENTIFIER.id_cmc_dataReturn, str); - controlSeq.addElement(tagattr); + OCTET_STRING str = + (OCTET_STRING)(ASN1Util.decode(OCTET_STRING.getTemplate(), + ASN1Util.encode(vals.elementAt(0)))); + TaggedAttribute tagattr = new TaggedAttribute( + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_dataReturn, str); + controlSeq.addElement(tagattr); } - } + } return bpid; } - private int processRevokeRequestControl(TaggedAttribute attr, - SEQUENCE controlSeq, int bpid) throws InvalidBERException, - EBaseException, IOException { + private int processRevokeRequestControl(TaggedAttribute attr, + SEQUENCE controlSeq, int bpid) throws InvalidBERException, EBaseException, + IOException { boolean revoke = false; SessionContext context = SessionContext.getContext(); if (attr != null) { @@ -752,49 +753,39 @@ public class CMCOutputTemplate { CMCStatusInfo cmcStatusInfo = null; SET vals = attr.getValues(); if (vals.size() > 0) { - RevRequest revRequest = (RevRequest) (ASN1Util.decode( - new RevRequest.Template(), - ASN1Util.encode(vals.elementAt(0)))); + RevRequest revRequest = + (RevRequest)(ASN1Util.decode(new RevRequest.Template(), + ASN1Util.encode(vals.elementAt(0)))); OCTET_STRING str = revRequest.getSharedSecret(); - INTEGER pid = attr.getBodyPartID(); + INTEGER pid = attr.getBodyPartID(); TaggedAttribute tagattr = null; INTEGER revokeCertSerial = revRequest.getSerialNumber(); - BigInteger revokeSerial = new BigInteger( - revokeCertSerial.toByteArray()); + BigInteger revokeSerial = new BigInteger(revokeCertSerial.toByteArray()); if (str == null) { boolean needVerify = true; try { - needVerify = CMS.getConfigStore().getBoolean( - "cmc.revokeCert.verify", true); + needVerify = CMS.getConfigStore().getBoolean("cmc.revokeCert.verify", true); } catch (Exception e) { } - + if (needVerify) { - Integer num1 = (Integer) context.get("numOfOtherMsgs"); + Integer num1 = (Integer)context.get("numOfOtherMsgs"); int num = num1.intValue(); - for (int i = 0; i < num; i++) { - OtherMsg data = (OtherMsg) context.get("otherMsg" - + i); - INTEGER dpid = data.getBodyPartID(); + for (int i=0; i<num; i++) { + OtherMsg data = (OtherMsg)context.get("otherMsg"+i); + INTEGER dpid = data.getBodyPartID(); if (pid.longValue() == dpid.longValue()) { - ANY msgValue = data.getOtherMsgValue(); - SignedData msgData = (SignedData) msgValue - .decodeWith(SignedData.getTemplate()); + ANY msgValue = data.getOtherMsgValue(); + SignedData msgData = + (SignedData)msgValue.decodeWith(SignedData.getTemplate()); if (!verifyRevRequestSignature(msgData)) { - OtherInfo otherInfo = new OtherInfo( - OtherInfo.FAIL, - new INTEGER( - OtherInfo.BAD_MESSAGE_CHECK), - null); + OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_MESSAGE_CHECK), null); SEQUENCE failed_bpids = new SEQUENCE(); failed_bpids.addElement(attrbpid); - cmcStatusInfo = new CMCStatusInfo( - CMCStatusInfo.FAILED, failed_bpids, - (String) null, otherInfo); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo); tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, - cmcStatusInfo); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); return bpid; } @@ -803,14 +794,13 @@ public class CMCOutputTemplate { } revoke = true; - // check shared secret + // check shared secret } else { ISharedToken tokenClass = null; boolean sharedSecretFound = true; String name = null; try { - name = CMS.getConfigStore().getString( - "cmc.revokeCert.sharedSecret.class"); + name = CMS.getConfigStore().getString("cmc.revokeCert.sharedSecret.class"); } catch (EPropertyNotFound e) { CMS.debug("EnrollProfile: Failed to find the token class in the configuration file."); sharedSecretFound = false; @@ -820,32 +810,27 @@ public class CMCOutputTemplate { } try { - tokenClass = (ISharedToken) Class.forName(name) - .newInstance(); + tokenClass = (ISharedToken)Class.forName(name).newInstance(); } catch (ClassNotFoundException e) { - CMS.debug("EnrollProfile: Failed to find class name: " - + name); + CMS.debug("EnrollProfile: Failed to find class name: "+name); sharedSecretFound = false; } catch (InstantiationException e) { - CMS.debug("EnrollProfile: Failed to instantiate class: " - + name); + CMS.debug("EnrollProfile: Failed to instantiate class: "+name); sharedSecretFound = false; } catch (IllegalAccessException e) { - CMS.debug("EnrollProfile: Illegal access: " + name); + CMS.debug("EnrollProfile: Illegal access: "+name); sharedSecretFound = false; } if (!sharedSecretFound) { CMS.debug("CMCOutputTemplate: class for shared secret was not found."); - OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, - new INTEGER(OtherInfo.INTERNAL_CA_ERROR), null); + OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.INTERNAL_CA_ERROR), null); SEQUENCE failed_bpids = new SEQUENCE(); failed_bpids.addElement(attrbpid); - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, - failed_bpids, (String) null, otherInfo); - tagattr = new TaggedAttribute(new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, - cmcStatusInfo); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo); + tagattr = new TaggedAttribute( + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); return bpid; } @@ -858,15 +843,13 @@ public class CMCOutputTemplate { if (sharedSecret == null) { CMS.debug("CMCOutputTemplate: class for shared secret was not found."); - OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, - new INTEGER(OtherInfo.INTERNAL_CA_ERROR), null); + OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.INTERNAL_CA_ERROR), null); SEQUENCE failed_bpids = new SEQUENCE(); failed_bpids.addElement(attrbpid); - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, - failed_bpids, (String) null, otherInfo); - tagattr = new TaggedAttribute(new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, - cmcStatusInfo); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo); + tagattr = new TaggedAttribute( + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); return bpid; } @@ -878,44 +861,37 @@ public class CMCOutputTemplate { revoke = true; } else { CMS.debug("CMCOutputTemplate: Both client and server shared secret are not the same, cant revoke certificate."); - OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, - new INTEGER(OtherInfo.BAD_MESSAGE_CHECK), null); + OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_MESSAGE_CHECK), null); SEQUENCE failed_bpids = new SEQUENCE(); failed_bpids.addElement(attrbpid); - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, - failed_bpids, (String) null, otherInfo); - tagattr = new TaggedAttribute(new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, - cmcStatusInfo); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo); + tagattr = new TaggedAttribute( + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); return bpid; } - } + } if (revoke) { - ICertificateAuthority ca = (ICertificateAuthority) CMS - .getSubsystem("ca"); - ICertificateRepository repository = (ICertificateRepository) ca - .getCertificateRepository(); + ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca"); + ICertificateRepository repository = (ICertificateRepository)ca.getCertificateRepository(); ICertRecord record = null; try { record = repository.readCertificateRecord(revokeSerial); } catch (EBaseException ee) { - CMS.debug("CMCOutputTemplate: Exception: " - + ee.toString()); + CMS.debug("CMCOutputTemplate: Exception: "+ee.toString()); } if (record == null) { CMS.debug("CMCOutputTemplate: The certificate is not found"); - OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, - new INTEGER(OtherInfo.BAD_CERT_ID), null); + OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_CERT_ID), null); SEQUENCE failed_bpids = new SEQUENCE(); failed_bpids.addElement(attrbpid); - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, - failed_bpids, (String) null, otherInfo); - tagattr = new TaggedAttribute(new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, - cmcStatusInfo); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo); + tagattr = new TaggedAttribute( + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); return bpid; } @@ -924,12 +900,11 @@ public class CMCOutputTemplate { CMS.debug("CMCOutputTemplate: The certificate is already revoked."); SEQUENCE success_bpids = new SEQUENCE(); success_bpids.addElement(attrbpid); - cmcStatusInfo = new CMCStatusInfo( - CMCStatusInfo.SUCCESS, success_bpids, - (String) null, null); - tagattr = new TaggedAttribute(new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, - cmcStatusInfo); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.SUCCESS, + success_bpids, (String)null, null); + tagattr = new TaggedAttribute( + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); return bpid; } @@ -938,58 +913,45 @@ public class CMCOutputTemplate { impls[0] = impl; ENUMERATED n = revRequest.getReason(); RevocationReason reason = toRevocationReason(n); - CRLReasonExtension crlReasonExtn = new CRLReasonExtension( - reason); + CRLReasonExtension crlReasonExtn = new CRLReasonExtension(reason); CRLExtensions entryExtn = new CRLExtensions(); GeneralizedTime t = revRequest.getInvalidityDate(); InvalidityDateExtension invalidityDateExtn = null; if (t != null) { - invalidityDateExtn = new InvalidityDateExtension( - t.toDate()); - entryExtn.set(invalidityDateExtn.getName(), - invalidityDateExtn); + invalidityDateExtn = new InvalidityDateExtension(t.toDate()); + entryExtn.set(invalidityDateExtn.getName(), invalidityDateExtn); } if (crlReasonExtn != null) { entryExtn.set(crlReasonExtn.getName(), crlReasonExtn); } - RevokedCertImpl revCertImpl = new RevokedCertImpl( - impl.getSerialNumber(), CMS.getCurrentDate(), - entryExtn); + RevokedCertImpl revCertImpl = new RevokedCertImpl(impl.getSerialNumber(), CMS.getCurrentDate(), entryExtn); RevokedCertImpl[] revCertImpls = new RevokedCertImpl[1]; revCertImpls[0] = revCertImpl; - IRequestQueue queue = ca.getRequestQueue(); - IRequest revReq = queue - .newRequest(IRequest.REVOCATION_REQUEST); + IRequestQueue queue = ca.getRequestQueue(); + IRequest revReq = queue.newRequest(IRequest.REVOCATION_REQUEST); revReq.setExtData(IRequest.CERT_INFO, revCertImpls); revReq.setExtData(IRequest.REVOKED_REASON, Integer.valueOf(reason.toInt())); UTF8String utfstr = revRequest.getComment(); if (utfstr != null) - revReq.setExtData(IRequest.REQUESTOR_COMMENTS, - utfstr.toString()); - revReq.setExtData(IRequest.REQUESTOR_TYPE, - IRequest.REQUESTOR_AGENT); + revReq.setExtData(IRequest.REQUESTOR_COMMENTS, utfstr.toString()); + revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_AGENT); queue.processRequest(revReq); RequestStatus stat = revReq.getRequestStatus(); if (stat == RequestStatus.COMPLETE) { - Integer result = revReq - .getExtDataInInteger(IRequest.RESULT); - CMS.debug("CMCOutputTemplate: revReq result = " - + result); + Integer result = revReq.getExtDataInInteger(IRequest.RESULT); + CMS.debug("CMCOutputTemplate: revReq result = "+result); if (result.equals(IRequest.RES_ERROR)) { - CMS.debug("CMCOutputTemplate: revReq exception: " - + revReq.getExtDataInString(IRequest.ERROR)); - OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, - new INTEGER(OtherInfo.BAD_REQUEST), null); + CMS.debug("CMCOutputTemplate: revReq exception: " + + revReq.getExtDataInString(IRequest.ERROR)); + OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_REQUEST), null); SEQUENCE failed_bpids = new SEQUENCE(); failed_bpids.addElement(attrbpid); - cmcStatusInfo = new CMCStatusInfo( - CMCStatusInfo.FAILED, failed_bpids, - (String) null, otherInfo); - tagattr = new TaggedAttribute(new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, - cmcStatusInfo); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo); + tagattr = new TaggedAttribute( + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); return bpid; } @@ -997,42 +959,37 @@ public class CMCOutputTemplate { ILogger logger = CMS.getLogger(); String initiative = AuditFormat.FROMUSER; - logger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { revReq.getRequestId(), initiative, - "completed", impl.getSubjectDN(), - impl.getSerialNumber().toString(16), - reason.toString() }); + logger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, new Object[] { + revReq.getRequestId(), initiative, "completed", + impl.getSubjectDN(), + impl.getSerialNumber().toString(16), + reason.toString()}); CMS.debug("CMCOutputTemplate: Certificate get revoked."); SEQUENCE success_bpids = new SEQUENCE(); success_bpids.addElement(attrbpid); cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.SUCCESS, - success_bpids, (String) null, null); - tagattr = new TaggedAttribute(new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, - cmcStatusInfo); + success_bpids, (String)null, null); + tagattr = new TaggedAttribute( + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); return bpid; } else { - OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, - new INTEGER(OtherInfo.BAD_MESSAGE_CHECK), null); + OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_MESSAGE_CHECK), null); SEQUENCE failed_bpids = new SEQUENCE(); failed_bpids.addElement(attrbpid); - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, - failed_bpids, (String) null, otherInfo); - tagattr = new TaggedAttribute(new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, - cmcStatusInfo); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo); + tagattr = new TaggedAttribute( + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); return bpid; } } } - return bpid; + return bpid; } private RevocationReason toRevocationReason(ENUMERATED n) { @@ -1041,7 +998,7 @@ public class CMCOutputTemplate { return RevocationReason.UNSPECIFIED; else if (code == RevRequest.affiliationChanged.getValue()) return RevocationReason.AFFILIATION_CHANGED; - else if (code == RevRequest.cACompromise.getValue()) + else if (code == RevRequest.cACompromise.getValue()) return RevocationReason.CA_COMPROMISE; else if (code == RevRequest.certificateHold.getValue()) return RevocationReason.CERTIFICATE_HOLD; @@ -1064,34 +1021,34 @@ public class CMCOutputTemplate { try { EncapsulatedContentInfo ci = msgData.getContentInfo(); OCTET_STRING content = ci.getContent(); - ByteArrayInputStream s = new ByteArrayInputStream( - content.toByteArray()); - TaggedAttribute tattr = (TaggedAttribute) (new TaggedAttribute.Template()) - .decode(s); + ByteArrayInputStream s = new ByteArrayInputStream(content.toByteArray()); + TaggedAttribute tattr = (TaggedAttribute)(new TaggedAttribute.Template()).decode(s); SET values = tattr.getValues(); RevRequest revRequest = null; if (values != null && values.size() > 0) - revRequest = (RevRequest) (ASN1Util.decode( - new RevRequest.Template(), - ASN1Util.encode(values.elementAt(0)))); + revRequest = + (RevRequest)(ASN1Util.decode(new RevRequest.Template(), + ASN1Util.encode(values.elementAt(0)))); SET dias = msgData.getDigestAlgorithmIdentifiers(); int numDig = dias.size(); Hashtable digs = new Hashtable(); - for (int i = 0; i < numDig; i++) { - AlgorithmIdentifier dai = (AlgorithmIdentifier) dias - .elementAt(i); - String name = DigestAlgorithm.fromOID(dai.getOID()).toString(); - MessageDigest md = MessageDigest.getInstance(name); + for (int i=0; i<numDig; i++) { + AlgorithmIdentifier dai = + (AlgorithmIdentifier) dias.elementAt(i); + String name = + DigestAlgorithm.fromOID(dai.getOID()).toString(); + MessageDigest md = + MessageDigest.getInstance(name); byte[] digest = md.digest(content.toByteArray()); digs.put(name, digest); } SET sis = msgData.getSignerInfos(); - int numSis = sis.size(); - for (int i = 0; i < numSis; i++) { - org.mozilla.jss.pkix.cms.SignerInfo si = (org.mozilla.jss.pkix.cms.SignerInfo) sis - .elementAt(i); + int numSis = sis.size(); + for (int i=0; i<numSis; i++) { + org.mozilla.jss.pkix.cms.SignerInfo si = + (org.mozilla.jss.pkix.cms.SignerInfo)sis.elementAt(i); String name = si.getDigestAlgorithm().toString(); byte[] digest = (byte[]) digs.get(name); if (digest == null) { @@ -1101,30 +1058,23 @@ public class CMCOutputTemplate { digest = md.digest(ostream.toByteArray()); } SignerIdentifier sid = si.getSignerIdentifier(); - if (sid.getType().equals( - SignerIdentifier.ISSUER_AND_SERIALNUMBER)) { - org.mozilla.jss.pkix.cms.IssuerAndSerialNumber issuerAndSerialNumber = sid - .getIssuerAndSerialNumber(); + if (sid.getType().equals(SignerIdentifier.ISSUER_AND_SERIALNUMBER)) { + org.mozilla.jss.pkix.cms.IssuerAndSerialNumber issuerAndSerialNumber = + sid.getIssuerAndSerialNumber(); java.security.cert.X509Certificate cert = null; if (msgData.hasCertificates()) { SET certs = msgData.getCertificates(); int numCerts = certs.size(); - for (int j = 0; j < numCerts; j++) { - org.mozilla.jss.pkix.cert.Certificate certJss = (Certificate) certs - .elementAt(j); - org.mozilla.jss.pkix.cert.CertificateInfo certI = certJss - .getInfo(); + for (int j=0; j<numCerts; j++) { + org.mozilla.jss.pkix.cert.Certificate certJss = + (Certificate) certs.elementAt(j); + org.mozilla.jss.pkix.cert.CertificateInfo certI = + certJss.getInfo(); Name issuer = certI.getIssuer(); byte[] issuerB = ASN1Util.encode(issuer); INTEGER sn = certI.getSerialNumber(); - if (new String(issuerB) - .equalsIgnoreCase(new String(ASN1Util - .encode(issuerAndSerialNumber - .getIssuer()))) - && sn.toString().equals( - issuerAndSerialNumber - .getSerialNumber() - .toString())) { + if (new String(issuerB).equalsIgnoreCase(new String(ASN1Util.encode(issuerAndSerialNumber.getIssuer()))) && + sn.toString().equals(issuerAndSerialNumber.getSerialNumber().toString())) { ByteArrayOutputStream os = new ByteArrayOutputStream(); certJss.encode(os); cert = new X509CertImpl(os.toByteArray()); @@ -1132,25 +1082,23 @@ public class CMCOutputTemplate { } } } - + if (cert != null) { PublicKey pbKey = cert.getPublicKey(); - String type = ((X509Key) pbKey).getAlgorithm(); + String type = ((X509Key)pbKey).getAlgorithm(); PrivateKey.Type kType = PrivateKey.RSA; if (type.equals("DSA")) kType = PrivateKey.DSA; - PK11PubKey pubK = PK11PubKey.fromRaw(kType, - ((X509Key) pbKey).getKey()); + PK11PubKey pubK = PK11PubKey.fromRaw(kType, ((X509Key)pbKey).getKey()); si.verify(digest, ci.getContentType(), pubK); return true; } - } - } - + } + } + return false; } catch (Exception e) { - CMS.debug("CMCOutputTemplate: verifyRevRequestSignature. Exception: " - + e.toString()); + CMS.debug("CMCOutputTemplate: verifyRevRequestSignature. Exception: "+e.toString()); return false; } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSFile.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSFile.java index 746a7c32..7f89297c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSFile.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSFile.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; + import java.io.File; import java.io.FileInputStream; import java.io.IOException; @@ -26,9 +27,10 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.logging.ILogger; + /** * CMSFile represents a file from the filesystem cached in memory - * + * * @version $Revision$, $Date$ */ public class CMSFile { @@ -85,8 +87,7 @@ public class CMSFile { } protected void log(int level, String msg) { - mLogger.log(ILogger.EV_SYSTEM, level, ILogger.S_OTHER, "CMSgateway:" - + msg); + mLogger.log(ILogger.EV_SYSTEM, level, ILogger.S_OTHER, "CMSgateway:" + msg); } public String toString() { diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSFileLoader.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSFileLoader.java index 0d3fea99..bf4c3cf6 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSFileLoader.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSFileLoader.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; + import java.io.File; import java.io.IOException; import java.util.Enumeration; @@ -25,9 +26,10 @@ import java.util.Hashtable; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; + /** * CMSFileLoader - file cache. - * + * * @version $Revision$, $Date$ */ @@ -43,14 +45,14 @@ public class CMSFileLoader { // property to cache templates only public final String PROP_CACHE_TEMPLATES_ONLY = "cacheTemplatesOnly"; - // hash of files to their content. + // hash of files to their content. private Hashtable mLoadedFiles = new Hashtable(); - // max number of files + // max number of files private int mMaxSize = MAX_SIZE; // number of files to clear when max is reached. - private int mClearSize = CLEAR_SIZE; + private int mClearSize = CLEAR_SIZE; // whether to cache templates and forms only. private boolean mCacheTemplatesOnly = true; @@ -61,17 +63,16 @@ public class CMSFileLoader { public void init(IConfigStore config) throws EBaseException { mMaxSize = config.getInteger(PROP_MAX_SIZE, MAX_SIZE); mClearSize = config.getInteger(PROP_CLEAR_SIZE, CLEAR_SIZE); - mCacheTemplatesOnly = config - .getBoolean(PROP_CACHE_TEMPLATES_ONLY, true); + mCacheTemplatesOnly = + config.getBoolean(PROP_CACHE_TEMPLATES_ONLY, true); } // Changed by bskim - // public byte[] get(String absPath) throws EBaseException, IOException { - // File file = new File(absPath); - // return get(file); - // } - public byte[] get(String absPath, String enc) throws EBaseException, - IOException { + //public byte[] get(String absPath) throws EBaseException, IOException { + // File file = new File(absPath); + // return get(file); + //} + public byte[] get(String absPath, String enc) throws EBaseException, IOException { File file = new File(absPath); return get(file, enc); @@ -80,20 +81,19 @@ public class CMSFileLoader { // Change end // Changed by bskim - // public byte[] get(File file) throws EBaseException, IOException { - // CMSFile cmsFile = getCMSFile(file); + //public byte[] get(File file) throws EBaseException, IOException { + // CMSFile cmsFile = getCMSFile(file); public byte[] get(File file, String enc) throws EBaseException, IOException { CMSFile cmsFile = getCMSFile(file, enc); - // Change end + // Change end return cmsFile.getContent(); } // Changed by bskim - // public CMSFile getCMSFile(File file) throws EBaseException, IOException { - public CMSFile getCMSFile(File file, String enc) throws EBaseException, - IOException { - // Change end + //public CMSFile getCMSFile(File file) throws EBaseException, IOException { + public CMSFile getCMSFile(File file, String enc) throws EBaseException, IOException { + // Change end String absPath = file.getAbsolutePath(); long modified = file.lastModified(); CMSFile cmsFile = (CMSFile) mLoadedFiles.get(absPath); @@ -102,8 +102,8 @@ public class CMSFileLoader { // new file. if (cmsFile == null || modified != lastModified) { // Changed by bskim - // cmsFile = updateFile(absPath, file); - cmsFile = updateFile(absPath, file, enc); + //cmsFile = updateFile(absPath, file); + cmsFile = updateFile(absPath, file, enc); // Change end } cmsFile.setLastAccess(System.currentTimeMillis()); @@ -111,10 +111,10 @@ public class CMSFileLoader { } // Changed by bskim - // private CMSFile updateFile(String absPath, File file) - private CMSFile updateFile(String absPath, File file, String enc) - // Change end - throws EBaseException, IOException { + //private CMSFile updateFile(String absPath, File file) + private CMSFile updateFile(String absPath, File file, String enc) + // Change end + throws EBaseException, IOException { // clear if cache size exceeded. if (mLoadedFiles.size() >= mMaxSize) { clearSomeFiles(); @@ -125,24 +125,24 @@ public class CMSFileLoader { // check if file is a js template or plain template by its first String if (absPath.endsWith(CMSTemplate.SUFFIX)) { // Changed by bskim - // cmsFile = new CMSTemplate(file); + //cmsFile = new CMSTemplate(file); cmsFile = new CMSTemplate(file, enc); // End of Change } else { cmsFile = new CMSFile(file); } - mLoadedFiles.put(absPath, cmsFile); // replace old one if any. + mLoadedFiles.put(absPath, cmsFile); // replace old one if any. return cmsFile; } private synchronized void clearSomeFiles() { // recheck this in case some other thread has cleared it. - if (mLoadedFiles.size() < mMaxSize) + if (mLoadedFiles.size() < mMaxSize) return; - // remove the LRU files. - // XXX could be optimized more. + // remove the LRU files. + // XXX could be optimized more. Enumeration elements = mLoadedFiles.elements(); for (int i = mClearSize; i > 0; i--) { @@ -160,3 +160,4 @@ public class CMSFileLoader { } } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSGWResources.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSGWResources.java index c3854935..a76b1c75 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSGWResources.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSGWResources.java @@ -17,12 +17,14 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; + import java.util.ListResourceBundle; + /** * A class represents a resource bundle for cms gateway. * <P> - * + * * @version $Revision$, $Date$ * @see java.util.ListResourceBundle */ @@ -36,7 +38,8 @@ public class CMSGWResources extends ListResourceBundle { } /* - * Constants. The suffix represents the number of possible parameters. + * Constants. The suffix represents the number of + * possible parameters. */ static final Object[][] contents = {}; diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSGateway.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSGateway.java index 48e53c10..b5c6e3c7 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSGateway.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSGateway.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; + import java.io.File; import java.io.IOException; import java.security.cert.X509Certificate; @@ -40,9 +41,10 @@ import com.netscape.certsrv.base.IArgBlock; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.logging.ILogger; + /** * This class is to hold some general method for servlets. - * + * * @version $Revision$, $Date$ */ public class CMSGateway { @@ -50,7 +52,8 @@ public class CMSGateway { private final static String PROP_ENABLE_ADMIN_ENROLL = "enableAdminEnroll"; private final static String PROP_SERVER_XML = "server.xml"; - public static final String CERT_ATTR = "javax.servlet.request.X509Certificate"; + public static final String CERT_ATTR = + "javax.servlet.request.X509Certificate"; protected static CMSFileLoader mFileLoader = new CMSFileLoader(); @@ -65,11 +68,11 @@ public class CMSGateway { mEnableFileServing = true; mConfig = CMS.getConfigStore().getSubStore(PROP_CMSGATEWAY); try { - mEnableAdminEnroll = mConfig.getBoolean(PROP_ENABLE_ADMIN_ENROLL, - false); + mEnableAdminEnroll = + mConfig.getBoolean(PROP_ENABLE_ADMIN_ENROLL, false); } catch (EBaseException e) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_BAD_CONFIG_PARAM")); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_BAD_CONFIG_PARAM")); } } @@ -85,7 +88,7 @@ public class CMSGateway { httpReqHash.put(name, req.getParameter(name)); } - + String ip = req.getRemoteAddr(); if (ip != null) httpReqHash.put("clientHost", ip); @@ -96,11 +99,11 @@ public class CMSGateway { return mEnableAdminEnroll; } - public static void setEnableAdminEnroll(boolean enableAdminEnroll) - throws EBaseException { + public static void setEnableAdminEnroll(boolean enableAdminEnroll) + throws EBaseException { IConfigStore mainConfig = CMS.getConfigStore(); - // !!! Is it thread safe? xxxx + //!!! Is it thread safe? xxxx mEnableAdminEnroll = enableAdminEnroll; mConfig.putBoolean(PROP_ENABLE_ADMIN_ENROLL, enableAdminEnroll); mainConfig.commit(true); @@ -109,9 +112,9 @@ public class CMSGateway { public static void disableAdminEnroll() throws EBaseException { setEnableAdminEnroll(false); - /* - * need to do this in web.xml and restart ws - * removeServlet("/ca/adminEnroll", "AdminEnroll"); initGateway(); + /* need to do this in web.xml and restart ws + removeServlet("/ca/adminEnroll", "AdminEnroll"); + initGateway(); */ } @@ -119,19 +122,18 @@ public class CMSGateway { * construct a authentication credentials to pass into authentication * manager. */ - public static AuthCredentials getAuthCreds(IAuthManager authMgr, - IArgBlock argBlock, X509Certificate clientCert) - throws EBaseException { + public static AuthCredentials getAuthCreds( + IAuthManager authMgr, IArgBlock argBlock, X509Certificate clientCert) + throws EBaseException { // get credentials from http parameters. if (authMgr == null) - return null; + return null; String[] reqCreds = authMgr.getRequiredCreds(); AuthCredentials creds = new AuthCredentials(); - + if (clientCert instanceof java.security.cert.X509Certificate) { try { - clientCert = new netscape.security.x509.X509CertImpl( - clientCert.getEncoded()); + clientCert = new netscape.security.x509.X509CertImpl(clientCert.getEncoded()); } catch (Exception e) { CMS.debug("CMSGateway: getAuthCreds " + e.toString()); } @@ -142,7 +144,8 @@ public class CMSGateway { if (reqCred.equals(IAuthManager.CRED_SSL_CLIENT_CERT)) { // cert could be null; - creds.set(reqCred, new X509Certificate[] { clientCert }); + creds.set(reqCred, new X509Certificate[] { clientCert} + ); } else { String value = argBlock.getValueAsString(reqCred); @@ -159,57 +162,62 @@ public class CMSGateway { protected final static String AUTHMGR_PARAM = "authenticator"; - public static AuthToken checkAuthManager(HttpServletRequest httpReq, - IArgBlock httpParams, X509Certificate cert, String authMgrName) - throws EBaseException { + public static AuthToken checkAuthManager( + HttpServletRequest httpReq, IArgBlock httpParams, + X509Certificate cert, String authMgrName) + throws EBaseException { IArgBlock httpArgs = httpParams; if (httpArgs == null) httpArgs = CMS.createArgBlock(toHashtable(httpReq)); - IAuthSubsystem authSub = (IAuthSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_AUTH); + IAuthSubsystem authSub = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); - String authMgr_http = httpArgs.getValueAsString(AUTHMGR_PARAM, null); + String authMgr_http = httpArgs.getValueAsString( + AUTHMGR_PARAM, null); if (authMgr_http != null) { authMgrName = authMgr_http; } if (authMgrName == null || authMgrName.length() == 0) { - throw new EBaseException(CMS.getLogMessage("BASE_INTERNAL_ERROR_1", - CMS.getLogMessage("CMSGW_AUTH_MAN_EXPECTED"))); + throw new EBaseException(CMS.getLogMessage("BASE_INTERNAL_ERROR_1", + CMS.getLogMessage("CMSGW_AUTH_MAN_EXPECTED"))); } - - IAuthManager authMgr = authSub - .getAuthManager(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID); + + IAuthManager authMgr = + authSub.getAuthManager(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID); authMgr = authSub.getAuthManager(authMgrName); if (authMgr == null) return null; - IAuthCredentials creds = getAuthCreds(authMgr, - CMS.createArgBlock(toHashtable(httpReq)), cert); + IAuthCredentials creds = + getAuthCreds(authMgr, CMS.createArgBlock(toHashtable(httpReq)), cert); AuthToken authToken = null; try { - authToken = (AuthToken) authMgr.authenticate(creds); + authToken = (AuthToken) authMgr.authenticate(creds); } catch (EBaseException e) { throw e; } catch (Exception e) { CMS.debug("CMSGateway: " + e); // catch all errors from authentication manager. - throw new ECMSGWException(CMS.getLogMessage("CMSGW_AUTH_ERROR_2", - e.toString(), e.getMessage())); + throw new ECMSGWException(CMS.getLogMessage("CMSGW_AUTH_ERROR_2", + e.toString(), e.getMessage())); } return authToken; } - public static void renderTemplate(String templateName, - HttpServletRequest req, HttpServletResponse resp, - ServletConfig servletConfig, CMSFileLoader fileLoader) - throws EBaseException, IOException { - CMSTemplate template = getTemplate(templateName, req, servletConfig, - fileLoader, new Locale[1]); + public static void renderTemplate( + String templateName, + HttpServletRequest req, + HttpServletResponse resp, + ServletConfig servletConfig, + CMSFileLoader fileLoader) + throws EBaseException, IOException { + CMSTemplate template = + getTemplate(templateName, req, + servletConfig, fileLoader, new Locale[1]); ServletOutputStream out = resp.getOutputStream(); template.renderOutput(out, new CMSTemplateParams(null, null)); @@ -231,8 +239,9 @@ public class CMSGateway { * @param realpathFile the file to get. * @param locale array of at least one to be filled with locale found. */ - public static File getLangFile(HttpServletRequest req, File realpathFile, - Locale[] locale) throws IOException { + public static File getLangFile( + HttpServletRequest req, File realpathFile, Locale[] locale) + throws IOException { File file = null; String acceptLang = req.getHeader("accept-language"); @@ -249,7 +258,7 @@ public class CMSGateway { } String name = realpathFile.getName(); - if (name == null) { // filename should never be null. + if (name == null) { // filename should never be null. throw new IOException("file has no name"); } int i; @@ -277,8 +286,9 @@ public class CMSGateway { break; } - String langfilepath = parent + File.separatorChar + lang - + File.separatorChar + name; + String langfilepath = + parent + File.separatorChar + + lang + File.separatorChar + name; file = new File(langfilepath); if (file.exists()) { @@ -301,52 +311,54 @@ public class CMSGateway { } /** - * get a template + * get a template */ - protected static CMSTemplate getTemplate(String templateName, - HttpServletRequest httpReq, ServletConfig servletConfig, - CMSFileLoader fileLoader, Locale[] locale) throws EBaseException, - IOException { + protected static CMSTemplate getTemplate( + String templateName, + HttpServletRequest httpReq, + ServletConfig servletConfig, + CMSFileLoader fileLoader, + Locale[] locale) + throws EBaseException, IOException { // this converts to system dependent file seperator char. if (servletConfig == null) { - CMS.debug("CMSGateway:getTemplate() - servletConfig is null!"); + CMS.debug( "CMSGateway:getTemplate() - servletConfig is null!" ); return null; } if (servletConfig.getServletContext() == null) { } if (templateName == null) { } - String realpath = servletConfig.getServletContext().getRealPath( - "/" + templateName); + String realpath = + servletConfig.getServletContext().getRealPath("/" + templateName); File realpathFile = new File(realpath); - File templateFile = getLangFile(httpReq, realpathFile, locale); - CMSTemplate template = - // (CMSTemplate)fileLoader.getCMSFile(templateFile); - (CMSTemplate) fileLoader.getCMSFile(templateFile, - httpReq.getCharacterEncoding()); + File templateFile = + getLangFile(httpReq, realpathFile, locale); + CMSTemplate template = + //(CMSTemplate)fileLoader.getCMSFile(templateFile); + (CMSTemplate) fileLoader.getCMSFile(templateFile, httpReq.getCharacterEncoding()); return template; } /** - * Get the If-Modified-Since header and compare it to the millisecond epoch - * value passed in. If there is no header, or there is a problem parsing the - * value, or if the file has been modified this will return true, indicating - * the file has changed. - * + * Get the If-Modified-Since header and compare it to the millisecond + * epoch value passed in. If there is no header, or there is a problem + * parsing the value, or if the file has been modified this will return + * true, indicating the file has changed. + * * @param lastModified The time value in milliseconds past the epoch to - * compare the If-Modified-Since header to. + * compare the If-Modified-Since header to. */ - public static boolean modifiedSince(HttpServletRequest req, - long lastModified) { + public static boolean modifiedSince(HttpServletRequest req, long lastModified) { long ifModSinceStr; try { ifModSinceStr = req.getDateHeader("If-Modified-Since"); - } catch (IllegalArgumentException e) { + }catch (IllegalArgumentException e) { return true; } - + if (ifModSinceStr < 0) { return true; } @@ -359,3 +371,4 @@ public class CMSGateway { } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSLoadTemplate.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSLoadTemplate.java index b409bc63..ca5abf03 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSLoadTemplate.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSLoadTemplate.java @@ -17,9 +17,12 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; + + + /** - * handy class containing cms templates to load & fill. - * + * handy class containing cms templates to load & fill. + * * @version $Revision$, $Date$ */ public class CMSLoadTemplate { @@ -31,9 +34,10 @@ public class CMSLoadTemplate { public CMSLoadTemplate() { } - public CMSLoadTemplate(String propName, String fillerPropName, - String templateName, ICMSTemplateFiller filler) { - + public CMSLoadTemplate( + String propName, String fillerPropName, + String templateName, ICMSTemplateFiller filler) { + mPropName = propName; mFillerPropName = fillerPropName; mTemplateName = templateName; diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSRequest.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSRequest.java index 6968ccc5..27f1d3a5 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSRequest.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSRequest.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; + import java.util.Hashtable; import java.util.Vector; @@ -34,7 +35,7 @@ import com.netscape.certsrv.request.RequestStatus; /** * This represents a user request. - * + * * @version $Revision$, $Date$ */ public class CMSRequest { @@ -45,8 +46,7 @@ public class CMSRequest { public static final Integer SVC_PENDING = Integer.valueOf(4); public static final Integer REJECTED = Integer.valueOf(5); public static final Integer ERROR = Integer.valueOf(6); - public static final Integer EXCEPTION = Integer.valueOf(7); // unexpected - // error. + public static final Integer EXCEPTION = Integer.valueOf(7); // unexpected error. private static final String RESULT = "cmsRequestResult"; @@ -59,7 +59,7 @@ public class CMSRequest { // http headers & other info. private HttpServletRequest mHttpReq = null; - // http response. + // http response. private HttpServletResponse mHttpResp = null; // http servlet config. @@ -68,11 +68,11 @@ public class CMSRequest { // http servlet context. private ServletContext mServletContext = null; - // permanent request in request queue. + // permanent request in request queue. private IRequest mRequest = null; // whether request processed successfully - private Integer mStatus = SUCCESS; + private Integer mStatus = SUCCESS; // exception message containing error that occured. // note exception could also be thrown seperately. @@ -85,13 +85,13 @@ public class CMSRequest { Object mResult = null; Hashtable mResults = new Hashtable(); - /** + /** * Constructor */ public CMSRequest() { } - // set methods use by servlets. + // set methods use by servlets. /** * set the HTTP parameters @@ -115,45 +115,47 @@ public class CMSRequest { } /** - * set the HTTP Response object which is used to create the HTTP response - * which is sent back to the user + * set the HTTP Response object which is used to create the + * HTTP response which is sent back to the user */ public void setHttpResp(HttpServletResponse httpResp) { mHttpResp = httpResp; } /** - * set the servlet configuration. The servlet configuration is read from the - * WEB-APPS/web.xml file under the <servlet> XML definition. The - * parameters are delimited by init-param param-name/param-value options as - * described in the servlet documentation. + * set the servlet configuration. The servlet configuration is + * read from the WEB-APPS/web.xml file under the <servlet> + * XML definition. The parameters are delimited by init-param + * param-name/param-value options as described in the servlet + * documentation. */ public void setServletConfig(ServletConfig servletConfig) { mServletConfig = servletConfig; } - /* - * set the servlet context. the servletcontext has detail about the - * currently running request + /* + * set the servlet context. the servletcontext has detail + * about the currently running request */ public void setServletContext(ServletContext servletContext) { mServletContext = servletContext; } - /** - * Set request status. - * - * @param status request status. Allowed values are UNAUTHORIZED, SUCCESS, - * REJECTED, PENDING, ERROR, SVC_PENDING + /** + * Set request status. + * @param status request status. Allowed values are + * UNAUTHORIZED, SUCCESS, REJECTED, PENDING, ERROR, SVC_PENDING * @throws IllegalArgumentException if status is not one of the above values */ public void setStatus(Integer status) { - if (!status.equals(UNAUTHORIZED) && !status.equals(SUCCESS) - && !status.equals(REJECTED) && !status.equals(PENDING) - && !status.equals(ERROR) && !status.equals(SVC_PENDING) - && !status.equals(EXCEPTION)) { - throw new IllegalArgumentException( - CMS.getLogMessage("CMSGW_BAD_REQ_STATUS")); + if ( !status.equals( UNAUTHORIZED ) && + !status.equals( SUCCESS ) && + !status.equals( REJECTED ) && + !status.equals( PENDING ) && + !status.equals( ERROR ) && + !status.equals( SVC_PENDING ) && + !status.equals( EXCEPTION ) ) { + throw new IllegalArgumentException(CMS.getLogMessage("CMSGW_BAD_REQ_STATUS")); } mStatus = status; } @@ -167,9 +169,9 @@ public class CMSRequest { } public void setErrorDescription(String descr) { - if (mErrorDescr == null) + if (mErrorDescr == null) mErrorDescr = new Vector(); - mErrorDescr.addElement(descr); + mErrorDescr.addElement(descr); } public void setResult(Object result) { @@ -233,7 +235,7 @@ public class CMSRequest { return reason; } - // handy routines for IRequest. + // handy routines for IRequest. public void setExtData(String type, String value) { if (mRequest != null) { @@ -249,7 +251,7 @@ public class CMSRequest { } } - // policy errors; set on rejection or possibly deferral. + // policy errors; set on rejection or possibly deferral. public Vector getPolicyMessages() { if (mRequest != null) { return mRequest.getExtDataInStringVector(IRequest.ERRORS); @@ -257,13 +259,13 @@ public class CMSRequest { return null; } - /** - * set default CMS status according to IRequest status. + /** + * set default CMS status according to IRequest status. */ public void setIRequestStatus() throws EBaseException { if (mRequest == null) { - EBaseException e = new ECMSGWException( - CMS.getLogMessage("CMSGW_MISSING_REQUEST")); + EBaseException e = + new ECMSGWException(CMS.getLogMessage("CMSGW_MISSING_REQUEST")); throw e; } @@ -275,11 +277,11 @@ public class CMSRequest { mStatus = CMSRequest.SUCCESS; return; } - // unexpected resulting request status. + // unexpected resulting request status. if (status == RequestStatus.REJECTED) { mStatus = CMSRequest.REJECTED; return; - } // pending or service pending. + } // pending or service pending. else if (status == RequestStatus.PENDING) { mStatus = CMSRequest.PENDING; return; @@ -289,9 +291,9 @@ public class CMSRequest { } else { RequestId reqId = mRequest.getRequestId(); - throw new ECMSGWException(CMS.getLogMessage( - "CMSGW_UNEXPECTED_REQUEST_STATUS_2", status.toString(), - reqId.toString())); + throw new ECMSGWException( + CMS.getLogMessage("CMSGW_UNEXPECTED_REQUEST_STATUS_2", + status.toString(), reqId.toString())); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java index c6af2fe6..4528ea7e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; + import java.io.BufferedReader; import java.io.File; import java.io.FileInputStream; @@ -38,21 +39,23 @@ import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IArgBlock; import com.netscape.certsrv.logging.ILogger; + /** - * File templates. This implementation will take an HTML file with a special - * customer tag <CMS_TEMPLATE> and replace the tag with a series of - * javascript variable definitions (depending on the servlet) - * + * File templates. This implementation will take + * an HTML file with a special customer tag + * <CMS_TEMPLATE> and replace the tag with + * a series of javascript variable definitions + * (depending on the servlet) + * * @version $Revision$, $Date$ */ public class CMSTemplate extends CMSFile { public static final String SUFFIX = ".template"; - /* - * ========================================================== variables - * ========================================================== - */ + /*========================================================== + * variables + *==========================================================*/ /* private variables */ private String mTemplateFileName = ""; @@ -65,33 +68,29 @@ public class CMSTemplate extends CMSFile { public static final String TEMPLATE_TAG = "<CMS_TEMPLATE>"; /* Character set for i18n */ - + /* Will be set by CMSServlet.getTemplate() */ private String mCharset = null; - /* - * ========================================================== constructors - * ========================================================== - */ + /*========================================================== + * constructors + *==========================================================*/ /** * Constructor - * * @param file template file to load * @param charset character set - * @throws IOException if the there was an error opening the file + * @throws IOException if the there was an error opening the file */ - public CMSTemplate(File file, String charset) throws IOException, - EBaseException { + public CMSTemplate(File file, String charset) throws IOException, EBaseException { mCharset = charset; mAbsPath = file.getAbsolutePath(); mLastModified = file.lastModified(); try { init(file); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_LOAD_TEMPLATE", mAbsPath, - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CANT_LOAD_TEMPLATE", mAbsPath, e.toString())); throw new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_LOADING_TEMPLATE")); } @@ -100,17 +99,16 @@ public class CMSTemplate extends CMSFile { mContent = content.getBytes(mCharset); } - /* - * ========================================================== public methods - * ========================================================== - */ + /*========================================================== + * public methods + *==========================================================*/ /* * - * Load the form from the file and setup the pre/post output buffer if it is - * a template file. Otherwise, only post output buffer is filled. - * + * Load the form from the file and setup the + * pre/post output buffer if it is a template + * file. Otherwise, only post output buffer is + * filled. * @param template the template file to load - * * @return true if successful */ public boolean init(File template) throws EBaseException, IOException { @@ -120,10 +118,9 @@ public class CMSTemplate extends CMSFile { String content = loadFile(template); if (content == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_TEMPLATE_EMPTY", mAbsPath)); - throw new ECMSGWException(CMS.getLogMessage( - "CMSGW_TEMPLATE_NO_CONTENT_1", mAbsPath)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_TEMPLATE_EMPTY", mAbsPath)); + throw new ECMSGWException( + CMS.getLogMessage("CMSGW_TEMPLATE_NO_CONTENT_1", mAbsPath)); } /* time stamp */ @@ -131,17 +128,17 @@ public class CMSTemplate extends CMSFile { mTimeStamp = now.getTime(); - /* - * if template file, find template tag substring and set pre/post output - * string + /* if template file, find template tag substring and set + * pre/post output string */ int location = content.indexOf(TEMPLATE_TAG); if (location == -1) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_TEMPLATE_MISSING", - mAbsPath, TEMPLATE_TAG)); - throw new ECMSGWException(CMS.getLogMessage( - "CMSGW_MISSING_TEMPLATE_TAG_2", TEMPLATE_TAG, mAbsPath)); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_TEMPLATE_MISSING", mAbsPath, TEMPLATE_TAG)); + throw new ECMSGWException( + CMS.getLogMessage("CMSGW_MISSING_TEMPLATE_TAG_2", + TEMPLATE_TAG, mAbsPath)); } mPreOutput = content.substring(0, location); mPostOutput = content.substring(TEMPLATE_TAG.length() + location); @@ -149,15 +146,14 @@ public class CMSTemplate extends CMSFile { return true; } - /** - * Write a javascript representation of 'input' surrounded by SCRIPT tags to - * the outputstream - * + /** + * Write a javascript representation of 'input' + * surrounded by SCRIPT tags to the outputstream * @param rout the outputstream to write to * @param input the parameters to write */ public void renderOutput(OutputStream rout, CMSTemplateParams input) - throws IOException { + throws IOException { Enumeration e = null, q = null; IArgBlock r = null; boolean headerBlock = false, fixedBlock = false, queryBlock = false; @@ -168,7 +164,7 @@ public class CMSTemplate extends CMSFile { http_out = new HTTPOutputStreamWriter(rout); else http_out = new HTTPOutputStreamWriter(rout, mCharset); - + try { templateLine out = new templateLine(); @@ -182,7 +178,7 @@ public class CMSTemplate extends CMSFile { out.println("var recordSet = new Array;"); out.println("var result = new Object();"); - // hack + // hack out.println("var httpParamsCount = 0;"); out.println("var httpHeadersCount = 0;"); out.println("var authTokenCount = 0;"); @@ -244,11 +240,11 @@ public class CMSTemplate extends CMSFile { out.println("record.recordSet = recordSet;"); } - // if (headerBlock) + //if (headerBlock) out.println("result.header = header;"); - // if (fixedBlock) + //if (fixedBlock) out.println("result.fixed = fixed;"); - // if (queryBlock) + //if (queryBlock) out.println("result.recordSet = recordSet;"); out.println("</SCRIPT>"); out.println(mPostOutput); @@ -260,14 +256,15 @@ public class CMSTemplate extends CMSFile { } /** - * Ouput the pre-amble HTML Header including the pre-output buffer. - * + * Ouput the pre-amble HTML Header including + * the pre-output buffer. + * * @param out output stream specified * @return success or error */ public boolean outputProlog(PrintWriter out) { - // Debug.trace("FormCache:outputProlog"); + //Debug.trace("FormCache:outputProlog"); /* output pre-output buffer */ out.print(mPreOutput); @@ -281,8 +278,9 @@ public class CMSTemplate extends CMSFile { } /** - * Output the post HTML tags and post-output buffer. - * + * Output the post HTML tags and post-output + * buffer. + * * @param out output stream specified * @return success or error */ @@ -301,12 +299,11 @@ public class CMSTemplate extends CMSFile { return mAbsPath; } - // inherit getabspath, getContent, get last access and set last access + // inherit getabspath, getContent, get last access and set last access - /* - * ========================================================== private - * methods========================================================== - */ + /*========================================================== + * private methods + *==========================================================*/ /* load file into string */ private String loadFile(File template) throws IOException { @@ -315,8 +312,7 @@ public class CMSTemplate extends CMSFile { /* create input stream, can throw IOException */ FileInputStream inStream = new FileInputStream(template); - InputStreamReader inReader = new InputStreamReader(inStream, mCharset); - ; + InputStreamReader inReader = new InputStreamReader(inStream, mCharset);; BufferedReader in = new BufferedReader(inReader); StringBuffer buf = new StringBuffer(); String line; @@ -329,9 +325,8 @@ public class CMSTemplate extends CMSFile { in.close(); inStream.close(); } catch (IOException e) { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERR_CLOSE_TEMPL_FILE", mAbsPath, - e.getMessage())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_ERR_CLOSE_TEMPL_FILE", mAbsPath, e.getMessage())); } return buf.toString(); } @@ -358,8 +353,8 @@ public class CMSTemplate extends CMSFile { } } else if (v instanceof BigInteger) { s = ((BigInteger) v).toString(10); - } else if (v instanceof Character - && ((Character) v).equals(Character.valueOf((char) 0))) { + } else if (v instanceof Character && + ((Character) v).equals(Character.valueOf((char) 0))) { s = "null"; } else { s = "\"" + v.toString() + "\""; @@ -369,10 +364,10 @@ public class CMSTemplate extends CMSFile { } /** - * Escape the contents of src string in preparation to be enclosed in double - * quotes as a JavaScript String Literal within an <script> portion of an - * HTML document. stevep - performance improvements - about 4 times faster - * than before. + * Escape the contents of src string in preparation to be enclosed in + * double quotes as a JavaScript String Literal within an <script> + * portion of an HTML document. + * stevep - performance improvements - about 4 times faster than before. */ public static String escapeJavaScriptString(String v) { int l = v.length(); @@ -385,27 +380,25 @@ public class CMSTemplate extends CMSFile { for (int i = 0; i < l; i++) { char c = in[i]; - if ((c > 0x23) && (c != 0x5c) && (c != 0x3c) && (c != 0x3e)) { + if ((c > 0x23) && (c!= 0x5c) && (c!= 0x3c) && (c!= 0x3e)) { out[j++] = c; continue; } - if ((c == 0x5c) - && ((i + 1) < l) - && (in[i + 1] == 'n' || in[i + 1] == 'r' - || in[i + 1] == 'f' || in[i + 1] == 't' - || in[i + 1] == '<' || in[i + 1] == '>' - || in[i + 1] == '\"' || in[i + 1] == '\'' || in[i + 1] == '\\')) { - if (in[i + 1] == 'x' && ((i + 3) < l) && in[i + 2] == '3' - && (in[i + 3] == 'c' || in[i + 3] == 'e')) { + if ((c == 0x5c) && ((i+1)<l) && (in[i+1] == 'n' || + in[i+1] == 'r' || in[i+1] == 'f' || in[i+1] == 't' || + in[i+1] == '<' || in[i+1] == '>' || + in[i+1] == '\"' || in[i+1] == '\'' || in[i+1] == '\\')) { + if (in[i+1] == 'x' && ((i+3)<l) && in[i+2] == '3' && + (in[i+3] == 'c' || in[i+3] == 'e')) { out[j++] = '\\'; - out[j++] = in[i + 1]; - out[j++] = in[i + 2]; - out[j++] = in[i + 3]; + out[j++] = in[i+1]; + out[j++] = in[i+2]; + out[j++] = in[i+3]; i += 3; - } else { + } else { out[j++] = '\\'; - out[j++] = in[i + 1]; + out[j++] = in[i+1]; i++; } continue; @@ -463,9 +456,9 @@ public class CMSTemplate extends CMSFile { return new String(out, 0, j); } - /** - * Like escapeJavaScriptString(String s) but also escape '[' for HTML - * processing. + /** + * Like escapeJavaScriptString(String s) but also escape '[' for + * HTML processing. */ public static String escapeJavaScriptStringHTML(String v) { int l = v.length(); @@ -483,22 +476,20 @@ public class CMSTemplate extends CMSFile { continue; } - if ((c == 0x5c) - && ((i + 1) < l) - && (in[i + 1] == 'n' || in[i + 1] == 'r' - || in[i + 1] == 'f' || in[i + 1] == 't' - || in[i + 1] == '<' || in[i + 1] == '>' - || in[i + 1] == '\"' || in[i + 1] == '\'' || in[i + 1] == '\\')) { - if (in[i + 1] == 'x' && ((i + 3) < l) && in[i + 2] == '3' - && (in[i + 3] == 'c' || in[i + 3] == 'e')) { + if ((c == 0x5c) && ((i+1)<l) && (in[i+1] == 'n' || + in[i+1] == 'r' || in[i+1] == 'f' || in[i+1] == 't' || + in[i+1] == '<' || in[i+1] == '>' || + in[i+1] == '\"' || in[i+1] == '\'' || in[i+1] == '\\')) { + if (in[i+1] == 'x' && ((i+3)<l) && in[i+2] == '3' && + (in[i+3] == 'c' || in[i+3] == 'e')) { out[j++] = '\\'; - out[j++] = in[i + 1]; - out[j++] = in[i + 2]; - out[j++] = in[i + 3]; + out[j++] = in[i+1]; + out[j++] = in[i+2]; + out[j++] = in[i+3]; i += 3; - } else { + } else { out[j++] = '\\'; - out[j++] = in[i + 1]; + out[j++] = in[i+1]; i++; } continue; @@ -558,30 +549,32 @@ public class CMSTemplate extends CMSFile { /** * for debugging, return contents that would've been outputed. */ - public String getOutput(CMSTemplateParams input) throws IOException { + public String getOutput(CMSTemplateParams input) + throws IOException { debugOutputStream out = new debugOutputStream(); renderOutput(out, input); return out.toString(); } - private class HTTPOutputStreamWriter extends OutputStreamWriter { + private + class HTTPOutputStreamWriter extends OutputStreamWriter { public HTTPOutputStreamWriter(OutputStream out) - throws UnsupportedEncodingException { + throws UnsupportedEncodingException { super(out); } - + public HTTPOutputStreamWriter(OutputStream out, String enc) - throws UnsupportedEncodingException { + throws UnsupportedEncodingException { super(out, enc); } - + public void print(String s) throws IOException { write(s, 0, s.length()); flush(); return; } - + public void println(String s) throws IOException { print(s); write('\n'); @@ -590,9 +583,9 @@ public class CMSTemplate extends CMSFile { } } + private class templateLine { private StringBuffer s = new StringBuffer(); - void templateLine() { } @@ -611,6 +604,7 @@ public class CMSTemplate extends CMSFile { } + private static class debugOutputStream extends ServletOutputStream { private StringWriter mStringWriter = new StringWriter(); @@ -619,7 +613,7 @@ public class CMSTemplate extends CMSFile { } public void write(int b) throws IOException { - mStringWriter.write(b); + mStringWriter.write(b); } public String toString() { diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplateParams.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplateParams.java index e14546bb..ced37b93 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplateParams.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplateParams.java @@ -17,14 +17,16 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; + import java.util.Enumeration; import java.util.Vector; import com.netscape.certsrv.base.IArgBlock; + /** * Holds template parameters - * + * * @version $Revision$, $Date$ */ public class CMSTemplateParams { diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/ECMSGWException.java b/pki/base/common/src/com/netscape/cms/servlet/common/ECMSGWException.java index f15aadc7..0cd1102d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/ECMSGWException.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/ECMSGWException.java @@ -17,12 +17,14 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; + import com.netscape.certsrv.base.EBaseException; + /** * A class represents a CMS gateway exception. * <P> - * + * * @version $Revision$, $Date$ */ public class ECMSGWException extends EBaseException { @@ -34,8 +36,7 @@ public class ECMSGWException extends EBaseException { /** * CA resource class name. */ - private static final String CMSGW_RESOURCES = CMSGWResources.class - .getName(); + private static final String CMSGW_RESOURCES = CMSGWResources.class.getName(); /** * Constructs a CMS Gateway exception. diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenErrorTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenErrorTemplateFiller.java index fda80023..6debd2c7 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/GenErrorTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenErrorTemplateFiller.java @@ -16,6 +16,7 @@ // All rights reserved. // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; + import java.util.Enumeration; import java.util.Locale; @@ -26,9 +27,10 @@ import com.netscape.certsrv.authority.IAuthority; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IArgBlock; + /** - * Default error template filler - * + * Default error template filler + * * @version $Revision$, $Date$ */ public class GenErrorTemplateFiller implements ICMSTemplateFiller { @@ -36,15 +38,14 @@ public class GenErrorTemplateFiller implements ICMSTemplateFiller { } /** - * fill error details and description if any. - * + * fill error details and description if any. * @param cmsReq the CMS Request. * @param authority the authority * @param locale the locale of template. * @param e unexpected error. ignored. */ - public CMSTemplateParams getTemplateParams(CMSRequest cmsReq, - IAuthority authority, Locale locale, Exception e) { + public CMSTemplateParams getTemplateParams( + CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams params = new CMSTemplateParams(null, fixed); @@ -52,33 +53,31 @@ public class GenErrorTemplateFiller implements ICMSTemplateFiller { if (cmsReq != null) { Integer sts = cmsReq.getStatus(); - if (sts != null) + if (sts != null) fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString()); } else { - CMS.debug("GenErrorTemplateFiller::getTemplateParams() - " - + "cmsReq is null!"); + CMS.debug( "GenErrorTemplateFiller::getTemplateParams() - " + + "cmsReq is null!" ); return null; } - - // error + + // error String ex = cmsReq.getError(); // Changed by beomsuk - /* - * if (ex == null) ex = new - * EBaseException(CMS.getLogMessage("BASE_UNKNOWN_ERROR")); - * fixed.set(ICMSTemplateFiller.ERROR, ex.toString(locale)); + /*if (ex == null) + ex = new EBaseException(CMS.getLogMessage("BASE_UNKNOWN_ERROR")); + fixed.set(ICMSTemplateFiller.ERROR, ex.toString(locale)); */ if ((ex == null) && (cmsReq.getReason() == null)) - ex = new EBaseException(CMS.getLogMessage("BASE_UNKNOWN_ERROR")) - .toString(); + ex = new EBaseException(CMS.getLogMessage("BASE_UNKNOWN_ERROR")).toString(); else if (ex != null) fixed.set(ICMSTemplateFiller.ERROR, ex); else if (cmsReq.getReason() != null) fixed.set(ICMSTemplateFiller.ERROR, cmsReq.getReason()); - // Change end - - // error description if any. + // Change end + + // error description if any. Vector descr = cmsReq.getErrorDescr(); if (descr != null) { @@ -86,17 +85,20 @@ public class GenErrorTemplateFiller implements ICMSTemplateFiller { while (num.hasMoreElements()) { String elem = (String) num.nextElement(); - // System.out.println("Setting description "+elem.toString()); + //System.out.println("Setting description "+elem.toString()); IArgBlock argBlock = CMS.createArgBlock(); - argBlock.set(ICMSTemplateFiller.ERROR_DESCR, elem); + argBlock.set(ICMSTemplateFiller.ERROR_DESCR, + elem); params.addRepeatRecord(argBlock); } } // this authority - if (authority != null) - fixed.set(ICMSTemplateFiller.AUTHORITY, authority.getOfficialName()); + if (authority != null) + fixed.set(ICMSTemplateFiller.AUTHORITY, + authority.getOfficialName()); return params; } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenPendingTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenPendingTemplateFiller.java index ced36b94..15456865 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/GenPendingTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenPendingTemplateFiller.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; + import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.OutputStream; @@ -58,9 +59,10 @@ import com.netscape.certsrv.ra.IRegistrationAuthority; import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.RequestId; + /** - * default Pending template filler - * + * default Pending template filler + * * @version $Revision$, $Date$ */ public class GenPendingTemplateFiller implements ICMSTemplateFiller { @@ -70,29 +72,28 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller { } /** - * fill error details and description if any. - * + * fill error details and description if any. * @param cmsReq CMS Request * @param authority this authority * @param locale locale of template. * @param e unexpected exception e. ignored. */ - public CMSTemplateParams getTemplateParams(CMSRequest cmsReq, - IAuthority authority, Locale locale, Exception e) { + public CMSTemplateParams getTemplateParams( + CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams params = new CMSTemplateParams(null, fixed); - if (cmsReq == null) { + if( cmsReq == null ) { return null; } // request status if any. Integer sts = cmsReq.getStatus(); - if (sts != null) + if (sts != null) fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString()); - // request id + // request id IRequest req = cmsReq.getIRequest(); if (req != null) { @@ -105,46 +106,52 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller { if (doFullResponse(httpParams)) { SEQUENCE controlSeq = new SEQUENCE(); int bpid = 1; - PendInfo pendInfo = new PendInfo(reqId.toString(), new Date()); - OtherInfo otherInfo = new OtherInfo(OtherInfo.PEND, null, - pendInfo); + PendInfo pendInfo = new PendInfo(reqId.toString(), new + Date()); + OtherInfo otherInfo = new + OtherInfo(OtherInfo.PEND, null, pendInfo); SEQUENCE bpids = new SEQUENCE(); - String[] reqIdArray = req - .getExtDataInStringArray(IRequest.CMC_REQIDS); + String[] reqIdArray = + req.getExtDataInStringArray(IRequest.CMC_REQIDS); for (int i = 0; i < reqIdArray.length; i++) { bpids.addElement(new INTEGER(reqIdArray[i])); } - CMCStatusInfo cmcStatusInfo = new CMCStatusInfo( - CMCStatusInfo.PENDING, bpids, (String) null, otherInfo); - TaggedAttribute ta = new TaggedAttribute(new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + CMCStatusInfo cmcStatusInfo = new + CMCStatusInfo(CMCStatusInfo.PENDING, bpids, + (String) null, otherInfo); + TaggedAttribute ta = new TaggedAttribute(new + INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, + cmcStatusInfo); controlSeq.addElement(ta); // copy transactionID, senderNonce, // create recipientNonce // create responseInfo if regInfo exist - String[] transIds = req - .getExtDataInStringArray(IRequest.CMC_TRANSID); + String[] transIds = + req.getExtDataInStringArray(IRequest.CMC_TRANSID); SET ids = new SET(); for (int i = 0; i < transIds.length; i++) { ids.addElement(new INTEGER(transIds[i])); } - ta = new TaggedAttribute(new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_transactionId, ids); + ta = new TaggedAttribute(new + INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_transactionId, + ids); controlSeq.addElement(ta); - String[] senderNonce = req - .getExtDataInStringArray(IRequest.CMC_SENDERNONCE); + String[] senderNonce = req.getExtDataInStringArray(IRequest.CMC_SENDERNONCE); SET nonces = new SET(); for (int i = 0; i < senderNonce.length; i++) { - nonces.addElement(new OCTET_STRING(senderNonce[i] - .getBytes())); + nonces.addElement(new OCTET_STRING(senderNonce[i].getBytes())); } - ta = new TaggedAttribute(new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_recipientNonce, nonces); + ta = new TaggedAttribute(new + INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_recipientNonce, + nonces); controlSeq.addElement(ta); req.setExtData(IRequest.CMC_RECIPIENTNONCE, senderNonce); @@ -153,65 +160,61 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller { byte[] dig; try { - MessageDigest SHA1Digest = MessageDigest - .getInstance("SHA1"); + MessageDigest SHA1Digest = MessageDigest.getInstance("SHA1"); dig = SHA1Digest.digest(salt.getBytes()); } catch (NoSuchAlgorithmException ex) { dig = salt.getBytes(); } String b64E = CMS.BtoA(dig); - String[] newNonce = { b64E }; + String[] newNonce = {b64E}; - ta = new TaggedAttribute(new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_senderNonce, new OCTET_STRING( - newNonce[0].getBytes())); + ta = new TaggedAttribute(new + INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_senderNonce, + new OCTET_STRING(newNonce[0].getBytes())); controlSeq.addElement(ta); req.setExtData(IRequest.CMC_SENDERNONCE, newNonce); - ResponseBody rb = new ResponseBody(controlSeq, new SEQUENCE(), - new SEQUENCE()); - EncapsulatedContentInfo ci = new EncapsulatedContentInfo( - OBJECT_IDENTIFIER.id_cct_PKIResponse, rb); + ResponseBody rb = new ResponseBody(controlSeq, new + SEQUENCE(), new + SEQUENCE()); + EncapsulatedContentInfo ci = new + EncapsulatedContentInfo(OBJECT_IDENTIFIER.id_cct_PKIResponse, + rb); org.mozilla.jss.crypto.X509Certificate x509cert = null; if (authority instanceof ICertificateAuthority) { - x509cert = ((ICertificateAuthority) authority) - .getCaX509Cert(); - } else if (authority instanceof IRegistrationAuthority) { + x509cert = ((ICertificateAuthority) authority).getCaX509Cert(); + }else if (authority instanceof IRegistrationAuthority) { x509cert = ((IRegistrationAuthority) authority).getRACert(); } if (x509cert == null) return params; try { X509CertImpl cert = new X509CertImpl(x509cert.getEncoded()); - ByteArrayInputStream issuer1 = new ByteArrayInputStream( - ((X500Name) cert.getIssuerDN()).getEncoded()); + ByteArrayInputStream issuer1 = new + ByteArrayInputStream(((X500Name) cert.getIssuerDN()).getEncoded()); Name issuer = (Name) Name.getTemplate().decode(issuer1); - IssuerAndSerialNumber ias = new IssuerAndSerialNumber( - issuer, new INTEGER(cert.getSerialNumber() - .toString())); - SignerIdentifier si = new SignerIdentifier( - SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null); + IssuerAndSerialNumber ias = new + IssuerAndSerialNumber(issuer, new INTEGER(cert.getSerialNumber().toString())); + SignerIdentifier si = new + SignerIdentifier(SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null); // SHA1 is the default digest Alg for now. DigestAlgorithm digestAlg = null; SignatureAlgorithm signAlg = null; - org.mozilla.jss.crypto.PrivateKey privKey = CryptoManager - .getInstance().findPrivKeyByCert(x509cert); - org.mozilla.jss.crypto.PrivateKey.Type keyType = privKey - .getType(); + org.mozilla.jss.crypto.PrivateKey privKey = CryptoManager.getInstance().findPrivKeyByCert(x509cert); + org.mozilla.jss.crypto.PrivateKey.Type keyType = privKey.getType(); - if (keyType.equals(org.mozilla.jss.crypto.PrivateKey.RSA)) { + if( keyType.equals(org.mozilla.jss.crypto.PrivateKey.RSA ) ) { signAlg = SignatureAlgorithm.RSASignatureWithSHA1Digest; - } else if (keyType - .equals(org.mozilla.jss.crypto.PrivateKey.DSA)) { + } else if( keyType.equals(org.mozilla.jss.crypto.PrivateKey.DSA ) ) { signAlg = SignatureAlgorithm.DSASignatureWithSHA1Digest; } else { - CMS.debug("GenPendingTemplateFiller::getTemplateParams() - " - + "keyType " - + keyType.toString() - + " is unsupported!"); + CMS.debug( "GenPendingTemplateFiller::getTemplateParams() - " + + "keyType " + keyType.toString() + + " is unsupported!" ); return null; } @@ -221,36 +224,41 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller { try { SHADigest = MessageDigest.getInstance("SHA1"); digestAlg = DigestAlgorithm.SHA1; - + ByteArrayOutputStream ostream = new ByteArrayOutputStream(); rb.encode((OutputStream) ostream); digest = SHADigest.digest(ostream.toByteArray()); } catch (NoSuchAlgorithmException ex) { - // log("digest fail"); + //log("digest fail"); } - SignerInfo signInfo = new SignerInfo(si, null, null, - OBJECT_IDENTIFIER.id_cct_PKIResponse, digest, - signAlg, privKey); + SignerInfo signInfo = new + SignerInfo(si, null, null, + OBJECT_IDENTIFIER.id_cct_PKIResponse, + digest, signAlg, + privKey); SET signInfos = new SET(); signInfos.addElement(signInfo); - + SET digestAlgs = new SET(); if (digestAlg != null) { - AlgorithmIdentifier ai = new AlgorithmIdentifier( - digestAlg.toOID(), null); + AlgorithmIdentifier ai = new + AlgorithmIdentifier(digestAlg.toOID(), + null); digestAlgs.addElement(ai); } - - SignedData fResponse = new SignedData(digestAlgs, ci, null, - null, signInfos); - ContentInfo fullResponse = new ContentInfo( - ContentInfo.SIGNED_DATA, fResponse); - ByteArrayOutputStream ostream = new ByteArrayOutputStream(); + + SignedData fResponse = new + SignedData(digestAlgs, ci, + null, null, signInfos); + ContentInfo fullResponse = new + ContentInfo(ContentInfo.SIGNED_DATA, fResponse); + ByteArrayOutputStream ostream = new + ByteArrayOutputStream(); fullResponse.encode((OutputStream) ostream); byte[] fr = ostream.toByteArray(); @@ -262,8 +270,9 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller { } } // this authority - if (authority != null) - fixed.set(ICMSTemplateFiller.AUTHORITY, authority.getOfficialName()); + if (authority != null) + fixed.set(ICMSTemplateFiller.AUTHORITY, + authority.getOfficialName()); return params; } @@ -277,3 +286,4 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller { return false; } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenRejectedTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenRejectedTemplateFiller.java index dbeae0f2..798b7f0d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/GenRejectedTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenRejectedTemplateFiller.java @@ -16,6 +16,7 @@ // All rights reserved. // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; + import java.util.Enumeration; import java.util.Locale; @@ -26,9 +27,10 @@ import com.netscape.certsrv.authority.IAuthority; import com.netscape.certsrv.base.IArgBlock; import com.netscape.certsrv.request.IRequest; + /** - * default Service Pending template filler - * + * default Service Pending template filler + * * @version $Revision$, $Date$ */ public class GenRejectedTemplateFiller implements ICMSTemplateFiller { @@ -43,8 +45,8 @@ public class GenRejectedTemplateFiller implements ICMSTemplateFiller { * @param locale locale of template. * @param e unexpected exception e. ignored. */ - public CMSTemplateParams getTemplateParams(CMSRequest cmsReq, - IAuthority authority, Locale locale, Exception e) { + public CMSTemplateParams getTemplateParams( + CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams params = new CMSTemplateParams(null, fixed); @@ -52,15 +54,15 @@ public class GenRejectedTemplateFiller implements ICMSTemplateFiller { if (cmsReq != null) { Integer sts = cmsReq.getStatus(); - if (sts != null) + if (sts != null) fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString()); } else { - CMS.debug("GenRejectedTemplateFiller::getTemplateParams() - " - + "cmsReq is null!"); + CMS.debug( "GenRejectedTemplateFiller::getTemplateParams() - " + + "cmsReq is null!" ); return null; } - // request id + // request id IRequest req = cmsReq.getIRequest(); if (req != null) { @@ -74,7 +76,7 @@ public class GenRejectedTemplateFiller implements ICMSTemplateFiller { while (msgs.hasMoreElements()) { String ex = (String) msgs.nextElement(); - IArgBlock messageArgBlock = CMS.createArgBlock(); + IArgBlock messageArgBlock = CMS.createArgBlock(); messageArgBlock.set(POLICY_MESSAGE, ex); params.addRepeatRecord(messageArgBlock); @@ -84,8 +86,10 @@ public class GenRejectedTemplateFiller implements ICMSTemplateFiller { // this authority - if (authority != null) - fixed.set(ICMSTemplateFiller.AUTHORITY, authority.getOfficialName()); + if (authority != null) + fixed.set(ICMSTemplateFiller.AUTHORITY, + authority.getOfficialName()); return params; } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenSuccessTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenSuccessTemplateFiller.java index 6702e30d..ff3d4f8c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/GenSuccessTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenSuccessTemplateFiller.java @@ -16,6 +16,7 @@ // All rights reserved. // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; + import java.util.Locale; @@ -23,9 +24,10 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.authority.IAuthority; import com.netscape.certsrv.base.IArgBlock; + /** - * default Success template filler - * + * default Success template filler + * * @version $Revision$, $Date$ */ public class GenSuccessTemplateFiller implements ICMSTemplateFiller { @@ -34,15 +36,14 @@ public class GenSuccessTemplateFiller implements ICMSTemplateFiller { } /** - * fill error details and description if any. - * + * fill error details and description if any. * @param cmsReq CMS Request * @param authority this authority * @param locale locale of template. * @param e unexpected exception e. ignored. */ - public CMSTemplateParams getTemplateParams(CMSRequest cmsReq, - IAuthority authority, Locale locale, Exception e) { + public CMSTemplateParams getTemplateParams( + CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams params = new CMSTemplateParams(null, fixed); @@ -50,13 +51,15 @@ public class GenSuccessTemplateFiller implements ICMSTemplateFiller { if (cmsReq != null) { Integer sts = cmsReq.getStatus(); - if (sts != null) + if (sts != null) fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString()); } - // this authority - if (authority != null) - fixed.set(ICMSTemplateFiller.AUTHORITY, authority.getOfficialName()); + // this authority + if (authority != null) + fixed.set(ICMSTemplateFiller.AUTHORITY, + authority.getOfficialName()); return params; } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenSvcPendingTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenSvcPendingTemplateFiller.java index aec29028..d08b83a8 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/GenSvcPendingTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenSvcPendingTemplateFiller.java @@ -16,6 +16,7 @@ // All rights reserved. // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; + import java.util.Locale; @@ -24,9 +25,10 @@ import com.netscape.certsrv.authority.IAuthority; import com.netscape.certsrv.base.IArgBlock; import com.netscape.certsrv.request.IRequest; + /** - * default Service Pending template filler - * + * default Service Pending template filler + * * @version $Revision$, $Date$ */ public class GenSvcPendingTemplateFiller implements ICMSTemplateFiller { @@ -36,15 +38,14 @@ public class GenSvcPendingTemplateFiller implements ICMSTemplateFiller { } /** - * fill error details and description if any. - * + * fill error details and description if any. * @param cmsReq CMS Request * @param authority this authority * @param locale locale of template. * @param e unexpected exception e. ignored. */ - public CMSTemplateParams getTemplateParams(CMSRequest cmsReq, - IAuthority authority, Locale locale, Exception e) { + public CMSTemplateParams getTemplateParams( + CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams params = new CMSTemplateParams(null, fixed); @@ -62,8 +63,8 @@ public class GenSvcPendingTemplateFiller implements ICMSTemplateFiller { fixed.set(ICMSTemplateFiller.REQUEST_ID, req.getRequestId()); // remote authority we're waiting for - String remoteAuthority = req - .getExtDataInString(IRequest.REMOTE_SERVICE_AUTHORITY); + String remoteAuthority = + req.getExtDataInString(IRequest.REMOTE_SERVICE_AUTHORITY); if (remoteAuthority != null) fixed.set(REMOTE_AUTHORITY, remoteAuthority); @@ -71,8 +72,10 @@ public class GenSvcPendingTemplateFiller implements ICMSTemplateFiller { } // this authority - if (authority != null) - fixed.set(ICMSTemplateFiller.AUTHORITY, authority.getOfficialName()); + if (authority != null) + fixed.set(ICMSTemplateFiller.AUTHORITY, + authority.getOfficialName()); return params; } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenUnauthorizedTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenUnauthorizedTemplateFiller.java index 65bca22e..befacf83 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/GenUnauthorizedTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenUnauthorizedTemplateFiller.java @@ -16,6 +16,7 @@ // All rights reserved. // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; + import java.util.Locale; @@ -23,9 +24,10 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.authority.IAuthority; import com.netscape.certsrv.base.IArgBlock; + /** - * default Unauthorized template filler - * + * default Unauthorized template filler + * * @version $Revision$, $Date$ */ public class GenUnauthorizedTemplateFiller implements ICMSTemplateFiller { @@ -34,15 +36,14 @@ public class GenUnauthorizedTemplateFiller implements ICMSTemplateFiller { } /** - * fill error details and description if any. - * + * fill error details and description if any. * @param cmsReq CMS Request * @param authority this authority * @param locale locale of template. * @param e unexpected exception e. ignored. */ - public CMSTemplateParams getTemplateParams(CMSRequest cmsReq, - IAuthority authority, Locale locale, Exception e) { + public CMSTemplateParams getTemplateParams( + CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams params = new CMSTemplateParams(null, fixed); @@ -50,17 +51,19 @@ public class GenUnauthorizedTemplateFiller implements ICMSTemplateFiller { if (cmsReq != null) { Integer sts = cmsReq.getStatus(); - if (sts != null) + if (sts != null) fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString()); } // set unauthorized error - fixed.set(ICMSTemplateFiller.ERROR, - new ECMSGWException(CMS.getLogMessage("CMSGW_UNAUTHORIZED"))); + fixed.set(ICMSTemplateFiller.ERROR, + new ECMSGWException(CMS.getLogMessage("CMSGW_UNAUTHORIZED"))); - // this authority - if (authority != null) - fixed.set(ICMSTemplateFiller.AUTHORITY, authority.getOfficialName()); + // this authority + if (authority != null) + fixed.set(ICMSTemplateFiller.AUTHORITY, + authority.getOfficialName()); return params; } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenUnexpectedErrorTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenUnexpectedErrorTemplateFiller.java index 1ce7f0f9..1ae6ee45 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/GenUnexpectedErrorTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenUnexpectedErrorTemplateFiller.java @@ -16,6 +16,7 @@ // All rights reserved. // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; + import java.util.Locale; @@ -24,9 +25,10 @@ import com.netscape.certsrv.authority.IAuthority; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IArgBlock; + /** - * default unexpected error template filler - * + * default unexpected error template filler + * * @version $Revision$, $Date$ */ public class GenUnexpectedErrorTemplateFiller implements ICMSTemplateFiller { @@ -35,41 +37,41 @@ public class GenUnexpectedErrorTemplateFiller implements ICMSTemplateFiller { } /** - * fill error details and description if any. - * + * fill error details and description if any. * @param cmsReq CMS Request * @param authority this authority * @param locale locale of template. * @param e unexpected exception e. ignored. */ - public CMSTemplateParams getTemplateParams(CMSRequest cmsReq, - IAuthority authority, Locale locale, Exception e) { + public CMSTemplateParams getTemplateParams( + CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams params = new CMSTemplateParams(null, fixed); - + // When an exception occurs the exit is non-local which probably // will leave the requestStatus value set to something other - // than CMSRequest.EXCEPTION, so force the requestStatus to - // EXCEPTION since it must be that if we're here. + // than CMSRequest.EXCEPTION, so force the requestStatus to + // EXCEPTION since it must be that if we're here. Integer sts = CMSRequest.EXCEPTION; - if (cmsReq != null) - cmsReq.setStatus(sts); + if (cmsReq != null) cmsReq.setStatus(sts); fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString()); // the unexpected error (exception) - if (e == null) + if (e == null) e = new EBaseException(CMS.getLogMessage("BASE_UNKNOWN_ERROR")); String errMsg = null; - if (e instanceof EBaseException) + if (e instanceof EBaseException) errMsg = ((EBaseException) e).toString(locale); - else + else errMsg = e.toString(); fixed.set(ICMSTemplateFiller.EXCEPTION, errMsg); // this authority - if (authority != null) - fixed.set(ICMSTemplateFiller.AUTHORITY, authority.getOfficialName()); + if (authority != null) + fixed.set(ICMSTemplateFiller.AUTHORITY, + authority.getOfficialName()); return params; } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/ICMSTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/ICMSTemplateFiller.java index 6633eb97..ddd6f0a1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/ICMSTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/ICMSTemplateFiller.java @@ -17,32 +17,35 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; + import java.util.Locale; import com.netscape.certsrv.authority.IAuthority; + /** * This interface represents a template filler. - * + * * @version $Revision$, $Date$ */ public interface ICMSTemplateFiller { - // common template variables. + // common template variables. public final static String ERROR = "errorDetails"; public final static String ERROR_DESCR = "errorDescription"; public final static String EXCEPTION = "unexpectedError"; - public static final String HOST = "host"; - public static final String PORT = "port"; - public static final String SCHEME = "scheme"; + public static final String HOST = "host"; + public static final String PORT = "port"; + public static final String SCHEME = "scheme"; - public static final String AUTHORITY = "authorityName"; + public static final String AUTHORITY = "authorityName"; - public static final String REQUEST_STATUS = "requestStatus"; + public static final String REQUEST_STATUS = "requestStatus"; - public static final String KEYREC_ID = "keyrecId"; - public static final String REQUEST_ID = "requestId"; + public static final String KEYREC_ID = "keyrecId"; + public static final String REQUEST_ID = "requestId"; - public CMSTemplateParams getTemplateParams(CMSRequest cmsReq, - IAuthority mAuthority, Locale locale, Exception e) throws Exception; + public CMSTemplateParams getTemplateParams( + CMSRequest cmsReq, IAuthority mAuthority, Locale locale, Exception e) + throws Exception; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/IRawJS.java b/pki/base/common/src/com/netscape/cms/servlet/common/IRawJS.java index 827f24f1..27ea5ec1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/IRawJS.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/IRawJS.java @@ -17,9 +17,10 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; + /** * This represents raw JS parameters. - * + * * @version $Revision$, $Date$ */ public interface IRawJS { diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/IndexTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/IndexTemplateFiller.java index ac6fee86..ce1a5082 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/IndexTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/IndexTemplateFiller.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; + import java.util.Locale; import com.netscape.certsrv.apps.CMS; @@ -25,13 +26,15 @@ import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IArgBlock; import com.netscape.certsrv.base.ISubsystem; + /** - * A class represents a certificate server kernel. This kernel contains a list - * of resident subsystems such as logging, security, remote administration. - * Additional subsystems can be loaded into this kernel by specifying parameters - * in the configuration store. + * A class represents a certificate server kernel. This + * kernel contains a list of resident subsystems such + * as logging, security, remote administration. Additional + * subsystems can be loaded into this kernel by specifying + * parameters in the configuration store. * <P> - * + * * @version $Revision$, $Date$ */ public class IndexTemplateFiller implements ICMSTemplateFiller { @@ -49,8 +52,8 @@ public class IndexTemplateFiller implements ICMSTemplateFiller { public IndexTemplateFiller() { } - public CMSTemplateParams getTemplateParams(CMSRequest cmsReq, - IAuthority mAuthority, Locale locale, Exception e) { + public CMSTemplateParams getTemplateParams( + CMSRequest cmsReq, IAuthority mAuthority, Locale locale, Exception e) { IArgBlock header = CMS.createArgBlock(); IArgBlock ctx = CMS.createArgBlock(); CMSTemplateParams params = new CMSTemplateParams(header, ctx); @@ -100,11 +103,11 @@ public class IndexTemplateFiller implements ICMSTemplateFiller { count++; } // information about what is selected is provided - // from the caller. This parameter (selected) is used + // from the caller. This parameter (selected) is used // by header servlet try { - header.addStringValue("selected", cmsReq.getHttpParams() - .getValueAsString("selected")); + header.addStringValue("selected", + cmsReq.getHttpParams().getValueAsString("selected")); } catch (EBaseException ex) { } header.addIntegerValue(OUT_TOTAL_COUNT, count); diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/RawJS.java b/pki/base/common/src/com/netscape/cms/servlet/common/RawJS.java index f936e075..fb31fec1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/RawJS.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/RawJS.java @@ -17,9 +17,10 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; + /** * This represents raw JS parameters. - * + * * @version $Revision$, $Date$ */ public class RawJS implements IRawJS { diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/Utils.java b/pki/base/common/src/com/netscape/cms/servlet/common/Utils.java index f9951f05..580909cb 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/Utils.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/Utils.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; + import java.util.StringTokenizer; import javax.servlet.ServletConfig; @@ -27,9 +28,10 @@ import com.netscape.certsrv.authorization.IAuthzSubsystem; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; + /** * Utility class - * + * * @version $Revision$, $Date$ */ public class Utils { @@ -43,13 +45,13 @@ public class Utils { public final static String AUTHZ_MGR_BASIC = "BasicAclAuthz"; public final static String AUTHZ_MGR_LDAP = "DirAclAuthz"; - public static String initializeAuthz(ServletConfig sc, - IAuthzSubsystem authz, String id) throws ServletException { + public static String initializeAuthz(ServletConfig sc, + IAuthzSubsystem authz, String id) throws ServletException { String srcType = AUTHZ_SRC_LDAP; try { - IConfigStore authzConfig = CMS.getConfigStore().getSubStore( - AUTHZ_CONFIG_STORE); + IConfigStore authzConfig = + CMS.getConfigStore().getSubStore(AUTHZ_CONFIG_STORE); srcType = authzConfig.getString(AUTHZ_SRC_TYPE, AUTHZ_SRC_LDAP); } catch (EBaseException e) { @@ -61,8 +63,8 @@ public class Utils { if (srcType.equalsIgnoreCase(AUTHZ_SRC_XML)) { CMS.debug(CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_INITED", "")); aclMethod = sc.getInitParameter(PROP_AUTHZ_MGR); - if (aclMethod != null - && aclMethod.equalsIgnoreCase(AUTHZ_MGR_BASIC)) { + if (aclMethod != null && + aclMethod.equalsIgnoreCase(AUTHZ_MGR_BASIC)) { String aclInfo = sc.getInitParameter(PROP_ACL); if (aclInfo != null) { @@ -73,8 +75,8 @@ public class Utils { "failed to init authz info from xml config file"); } - CMS.debug(CMS.getLogMessage( - "ADMIN_SRVLT_AUTHZ_MGR_INIT_DONE", id)); + CMS.debug(CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_MGR_INIT_DONE", + id)); } else { CMS.debug(CMS.getLogMessage( "ADMIN_SRVLT_PROP_ACL_NOT_SPEC", PROP_ACL, id, @@ -93,7 +95,7 @@ public class Utils { } public static void addACLInfo(IAuthzSubsystem authz, String aclMethod, - String aclInfo) throws EBaseException { + String aclInfo) throws EBaseException { StringTokenizer tokenizer = new StringTokenizer(aclInfo, "#"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java b/pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java index 7f8b0953..b3809579 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.connector; + import java.io.BufferedReader; import java.io.IOException; import java.io.InputStream; @@ -57,10 +58,12 @@ import com.netscape.certsrv.request.RequestStatus; import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; + /** - * Clone servlet - part of the Clone Authority (CLA) processes Revoked certs - * from its dependant clone CAs service request and return status. - * + * Clone servlet - part of the Clone Authority (CLA) + * processes Revoked certs from its dependant clone CAs + * service request and return status. + * * @version $Revision$, $Date$ */ public class CloneServlet extends CMSServlet { @@ -85,17 +88,19 @@ public class CloneServlet extends CMSServlet { String authority = sc.getInitParameter(PROP_AUTHORITY); if (authority != null) - mAuthority = (IAuthority) CMS.getSubsystem(authority); + mAuthority = (IAuthority) + CMS.getSubsystem(authority); mReqEncoder = CMS.getHttpRequestEncoder(); mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); } - public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + public void service(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException { boolean running_state = CMS.isInRunningState(); if (!running_state) - throw new IOException("CMS server is not ready to serve."); + throw new IOException( + "CMS server is not ready to serve."); ServletContext servletContext = mConfig.getServletContext(); @@ -125,14 +130,14 @@ public class CloneServlet extends CMSServlet { IRequest r = null; IRequest reply = null; - // NOTE must read all bufer before redoing handshake for + // NOTE must read all bufer before redoing handshake for // ssl client auth for client auth to work. // get request method - method = req.getMethod(); + method = req.getMethod(); // get content length - len = req.getContentLength(); + len = req.getContentLength(); // get content, a base 64 encoded serialized request. if (len > 0) { @@ -154,16 +159,16 @@ public class CloneServlet extends CMSServlet { // force client auth handshake, validate clone CA (CCA) // and get CCA's Id. - // NOTE must do this after all contents are read for ssl - // redohandshake to work + // NOTE must do this after all contents are read for ssl + // redohandshake to work X509Certificate peerCert; try { peerCert = getPeerCert(req); - } catch (EBaseException e) { - mAuthority.log(ILogger.LL_SECURITY, - CMS.getLogMessage("CMSGW_HAS_NO_CLIENT_CERT")); + }catch (EBaseException e) { + mAuthority.log(ILogger.LL_SECURITY, + CMS.getLogMessage("CMSGW_HAS_NO_CLIENT_CERT")); resp.sendError(HttpServletResponse.SC_UNAUTHORIZED); return; } @@ -185,7 +190,7 @@ public class CloneServlet extends CMSServlet { CMS.debug("CloneServlet: about to authenticate"); token = authenticate(peerCert); // cfu maybe don't need CCA_Id, because the above check - // was good enough + // was good enough CCAUserId = token.getInString("userid"); CCA_Id = (String) peerCert.getSubjectDN().toString(); } catch (EInvalidCredentials e) { @@ -198,17 +203,15 @@ public class CloneServlet extends CMSServlet { return; } - mAuthority.log( - ILogger.LL_INFO, - "Clone Certificate Authority authenticated: " - + peerCert.getSubjectDN()); + mAuthority.log(ILogger.LL_INFO, + "Clone Certificate Authority authenticated: " + peerCert.getSubjectDN()); // authorize, any authenticated user are authorized AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, token, mAuthzResourceName, - "submit"); + authzToken = authorize(mAclMethod, token, + mAuthzResourceName, "submit"); } catch (Exception e) { // do nothing for now } @@ -229,34 +232,29 @@ public class CloneServlet extends CMSServlet { } // now process CCA request - should just be posting revoked - // certs for now + // certs for now try { // decode request. - CMS.debug("Cloneservlet: before decoding request, encodedreq= " - + encodedreq); + CMS.debug("Cloneservlet: before decoding request, encodedreq= " + encodedreq); msg = (IPKIMessage) mReqEncoder.decode(encodedreq); - // process request + // process request CMS.debug("Cloneservlet: decoded request"); replymsg = processRequest(CCA_Id, CCAUserId, msg, token); } catch (IOException e) { e.printStackTrace(); - mAuthority.log( - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", - e.toString())); + mAuthority.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString())); resp.sendError(HttpServletResponse.SC_BAD_REQUEST); return; } catch (EBaseException e) { - mAuthority.log( - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", - e.toString())); + mAuthority.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString())); resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); return; } - // encode reply + // encode reply String encodedrep = mReqEncoder.encode(replymsg); resp.setStatus(HttpServletResponse.SC_OK); @@ -273,47 +271,46 @@ public class CloneServlet extends CMSServlet { out.flush(); } - // cfu ++change this to just check the subject and signer - protected IAuthToken authenticate(X509Certificate peerCert) - throws EBaseException { + //cfu ++change this to just check the subject and signer + protected IAuthToken authenticate( + X509Certificate peerCert) + throws EBaseException { try { - // XXX using agent authentication now since we're only - // verifying that the cert belongs to a user in the db. - // XXX change this to ACL in the future. + // XXX using agent authentication now since we're only + // verifying that the cert belongs to a user in the db. + // XXX change this to ACL in the future. // build JAVA X509Certificate from peerCert. X509CertImpl cert = new X509CertImpl(peerCert.getEncoded()); AuthCredentials creds = new AuthCredentials(); - creds.set(IAuthManager.CRED_SSL_CLIENT_CERT, - new X509Certificate[] { cert }); + creds.set(IAuthManager.CRED_SSL_CLIENT_CERT, + new X509Certificate[] {cert} + ); - IAuthToken token = mAuthSubsystem.authenticate(creds, + IAuthToken token = mAuthSubsystem.authenticate(creds, IAuthSubsystem.CERTUSERDB_AUTHMGR_ID); return token; } catch (CertificateException e) { - mAuthority.log(ILogger.LL_SECURITY, CMS.getLogMessage( - "CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert - .getSubjectDN().toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_INTERNAL_ERROR", e.toString())); + mAuthority.log(ILogger.LL_SECURITY, + CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); } catch (EInvalidCredentials e) { - mAuthority.log(ILogger.LL_SECURITY, CMS.getLogMessage( - "CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert - .getSubjectDN().toString())); + mAuthority.log(ILogger.LL_SECURITY, + CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString())); throw e; } catch (EBaseException e) { - mAuthority.log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert - .getSubjectDN().toString())); + mAuthority.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString())); throw e; } } - protected IPKIMessage processRequest(String source, String sourceUserId, - IPKIMessage msg, IAuthToken token) throws EBaseException { + protected IPKIMessage processRequest( + String source, String sourceUserId, IPKIMessage msg, IAuthToken token) + throws EBaseException { IPKIMessage replymsg = null; IRequest r = null; IRequestQueue queue = mAuthority.getRequestQueue(); @@ -329,14 +326,13 @@ public class CloneServlet extends CMSServlet { thisreq = queue.findRequest(thisreqid); if (thisreq == null) { // strange case. - String errormsg = "Cannot find request in request queue " - + thisreqid; + String errormsg = "Cannot find request in request queue " + thisreqid; mAuthority.log(ILogger.LL_FAILURE, errormsg); throw new EBaseException(errormsg); } else { - mAuthority.log(ILogger.LL_INFO, "Found request " + thisreqid - + " for " + srcid); + mAuthority.log(ILogger.LL_INFO, + "Found request " + thisreqid + " for " + srcid); replymsg = CMS.getHttpPKIMessage(); replymsg.fromRequest(thisreq); return replymsg; @@ -351,7 +347,8 @@ public class CloneServlet extends CMSServlet { // setting requestor type must come after copy contents. because // requestor is a regular attribute. - thisreq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_RA); + thisreq.setExtData(IRequest.REQUESTOR_TYPE, + IRequest.REQUESTOR_RA); mAuthority.log(ILogger.LL_INFO, "Processing remote request " + srcid); // Set this so that request's updateBy is recorded @@ -365,47 +362,55 @@ public class CloneServlet extends CMSServlet { replymsg = CMS.getHttpPKIMessage(); replymsg.fromRequest(thisreq); - // for audit log + //for audit log String agentID = sourceUserId; - String initiative = AuditFormat.FROMRA + " trustedManagerID: " - + agentID + " remote reqID " + msg.getReqId(); + String initiative = AuditFormat.FROMRA + " trustedManagerID: " + + agentID + " remote reqID " + msg.getReqId(); String authMgr = AuditFormat.NOAUTH; if (token != null) { - authMgr = token.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); + authMgr = + token.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); } - + // Get the certificate info from the request - X509CertInfo certInfo[] = thisreq - .getExtDataInCertInfoArray(IRequest.CERT_INFO); + X509CertInfo certInfo[] = thisreq.getExtDataInCertInfoArray(IRequest.CERT_INFO); try { if (!thisreq.getRequestStatus().equals(RequestStatus.COMPLETE)) { if (certInfo != null) { for (int i = 0; i < certInfo.length; i++) { - mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, AuditFormat.FORMAT, - new Object[] { thisreq.getRequestType(), - thisreq.getRequestId(), initiative, - authMgr, thisreq.getRequestStatus(), - certInfo[i].get(X509CertInfo.SUBJECT), - "" }); - } - } else { - mLogger.log( - ILogger.EV_AUDIT, + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { thisreq.getRequestType(), - thisreq.getRequestId(), initiative, - authMgr, thisreq.getRequestStatus() }); + AuditFormat.FORMAT, + new Object[] { + thisreq.getRequestType(), + thisreq.getRequestId(), + initiative, + authMgr, + thisreq.getRequestStatus(), + certInfo[i].get(X509CertInfo.SUBJECT), + ""} + ); + } + } else { + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.NODNFORMAT, + new Object[] { + thisreq.getRequestType(), + thisreq.getRequestId(), + initiative, + authMgr, + thisreq.getRequestStatus()} + ); } } else { - if (thisreq.getRequestType().equals( - IRequest.CLA_CERT4CRL_REQUEST)) { - Integer result = thisreq - .getExtDataInInteger(IRequest.RESULT); + if + (thisreq.getRequestType().equals(IRequest.CLA_CERT4CRL_REQUEST)) { + Integer result = thisreq.getExtDataInInteger(IRequest.RESULT); if (result.equals(IRequest.RES_ERROR)) { CMS.debug("CloneServlet: error in CLA_CERT4CRL_REQUEST"); @@ -415,83 +420,155 @@ public class CloneServlet extends CMSServlet { } } - /* - * cfu --- if - * (thisreq.getRequestType().equals(IRequest.ENROLLMENT_REQUEST - * )) { // XXX make the repeat record. // Get the certificate(s) - * from the request X509CertImpl issuedCerts[] = - * (X509CertImpl[])thisreq.get(IRequest.ISSUED_CERTS); // return - * potentially more than one certificates. if (issuedCerts != - * null) { for (int i = 0; i < issuedCerts.length; i++) { - * mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - * AuditFormat.LEVEL, AuditFormat.FORMAT, new Object[] { - * thisreq.getRequestType(), thisreq.getRequestId() , initiative - * , authMgr , "completed", issuedCerts[i].getSubjectDN() , - * "cert issued serial number: 0x" + - * issuedCerts[i].getSerialNumber().toString(16)} ); } } else { - * mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - * AuditFormat.LEVEL, AuditFormat.NODNFORMAT, new Object[] { - * thisreq.getRequestType(), thisreq.getRequestId() , initiative - * , authMgr , "completed"} ); } } else if - * (thisreq.getRequestType().equals(IRequest.RENEWAL_REQUEST)) { - * X509CertImpl[] certs = - * (X509CertImpl[])thisreq.get(IRequest.OLD_CERTS); X509CertImpl - * old_cert = certs[0]; certs = - * (X509CertImpl[])thisreq.get(IRequest.ISSUED_CERTS); - * X509CertImpl renewed_cert = certs[0]; if (old_cert != null && - * renewed_cert != null) { mLogger.log(ILogger.EV_AUDIT, - * ILogger.S_OTHER, AuditFormat.LEVEL, - * AuditFormat.RENEWALFORMAT, new Object[] { - * thisreq.getRequestId(), initiative , authMgr , "completed", - * old_cert.getSubjectDN() , - * old_cert.getSerialNumber().toString(16) , - * "new serial number: 0x" + - * renewed_cert.getSerialNumber().toString(16)} ); } else { - * mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - * AuditFormat.LEVEL, AuditFormat.NODNFORMAT, new Object[] { - * thisreq.getRequestType(), thisreq.getRequestId() , initiative - * , authMgr , "completed with error"} ); } } else if - * (thisreq.getRequestType - * ().equals(IRequest.REVOCATION_REQUEST)) { X509CertImpl[] - * oldCerts = (X509CertImpl[])thisreq.get(IRequest.OLD_CERTS); - * RevokedCertImpl crlentries[] = - * (RevokedCertImpl[])thisreq.get(IRequest.REVOKED_CERTS); - * CRLExtensions crlExts = crlentries[0].getExtensions(); int - * reason = 0; if (crlExts != null) { Enumeration enum = - * crlExts.getElements(); while(enum.hasMoreElements()){ - * Extension ext = (Extension) enum.nextElement(); if (ext - * instanceof CRLReasonExtension) { reason = - * ((CRLReasonExtension)ext).getReason().toInt (); break; } } } - * - * int count = oldCerts.length; Integer result = - * (Integer)thisreq.get(IRequest.RESULT); if - * (result.equals(IRequest.RES_ERROR)) { EBaseException ex = - * (EBaseException)thisreq.get(IRequest.ERROR); EBaseException[] - * svcErrors = - * (EBaseException[])thisreq.get(IRequest.SVCERRORS); if - * (svcErrors != null && svcErrors.length > 0) { for (int i = 0; - * i < svcErrors.length; i++) { EBaseException err = - * svcErrors[i]; if (err != null) { for (int j = 0; j < count; - * j++) { if (oldCerts[j] != null) { - * mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - * AuditFormat.LEVEL, AuditFormat.DOREVOKEFORMAT, new Object[] { - * thisreq.getRequestId(), initiative , "completed with error: " - * + err.toString() , oldCerts[j].getSubjectDN() , - * oldCerts[j].getSerialNumber().toString(16), - * RevocationReason.fromInt(reason).toString()} ); } } } } } } - * else { // the success. for (int j = 0; j < count; j++) { if - * (oldCerts[j] != null) { mLogger.log(ILogger.EV_AUDIT, - * ILogger.S_OTHER, AuditFormat.LEVEL, - * AuditFormat.DOREVOKEFORMAT, new Object[] { - * thisreq.getRequestId(), initiative , "completed" , - * oldCerts[j].getSubjectDN() , - * oldCerts[j].getSerialNumber().toString(16), - * RevocationReason.fromInt(reason).toString()} ); } } } } else - * { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - * AuditFormat.LEVEL, AuditFormat.NODNFORMAT, new Object[] { - * thisreq.getRequestType(), thisreq.getRequestId() , initiative - * , authMgr , "completed"} ); } cfu - */ + /* cfu --- + if (thisreq.getRequestType().equals(IRequest.ENROLLMENT_REQUEST)) { + // XXX make the repeat record. + // Get the certificate(s) from the request + X509CertImpl issuedCerts[] = + (X509CertImpl[])thisreq.get(IRequest.ISSUED_CERTS); + // return potentially more than one certificates. + if (issuedCerts != null) { + for (int i = 0; i < issuedCerts.length; i++) { + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + thisreq.getRequestType(), + thisreq.getRequestId() , + initiative , + authMgr , + "completed", + issuedCerts[i].getSubjectDN() , + "cert issued serial number: 0x" + + issuedCerts[i].getSerialNumber().toString(16)} + ); + } + } else { + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.NODNFORMAT, + new Object[] { + thisreq.getRequestType(), + thisreq.getRequestId() , + initiative , + authMgr , + "completed"} + ); + } + } else if (thisreq.getRequestType().equals(IRequest.RENEWAL_REQUEST)) { + X509CertImpl[] certs = (X509CertImpl[])thisreq.get(IRequest.OLD_CERTS); + X509CertImpl old_cert = certs[0]; + certs = (X509CertImpl[])thisreq.get(IRequest.ISSUED_CERTS); + X509CertImpl renewed_cert = certs[0]; + if (old_cert != null && renewed_cert != null) { + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.RENEWALFORMAT, + new Object[] { + thisreq.getRequestId(), + initiative , + authMgr , + "completed", + old_cert.getSubjectDN() , + old_cert.getSerialNumber().toString(16) , + "new serial number: 0x" + + renewed_cert.getSerialNumber().toString(16)} + ); + } else { + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.NODNFORMAT, + new Object[] { + thisreq.getRequestType(), + thisreq.getRequestId() , + initiative , + authMgr , + "completed with error"} + ); + } + } else if (thisreq.getRequestType().equals(IRequest.REVOCATION_REQUEST)) { + X509CertImpl[] oldCerts = (X509CertImpl[])thisreq.get(IRequest.OLD_CERTS); + RevokedCertImpl crlentries[] = + (RevokedCertImpl[])thisreq.get(IRequest.REVOKED_CERTS); + CRLExtensions crlExts = crlentries[0].getExtensions(); + int reason = 0; + if (crlExts != null) { + Enumeration enum = crlExts.getElements(); + while(enum.hasMoreElements()){ + Extension ext = (Extension) enum.nextElement(); + if (ext instanceof CRLReasonExtension) { + reason = ((CRLReasonExtension)ext).getReason().toInt + (); + break; + } + } + } + + int count = oldCerts.length; + Integer result = (Integer)thisreq.get(IRequest.RESULT); + if (result.equals(IRequest.RES_ERROR)) { + EBaseException ex = (EBaseException)thisreq.get(IRequest.ERROR); + EBaseException[] svcErrors = + (EBaseException[])thisreq.get(IRequest.SVCERRORS); + if (svcErrors != null && svcErrors.length > 0) { + for (int i = 0; i < svcErrors.length; i++) { + EBaseException err = svcErrors[i]; + if (err != null) { + for (int j = 0; j < count; j++) { + if (oldCerts[j] != null) { + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + thisreq.getRequestId(), + initiative , + "completed with error: " + + err.toString() , + oldCerts[j].getSubjectDN() , + oldCerts[j].getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString()} + ); + } + } + } + } + } + } else { + // the success. + for (int j = 0; j < count; j++) { + if (oldCerts[j] != null) { + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + thisreq.getRequestId(), + initiative , + "completed" , + oldCerts[j].getSubjectDN() , + oldCerts[j].getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString()} + ); + } + } + } + } else { + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.NODNFORMAT, + new Object[] { + thisreq.getRequestType(), + thisreq.getRequestId() , + initiative , + authMgr , + "completed"} + ); + } + cfu */ } } catch (IOException e) { } catch (CertificateException e) { @@ -500,8 +577,8 @@ public class CloneServlet extends CMSServlet { return replymsg; } - protected X509Certificate getPeerCert(HttpServletRequest req) - throws EBaseException { + protected X509Certificate + getPeerCert(HttpServletRequest req) throws EBaseException { return getSSLClientCertificate(req); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/connector/ConnectorServlet.java b/pki/base/common/src/com/netscape/cms/servlet/connector/ConnectorServlet.java index 0681baca..ad48d18d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/connector/ConnectorServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/connector/ConnectorServlet.java @@ -72,10 +72,12 @@ import com.netscape.certsrv.request.RequestStatus; import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; + /** - * Connector servlet process requests from remote authority - service request or - * return status. - * + * Connector servlet + * process requests from remote authority - + * service request or return status. + * * @version $Revision$, $Date$ */ public class ConnectorServlet extends CMSServlet { @@ -93,10 +95,14 @@ public class ConnectorServlet extends CMSServlet { protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); private final static String SIGNED_AUDIT_PROTECTION_METHOD_SSL = "ssl"; - private final static String SIGNED_AUDIT_PROTECTION_METHOD_UNKNOWN = "unknown"; - private final static String LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS = "LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS_5"; - private final static String LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST = "LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST_5"; - private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; + private final static String SIGNED_AUDIT_PROTECTION_METHOD_UNKNOWN = + "unknown"; + private final static String LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS = + "LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS_5"; + private final static String LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST = + "LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST_5"; + private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = + "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; private final static byte EOL[] = { Character.LINE_SEPARATOR }; @@ -109,19 +115,22 @@ public class ConnectorServlet extends CMSServlet { String authority = sc.getInitParameter(PROP_AUTHORITY); if (authority != null) - mAuthority = (IAuthority) CMS.getSubsystem(authority); + mAuthority = (IAuthority) + CMS.getSubsystem(authority); mReqEncoder = CMS.getHttpRequestEncoder(); - + mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); } - public void service(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { + public void service(HttpServletRequest request, + HttpServletResponse response) + throws ServletException, IOException { boolean running_state = CMS.isInRunningState(); if (!running_state) - throw new IOException("CMS server is not ready to serve."); + throw new IOException( + "CMS server is not ready to serve."); HttpServletRequest req = (HttpServletRequest) request; HttpServletResponse resp = (HttpServletResponse) response; @@ -154,14 +163,14 @@ public class ConnectorServlet extends CMSServlet { IRequest r = null; IRequest reply = null; - // NOTE must read all bufer before redoing handshake for + // NOTE must read all bufer before redoing handshake for // ssl client auth for client auth to work. // get request method - method = req.getMethod(); + method = req.getMethod(); // get content length - len = request.getContentLength(); + len = request.getContentLength(); // get content, a base 64 encoded serialized request. if (len > 0) { @@ -182,16 +191,16 @@ public class ConnectorServlet extends CMSServlet { } // force client auth handshake, validate RA and get RA's Id. - // NOTE must do this after all contents are read for ssl - // redohandshake to work + // NOTE must do this after all contents are read for ssl + // redohandshake to work X509Certificate peerCert; try { peerCert = getPeerCert(req); - } catch (EBaseException e) { - mAuthority.log(ILogger.LL_SECURITY, - CMS.getLogMessage("CMSGW_HAS_NO_CLIENT_CERT")); + }catch (EBaseException e) { + mAuthority.log(ILogger.LL_SECURITY, + CMS.getLogMessage("CMSGW_HAS_NO_CLIENT_CERT")); resp.sendError(HttpServletResponse.SC_UNAUTHORIZED); return; } @@ -202,7 +211,7 @@ public class ConnectorServlet extends CMSServlet { return; } - // authenticate RA + // authenticate RA String RA_Id = null; String raUserId = null; @@ -222,15 +231,15 @@ public class ConnectorServlet extends CMSServlet { return; } - mAuthority.log(ILogger.LL_INFO, "Remote Authority authenticated: " - + peerCert.getSubjectDN()); + mAuthority.log(ILogger.LL_INFO, + "Remote Authority authenticated: " + peerCert.getSubjectDN()); // authorize AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, token, mAuthzResourceName, - "submit"); + authzToken = authorize(mAclMethod, token, + mAuthzResourceName, "submit"); } catch (Exception e) { // do nothing for now } @@ -256,24 +265,20 @@ public class ConnectorServlet extends CMSServlet { try { // decode request. msg = (IPKIMessage) mReqEncoder.decode(encodedreq); - // process request + // process request replymsg = processRequest(RA_Id, raUserId, msg, token); } catch (IOException e) { CMS.debug("ConnectorServlet: service " + e.toString()); CMS.debug(e); - mAuthority.log( - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", - e.toString())); + mAuthority.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString())); resp.sendError(HttpServletResponse.SC_BAD_REQUEST); return; } catch (EBaseException e) { CMS.debug("ConnectorServlet: service " + e.toString()); CMS.debug(e); - mAuthority.log( - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", - e.toString())); + mAuthority.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString())); resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); return; } catch (Exception e) { @@ -283,7 +288,7 @@ public class ConnectorServlet extends CMSServlet { CMS.debug("ConnectorServlet: done processRequest"); - // encode reply + // encode reply try { String encodedrep = mReqEncoder.encode(replymsg); @@ -321,12 +326,10 @@ public class ConnectorServlet extends CMSServlet { ByteArrayOutputStream byteStream; try { - info = request - .getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); + info = request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); - // request.set(IEnrollProfile.REQUEST_SEQ_NUM, new Integer("0")); - CertificateX509Key certKey = (CertificateX509Key) info - .get(X509CertInfo.KEY); + // request.set(IEnrollProfile.REQUEST_SEQ_NUM, new Integer("0")); + CertificateX509Key certKey = (CertificateX509Key)info.get(X509CertInfo.KEY); if (certKey != null) { byteStream = new ByteArrayOutputStream(); certKey.encode(byteStream); @@ -334,15 +337,15 @@ public class ConnectorServlet extends CMSServlet { byteStream.toByteArray()); } - CertificateSubjectName certSubject = (CertificateSubjectName) info - .get(X509CertInfo.SUBJECT); + CertificateSubjectName certSubject = (CertificateSubjectName) + info.get(X509CertInfo.SUBJECT); if (certSubject != null) { request.setExtData(IEnrollProfile.REQUEST_SUBJECT_NAME, certSubject); } - CertificateValidity certValidity = (CertificateValidity) info - .get(X509CertInfo.VALIDITY); + CertificateValidity certValidity = (CertificateValidity) + info.get(X509CertInfo.VALIDITY); if (certValidity != null) { byteStream = new ByteArrayOutputStream(); certValidity.encode(byteStream); @@ -350,15 +353,15 @@ public class ConnectorServlet extends CMSServlet { byteStream.toByteArray()); } - CertificateExtensions extensions = (CertificateExtensions) info - .get(X509CertInfo.EXTENSIONS); + CertificateExtensions extensions = (CertificateExtensions) + info.get(X509CertInfo.EXTENSIONS); if (extensions != null) { request.setExtData(IEnrollProfile.REQUEST_EXTENSIONS, extensions); } - CertificateAlgorithmId certAlg = (CertificateAlgorithmId) info - .get(X509CertInfo.ALGORITHM_ID); + CertificateAlgorithmId certAlg = (CertificateAlgorithmId) + info.get(X509CertInfo.ALGORITHM_ID); if (certAlg != null) { ByteArrayOutputStream certAlgOut = new ByteArrayOutputStream(); certAlg.encode(certAlgOut); @@ -366,14 +369,16 @@ public class ConnectorServlet extends CMSServlet { certAlgOut.toByteArray()); } } catch (Exception e) { - CMS.debug("ConnectorServlet: profile normalization " + e.toString()); + CMS.debug("ConnectorServlet: profile normalization " + + e.toString()); } String profileId = request.getExtDataInString("profileId"); - IProfileSubsystem ps = (IProfileSubsystem) CMS.getSubsystem("profile"); + IProfileSubsystem ps = (IProfileSubsystem) + CMS.getSubsystem("profile"); IEnrollProfile profile = null; - // profile subsystem may not be available. In case of KRA for + // profile subsystem may not be available. In case of KRA for // example if (ps == null) { CMS.debug("ConnectorServlet: Profile Subsystem not found "); @@ -383,8 +388,7 @@ public class ConnectorServlet extends CMSServlet { profile = (IEnrollProfile) (ps.getProfile(profileId)); profile.setDefaultCertInfo(request); } catch (EProfileException e) { - CMS.debug("ConnectorServlet: normalizeProfileRequest Exception: " - + e.toString()); + CMS.debug("ConnectorServlet: normalizeProfileRequest Exception: " + e.toString()); } if (profile == null) { CMS.debug("ConnectorServlet: Profile not found " + profileId); @@ -395,15 +399,15 @@ public class ConnectorServlet extends CMSServlet { /** * Process request * <P> - * + * * (Certificate Request - all "agent" profile cert requests made through a - * connector) + * connector) * <P> - * - * (Certificate Request Processed - all automated "agent" profile based cert - * acceptance made through a connector) + * + * (Certificate Request Processed - all automated "agent" profile based + * cert acceptance made through a connector) * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST used when a * profile cert request is made (before approval process) @@ -413,7 +417,6 @@ public class ConnectorServlet extends CMSServlet { * inter-CIMC_Boundary data transfer is successful (this is used when data * does not need to be captured) * </ul> - * * @param source string containing source * @param sourceUserId string containing source user ID * @param msg PKI message @@ -421,8 +424,9 @@ public class ConnectorServlet extends CMSServlet { * @exception EBaseException an error has occurred * @return PKI message */ - protected IPKIMessage processRequest(String source, String sourceUserId, - IPKIMessage msg, IAuthToken token) throws EBaseException { + protected IPKIMessage processRequest( + String source, String sourceUserId, IPKIMessage msg, IAuthToken token) + throws EBaseException { String auditMessage = null; String auditSubjectID = sourceUserId; String auditProtectionMethod = SIGNED_AUDIT_PROTECTION_METHOD_SSL; @@ -472,45 +476,50 @@ public class ConnectorServlet extends CMSServlet { thisreq = queue.findRequest(thisreqid); if (thisreq == null) { // strange case. - String errormsg = "Cannot find request in request queue " - + thisreqid; + String errormsg = "Cannot find request in request queue " + + thisreqid; - mAuthority.log(ILogger.LL_FAILURE, CMS.getLogMessage( + mAuthority.log(ILogger.LL_FAILURE, + CMS.getLogMessage( "CMSGW_REQUEST_ID_NOT_FOUND_1", thisreqid.toString())); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS, - auditSubjectID, ILogger.FAILURE, - auditProtectionMethod, auditRequestType, - auditRequesterID); + LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS, + auditSubjectID, + ILogger.FAILURE, + auditProtectionMethod, + auditRequestType, + auditRequesterID); audit(auditMessage); - // NOTE: The signed audit event - // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST - // does not yet matter at this point! + // NOTE: The signed audit event + // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST + // does not yet matter at this point! throw new EBaseException(errormsg); } else { - mAuthority.log(ILogger.LL_INFO, "Found request " - + thisreqid + " for " + srcid); + mAuthority.log(ILogger.LL_INFO, + "Found request " + thisreqid + " for " + srcid); replymsg = CMS.getHttpPKIMessage(); replymsg.fromRequest(thisreq); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS, - auditSubjectID, ILogger.SUCCESS, - auditProtectionMethod, auditRequestType, - auditRequesterID); + LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS, + auditSubjectID, + ILogger.SUCCESS, + auditProtectionMethod, + auditRequestType, + auditRequesterID); audit(auditMessage); - // NOTE: The signed audit event - // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST - // does not yet matter at this point! + // NOTE: The signed audit event + // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST + // does not yet matter at this point! return replymsg; } @@ -518,67 +527,77 @@ public class ConnectorServlet extends CMSServlet { // if not found process request. thisreq = queue.newRequest(msg.getReqType()); - CMS.debug("ConnectorServlet: created requestId=" - + thisreq.getRequestId().toString()); + CMS.debug("ConnectorServlet: created requestId=" + + thisreq.getRequestId().toString()); thisreq.setSourceId(srcid); - // NOTE: For the following signed audit message, since we only - // care about the "msg.toRequest( thisreq );" command, and - // since this command does not throw an EBaseException - // (which is the only exception designated by this method), - // then this code does NOT need to be contained within its - // own special try/catch block. - msg.toRequest(thisreq); + // NOTE: For the following signed audit message, since we only + // care about the "msg.toRequest( thisreq );" command, and + // since this command does not throw an EBaseException + // (which is the only exception designated by this method), + // then this code does NOT need to be contained within its + // own special try/catch block. + msg.toRequest( thisreq ); - if (isProfileRequest(thisreq)) { - X509CertInfo info = thisreq - .getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); + if( isProfileRequest( thisreq ) ) { + X509CertInfo info = + thisreq.getExtDataInCertInfo( + IEnrollProfile.REQUEST_CERTINFO ); try { - CertificateSubjectName sn = (CertificateSubjectName) info - .get(X509CertInfo.SUBJECT); + CertificateSubjectName sn = ( CertificateSubjectName ) + info.get( X509CertInfo.SUBJECT ); // if the cert subject name is NOT MISSING, retrieve the // actual "auditCertificateSubjectName" and "normalize" // it - if (sn != null) { + if( sn != null ) { subject = sn.toString(); - if (subject != null) { - // NOTE: This is ok even if the cert subject - // name is "" (empty)! + if( subject != null ) { + // NOTE: This is ok even if the cert subject + // name is "" (empty)! auditCertificateSubjectName = subject.trim(); } } // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, - auditSubjectID, ILogger.SUCCESS, auditRequesterID, - auditProfileID(), auditCertificateSubjectName); - - audit(auditMessage); - } catch (CertificateException e) { - CMS.debug("ConnectorServlet: processRequest " - + e.toString()); + LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + auditProfileID(), + auditCertificateSubjectName ); + + audit( auditMessage ); + } catch( CertificateException e ) { + CMS.debug( "ConnectorServlet: processRequest " + + e.toString() ); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, - auditSubjectID, ILogger.FAILURE, auditRequesterID, - auditProfileID(), auditCertificateSubjectName); - - audit(auditMessage); - } catch (IOException e) { - CMS.debug("ConnectorServlet: processRequest " - + e.toString()); + LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditProfileID(), + auditCertificateSubjectName ); + + audit( auditMessage ); + } catch( IOException e ) { + CMS.debug( "ConnectorServlet: processRequest " + + e.toString() ); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, - auditSubjectID, ILogger.FAILURE, auditRequesterID, - auditProfileID(), auditCertificateSubjectName); - - audit(auditMessage); + LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditProfileID(), + auditCertificateSubjectName ); + + audit( auditMessage ); } } @@ -586,9 +605,10 @@ public class ConnectorServlet extends CMSServlet { // setting requestor type must come after copy contents. because // requestor is a regular attribute. - thisreq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_RA); - mAuthority.log(ILogger.LL_INFO, "Processing remote request " - + srcid); + thisreq.setExtData(IRequest.REQUESTOR_TYPE, + IRequest.REQUESTOR_RA); + mAuthority.log(ILogger.LL_INFO, "Processing remote request " + + srcid); // Set this so that request's updateBy is recorded SessionContext s = SessionContext.getContext(); @@ -601,53 +621,53 @@ public class ConnectorServlet extends CMSServlet { s.put(SessionContext.REQUESTER_ID, msg.getReqId()); } - CMS.debug("ConnectorServlet: calling processRequest instance=" - + thisreq); + CMS.debug("ConnectorServlet: calling processRequest instance=" + + thisreq); if (isProfileRequest(thisreq)) { normalizeProfileRequest(thisreq); } try { - queue.processRequest(thisreq); + queue.processRequest( thisreq ); - if (isProfileRequest(thisreq)) { + if( isProfileRequest( thisreq ) ) { // reset the "auditInfoCertValue" - auditInfoCertValue = auditInfoCertValue(thisreq); + auditInfoCertValue = auditInfoCertValue( thisreq ); - if (auditInfoCertValue != null) { - if (!(auditInfoCertValue - .equals(ILogger.SIGNED_AUDIT_EMPTY_VALUE))) { + if( auditInfoCertValue != null ) { + if( !( auditInfoCertValue.equals( + ILogger.SIGNED_AUDIT_EMPTY_VALUE ) ) ) { // store a message in the signed audit log file - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, ILogger.SUCCESS, - auditRequesterID, - ILogger.SIGNED_AUDIT_ACCEPTANCE, - auditInfoCertValue); - - audit(auditMessage); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + ILogger.SIGNED_AUDIT_ACCEPTANCE, + auditInfoCertValue ); + + audit( auditMessage ); } } } - } catch (EBaseException eAudit1) { - if (isProfileRequest(thisreq)) { + } catch( EBaseException eAudit1 ) { + if( isProfileRequest( thisreq ) ) { // reset the "auditInfoCertValue" - auditInfoCertValue = auditInfoCertValue(thisreq); + auditInfoCertValue = auditInfoCertValue( thisreq ); - if (auditInfoCertValue != null) { - if (!(auditInfoCertValue - .equals(ILogger.SIGNED_AUDIT_EMPTY_VALUE))) { + if( auditInfoCertValue != null ) { + if( !( auditInfoCertValue.equals( + ILogger.SIGNED_AUDIT_EMPTY_VALUE ) ) ) { // store a message in the signed audit log file - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, - auditRequesterID, - ILogger.SIGNED_AUDIT_ACCEPTANCE, - auditInfoCertValue); - - audit(auditMessage); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + ILogger.SIGNED_AUDIT_ACCEPTANCE, + auditInfoCertValue ); + + audit( auditMessage ); } } } @@ -660,146 +680,158 @@ public class ConnectorServlet extends CMSServlet { replymsg = CMS.getHttpPKIMessage(); replymsg.fromRequest(thisreq); - CMS.debug("ConnectorServlet: replymsg.reqStatus=" - + replymsg.getReqStatus()); + CMS.debug("ConnectorServlet: replymsg.reqStatus=" + + replymsg.getReqStatus()); - // for audit log + //for audit log String agentID = sourceUserId; - String initiative = AuditFormat.FROMRA + " trustedManagerID: " - + agentID + " remote reqID " + msg.getReqId(); + String initiative = AuditFormat.FROMRA + " trustedManagerID: " + + agentID + " remote reqID " + msg.getReqId(); String authMgr = AuditFormat.NOAUTH; if (token != null) { - authMgr = token.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); + authMgr = + token.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); } if (isProfileRequest(thisreq)) { // XXX audit log - CMS.debug("ConnectorServlet: done requestId=" - + thisreq.getRequestId().toString()); + CMS.debug("ConnectorServlet: done requestId=" + + thisreq.getRequestId().toString()); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS, - auditSubjectID, ILogger.SUCCESS, auditProtectionMethod, - auditRequestType, auditRequesterID); + LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS, + auditSubjectID, + ILogger.SUCCESS, + auditProtectionMethod, + auditRequestType, + auditRequesterID); audit(auditMessage); - // NOTE: The signed audit event - // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST - // has already been logged at this point! + // NOTE: The signed audit event + // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST + // has already been logged at this point! return replymsg; } // Get the certificate info from the request - X509CertInfo x509Info[] = thisreq - .getExtDataInCertInfoArray(IRequest.CERT_INFO); + X509CertInfo x509Info[] = thisreq.getExtDataInCertInfoArray(IRequest.CERT_INFO); try { if (!thisreq.getRequestStatus().equals(RequestStatus.COMPLETE)) { if (x509Info != null) { for (int i = 0; i < x509Info.length; i++) { - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - thisreq.getRequestType(), - thisreq.getRequestId(), - initiative, - authMgr, - thisreq.getRequestStatus(), - x509Info[i] - .get(X509CertInfo.SUBJECT), - "" }); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + thisreq.getRequestType(), + thisreq.getRequestId(), + initiative, + authMgr, + thisreq.getRequestStatus(), + x509Info[i].get(X509CertInfo.SUBJECT), + ""} + ); } } else { - mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, AuditFormat.NODNFORMAT, - new Object[] { thisreq.getRequestType(), - thisreq.getRequestId(), initiative, - authMgr, thisreq.getRequestStatus() }); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.NODNFORMAT, + new Object[] { + thisreq.getRequestType(), + thisreq.getRequestId(), + initiative, + authMgr, + thisreq.getRequestStatus()} + ); } } else { - if (thisreq.getRequestType().equals( - IRequest.ENROLLMENT_REQUEST)) { + if (thisreq.getRequestType().equals(IRequest.ENROLLMENT_REQUEST)) { // XXX make the repeat record. // Get the certificate(s) from the request X509CertImpl x509Certs[] = null; if (x509Info != null) - x509Certs = thisreq - .getExtDataInCertArray(IRequest.ISSUED_CERTS); + x509Certs = + thisreq.getExtDataInCertArray(IRequest.ISSUED_CERTS); - // return potentially more than one certificates. + // return potentially more than one certificates. if (x509Certs != null) { for (int i = 0; i < x509Certs.length; i++) { - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - thisreq.getRequestType(), - thisreq.getRequestId(), - initiative, - authMgr, - "completed", - x509Certs[i].getSubjectDN(), - "cert issued serial number: 0x" - + x509Certs[i] - .getSerialNumber() - .toString(16) }); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + thisreq.getRequestType(), + thisreq.getRequestId(), + initiative, + authMgr, + "completed", + x509Certs[i].getSubjectDN(), + "cert issued serial number: 0x" + + x509Certs[i].getSerialNumber().toString(16)} + ); } } else { - mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, AuditFormat.NODNFORMAT, - new Object[] { thisreq.getRequestType(), - thisreq.getRequestId(), initiative, - authMgr, "completed" }); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.NODNFORMAT, + new Object[] { + thisreq.getRequestType(), + thisreq.getRequestId(), + initiative, + authMgr, + "completed"} + ); } - } else if (thisreq.getRequestType().equals( - IRequest.RENEWAL_REQUEST)) { - X509CertImpl[] certs = thisreq - .getExtDataInCertArray(IRequest.OLD_CERTS); + } else if (thisreq.getRequestType().equals(IRequest.RENEWAL_REQUEST)) { + X509CertImpl[] certs = + thisreq.getExtDataInCertArray(IRequest.OLD_CERTS); X509CertImpl old_cert = certs[0]; - certs = thisreq - .getExtDataInCertArray(IRequest.ISSUED_CERTS); + certs = thisreq.getExtDataInCertArray(IRequest.ISSUED_CERTS); X509CertImpl renewed_cert = certs[0]; if (old_cert != null && renewed_cert != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.RENEWALFORMAT, - new Object[] { - thisreq.getRequestId(), - initiative, - authMgr, - "completed", - old_cert.getSubjectDN(), - old_cert.getSerialNumber() - .toString(16), - "new serial number: 0x" - + renewed_cert - .getSerialNumber() - .toString(16) }); + AuditFormat.LEVEL, + AuditFormat.RENEWALFORMAT, + new Object[] { + thisreq.getRequestId(), + initiative, + authMgr, + "completed", + old_cert.getSubjectDN(), + old_cert.getSerialNumber().toString(16), + "new serial number: 0x" + + renewed_cert.getSerialNumber().toString(16)} + ); } else { - mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, AuditFormat.NODNFORMAT, - new Object[] { thisreq.getRequestType(), - thisreq.getRequestId(), initiative, - authMgr, "completed with error" }); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.NODNFORMAT, + new Object[] { + thisreq.getRequestType(), + thisreq.getRequestId(), + initiative, + authMgr, + "completed with error"} + ); } - } else if (thisreq.getRequestType().equals( - IRequest.REVOCATION_REQUEST)) { - Certificate[] oldCerts = thisreq - .getExtDataInCertArray(IRequest.OLD_CERTS); - RevokedCertImpl crlentries[] = thisreq - .getExtDataInRevokedCertArray(IRequest.REVOKED_CERTS); + } else if (thisreq.getRequestType().equals(IRequest.REVOCATION_REQUEST)) { + Certificate[] oldCerts = + thisreq.getExtDataInCertArray(IRequest.OLD_CERTS); + RevokedCertImpl crlentries[] = + thisreq.getExtDataInRevokedCertArray(IRequest.REVOKED_CERTS); CRLExtensions crlExts = crlentries[0].getExtensions(); int reason = 0; @@ -810,20 +842,18 @@ public class ConnectorServlet extends CMSServlet { Extension ext = (Extension) enum1.nextElement(); if (ext instanceof CRLReasonExtension) { - reason = ((CRLReasonExtension) ext) - .getReason().toInt(); + reason = ((CRLReasonExtension) ext).getReason().toInt(); break; } } } int count = oldCerts.length; - Integer result = thisreq - .getExtDataInInteger(IRequest.RESULT); + Integer result = thisreq.getExtDataInInteger(IRequest.RESULT); if (result.equals(IRequest.RES_ERROR)) { - String[] svcErrors = thisreq - .getExtDataInStringArray(IRequest.SVCERRORS); + String[] svcErrors = + thisreq.getExtDataInStringArray(IRequest.SVCERRORS); if (svcErrors != null && svcErrors.length > 0) { for (int i = 0; i < svcErrors.length; i++) { @@ -835,24 +865,19 @@ public class ConnectorServlet extends CMSServlet { if (oldCerts[j] instanceof X509CertImpl) { X509CertImpl cert = (X509CertImpl) oldCerts[j]; - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - thisreq.getRequestId(), - initiative, - "completed with error: " - + err, - cert.getSubjectDN(), - cert.getSerialNumber() - .toString( - 16), - RevocationReason - .fromInt( - reason) - .toString() }); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + thisreq.getRequestId(), + initiative, + "completed with error: " + + err, + cert.getSubjectDN(), + cert.getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString()} + ); } } } @@ -866,39 +891,44 @@ public class ConnectorServlet extends CMSServlet { if (oldCerts[j] instanceof X509CertImpl) { X509CertImpl cert = (X509CertImpl) oldCerts[j]; - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - thisreq.getRequestId(), - initiative, - "completed", - cert.getSubjectDN(), - cert.getSerialNumber() - .toString(16), - RevocationReason - .fromInt(reason) - .toString() }); + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + thisreq.getRequestId(), + initiative, + "completed", + cert.getSubjectDN(), + cert.getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString()} + ); } } } } } else { - mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, AuditFormat.NODNFORMAT, - new Object[] { thisreq.getRequestType(), - thisreq.getRequestId(), initiative, - authMgr, "completed" }); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.NODNFORMAT, + new Object[] { + thisreq.getRequestType(), + thisreq.getRequestId(), + initiative, + authMgr, + "completed"} + ); } } // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS, - auditSubjectID, ILogger.SUCCESS, auditProtectionMethod, - auditRequestType, auditRequesterID); + LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS, + auditSubjectID, + ILogger.SUCCESS, + auditProtectionMethod, + auditRequestType, + auditRequesterID); audit(auditMessage); } catch (IOException e) { @@ -906,9 +936,12 @@ public class ConnectorServlet extends CMSServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS, - auditSubjectID, ILogger.FAILURE, auditProtectionMethod, - auditRequestType, auditRequesterID); + LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS, + auditSubjectID, + ILogger.FAILURE, + auditProtectionMethod, + auditRequestType, + auditRequesterID); audit(auditMessage); } catch (CertificateException e) { @@ -916,9 +949,12 @@ public class ConnectorServlet extends CMSServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS, - auditSubjectID, ILogger.FAILURE, auditProtectionMethod, - auditRequestType, auditRequesterID); + LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS, + auditSubjectID, + ILogger.FAILURE, + auditProtectionMethod, + auditRequestType, + auditRequesterID); audit(auditMessage); } catch (Exception e) { @@ -926,40 +962,46 @@ public class ConnectorServlet extends CMSServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS, - auditSubjectID, ILogger.FAILURE, auditProtectionMethod, - auditRequestType, auditRequesterID); + LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS, + auditSubjectID, + ILogger.FAILURE, + auditProtectionMethod, + auditRequestType, + auditRequesterID); audit(auditMessage); } finally { SessionContext.releaseContext(); } - // NOTE: The signed audit event - // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST - // has already been logged at this point! + // NOTE: The signed audit event + // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST + // has already been logged at this point! return replymsg; } catch (EBaseException e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS, - auditSubjectID, ILogger.FAILURE, auditProtectionMethod, - auditRequestType, auditRequesterID); + LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS, + auditSubjectID, + ILogger.FAILURE, + auditProtectionMethod, + auditRequestType, + auditRequesterID); audit(auditMessage); - // NOTE: The signed audit event - // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST - // has either already been logged, or - // does not yet matter at this point! + // NOTE: The signed audit event + // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST + // has either already been logged, or + // does not yet matter at this point! return replymsg; } } - protected X509Certificate getPeerCert(HttpServletRequest req) - throws EBaseException { + protected X509Certificate + getPeerCert(HttpServletRequest req) throws EBaseException { return getSSLClientCertificate(req); } @@ -969,11 +1011,11 @@ public class ConnectorServlet extends CMSServlet { /** * Signed Audit Log - * - * This method is inherited by all extended "CMSServlet"s, and is called to - * store messages to the signed audit log. + * + * This method is inherited by all extended "CMSServlet"s, + * and is called to store messages to the signed audit log. * <P> - * + * * @param msg signed audit log message */ protected void audit(String msg) { @@ -984,17 +1026,21 @@ public class ConnectorServlet extends CMSServlet { return; } - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, null, - ILogger.S_SIGNED_AUDIT, ILogger.LL_SECURITY, msg); + mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, + null, + ILogger.S_SIGNED_AUDIT, + ILogger.LL_SECURITY, + msg); } /** * Signed Audit Log Profile ID - * - * This method is inherited by all extended "EnrollProfile"s, and is called - * to obtain the "ProfileID" for a signed audit log message. + * + * This method is inherited by all extended "EnrollProfile"s, + * and is called to obtain the "ProfileID" for + * a signed audit log message. * <P> - * + * * @return id string containing the signed audit log message ProfileID */ protected String auditProfileID() { @@ -1016,11 +1062,11 @@ public class ConnectorServlet extends CMSServlet { /** * Signed Audit Log Info Certificate Value - * + * * This method is called to obtain the certificate from the passed in * "X509CertImpl" for a signed audit log message. * <P> - * + * * @param request a Request containing an X509CertImpl * @return cert string containing the certificate */ @@ -1030,8 +1076,8 @@ public class ConnectorServlet extends CMSServlet { return null; } - X509CertImpl x509cert = request - .getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT); + X509CertImpl x509cert = request.getExtDataInCert( + IEnrollProfile.REQUEST_ISSUED_CERT); if (x509cert == null) { return ILogger.SIGNED_AUDIT_EMPTY_VALUE; @@ -1076,3 +1122,4 @@ public class ConnectorServlet extends CMSServlet { } } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java b/pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java index 27b5200b..2a024c3a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java @@ -40,14 +40,17 @@ import com.netscape.certsrv.request.IRequestQueue; import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; + + /** - * GenerateKeyPairServlet handles "server-side key pair generation" requests - * from the netkey RA. - * + * GenerateKeyPairServlet + * handles "server-side key pair generation" requests from the + * netkey RA. + * * @author Christina Fu (cfu) * @version $Revision$, $Date$ */ -// XXX add auditing later +//XXX add auditing later public class GenerateKeyPairServlet extends CMSServlet { /** @@ -65,7 +68,7 @@ public class GenerateKeyPairServlet extends CMSServlet { /** * Constructs GenerateKeyPair servlet. - * + * */ public GenerateKeyPairServlet() { super(); @@ -77,30 +80,37 @@ public class GenerateKeyPairServlet extends CMSServlet { String authority = config.getInitParameter(PROP_AUTHORITY); if (authority != null) - mAuthority = (IAuthority) CMS.getSubsystem(authority); - + mAuthority = (IAuthority) + CMS.getSubsystem(authority); + mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); } /** * Returns serlvet information. - * + * * @return name of this servlet */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /* - * processServerSideKeyGen - handles netkey DRM serverside keygen. netkey - * operations: 1. generate keypair (archive user priv key) 2. unwrap des key - * with transport key, then url decode it 3. wrap user priv key with des key - * 4. send the following to RA: * des key wrapped(user priv key) * user - * public key (note: RA should have kek-wrapped des key from TKS) * recovery - * blob (used for recovery) + * processServerSideKeyGen - + * handles netkey DRM serverside keygen. + * netkey operations: + * 1. generate keypair (archive user priv key) + * 2. unwrap des key with transport key, then url decode it + * 3. wrap user priv key with des key + * 4. send the following to RA: + * * des key wrapped(user priv key) + * * user public key + * (note: RA should have kek-wrapped des key from TKS) + * * recovery blob (used for recovery) */ private void processServerSideKeyGen(HttpServletRequest req, - HttpServletResponse resp) throws EBaseException { + HttpServletResponse resp) throws EBaseException + { IRequestQueue queue = mAuthority.getRequestQueue(); IRequest thisreq = null; @@ -113,8 +123,8 @@ public class GenerateKeyPairServlet extends CMSServlet { String rCUID = req.getParameter("CUID"); String rUserid = req.getParameter("userid"); String rdesKeyString = req.getParameter("drm_trans_desKey"); - String rArchive = req.getParameter("archive"); - String rKeysize = req.getParameter("keysize"); + String rArchive = req.getParameter("archive"); + String rKeysize = req.getParameter("keysize"); if ((rCUID == null) || (rCUID.equals(""))) { CMS.debug("GenerateKeyPairServlet: processServerSideKeygen(): missing request parameter: CUID"); @@ -126,18 +136,19 @@ public class GenerateKeyPairServlet extends CMSServlet { missingParam = true; } - if ((rKeysize == null) || (rKeysize.equals(""))) { - rKeysize = "1024"; // default to 1024 - } + if ((rKeysize == null) || (rKeysize.equals(""))) { + rKeysize = "1024"; // default to 1024 + } - if ((rdesKeyString == null) || (rdesKeyString.equals(""))) { + if ((rdesKeyString == null) || + (rdesKeyString.equals(""))) { CMS.debug("GenerateKeyPairServlet: processServerSideKeygen(): missing request parameter: DRM-transportKey-wrapped DES key"); missingParam = true; } if ((rArchive == null) || (rArchive.equals(""))) { CMS.debug("GenerateKeyPairServlet: processServerSideKeygen(): missing key archival flag 'archive' ,default to true"); - rArchive = "true"; + rArchive = "true"; } String selectedToken = null; @@ -145,23 +156,21 @@ public class GenerateKeyPairServlet extends CMSServlet { if (!missingParam) { thisreq = queue.newRequest(IRequest.NETKEY_KEYGEN_REQUEST); - thisreq.setExtData(IRequest.REQUESTOR_TYPE, - IRequest.REQUESTOR_NETKEY_RA); + thisreq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_NETKEY_RA); thisreq.setExtData(IRequest.NETKEY_ATTR_CUID, rCUID); thisreq.setExtData(IRequest.NETKEY_ATTR_USERID, rUserid); - thisreq.setExtData(IRequest.NETKEY_ATTR_DRMTRANS_DES_KEY, - rdesKeyString); - thisreq.setExtData(IRequest.NETKEY_ATTR_ARCHIVE_FLAG, rArchive); - thisreq.setExtData(IRequest.NETKEY_ATTR_KEY_SIZE, rKeysize); + thisreq.setExtData(IRequest.NETKEY_ATTR_DRMTRANS_DES_KEY, rdesKeyString); + thisreq.setExtData(IRequest.NETKEY_ATTR_ARCHIVE_FLAG, rArchive); + thisreq.setExtData(IRequest.NETKEY_ATTR_KEY_SIZE, rKeysize); - queue.processRequest(thisreq); + queue.processRequest( thisreq ); Integer result = thisreq.getExtDataInInteger(IRequest.RESULT); if (result != null) { - // sighs! tps thinks 0 is good, and DRM thinks 1 is good - if (result.intValue() == 1) - status = "0"; - else - status = result.toString(); + // sighs! tps thinks 0 is good, and DRM thinks 1 is good + if (result.intValue() == 1) + status = "0"; + else + status = result.toString(); } else status = "7"; @@ -175,40 +184,40 @@ public class GenerateKeyPairServlet extends CMSServlet { String wrappedPrivKeyString = ""; String publicKeyString = ""; - if (thisreq == null) { - CMS.debug("GenerateKeyPairServlet::processServerSideKeyGen() - " - + "thisreq is null!"); - throw new EBaseException("thisreq is null"); + if( thisreq == null ) { + CMS.debug( "GenerateKeyPairServlet::processServerSideKeyGen() - " + + "thisreq is null!" ); + throw new EBaseException( "thisreq is null" ); } publicKeyString = thisreq.getExtDataInString("public_key"); wrappedPrivKeyString = thisreq.getExtDataInString("wrappedUserPrivate"); - String ivString = thisreq.getExtDataInString("iv_s"); + String ivString = thisreq.getExtDataInString("iv_s"); /* - * if (selectedToken == null) status = "4"; - */ - if (!status.equals("0")) - value = "status=" + status; + if (selectedToken == null) + status = "4"; + */ + if (!status.equals("0")) + value = "status="+status; else { StringBuffer sb = new StringBuffer(); sb.append("status=0&"); - sb.append("wrapped_priv_key="); - sb.append(wrappedPrivKeyString); - sb.append("&iv_param="); - sb.append(ivString); + sb.append("wrapped_priv_key="); + sb.append(wrappedPrivKeyString); + sb.append("&iv_param="); + sb.append(ivString); sb.append("&public_key="); - sb.append(publicKeyString); + sb.append(publicKeyString); value = sb.toString(); } - CMS.debug("processServerSideKeyGen:outputString.encode " + value); + CMS.debug("processServerSideKeyGen:outputString.encode " +value); - try { + try{ resp.setContentLength(value.length()); - CMS.debug("GenerateKeyPairServlet:outputString.length " - + value.length()); + CMS.debug("GenerateKeyPairServlet:outputString.length " +value.length()); OutputStream ooss = resp.getOutputStream(); ooss.write(value.getBytes()); ooss.flush(); @@ -218,14 +227,20 @@ public class GenerateKeyPairServlet extends CMSServlet { } } - /* - * - * For GenerateKeyPair: - * - * input: CUID=value0 trans-wrapped-desKey=value1 - * - * output: status=value0 publicKey=value1 - * desKey-wrapped-userPrivateKey=value2 proofOfArchival=value3 + + /* + + * For GenerateKeyPair: + * + * input: + * CUID=value0 + * trans-wrapped-desKey=value1 + * + * output: + * status=value0 + * publicKey=value1 + * desKey-wrapped-userPrivateKey=value2 + * proofOfArchival=value3 */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -236,14 +251,14 @@ public class GenerateKeyPairServlet extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "execute"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "execute"); } catch (Exception e) { } if (authzToken == null) { - try { + try{ resp.setContentType("text/html"); String value = "unauthorized="; CMS.debug("GenerateKeyPairServlet: Unauthorized"); @@ -253,7 +268,7 @@ public class GenerateKeyPairServlet extends CMSServlet { ooss.write(value.getBytes()); ooss.flush(); mRenderResult = false; - } catch (Exception e) { + }catch (Exception e) { CMS.debug("GenerateKeyPairServlet: " + e.toString()); } @@ -262,28 +277,28 @@ public class GenerateKeyPairServlet extends CMSServlet { } // begin Netkey serverSideKeyGen and archival - CMS.debug("GenerateKeyPairServlet: processServerSideKeyGen would be called"); - processServerSideKeyGen(req, resp); - return; + CMS.debug("GenerateKeyPairServlet: processServerSideKeyGen would be called"); + processServerSideKeyGen(req, resp); + return; // end Netkey functions } - /** - * XXX remember tocheck peer SSL cert and get RA id later - * + /** XXX remember tocheck peer SSL cert and get RA id later + * * Serves HTTP admin request. - * + * * @param req HTTP request * @param resp HTTP response */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { String scope = req.getParameter(Constants.OP_SCOPE); String op = req.getParameter(Constants.OP_TYPE); - super.service(req, resp); + super.service(req, resp); + } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java b/pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java index 0c67eaf1..fa454bd6 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java @@ -39,14 +39,16 @@ import com.netscape.certsrv.request.IRequestQueue; import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; + /** - * TokenKeyRecoveryServlet handles "key recovery service" requests from the + * TokenKeyRecoveryServlet + * handles "key recovery service" requests from the * netkey TPS - * + * * @author Christina Fu (cfu) * @version $Revision$, $Date$ */ -// XXX add auditing later +//XXX add auditing later public class TokenKeyRecoveryServlet extends CMSServlet { /** @@ -63,7 +65,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet { /** * Constructs TokenKeyRecovery servlet. - * + * */ public TokenKeyRecoveryServlet() { super(); @@ -75,26 +77,27 @@ public class TokenKeyRecoveryServlet extends CMSServlet { String authority = config.getInitParameter(PROP_AUTHORITY); if (authority != null) - mAuthority = (IAuthority) CMS.getSubsystem(authority); - + mAuthority = (IAuthority) + CMS.getSubsystem(authority); + mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); } /** * Returns serlvet information. - * + * * @return name of this servlet */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } - /** + /** * Process the HTTP request. - * + * * @param s The URL to decode */ - protected String URLdecode(String s) { + protected String URLdecode(String s) { if (s == null) return null; ByteArrayOutputStream out = new ByteArrayOutputStream(s.length()); @@ -114,30 +117,39 @@ public class TokenKeyRecoveryServlet extends CMSServlet { } } // end for return out.toString(); - } + } /* - * processTokenKeyRecovery handles netkey key recovery requests input params - * are: CUID - the CUID of the old token where the keys/certs were initially - * for userid - the userid that belongs to both the old token and the new - * token drm_trans_desKey - the des key generated for the NEW token wrapped - * with DRM transport key cert - the user cert corresponding to the key to - * be recovered - * - * operations: 1. unwrap des key with transport key, then url decode it 2. - * retrieve user private key 3. wrap user priv key with des key 4. send the - * following to RA: * des key wrapped(user priv key) (note: RA should have - * kek-wrapped des key from TKS) * recovery blob (used for recovery) - * - * output params are: status=value0 publicKey=value1 - * desKey-wrapped-userPrivateKey=value2 + * processTokenKeyRecovery + * handles netkey key recovery requests + * input params are: + * CUID - the CUID of the old token where the keys/certs were initially for + * userid - the userid that belongs to both the old token and the new token + * drm_trans_desKey - the des key generated for the NEW token + * wrapped with DRM transport key + * cert - the user cert corresponding to the key to be recovered + * + * operations: + * 1. unwrap des key with transport key, then url decode it + * 2. retrieve user private key + * 3. wrap user priv key with des key + * 4. send the following to RA: + * * des key wrapped(user priv key) + * (note: RA should have kek-wrapped des key from TKS) + * * recovery blob (used for recovery) + * + * output params are: + * status=value0 + * publicKey=value1 + * desKey-wrapped-userPrivateKey=value2 */ private void processTokenKeyRecovery(HttpServletRequest req, - HttpServletResponse resp) throws EBaseException { + HttpServletResponse resp) throws EBaseException + { IRequestQueue queue = mAuthority.getRequestQueue(); IRequest thisreq = null; - - // IConfigStore sconfig = CMS.getConfigStore(); + + // IConfigStore sconfig = CMS.getConfigStore(); boolean missingParam = false; String status = "0"; @@ -146,7 +158,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet { String rCUID = req.getParameter("CUID"); String rUserid = req.getParameter("userid"); String rdesKeyString = req.getParameter("drm_trans_desKey"); - String rCert = req.getParameter("cert"); + String rCert = req.getParameter("cert"); if ((rCUID == null) || (rCUID.equals(""))) { CMS.debug("TokenKeyRecoveryServlet: processTokenKeyRecovery(): missing request parameter: CUID"); @@ -158,7 +170,8 @@ public class TokenKeyRecoveryServlet extends CMSServlet { missingParam = true; } - if ((rdesKeyString == null) || (rdesKeyString.equals(""))) { + if ((rdesKeyString == null) || + (rdesKeyString.equals(""))) { CMS.debug("TokenKeyRecoveryServlet: processTokenKeyRecovery(): missing request parameter: DRM-transportKey-wrapped des key"); missingParam = true; } @@ -173,26 +186,24 @@ public class TokenKeyRecoveryServlet extends CMSServlet { if (!missingParam) { thisreq = queue.newRequest(IRequest.NETKEY_KEYRECOVERY_REQUEST); - thisreq.setExtData(IRequest.REQUESTOR_TYPE, - IRequest.REQUESTOR_NETKEY_RA); + thisreq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_NETKEY_RA); thisreq.setExtData(IRequest.NETKEY_ATTR_CUID, rCUID); thisreq.setExtData(IRequest.NETKEY_ATTR_USERID, rUserid); - thisreq.setExtData(IRequest.NETKEY_ATTR_DRMTRANS_DES_KEY, - rdesKeyString); + thisreq.setExtData(IRequest.NETKEY_ATTR_DRMTRANS_DES_KEY, rdesKeyString); thisreq.setExtData(IRequest.NETKEY_ATTR_USER_CERT, rCert); - // XXX auto process for netkey - queue.processRequest(thisreq); - // IService svc = (IService) new TokenKeyRecoveryService(kra); - // svc.serviceRequest(thisreq); + //XXX auto process for netkey + queue.processRequest( thisreq ); + // IService svc = (IService) new TokenKeyRecoveryService(kra); + // svc.serviceRequest(thisreq); Integer result = thisreq.getExtDataInInteger(IRequest.RESULT); if (result != null) { - // sighs! tps thinks 0 is good, and drm thinks 1 is good - if (result.intValue() == 1) - status = "0"; - else - status = result.toString(); + // sighs! tps thinks 0 is good, and drm thinks 1 is good + if (result.intValue() == 1) + status ="0"; + else + status = result.toString(); } else status = "7"; @@ -207,25 +218,25 @@ public class TokenKeyRecoveryServlet extends CMSServlet { String wrappedPrivKeyString = ""; String publicKeyString = ""; String ivString = ""; - /* - * if is RECOVERY_PROTOTYPE String recoveryBlobString = ""; - * - * IKeyRecord kr = (IKeyRecord) thisreq.get("keyRecord"); byte - * publicKey_b[] = kr.getPublicKeyData(); - * - * BigInteger serialNo = kr.getSerialNumber(); - * - * String serialNumberString = - * com.netscape.cmsutil.util.Utils.SpecialEncode - * (serialNo.toByteArray()); - * - * recoveryBlobString = (String) thisreq.get("recoveryBlob"); - */ - - if (thisreq == null) { - CMS.debug("TokenKeyRecoveryServlet::processTokenKeyRecovery() - " - + "thisreq is null!"); - throw new EBaseException("thisreq is null"); + /* if is RECOVERY_PROTOTYPE + String recoveryBlobString = ""; + + IKeyRecord kr = (IKeyRecord) thisreq.get("keyRecord"); + byte publicKey_b[] = kr.getPublicKeyData(); + + BigInteger serialNo = kr.getSerialNumber(); + + String serialNumberString = + com.netscape.cmsutil.util.Utils.SpecialEncode(serialNo.toByteArray()); + + recoveryBlobString = (String) + thisreq.get("recoveryBlob"); + */ + + if( thisreq == null ) { + CMS.debug( "TokenKeyRecoveryServlet::processTokenKeyRecovery() - " + + "thisreq is null!" ); + throw new EBaseException( "thisreq is null" ); } publicKeyString = thisreq.getExtDataInString("public_key"); @@ -233,10 +244,11 @@ public class TokenKeyRecoveryServlet extends CMSServlet { ivString = thisreq.getExtDataInString("iv_s"); /* - * if (selectedToken == null) status = "4"; - */ - if (!status.equals("0")) - value = "status=" + status; + if (selectedToken == null) + status = "4"; + */ + if (!status.equals("0")) + value = "status="+status; else { StringBuffer sb = new StringBuffer(); sb.append("status=0&"); @@ -247,14 +259,13 @@ public class TokenKeyRecoveryServlet extends CMSServlet { sb.append("&iv_param="); sb.append(ivString); value = sb.toString(); - + } - CMS.debug("ProcessTokenKeyRecovery:outputString.encode " + value); + CMS.debug("ProcessTokenKeyRecovery:outputString.encode " +value); - try { + try{ resp.setContentLength(value.length()); - CMS.debug("TokenKeyRecoveryServlet:outputString.length " - + value.length()); + CMS.debug("TokenKeyRecoveryServlet:outputString.length " +value.length()); OutputStream ooss = resp.getOutputStream(); ooss.write(value.getBytes()); ooss.flush(); @@ -264,13 +275,19 @@ public class TokenKeyRecoveryServlet extends CMSServlet { } } - /* - * For TokenKeyRecovery - * - * input: CUID=value0 trans-wrapped-desKey=value1 - * - * output: status=value0 publicKey=value1 - * desKey-wrapped-userPrivateKey=value2 proofOfArchival=value3 + + /* + * For TokenKeyRecovery + * + * input: + * CUID=value0 + * trans-wrapped-desKey=value1 + * + * output: + * status=value0 + * publicKey=value1 + * desKey-wrapped-userPrivateKey=value2 + * proofOfArchival=value3 */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -281,14 +298,14 @@ public class TokenKeyRecoveryServlet extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "submit"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "submit"); } catch (Exception e) { } if (authzToken == null) { - try { + try{ resp.setContentType("text/html"); String value = "unauthorized="; CMS.debug("TokenKeyRecoveryServlet: Unauthorized"); @@ -298,7 +315,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet { ooss.write(value.getBytes()); ooss.flush(); mRenderResult = false; - } catch (Exception e) { + }catch (Exception e) { CMS.debug("TokenKeyRecoveryServlet: " + e.toString()); } @@ -307,28 +324,28 @@ public class TokenKeyRecoveryServlet extends CMSServlet { } // begin Netkey serverSideKeyGen and archival - CMS.debug("TokenKeyRecoveryServlet: processTokenKeyRecovery would be called"); - processTokenKeyRecovery(req, resp); - return; + CMS.debug("TokenKeyRecoveryServlet: processTokenKeyRecovery would be called"); + processTokenKeyRecovery(req, resp); + return; // end Netkey functions } - /** - * XXX remember to check peer SSL cert and get RA id later - * + /** XXX remember to check peer SSL cert and get RA id later + * * Serves HTTP admin request. - * + * * @param req HTTP request * @param resp HTTP response */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { String scope = req.getParameter(Constants.OP_SCOPE); String op = req.getParameter(Constants.OP_TYPE); - super.service(req, resp); + super.service(req, resp); + } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java index 4bb96f14..a2509287 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.IOException; import java.util.StringTokenizer; @@ -40,19 +41,19 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class AdminAuthenticatePanel extends WizardPanelBase { - public AdminAuthenticatePanel() { - } + public AdminAuthenticatePanel() {} /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Admin Authentication"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, - String id) throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException { setPanelNo(panelno); setName("Admin Authentication"); setId(id); @@ -61,24 +62,24 @@ public class AdminAuthenticatePanel extends WizardPanelBase { public boolean isSubPanel() { return true; } - + /** * Should we skip this panel for the configuration. */ public boolean shouldSkip() { CMS.debug("AdminAuthenticatePanel: should skip"); - + IConfigStore cs = CMS.getConfigStore(); // if we are root, no need to get the certificate chain. - + try { - String select = cs.getString("preop.subsystem.select", ""); + String select = cs.getString("preop.subsystem.select",""); if (select.equals("new")) { return true; } } catch (EBaseException e) { } - + return false; } @@ -102,16 +103,15 @@ public class AdminAuthenticatePanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) { - } + } catch (EBaseException e) {} return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -119,17 +119,18 @@ public class AdminAuthenticatePanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { context.put("title", "Admin Authentication"); IConfigStore config = CMS.getConfigStore(); if (isPanelDone()) { - + try { String s = config.getString("preop.master.admin.uid", ""); String type = config.getString("preop.subsystem.select", ""); if (type.equals("clone")) - context.put("uid", s); + context.put("uid", s); else context.put("uid", ""); } catch (Exception e) { @@ -148,14 +149,16 @@ public class AdminAuthenticatePanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { IConfigStore config = CMS.getConfigStore(); String subsystemtype = ""; String cstype = ""; @@ -167,7 +170,7 @@ public class AdminAuthenticatePanel extends WizardPanelBase { cstype = toLowerCaseSubsystemType(cstype); if (subsystemtype.equals("clone")) { - CMS.debug("AdminAuthenticatePanel: this is the clone subsystem"); + CMS.debug("AdminAuthenticatePanel: this is the clone subsystem"); String uid = HttpInput.getUID(request, "uid"); if (uid == null) { context.put("errorString", "Uid is empty"); @@ -182,7 +185,7 @@ public class AdminAuthenticatePanel extends WizardPanelBase { try { host = config.getString("preop.master.hostname"); } catch (Exception e) { - CMS.debug("AdminAuthenticatePanel update: " + e.toString()); + CMS.debug("AdminAuthenticatePanel update: "+e.toString()); context.put("errorString", "Missing hostname for master"); throw new IOException("Missing hostname"); } @@ -190,7 +193,7 @@ public class AdminAuthenticatePanel extends WizardPanelBase { try { httpsport = config.getInteger("preop.master.httpsadminport"); } catch (Exception e) { - CMS.debug("AdminAuthenticatePanel update: " + e.toString()); + CMS.debug("AdminAuthenticatePanel update: "+e.toString()); context.put("errorString", "Missing port for master"); throw new IOException("Missing port"); } @@ -232,10 +235,10 @@ public class AdminAuthenticatePanel extends WizardPanelBase { c1.append("cloning."); c1.append(t1); c1.append(".pubkey.encoded"); - - if (s1.length() != 0) + + if (s1.length()!=0) s1.append(","); - + s1.append(cstype); s1.append("."); s1.append(t1); @@ -245,16 +248,11 @@ public class AdminAuthenticatePanel extends WizardPanelBase { c1.append(",preop.ca.hostname,preop.ca.httpport,preop.ca.httpsport,preop.ca.list,preop.ca.pkcs7,preop.ca.type"); } - String content = "uid=" - + uid - + "&pwd=" - + pwd - + "&op=get&names=cloning.module.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,internaldb.replication.password,internaldb.ldapconn.host,internaldb.ldapconn.port,internaldb.ldapauth.bindDN" - + c1.toString() + "&substores=" + s1.toString(); + String content = "uid="+uid+"&pwd="+pwd+"&op=get&names=cloning.module.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,internaldb.replication.password,internaldb.ldapconn.host,internaldb.ldapconn.port,internaldb.ldapauth.bindDN"+c1.toString()+"&substores="+s1.toString(); - boolean success = updateConfigEntries(host, httpsport, true, "/" - + cstype + "/admin/" + cstype + "/getConfigEntries", - content, config, response); + boolean success = updateConfigEntries(host, httpsport, true, + "/"+cstype+"/admin/"+cstype+"/getConfigEntries", content, config, + response); try { config.commit(false); @@ -262,16 +260,13 @@ public class AdminAuthenticatePanel extends WizardPanelBase { } if (!success) { - context.put("errorString", - "Failed to get configuration entries from the master"); - throw new IOException( - "Failed to get configuration entries from the master"); + context.put("errorString", "Failed to get configuration entries from the master"); + throw new IOException("Failed to get configuration entries from the master"); } else { boolean cloneReady = isCertdbCloned(request, context); if (!cloneReady) { CMS.debug("AdminAuthenticatePanel update: clone does not have all the certificates."); - context.put("errorString", - "Make sure you have copied the certificate database over to the clone"); + context.put("errorString", "Make sure you have copied the certificate database over to the clone"); throw new IOException("Clone is not ready"); } } @@ -290,13 +285,16 @@ public class AdminAuthenticatePanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) + { context.put("title", "Admin Authentication"); context.put("password", ""); context.put("panel", "admin/console/config/adminauthenticatepanel.vm"); } - private boolean isCertdbCloned(HttpServletRequest request, Context context) { + private boolean isCertdbCloned(HttpServletRequest request, + Context context) { IConfigStore config = CMS.getConfigStore(); String certList = ""; try { @@ -308,13 +306,13 @@ public class AdminAuthenticatePanel extends WizardPanelBase { String tokenname = config.getString("preop.module.token", ""); CryptoToken tok = cm.getTokenByName(tokenname); CryptoStore store = tok.getCryptoStore(); - String name1 = "preop.master." + token + ".nickname"; + String name1 = "preop.master."+token+".nickname"; String nickname = config.getString(name1, ""); - if (!tokenname.equals("Internal Key Storage Token") - && !tokenname.equals("internal")) - nickname = tokenname + ":" + nickname; + if (!tokenname.equals("Internal Key Storage Token") && + !tokenname.equals("internal")) + nickname = tokenname+":"+nickname; - CMS.debug("AdminAuthenticatePanel isCertdbCloned: " + nickname); + CMS.debug("AdminAuthenticatePanel isCertdbCloned: "+nickname); X509Certificate cert = cm.findCertByNickname(nickname); if (cert == null) return false; diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java index 1265fb87..78bb9485 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.File; @@ -69,19 +70,18 @@ public class AdminPanel extends WizardPanelBase { private static final String ADMIN_UID = "admin"; private final static String CERT_TAG = "admin"; - public AdminPanel() { - } + public AdminPanel() {} /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Administrator"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, - String id) { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) { setPanelNo(panelno); setName("Administrator"); setId(id); @@ -101,39 +101,29 @@ public class AdminPanel extends WizardPanelBase { } else { return true; } - } catch (Exception e) { - } + } catch (Exception e) {} return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - - Descriptor emailDesc = new Descriptor(IDescriptor.STRING, null, /* - * no - * constraint - */ - null, /* no default parameter */ - "Email address for an administrator"); + + Descriptor emailDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */ + null, /* no default parameter */ + "Email address for an administrator"); set.add("admin_email", emailDesc); - Descriptor pwdDesc = new Descriptor(IDescriptor.STRING, null, /* - * no - * constraint - */ - null, /* no default parameter */ - "Administrator's password"); + Descriptor pwdDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */ + null, /* no default parameter */ + "Administrator's password"); set.add("pwd", pwdDesc); - Descriptor pwdAgainDesc = new Descriptor(IDescriptor.STRING, null, /* - * no - * constraint - */ - null, /* no default parameter */ - "Administrator's password again"); + Descriptor pwdAgainDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */ + null, /* no default parameter */ + "Administrator's password again"); set.add("admin_password_again", pwdAgainDesc); return set; @@ -143,7 +133,8 @@ public class AdminPanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { CMS.debug("AdminPanel: display"); IConfigStore cs = CMS.getConfigStore(); @@ -161,8 +152,7 @@ public class AdminPanel extends WizardPanelBase { try { type = cs.getString("preop.ca.type", ""); subsystemtype = cs.getString("cs.type", ""); - } catch (Exception e) { - } + } catch (Exception e) {} if (isPanelDone()) { try { @@ -171,14 +161,11 @@ public class AdminPanel extends WizardPanelBase { context.put("admin_pwd", ""); context.put("admin_pwd_again", ""); context.put("admin_uid", cs.getString("preop.admin.uid")); - } catch (Exception e) { - } + } catch (Exception e) {} } else { String def_admin_name = ""; try { - def_admin_name = cs.getString("cs.type") - + " Administrator of Instance " - + cs.getString("instanceId"); + def_admin_name = cs.getString("cs.type") + " Administrator of Instance " + cs.getString("instanceId"); } catch (EBaseException e) { } context.put("admin_name", def_admin_name); @@ -189,7 +176,7 @@ public class AdminPanel extends WizardPanelBase { } ISubsystem ca = (ISubsystem) CMS.getSubsystem("ca"); - if (ca == null) { + if (ca == null) { context.put("ca", "false"); } else { context.put("ca", "true"); @@ -199,24 +186,24 @@ public class AdminPanel extends WizardPanelBase { String domainname = ""; try { domainname = cs.getString("securitydomain.name", ""); - } catch (EBaseException e1) { - } + } catch (EBaseException e1) {} context.put("securityDomain", domainname); context.put("title", "Administrator"); context.put("panel", "admin/console/config/adminpanel.vm"); context.put("errorString", ""); context.put("info", info); - + } /** * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException + { String pwd = HttpInput.getPassword(request, "__pwd"); - String pwd_again = HttpInput.getPassword(request, - "__admin_password_again"); + String pwd_again = HttpInput.getPassword(request, "__admin_password_again"); String email = HttpInput.getEmail(request, "email"); String name = HttpInput.getName(request, "name"); String uid = HttpInput.getUID(request, "uid"); @@ -243,8 +230,7 @@ public class AdminPanel extends WizardPanelBase { if (!pwd.equals(pwd_again)) { context.put("updateStatus", "validate-failure"); - throw new IOException( - "Password and password again are not the same."); + throw new IOException("Password and password again are not the same."); } if (email == null || email.length() == 0) { @@ -257,7 +243,8 @@ public class AdminPanel extends WizardPanelBase { * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { IConfigStore config = CMS.getConfigStore(); context.put("info", ""); context.put("import", "true"); @@ -269,15 +256,13 @@ public class AdminPanel extends WizardPanelBase { try { type = config.getString(PRE_CA_TYPE, ""); subsystemtype = config.getString("cs.type", ""); - security_domain_type = config - .getString("securitydomain.select", ""); + security_domain_type = config.getString("securitydomain.select",""); selected_hierarchy = config.getString("preop.hierarchy.select", ""); - } catch (Exception e) { - } + } catch (Exception e) {} ISubsystem ca = (ISubsystem) CMS.getSubsystem("ca"); - if (ca == null) { + if (ca == null) { context.put("ca", "false"); } else { context.put("ca", "true"); @@ -301,12 +286,14 @@ public class AdminPanel extends WizardPanelBase { throw e; } - // REMINDER: This panel is NOT used by "clones" - if (ca != null) { - if (selected_hierarchy.equals("root")) { - CMS.debug("AdminPanel update: " + "Root CA subsystem"); + // REMINDER: This panel is NOT used by "clones" + if( ca != null ) { + if( selected_hierarchy.equals( "root" ) ) { + CMS.debug( "AdminPanel update: " + + "Root CA subsystem"); } else { - CMS.debug("AdminPanel update: " + "Subordinate CA subsystem"); + CMS.debug( "AdminPanel update: " + + "Subordinate CA subsystem"); } try { @@ -322,8 +309,10 @@ public class AdminPanel extends WizardPanelBase { String ca_hostname = null; int ca_port = -1; - // REMINDER: This panel is NOT used by "clones" - CMS.debug("AdminPanel update: " + subsystemtype + " subsystem"); + // REMINDER: This panel is NOT used by "clones" + CMS.debug( "AdminPanel update: " + + subsystemtype + + " subsystem" ); if (type.equals("sdca")) { try { @@ -350,11 +339,10 @@ public class AdminPanel extends WizardPanelBase { try { config.commit(false); - } catch (Exception e) { - } + } catch (Exception e) {} context.put("updateStatus", "success"); - + } private void createAdmin(HttpServletRequest request) throws IOException { @@ -414,8 +402,7 @@ public class AdminPanel extends WizardPanelBase { String select = config.getString("securitydomain.select", ""); if (select.equals("new")) { - group = system - .getGroupFromName("Security Domain Administrators"); + group = system.getGroupFromName("Security Domain Administrators"); if (!group.isMember(uid)) { group.addMemberName(uid); system.modifyGroup(group); @@ -427,8 +414,7 @@ public class AdminPanel extends WizardPanelBase { system.modifyGroup(group); } - group = system - .getGroupFromName("Enterprise KRA Administrators"); + group = system.getGroupFromName("Enterprise KRA Administrators"); if (!group.isMember(uid)) { group.addMemberName(uid); system.modifyGroup(group); @@ -440,22 +426,19 @@ public class AdminPanel extends WizardPanelBase { system.modifyGroup(group); } - group = system - .getGroupFromName("Enterprise TKS Administrators"); + group = system.getGroupFromName("Enterprise TKS Administrators"); if (!group.isMember(uid)) { group.addMemberName(uid); system.modifyGroup(group); } - group = system - .getGroupFromName("Enterprise OCSP Administrators"); + group = system.getGroupFromName("Enterprise OCSP Administrators"); if (!group.isMember(uid)) { group.addMemberName(uid); system.modifyGroup(group); } - group = system - .getGroupFromName("Enterprise TPS Administrators"); + group = system.getGroupFromName("Enterprise TPS Administrators"); if (!group.isMember(uid)) { group.addMemberName(uid); system.modifyGroup(group); @@ -467,9 +450,8 @@ public class AdminPanel extends WizardPanelBase { } } - private void submitRequest(String ca_hostname, int ca_port, - HttpServletRequest request, HttpServletResponse response, - Context context) throws IOException { + private void submitRequest(String ca_hostname, int ca_port, HttpServletRequest request, + HttpServletResponse response, Context context) throws IOException { IConfigStore config = CMS.getConfigStore(); String sd_hostname = null; int sd_port = -1; @@ -477,29 +459,22 @@ public class AdminPanel extends WizardPanelBase { try { sd_hostname = config.getString("securitydomain.host", ""); sd_port = config.getInteger("securitydomain.httpseeport"); - } catch (Exception e) { - } + } catch (Exception e) {} String profileId = HttpInput.getID(request, "profileId"); if (profileId == null) { try { - profileId = config.getString("preop.admincert.profile", - "caAdminCert"); - } catch (Exception e) { - } + profileId = config.getString("preop.admincert.profile", "caAdminCert"); + } catch (Exception e) {} } - String cert_request_type = HttpInput - .getID(request, "cert_request_type"); + String cert_request_type = HttpInput.getID(request, "cert_request_type"); String cert_request = HttpInput.getCertRequest(request, "cert_request"); cert_request = URLEncoder.encode(cert_request, "UTF-8"); String session_id = CMS.getConfigSDSessionId(); String subjectDN = HttpInput.getString(request, "subject"); - String content = "profileId=" + profileId + "&cert_request_type=" - + cert_request_type + "&cert_request=" + cert_request - + "&xmlOutput=true&sessionID=" + session_id + "&subject=" - + subjectDN; + String content = "profileId="+profileId+"&cert_request_type="+cert_request_type+"&cert_request="+cert_request+"&xmlOutput=true&sessionID="+session_id+"&subject="+subjectDN; HttpClient httpclient = new HttpClient(); String c = null; @@ -522,7 +497,7 @@ public class AdminPanel extends WizardPanelBase { c = httpresponse.getContent(); CMS.debug("AdminPanel submitRequest: content=" + c); - + // retrieve the request Id ad admin certificate if (c != null) { try { @@ -533,15 +508,15 @@ public class AdminPanel extends WizardPanelBase { try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug("AdminPanel::submitRequest() - " - + "Exception=" + e.toString()); - throw new IOException(e.toString()); + CMS.debug( "AdminPanel::submitRequest() - " + + "Exception="+e.toString() ); + throw new IOException( e.toString() ); } String status = parser.getValue("Status"); CMS.debug("AdminPanel update: status=" + status); if (status.equals("2")) { - // relogin to the security domain + //relogin to the security domain reloginSecurityDomain(response); return; } else if (!status.equals("0")) { @@ -550,7 +525,7 @@ public class AdminPanel extends WizardPanelBase { context.put("errorString", error); throw new IOException(error); } - + IConfigStore cs = CMS.getConfigStore(); String id = parser.getValue("Id"); @@ -564,7 +539,7 @@ public class AdminPanel extends WizardPanelBase { + File.separator + "admin.b64"; cs.putString("preop.admincert.b64", dir); - PrintStream ps = new PrintStream(new FileOutputStream(dir)); + PrintStream ps = new PrintStream(new FileOutputStream(dir)); ps.println(b64); ps.flush(); @@ -586,13 +561,12 @@ public class AdminPanel extends WizardPanelBase { HttpServletResponse response, Context context) throws IOException { String cert_request = HttpInput.getCertRequest(request, "cert_request"); - String cert_request_type = HttpInput - .getID(request, "cert_request_type"); + String cert_request_type = HttpInput.getID(request, "cert_request_type"); IConfigStore cs = CMS.getConfigStore(); - if (cs == null) { - CMS.debug("AdminPanel::createAdminCertificate() - cs is null!"); - throw new IOException("cs is null"); + if( cs == null ) { + CMS.debug( "AdminPanel::createAdminCertificate() - cs is null!" ); + throw new IOException( "cs is null" ); } String subject = ""; @@ -604,13 +578,14 @@ public class AdminPanel extends WizardPanelBase { subject = CryptoUtil.getSubjectName(crmfMsgs); x509key = CryptoUtil.getX509KeyFromCRMFMsgs(crmfMsgs); } catch (Exception e) { - CMS.debug("AdminPanel createAdminCertificate: Exception=" - + e.toString()); + CMS.debug( + "AdminPanel createAdminCertificate: Exception=" + + e.toString()); } - // this request is from IE. The VBScript has problem of generating - // certificate request if the subject name has E and UID components. - // For now, we always hardcoded the subject DN to be cn=NAME in - // the IE browser. + // this request is from IE. The VBScript has problem of generating + // certificate request if the subject name has E and UID components. + // For now, we always hardcoded the subject DN to be cn=NAME in + // the IE browser. } else if (cert_request_type.equals("pkcs10")) { try { byte[] b = CMS.AtoB(cert_request); @@ -619,35 +594,33 @@ public class AdminPanel extends WizardPanelBase { x509key = pkcs10.getSubjectPublicKeyInfo(); } catch (Exception e) { CMS.debug("AdminPanel createAdminCertificate: Exception=" - + e.toString()); + + e.toString()); } } - if (x509key == null) { - CMS.debug("AdminPanel::createAdminCertificate() - x509key is null!"); - throw new IOException("x509key is null"); + if( x509key == null ) { + CMS.debug( "AdminPanel::createAdminCertificate() - x509key is null!" ); + throw new IOException( "x509key is null" ); } try { cs.putString(PCERT_PREFIX + CERT_TAG + ".dn", subject); - String caType = cs.getString(PCERT_PREFIX + CERT_TAG + ".type", - "local"); + String caType = cs.getString(PCERT_PREFIX + CERT_TAG + ".type", "local"); X509CertImpl impl = CertUtil.createLocalCert(cs, x509key, - PCERT_PREFIX, CERT_TAG, caType, context); + PCERT_PREFIX, CERT_TAG, caType, context); // update the locally created request for renewal - CertUtil.updateLocalRequest(cs, CERT_TAG, cert_request, - cert_request_type, subject); + CertUtil.updateLocalRequest(cs, CERT_TAG, cert_request,cert_request_type, subject); ISubsystem ca = (ISubsystem) CMS.getSubsystem("ca"); if (ca != null) { createPKCS7(impl); } - cs.putString("preop.admincert.serialno.0", impl.getSerialNumber() - .toString(16)); + cs.putString("preop.admincert.serialno.0", + impl.getSerialNumber().toString(16)); } catch (Exception e) { CMS.debug("AdminPanel createAdminCertificate: Exception=" - + e.toString()); + + e.toString()); } } @@ -655,7 +628,8 @@ public class AdminPanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { context.put("title", "Administrator"); context.put("panel", "admin/console/config/adminpanel.vm"); @@ -666,9 +640,8 @@ public class AdminPanel extends WizardPanelBase { try { type = cs.getString("preop.ca.type", ""); - } catch (Exception e) { - } - if (ca == null && type.equals("otherca")) { + } catch (Exception e) {} + if (ca == null && type.equals("otherca")) { info = "Since you do not join the Redhat CA network, the administrator's certificate will not be generated automatically."; } context.put("info", info); @@ -682,7 +655,7 @@ public class AdminPanel extends WizardPanelBase { public boolean shouldSkip() { try { IConfigStore c = CMS.getConfigStore(); - String s = c.getString("preop.subsystem.select", null); + String s = c.getString("preop.subsystem.select",null); if (s != null && s.equals("clone")) { return true; } @@ -692,11 +665,11 @@ public class AdminPanel extends WizardPanelBase { return false; } + private void createPKCS7(X509CertImpl cert) { try { IConfigStore cs = CMS.getConfigStore(); - ICertificateAuthority ca = (ICertificateAuthority) CMS - .getSubsystem("ca"); + ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca"); CertificateChain cachain = ca.getCACertChain(); X509Certificate[] cacerts = cachain.getChain(); X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1]; @@ -707,18 +680,16 @@ public class AdminPanel extends WizardPanelBase { } userChain[0] = cert; - PKCS7 p7 = new PKCS7(new AlgorithmId[0], new ContentInfo( - new byte[0]), userChain, new SignerInfo[0]); + PKCS7 p7 = new PKCS7(new AlgorithmId[0], + new ContentInfo(new byte[0]), userChain, new SignerInfo[0]); ByteArrayOutputStream bos = new ByteArrayOutputStream(); p7.encodeSignedData(bos); byte[] p7Bytes = bos.toByteArray(); String p7Str = CMS.BtoA(p7Bytes); - cs.putString("preop.admincert.pkcs7", - CryptoUtil.normalizeCertStr(p7Str)); + cs.putString("preop.admincert.pkcs7", CryptoUtil.normalizeCertStr(p7Str)); } catch (Exception e) { - CMS.debug("AdminPanel createPKCS7: Failed to create pkcs7 file. Exception: " - + e.toString()); + CMS.debug("AdminPanel createPKCS7: Failed to create pkcs7 file. Exception: "+e.toString()); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java index b5f74fd0..a62b22b7 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.IOException; import javax.servlet.ServletConfig; @@ -35,19 +36,19 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class AgentAuthenticatePanel extends WizardPanelBase { - public AgentAuthenticatePanel() { - } + public AgentAuthenticatePanel() {} /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Agent Authentication"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, - String id) throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException { setPanelNo(panelno); setName("Agent Authentication"); setId(id); @@ -56,18 +57,18 @@ public class AgentAuthenticatePanel extends WizardPanelBase { public boolean isSubPanel() { return true; } - + /** * Should we skip this panel for the configuration. */ public boolean shouldSkip() { CMS.debug("DisplayCertChainPanel: should skip"); - + IConfigStore cs = CMS.getConfigStore(); // if we are root, no need to get the certificate chain. - + try { - String select = cs.getString("securitydomain.select", ""); + String select = cs.getString("securitydomain.select",""); if (select.equals("new")) { return true; } @@ -77,7 +78,7 @@ public class AgentAuthenticatePanel extends WizardPanelBase { return true; } catch (EBaseException e) { } - + return false; } @@ -95,16 +96,15 @@ public class AgentAuthenticatePanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) { - } + } catch (EBaseException e) {} return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -112,19 +112,20 @@ public class AgentAuthenticatePanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { context.put("title", "Agent Authentication"); IConfigStore config = CMS.getConfigStore(); if (isPanelDone()) { - + try { String s = config.getString("preop.ca.agent.uid", ""); String type = config.getString("preop.hierarchy.select", ""); if (type.equals("root")) context.put("uid", ""); else - context.put("uid", s); + context.put("uid", s); } catch (Exception e) { CMS.debug(e.toString()); } @@ -141,14 +142,17 @@ public class AgentAuthenticatePanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException + { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { IConfigStore config = CMS.getConfigStore(); context.put("panel", "admin/console/config/agentauthenticatepanel.vm"); context.put("title", "Agent Authentication"); @@ -178,34 +182,34 @@ public class AgentAuthenticatePanel extends WizardPanelBase { try { host = config.getString("preop.ca.hostname"); } catch (Exception e) { - CMS.debug("AgentAuthenticatePanel update: " + e.toString()); + CMS.debug("AgentAuthenticatePanel update: "+e.toString()); context.put("errorString", "Missing hostname"); throw new IOException("Missing hostname"); } - + try { httpsport = config.getInteger("preop.ca.httpsport"); } catch (Exception e) { - CMS.debug("AgentAuthenticatePanel update: " + e.toString()); + CMS.debug("AgentAuthenticatePanel update: "+e.toString()); context.put("errorString", "Missing port"); throw new IOException("Missing port"); } - /* - * // Bugzilla Bug #583825 - CC: Obsolete servlets to be removed - * from // web.xml as part of CC interface review boolean - * authenticated = authenticate(host, httpsport, true, - * "/ca/ee/ca/checkIdentity", "uid="+uid+"&pwd="+pwd); - * - * if (!authenticated) { context.put("errorString", - * "Wrong user id or password"); throw new - * IOException("Wrong user id or password"); } - */ +/* + // Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from + // web.xml as part of CC interface review + boolean authenticated = authenticate(host, httpsport, true, + "/ca/ee/ca/checkIdentity", "uid="+uid+"&pwd="+pwd); + + if (!authenticated) { + context.put("errorString", "Wrong user id or password"); + throw new IOException("Wrong user id or password"); + } +*/ try { config.commit(false); - } catch (EBaseException e) { - } + } catch (EBaseException e) {} } } @@ -213,7 +217,9 @@ public class AgentAuthenticatePanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) + { context.put("password", ""); context.put("title", "Agent Authentication"); context.put("panel", "admin/console/config/agentauthenticatepanel.vm"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AuthenticatePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AuthenticatePanel.java index b4f29a43..ceab1d8d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AuthenticatePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AuthenticatePanel.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.IOException; import javax.servlet.ServletConfig; @@ -35,19 +36,19 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class AuthenticatePanel extends WizardPanelBase { - public AuthenticatePanel() { - } + public AuthenticatePanel() {} /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Authentication"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, - String id) throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException { setPanelNo(panelno); setName("Authentication"); setId(id); @@ -61,22 +62,21 @@ public class AuthenticatePanel extends WizardPanelBase { public boolean isPanelDone() { IConfigStore cs = CMS.getConfigStore(); try { - String s = cs.getString("preop.ca.agent.uid", ""); + String s = cs.getString("preop.ca.agent.uid",""); if (s == null || s.equals("")) { return false; } else { return true; } - } catch (EBaseException e) { - } + } catch (EBaseException e) {} return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -84,19 +84,20 @@ public class AuthenticatePanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { context.put("title", "Authentication"); IConfigStore config = CMS.getConfigStore(); if (isPanelDone()) { - + try { String s = config.getString("preop.ca.agent.uid", ""); String type = config.getString("preop.hierarchy.select", ""); if (type.equals("root")) context.put("uid", ""); else - context.put("uid", s); + context.put("uid", s); } catch (Exception e) { CMS.debug(e.toString()); } @@ -113,14 +114,16 @@ public class AuthenticatePanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { IConfigStore config = CMS.getConfigStore(); String type = ""; String catype = ""; @@ -148,31 +151,30 @@ public class AuthenticatePanel extends WizardPanelBase { try { host = config.getString("preop.ca.hostname"); } catch (Exception e) { - CMS.debug("AuthenticatePanel update: " + e.toString()); + CMS.debug("AuthenticatePanel update: "+e.toString()); context.put("errorString", "Missing hostname"); throw new IOException("Missing hostname"); } - + try { httpsport = config.getInteger("preop.ca.httpsport"); } catch (Exception e) { - CMS.debug("AuthenticatePanel update: " + e.toString()); + CMS.debug("AuthenticatePanel update: "+e.toString()); context.put("errorString", "Missing port"); throw new IOException("Missing port"); } - boolean authenticated = authenticate(host, httpsport, true, - "/ca/ee/ca/configSubsystem", "uid=" + uid + "&pwd=" + pwd); + boolean authenticated = authenticate(host, httpsport, true, + "/ca/ee/ca/configSubsystem", "uid="+uid+"&pwd="+pwd); - if (!authenticated) { - context.put("errorString", "Wrong user id or password"); - throw new IOException("Wrong user id or password"); - } + if (!authenticated) { + context.put("errorString", "Wrong user id or password"); + throw new IOException("Wrong user id or password"); + } try { config.commit(false); - } catch (EBaseException e) { - } + } catch (EBaseException e) {} } } @@ -180,7 +182,9 @@ public class AuthenticatePanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) + { context.put("password", ""); context.put("panel", "admin/console/config/authenticatepanel.vm"); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java index 38bbbc64..77977808 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.ByteArrayOutputStream; import java.io.CharConversionException; import java.io.IOException; @@ -70,19 +71,19 @@ import com.netscape.cmsutil.crypto.CryptoUtil; public class BackupKeyCertPanel extends WizardPanelBase { - public BackupKeyCertPanel() { - } + public BackupKeyCertPanel() {} /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Export Keys and Certificates"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, - String id) throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException { setPanelNo(panelno); setName("Export Keys and Certificates"); setId(id); @@ -104,11 +105,11 @@ public class BackupKeyCertPanel extends WizardPanelBase { try { String s = cs.getString("preop.module.token", ""); - if (s.equals("Internal Key Storage Token")) + if (s.equals("Internal Key Storage Token")) return false; } catch (Exception e) { } - + return true; } @@ -121,16 +122,15 @@ public class BackupKeyCertPanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) { - } + } catch (EBaseException e) {} return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -138,7 +138,8 @@ public class BackupKeyCertPanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { context.put("title", "Export Keys and Certificates"); IConfigStore config = CMS.getConfigStore(); @@ -169,13 +170,12 @@ public class BackupKeyCertPanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { String select = HttpInput.getID(request, "choice"); if (select.equals("backupkey")) { String pwd = request.getParameter("__pwd"); String pwdAgain = request.getParameter("__pwdagain"); - if (pwd == null || pwdAgain == null || pwd.equals("") - || pwdAgain.equals("")) { + if (pwd == null || pwdAgain == null || pwd.equals("") || pwdAgain.equals("")) { CMS.debug("BackupKeyCertPanel validate: Password is null"); context.put("updateStatus", "validate-failure"); throw new IOException("PK12 password is empty."); @@ -184,8 +184,7 @@ public class BackupKeyCertPanel extends WizardPanelBase { if (!pwd.equals(pwdAgain)) { CMS.debug("BackupKeyCertPanel validate: Password and password again are not the same."); context.put("updateStatus", "validate-failure"); - throw new IOException( - "PK12 password is different from the PK12 password again."); + throw new IOException("PK12 password is different from the PK12 password again."); } } } @@ -194,7 +193,8 @@ public class BackupKeyCertPanel extends WizardPanelBase { * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { IConfigStore config = CMS.getConfigStore(); String select = HttpInput.getID(request, "choice"); @@ -219,7 +219,9 @@ public class BackupKeyCertPanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) + { String select = ""; try { select = HttpInput.getID(request, "choice"); @@ -240,7 +242,8 @@ public class BackupKeyCertPanel extends WizardPanelBase { context.put("panel", "admin/console/config/backupkeycertpanel.vm"); } - public void backupKeysCerts(HttpServletRequest request) throws IOException { + public void backupKeysCerts(HttpServletRequest request) + throws IOException { CMS.debug("BackupKeyCertPanel backupKeysCerts: start"); IConfigStore cs = CMS.getConfigStore(); String certlist = ""; @@ -254,9 +257,9 @@ public class BackupKeyCertPanel extends WizardPanelBase { try { cm = CryptoManager.getInstance(); } catch (Exception e) { - CMS.debug("BackupKeyCertPanel::backupKeysCerts() - " + "Exception=" - + e.toString()); - throw new IOException(e.toString()); + CMS.debug( "BackupKeyCertPanel::backupKeysCerts() - " + + "Exception="+e.toString() ); + throw new IOException( e.toString() ); } String pwd = request.getParameter("__pwd"); @@ -270,12 +273,12 @@ public class BackupKeyCertPanel extends WizardPanelBase { String nickname = ""; String modname = ""; try { - nickname = cs.getString("preop.cert." + t + ".nickname"); + nickname = cs.getString("preop.cert."+t+".nickname"); modname = cs.getString("preop.module.token"); } catch (Exception e) { } if (!modname.equals("Internal Key Storage Token")) - nickname = modname + ":" + nickname; + nickname = modname+":"+nickname; X509Certificate x509cert = null; byte localKeyId[] = null; @@ -285,7 +288,7 @@ public class BackupKeyCertPanel extends WizardPanelBase { } catch (IOException e) { throw e; } catch (Exception e) { - CMS.debug("BackupKeyCertPanel: Exception=" + e.toString()); + CMS.debug("BackupKeyCertPanel: Exception="+e.toString()); throw new IOException("Failed to create pkcs12 file."); } @@ -293,24 +296,22 @@ public class BackupKeyCertPanel extends WizardPanelBase { PrivateKey pkey = cm.findPrivKeyByCert(x509cert); addKeyBag(pkey, x509cert, pass, localKeyId, encSafeContents); } catch (Exception e) { - CMS.debug("BackupKeyCertPanel: Exception=" + e.toString()); + CMS.debug("BackupKeyCertPanel: Exception="+e.toString()); throw new IOException("Failed to create pkcs12 file."); } - } // while loop - + } //while loop + X509Certificate[] cacerts = cm.getCACerts(); - for (int i = 0; i < cacerts.length; i++) { - // String nickname = cacerts[i].getSubjectDN().toString(); + for (int i=0; i<cacerts.length; i++) { + //String nickname = cacerts[i].getSubjectDN().toString(); String nickname = null; try { - byte[] localKeyId = addCertBag(cacerts[i], nickname, - safeContents); + byte[] localKeyId = addCertBag(cacerts[i], nickname, safeContents); } catch (IOException e) { throw e; } catch (Exception e) { - CMS.debug("BackupKeyCertPanel backKeysCerts: Exception=" - + e.toString()); + CMS.debug("BackupKeyCertPanel backKeysCerts: Exception="+e.toString()); throw new IOException("Failed to create pkcs12 file."); } } @@ -318,9 +319,9 @@ public class BackupKeyCertPanel extends WizardPanelBase { try { AuthenticatedSafes authSafes = new AuthenticatedSafes(); authSafes.addSafeContents(safeContents); - authSafes.addSafeContents(encSafeContents); + authSafes.addSafeContents(encSafeContents); PFX pfx = new PFX(authSafes); - pfx.computeMacData(pass, null, 5); + pfx.computeMacData(pass, null, 5); ByteArrayOutputStream bos = new ByteArrayOutputStream(); pfx.encode(bos); byte[] output = bos.toByteArray(); @@ -328,14 +329,13 @@ public class BackupKeyCertPanel extends WizardPanelBase { pass.clear(); cs.commit(false); } catch (Exception e) { - CMS.debug("BackupKeyCertPanel backupKeysCerts: Exception=" - + e.toString()); + CMS.debug("BackupKeyCertPanel backupKeysCerts: Exception="+e.toString()); } } private void addKeyBag(PrivateKey pkey, X509Certificate x509cert, - Password pass, byte[] localKeyId, SEQUENCE safeContents) - throws IOException { + Password pass, byte[] localKeyId, SEQUENCE safeContents) + throws IOException { try { PasswordConverter passConverter = new PasswordConverter(); @@ -343,24 +343,24 @@ public class BackupKeyCertPanel extends WizardPanelBase { byte salt[] = random.generateSeed(4); // 4 bytes salt byte[] priData = getEncodedKey(pkey); - PrivateKeyInfo pki = (PrivateKeyInfo) ASN1Util.decode( - PrivateKeyInfo.getTemplate(), priData); + PrivateKeyInfo pki = (PrivateKeyInfo) + ASN1Util.decode(PrivateKeyInfo.getTemplate(), priData); ASN1Value key = EncryptedPrivateKeyInfo.createPBE( - PBEAlgorithm.PBE_SHA1_DES3_CBC, pass, salt, 1, - passConverter, pki); - SET keyAttrs = createBagAttrs(x509cert.getSubjectDN().toString(), - localKeyId); - SafeBag keyBag = new SafeBag(SafeBag.PKCS8_SHROUDED_KEY_BAG, key, - keyAttrs); + PBEAlgorithm.PBE_SHA1_DES3_CBC, + pass, salt, 1, passConverter, pki); + SET keyAttrs = createBagAttrs( + x509cert.getSubjectDN().toString(), localKeyId); + SafeBag keyBag = new SafeBag(SafeBag.PKCS8_SHROUDED_KEY_BAG, + key, keyAttrs); safeContents.addElement(keyBag); } catch (Exception e) { - CMS.debug("BackupKeyCertPanel getKeyBag: Exception=" + e.toString()); + CMS.debug("BackupKeyCertPanel getKeyBag: Exception="+e.toString()); throw new IOException("Failed to create pk12 file."); } } - private byte[] addCertBag(X509Certificate x509cert, String nickname, - SEQUENCE safeContents) throws IOException { + private byte[] addCertBag(X509Certificate x509cert, String nickname, + SEQUENCE safeContents) throws IOException { byte[] localKeyId = null; try { ASN1Value cert = new OCTET_STRING(x509cert.getEncoded()); @@ -368,11 +368,11 @@ public class BackupKeyCertPanel extends WizardPanelBase { SET certAttrs = null; if (nickname != null) certAttrs = createBagAttrs(nickname, localKeyId); - SafeBag certBag = new SafeBag(SafeBag.CERT_BAG, new CertBag( - CertBag.X509_CERT_TYPE, cert), certAttrs); + SafeBag certBag = new SafeBag(SafeBag.CERT_BAG, + new CertBag(CertBag.X509_CERT_TYPE, cert), certAttrs); safeContents.addElement(certBag); } catch (Exception e) { - CMS.debug("BackupKeyCertPanel addCertBag: " + e.toString()); + CMS.debug("BackupKeyCertPanel addCertBag: "+e.toString()); throw new IOException("Failed to create pk12 file."); } @@ -385,9 +385,8 @@ public class BackupKeyCertPanel extends WizardPanelBase { CryptoToken token = cm.getInternalKeyStorageToken(); KeyGenerator kg = token.getKeyGenerator(KeyGenAlgorithm.DES3); SymmetricKey sk = kg.generate(); - KeyWrapper wrapper = token - .getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD); - byte iv[] = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 }; + KeyWrapper wrapper = token.getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD); + byte iv[] = {0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1}; IVParameterSpec param = new IVParameterSpec(iv); wrapper.initWrap(sk, param); byte[] enckey = wrapper.wrap(pkey); @@ -396,14 +395,14 @@ public class BackupKeyCertPanel extends WizardPanelBase { byte[] recovered = c.doFinal(enckey); return recovered; } catch (Exception e) { - CMS.debug("BackupKeyCertPanel getEncodedKey: Exception=" - + e.toString()); + CMS.debug("BackupKeyCertPanel getEncodedKey: Exception="+e.toString()); } return null; } - private byte[] createLocalKeyId(X509Certificate cert) throws IOException { + private byte[] createLocalKeyId(X509Certificate cert) + throws IOException { try { // SHA1 hash of the X509Cert der encoding byte certDer[] = cert.getEncoded(); @@ -413,18 +412,16 @@ public class BackupKeyCertPanel extends WizardPanelBase { md.update(certDer); return md.digest(); } catch (CertificateEncodingException e) { - CMS.debug("BackupKeyCertPanel createLocalKeyId: Exception: " - + e.toString()); + CMS.debug("BackupKeyCertPanel createLocalKeyId: Exception: "+e.toString()); throw new IOException("Failed to encode certificate."); } catch (NoSuchAlgorithmException e) { - CMS.debug("BackupKeyCertPanel createLocalKeyId: Exception: " - + e.toString()); + CMS.debug("BackupKeyCertPanel createLocalKeyId: Exception: "+e.toString()); throw new IOException("No such algorithm supported."); } } private SET createBagAttrs(String nickName, byte localKeyId[]) - throws IOException { + throws IOException { try { SET attrs = new SET(); SEQUENCE nickNameAttr = new SEQUENCE(); @@ -445,8 +442,7 @@ public class BackupKeyCertPanel extends WizardPanelBase { attrs.addElement(localKeyAttr); return attrs; } catch (CharConversionException e) { - CMS.debug("BackupKeyCertPanel createBagAttrs: Exception=" - + e.toString()); + CMS.debug("BackupKeyCertPanel createBagAttrs: Exception="+e.toString()); throw new IOException("Failed to create PKCS12 file."); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java index 74961c49..01d06631 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.IOException; import java.util.Enumeration; @@ -29,6 +30,7 @@ import org.apache.velocity.servlet.VelocityServlet; import com.netscape.certsrv.apps.CMS; + public class BaseServlet extends VelocityServlet { /** @@ -44,14 +46,14 @@ public class BaseServlet extends VelocityServlet { } public boolean authenticate(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { String pin = (String) request.getSession().getAttribute("pin"); if (pin == null) { try { response.sendRedirect("login"); - } catch (IOException e) { - } + } catch (IOException e) {} return false; } return true; @@ -64,26 +66,29 @@ public class BaseServlet extends VelocityServlet { while (paramNames.hasMoreElements()) { String pn = (String) paramNames.nextElement(); // added this facility so that password can be hidden, - // all sensitive parameters should be prefixed with + // all sensitive parameters should be prefixed with // __ (double underscores); however, in the event that // a security parameter slips through, we perform multiple // additional checks to insure that it is NOT displayed - if (pn.startsWith("__") || pn.endsWith("password") - || pn.endsWith("passwd") || pn.endsWith("pwd") - || pn.equalsIgnoreCase("admin_password_again") - || pn.equalsIgnoreCase("directoryManagerPwd") - || pn.equalsIgnoreCase("bindpassword") - || pn.equalsIgnoreCase("bindpwd") - || pn.equalsIgnoreCase("passwd") - || pn.equalsIgnoreCase("password") - || pn.equalsIgnoreCase("pin") || pn.equalsIgnoreCase("pwd") - || pn.equalsIgnoreCase("pwdagain") - || pn.equalsIgnoreCase("uPasswd")) { - CMS.debug("BaseServlet::service() param name='" + pn - + "' value='(sensitive)'"); + if( pn.startsWith("__") || + pn.endsWith("password") || + pn.endsWith("passwd") || + pn.endsWith("pwd") || + pn.equalsIgnoreCase("admin_password_again") || + pn.equalsIgnoreCase("directoryManagerPwd") || + pn.equalsIgnoreCase("bindpassword") || + pn.equalsIgnoreCase("bindpwd") || + pn.equalsIgnoreCase("passwd") || + pn.equalsIgnoreCase("password") || + pn.equalsIgnoreCase("pin") || + pn.equalsIgnoreCase("pwd") || + pn.equalsIgnoreCase("pwdagain") || + pn.equalsIgnoreCase("uPasswd") ) { + CMS.debug("BaseServlet::service() param name='" + pn + + "' value='(sensitive)'" ); } else { - CMS.debug("BaseServlet::service() param name='" + pn - + "' value='" + httpReq.getParameter(pn) + "'"); + CMS.debug("BaseServlet::service() param name='" + pn + + "' value='" + httpReq.getParameter(pn) + "'" ); } } } @@ -92,12 +97,14 @@ public class BaseServlet extends VelocityServlet { * Processes request. */ public Template process(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { return null; } public Template handleRequest(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { if (CMS.debugOn()) { outputHttpParameters(request); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java index 5e4c015e..33a0ff69 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.IOException; import java.net.URL; import java.util.StringTokenizer; @@ -38,19 +39,19 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class CAInfoPanel extends WizardPanelBase { - public CAInfoPanel() { - } + public CAInfoPanel() {} /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("CA Information"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, - String id) throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException { setPanelNo(panelno); setName("CA Information"); setId(id); @@ -81,15 +82,14 @@ public class CAInfoPanel extends WizardPanelBase { } else { return true; } - } catch (Exception e) { - } + } catch (Exception e) {} return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + return set; } @@ -97,7 +97,8 @@ public class CAInfoPanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { CMS.debug("CAInfoPanel: display"); IConfigStore cs = CMS.getConfigStore(); @@ -117,18 +118,15 @@ public class CAInfoPanel extends WizardPanelBase { try { hostname = cs.getString("preop.ca.hostname"); - } catch (Exception e) { - } + } catch (Exception e) {} try { httpport = cs.getString("preop.ca.httpport"); - } catch (Exception e) { - } + } catch (Exception e) {} try { httpsport = cs.getString("preop.ca.httpsport"); - } catch (Exception e) { - } + } catch (Exception e) {} if (type.equals("sdca")) { context.put("check_sdca", "checked"); @@ -145,11 +143,12 @@ public class CAInfoPanel extends WizardPanelBase { String cstype = "CA"; String portType = "SecurePort"; - /* - * try { cstype = cs.getString("cs.type", ""); } catch (EBaseException - * e) {} - */ - +/* + try { + cstype = cs.getString("cs.type", ""); + } catch (EBaseException e) {} +*/ + CMS.debug("CAInfoPanel: Ready to get url"); Vector v = getUrlListFromSecurityDomain(cs, cstype, portType); v.addElement("External CA"); @@ -164,13 +163,12 @@ public class CAInfoPanel extends WizardPanelBase { list.append(","); } } - + try { cs.putString("preop.ca.list", list.toString()); cs.commit(false); - } catch (Exception e) { - } - + } catch (Exception e) {} + context.put("urls", v); context.put("sdcaHostname", hostname); @@ -185,7 +183,8 @@ public class CAInfoPanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { IConfigStore config = CMS.getConfigStore(); } @@ -193,18 +192,20 @@ public class CAInfoPanel extends WizardPanelBase { * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { /* - * String select = request.getParameter("choice"); if (select == null) { - * CMS.debug("CAInfoPanel: choice not found"); throw new - * IOException("choice not found"); } + String select = request.getParameter("choice"); + if (select == null) { + CMS.debug("CAInfoPanel: choice not found"); + throw new IOException("choice not found"); + } */ IConfigStore config = CMS.getConfigStore(); try { - String subsystemselect = config.getString("preop.subsystem.select", - ""); + String subsystemselect = config.getString("preop.subsystem.select", ""); if (subsystemselect.equals("clone")) return; } catch (Exception e) { @@ -212,26 +213,25 @@ public class CAInfoPanel extends WizardPanelBase { String select = null; String index = request.getParameter("urls"); - String url = ""; + String url = ""; if (index.startsWith("http")) { - // user may submit url directlry - url = index; + // user may submit url directlry + url = index; } else { - try { - int x = Integer.parseInt(index); - String list = config.getString("preop.ca.list", ""); - StringTokenizer tokenizer = new StringTokenizer(list, ","); - int counter = 0; - - while (tokenizer.hasMoreTokens()) { - url = tokenizer.nextToken(); - if (counter == x) { - break; - } - counter++; + try { + int x = Integer.parseInt(index); + String list = config.getString("preop.ca.list", ""); + StringTokenizer tokenizer = new StringTokenizer(list, ","); + int counter = 0; + + while (tokenizer.hasMoreTokens()) { + url = tokenizer.nextToken(); + if (counter == x) { + break; } - } catch (Exception e) { + counter++; } + } catch (Exception e) {} } URL urlx = null; @@ -240,7 +240,7 @@ public class CAInfoPanel extends WizardPanelBase { select = "otherca"; config.putString("preop.ca.pkcs7", ""); config.putInteger("preop.ca.certchain.size", 0); - } else { + } else { select = "sdca"; // parse URL (CA1 - https://...) @@ -272,12 +272,10 @@ public class CAInfoPanel extends WizardPanelBase { try { config.commit(false); - } catch (Exception e) { - } + } catch (Exception e) {} } - private void sdca(HttpServletRequest request, Context context, - String hostname, String httpsPortStr) throws IOException { + private void sdca(HttpServletRequest request, Context context, String hostname, String httpsPortStr) throws IOException { CMS.debug("CAInfoPanel update: this is the CA in the security domain."); IConfigStore config = CMS.getConfigStore(); @@ -294,23 +292,26 @@ public class CAInfoPanel extends WizardPanelBase { try { httpsport = Integer.parseInt(httpsPortStr); } catch (Exception e) { - CMS.debug("CAInfoPanel update: Https port is not valid. Exception: " - + e.toString()); + CMS.debug( + "CAInfoPanel update: Https port is not valid. Exception: " + + e.toString()); throw new IOException("Http Port is not valid."); } config.putString("preop.ca.hostname", hostname); config.putString("preop.ca.httpsport", httpsPortStr); ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); - updateCertChainUsingSecureEEPort(config, "ca", hostname, httpsport, - true, context, certApprovalCallback); + updateCertChainUsingSecureEEPort( config, "ca", hostname, + httpsport, true, context, + certApprovalCallback ); } /** * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { /* This should never be called */ context.put("title", "CA Information"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/Cert.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/Cert.java index 0aedded8..fb8c2d9c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/Cert.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/Cert.java @@ -17,6 +17,9 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + + + public class Cert { private String mNickname = ""; private String mTokenname = ""; @@ -113,8 +116,8 @@ public class Cert { } public String escapeForHTML(String s) { - s = s.replaceAll("\"", """); - return s; + s = s.replaceAll("\"", """); + return s; } public String getEscapedDN() { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertPrettyPrintPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertPrettyPrintPanel.java index 15059d08..30bcc78d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertPrettyPrintPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertPrettyPrintPanel.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.IOException; import java.util.Locale; import java.util.StringTokenizer; @@ -41,19 +42,19 @@ import com.netscape.cmsutil.crypto.CryptoUtil; public class CertPrettyPrintPanel extends WizardPanelBase { private Vector mCerts = null; - public CertPrettyPrintPanel() { - } + public CertPrettyPrintPanel() {} /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Certificates"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, - String id) throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException { setPanelNo(panelno); setName("Certificates"); setId(id); @@ -62,7 +63,7 @@ public class CertPrettyPrintPanel extends WizardPanelBase { public PropertySet getUsage() { // expects no input from client PropertySet set = new PropertySet(); - + return set; } @@ -74,15 +75,15 @@ public class CertPrettyPrintPanel extends WizardPanelBase { public boolean isPanelDone() { IConfigStore cs = CMS.getConfigStore(); try { - boolean s = cs.getBoolean("preop.CertPrettyPrintPanel.done", false); + boolean s = cs.getBoolean("preop.CertPrettyPrintPanel.done", + false); if (s != true) { return false; } else { return true; } - } catch (EBaseException e) { - } + } catch (EBaseException e) {} return false; } @@ -92,10 +93,8 @@ public class CertPrettyPrintPanel extends WizardPanelBase { CMS.debug("CertPrettyPrintPanel: in getCert()"); try { // String cert = config.getString(CONF_CA_CERT); - String subsystem = config.getString(PCERT_PREFIX + certTag - + ".subsystem"); - String certs = config - .getString(subsystem + "." + certTag + ".cert"); + String subsystem = config.getString(PCERT_PREFIX + certTag + ".subsystem"); + String certs = config.getString(subsystem + "." + certTag + ".cert"); byte[] certb = CryptoUtil.base64Decode(certs); if (cert != null) { @@ -117,7 +116,8 @@ public class CertPrettyPrintPanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { CMS.debug("CertPrettyPrintPanel: display()"); context.put("title", "Certificates Pretty Print"); @@ -134,30 +134,32 @@ public class CertPrettyPrintPanel extends WizardPanelBase { String certTag = st.nextToken(); try { - String subsystem = config.getString(PCERT_PREFIX + certTag - + ".subsystem"); + String subsystem = config.getString( + PCERT_PREFIX + certTag + ".subsystem"); - String nickname = config.getString(subsystem + "." - + certTag + ".nickname"); - String tokenname = config.getString(subsystem + "." - + certTag + ".tokenname"); + String nickname = config.getString( + subsystem + "." + certTag + ".nickname"); + String tokenname = config.getString( + subsystem + "." + certTag + ".tokenname"); Cert c = new Cert(tokenname, nickname, certTag); - String type = config.getString(PCERT_PREFIX + certTag - + ".type"); + String type = config.getString( + PCERT_PREFIX + certTag + ".type"); c.setType(type); getCert(request, config, context, certTag, c); mCerts.addElement(c); } catch (Exception e) { - CMS.debug("CertPrettyPrintPanel: display() certTag " - + certTag + " Exception caught: " + e.toString()); + CMS.debug( + "CertPrettyPrintPanel: display() certTag " + certTag + + " Exception caught: " + e.toString()); } } } catch (Exception e) { - CMS.debug("CertPrettyPrintPanel:display() Exception caught: " - + e.toString()); + CMS.debug( + "CertPrettyPrintPanel:display() Exception caught: " + + e.toString()); System.err.println("Exception caught: " + e.toString()); } // try @@ -173,22 +175,25 @@ public class CertPrettyPrintPanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { CMS.debug("CertPrettyPrintPanel: in update()"); IConfigStore config = CMS.getConfigStore(); config.putBoolean("preop.CertPrettyPrintPanel.done", true); try { config.commit(false); } catch (EBaseException e) { - CMS.debug("CertPrettyPrintPanel: update() Exception caught at config commit: " - + e.toString()); + CMS.debug( + "CertPrettyPrintPanel: update() Exception caught at config commit: " + + e.toString()); } } @@ -196,7 +201,8 @@ public class CertPrettyPrintPanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { context.put("title", "Certificates Pretty Print"); context.put("panel", "admin/console/config/certprettyprintpanel.vm"); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java index 962c9080..5e783b1a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.IOException; import java.math.BigInteger; import java.security.Principal; @@ -57,38 +58,35 @@ public class CertRequestPanel extends WizardPanelBase { private Vector mCerts = null; private WizardServlet mServlet = null; - public CertRequestPanel() { - } + public CertRequestPanel() {} /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Requests & Certificates"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, - String id) throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException { setPanelNo(panelno); setName("Requests and Certificates"); mServlet = servlet; setId(id); } - // XXX how do you do this? There could be multiple certs. + // XXX how do you do this? There could be multiple certs. public PropertySet getUsage() { PropertySet set = new PropertySet(); - - Descriptor certDesc = new Descriptor(IDescriptor.STRING, null, /* - * no - * constraint - */ - null, /* no default parameters */ - null); + + Descriptor certDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */ + null, /* no default parameters */ + null); set.add("cert", certDesc); - + return set; } @@ -97,13 +95,13 @@ public class CertRequestPanel extends WizardPanelBase { */ public boolean showApplyButton() { if (isPanelDone()) - return false; + return false; else - return true; + return true; } - private boolean findCertificate(String tokenname, String nickname) - throws IOException { + private boolean findCertificate(String tokenname, String nickname) + throws IOException { IConfigStore cs = CMS.getConfigStore(); CryptoManager cm = null; try { @@ -114,10 +112,9 @@ public class CertRequestPanel extends WizardPanelBase { String fullnickname = nickname; boolean hardware = false; - if (!tokenname.equals("internal") - && !tokenname.equals("Internal Key Storage Token")) { + if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token")) { hardware = true; - fullnickname = tokenname + ":" + nickname; + fullnickname = tokenname+":"+nickname; } try { @@ -129,23 +126,16 @@ public class CertRequestPanel extends WizardPanelBase { return true; } catch (Exception ee) { if (hardware) { - CMS.debug("CertRequestPanel findCertificate: The certificate with the same nickname: " - + fullnickname - + " has been found on HSM. Please remove it before proceeding."); - throw new IOException( - "The certificate with the same nickname: " - + fullnickname - + " has been found on HSM. Please remove it before proceeding."); + CMS.debug("CertRequestPanel findCertificate: The certificate with the same nickname: "+ fullnickname +" has been found on HSM. Please remove it before proceeding."); + throw new IOException("The certificate with the same nickname: "+ fullnickname +" has been found on HSM. Please remove it before proceeding."); } return true; } } catch (IOException e) { - CMS.debug("CertRequestPanel findCertificate: throw exception:" - + e.toString()); + CMS.debug("CertRequestPanel findCertificate: throw exception:"+e.toString()); throw e; } catch (Exception e) { - CMS.debug("CertRequestPanel findCertificate: Exception=" - + e.toString()); + CMS.debug("CertRequestPanel findCertificate: Exception="+e.toString()); return false; } } @@ -158,13 +148,13 @@ public class CertRequestPanel extends WizardPanelBase { try { select = cs.getString("preop.subsystem.select", ""); list = cs.getString("preop.cert.list", ""); - tokenname = cs.getString("preop.module.token", ""); + tokenname = cs.getString("preop.module.token", ""); } catch (Exception e) { } - ICertificateAuthority ca = (ICertificateAuthority) CMS - .getSubsystem(ICertificateAuthority.ID); - + ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem( + ICertificateAuthority.ID); + if (ca != null) { CMS.debug("CertRequestPanel cleanup: get certificate repository"); BigInteger beginS = null; @@ -186,28 +176,27 @@ public class CertRequestPanel extends WizardPanelBase { try { cr.removeCertRecords(beginS, endS); } catch (Exception e) { - CMS.debug("CertRequestPanel cleanUp exception in removing all objects: " - + e.toString()); + CMS.debug("CertRequestPanel cleanUp exception in removing all objects: "+e.toString()); } - + try { - cr.resetSerialNumber(new BigInteger(beginNum, 16)); + cr.resetSerialNumber(new BigInteger(beginNum,16)); } catch (Exception e) { - CMS.debug("CertRequestPanel cleanUp exception in resetting serial number: " - + e.toString()); + CMS.debug("CertRequestPanel cleanUp exception in resetting serial number: "+e.toString()); } } } + StringTokenizer st = new StringTokenizer(list, ","); String nickname = ""; boolean enable = false; while (st.hasMoreTokens()) { String t = st.nextToken(); - + try { - enable = cs.getBoolean(PCERT_PREFIX + t + ".enable", true); - nickname = cs.getString(PCERT_PREFIX + t + ".nickname", ""); + enable = cs.getBoolean(PCERT_PREFIX+t+".enable", true); + nickname = cs.getString(PCERT_PREFIX +t+".nickname", ""); } catch (Exception e) { } @@ -219,12 +208,10 @@ public class CertRequestPanel extends WizardPanelBase { if (findCertificate(tokenname, nickname)) { try { - CMS.debug("CertRequestPanel cleanup: deleting certificate (" - + nickname + ")."); - deleteCert(tokenname, nickname); + CMS.debug("CertRequestPanel cleanup: deleting certificate ("+nickname+")."); + deleteCert(tokenname, nickname); } catch (Exception e) { - CMS.debug("CertRequestPanel cleanup: failed to delete certificate (" - + nickname + "). Exception: " + e.toString()); + CMS.debug("CertRequestPanel cleanup: failed to delete certificate (" +nickname+"). Exception: " +e.toString()); } } } @@ -240,50 +227,50 @@ public class CertRequestPanel extends WizardPanelBase { public boolean isPanelDone() { IConfigStore cs = CMS.getConfigStore(); try { - boolean s = cs.getBoolean("preop.CertRequestPanel.done", false); + boolean s = cs.getBoolean("preop.CertRequestPanel.done", + false); if (s != true) { return false; } else { return true; } - } catch (EBaseException e) { - } + } catch (EBaseException e) {} return false; } - public void getCert(IConfigStore config, Context context, String certTag, - Cert cert) { + public void getCert(IConfigStore config, + Context context, String certTag, Cert cert) { try { - String subsystem = config.getString(PCERT_PREFIX + certTag - + ".subsystem"); + String subsystem = config.getString( + PCERT_PREFIX + certTag + ".subsystem"); - String certs = config.getString( - subsystem + "." + certTag + ".cert", ""); + String certs = config.getString(subsystem + "." + certTag + ".cert", ""); if (cert != null) { String certf = certs; - CMS.debug("CertRequestPanel getCert: certTag=" + certTag + CMS.debug( + "CertRequestPanel getCert: certTag=" + certTag + " cert=" + certs); - // get and set formated cert - if (!certs.startsWith("...")) { + //get and set formated cert + if (!certs.startsWith("...")) { certf = CryptoUtil.certFormat(certs); } cert.setCert(certf); - // get and set cert pretty print + //get and set cert pretty print byte[] certb = CryptoUtil.base64Decode(certs); CertPrettyPrint pp = new CertPrettyPrint(certb); cert.setCertpp(pp.toString(Locale.getDefault())); } else { - CMS.debug("CertRequestPanel::getCert() - cert is null!"); + CMS.debug( "CertRequestPanel::getCert() - cert is null!" ); return; } - String userfriendlyname = config.getString(PCERT_PREFIX + certTag - + ".userfriendlyname"); + String userfriendlyname = config.getString( + PCERT_PREFIX + certTag + ".userfriendlyname"); cert.setUserFriendlyName(userfriendlyname); String type = config.getString(PCERT_PREFIX + certTag + ".type"); @@ -298,45 +285,46 @@ public class CertRequestPanel extends WizardPanelBase { } public X509Key getECCX509Key(IConfigStore config, String certTag) - throws Exception { + throws Exception + { X509Key pubk = null; - String pubKeyEncoded = config.getString(PCERT_PREFIX + certTag - + ".pubkey.encoded"); - pubk = CryptoUtil.getPublicX509ECCKey(CryptoUtil - .string2byte(pubKeyEncoded)); + String pubKeyEncoded = config.getString( + PCERT_PREFIX + certTag + ".pubkey.encoded"); + pubk = CryptoUtil.getPublicX509ECCKey(CryptoUtil.string2byte(pubKeyEncoded)); return pubk; } public X509Key getRSAX509Key(IConfigStore config, String certTag) - throws Exception { + throws Exception + { X509Key pubk = null; - String pubKeyModulus = config.getString(PCERT_PREFIX + certTag - + ".pubkey.modulus"); - String pubKeyPublicExponent = config.getString(PCERT_PREFIX + certTag - + ".pubkey.exponent"); + String pubKeyModulus = config.getString( + PCERT_PREFIX + certTag + ".pubkey.modulus"); + String pubKeyPublicExponent = config.getString( + PCERT_PREFIX + certTag + ".pubkey.exponent"); pubk = CryptoUtil.getPublicX509Key( - CryptoUtil.string2byte(pubKeyModulus), - CryptoUtil.string2byte(pubKeyPublicExponent)); + CryptoUtil.string2byte(pubKeyModulus), + CryptoUtil.string2byte(pubKeyPublicExponent)); return pubk; } - public void handleCertRequest(IConfigStore config, Context context, - String certTag, Cert cert) { + public void handleCertRequest(IConfigStore config, + Context context, String certTag, Cert cert) { try { // get public key - String pubKeyType = config.getString(PCERT_PREFIX + certTag - + ".keytype"); - String algorithm = config.getString(PCERT_PREFIX + certTag - + ".keyalgorithm"); + String pubKeyType = config.getString( + PCERT_PREFIX + certTag + ".keytype"); + String algorithm = config.getString( + PCERT_PREFIX + certTag + ".keyalgorithm"); X509Key pubk = null; if (pubKeyType.equals("rsa")) { pubk = getRSAX509Key(config, certTag); } else if (pubKeyType.equals("ecc")) { pubk = getECCX509Key(config, certTag); } else { - CMS.debug("CertRequestPanel::handleCertRequest() - " - + "pubKeyType " + pubKeyType + " is unsupported!"); + CMS.debug( "CertRequestPanel::handleCertRequest() - " + + "pubKeyType " + pubKeyType + " is unsupported!" ); return; } @@ -349,11 +337,11 @@ public class CertRequestPanel extends WizardPanelBase { } // get private key - String privKeyID = config.getString(PCERT_PREFIX + certTag - + ".privkey.id"); + String privKeyID = config.getString( + PCERT_PREFIX + certTag + ".privkey.id"); CMS.debug("CertRequestPanel: privKeyID=" + privKeyID); byte[] keyIDb = CryptoUtil.string2byte(privKeyID); - + PrivateKey privk = CryptoUtil.findPrivateKeyFromID(keyIDb); if (privk != null) { @@ -361,7 +349,7 @@ public class CertRequestPanel extends WizardPanelBase { } else { CMS.debug("CertRequestPanel: error getting private key null"); } - + // construct cert request String caDN = config.getString(PCERT_PREFIX + certTag + ".dn"); @@ -373,9 +361,9 @@ public class CertRequestPanel extends WizardPanelBase { byte[] certReqb = certReq.toByteArray(); String certReqs = CryptoUtil.base64Encode(certReqb); String certReqf = CryptoUtil.reqFormat(certReqs); - - String subsystem = config.getString(PCERT_PREFIX + certTag - + ".subsystem"); + + String subsystem = config.getString( + PCERT_PREFIX + certTag + ".subsystem"); config.putString(subsystem + "." + certTag + ".certreq", certReqs); config.commit(false); cert.setRequest(certReqf); @@ -390,7 +378,8 @@ public class CertRequestPanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { CMS.debug("CertRequestPanel: display()"); context.put("title", "Requests and Certificates"); @@ -407,35 +396,36 @@ public class CertRequestPanel extends WizardPanelBase { String certTag = st.nextToken(); try { - String subsystem = config.getString(PCERT_PREFIX + certTag - + ".subsystem"); - String nickname = config.getString(subsystem + "." - + certTag + ".nickname"); - String tokenname = config.getString(subsystem + "." - + certTag + ".tokenname"); + String subsystem = config.getString( + PCERT_PREFIX + certTag + ".subsystem"); + String nickname = config.getString( + subsystem + "." + certTag + ".nickname"); + String tokenname = config.getString( + subsystem + "." + certTag + ".tokenname"); Cert c = new Cert(tokenname, nickname, certTag); handleCertRequest(config, context, certTag, c); - String type = config.getString(PCERT_PREFIX + certTag - + ".type"); + String type = config.getString( + PCERT_PREFIX + certTag + ".type"); c.setType(type); - boolean enable = config.getBoolean(PCERT_PREFIX + certTag - + ".enable", true); + boolean enable = config.getBoolean(PCERT_PREFIX+certTag+".enable", true); c.setEnable(enable); getCert(config, context, certTag, c); c.setSubsystem(subsystem); mCerts.addElement(c); } catch (Exception e) { - CMS.debug("CertRequestPanel:display() Exception caught: " - + e.toString() + " for certTag " + certTag); + CMS.debug( + "CertRequestPanel:display() Exception caught: " + + e.toString() + " for certTag " + certTag); } } } catch (Exception e) { - CMS.debug("CertRequestPanel:display() Exception caught: " - + e.toString()); + CMS.debug( + "CertRequestPanel:display() Exception caught: " + + e.toString()); System.err.println("Exception caught: " + e.toString()); } // try @@ -451,7 +441,8 @@ public class CertRequestPanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { } private boolean findBootstrapServerCert() { @@ -467,8 +458,7 @@ public class CertRequestPanel extends WizardPanelBase { if (issuerDN.equals(subjectDN)) return true; } catch (Exception e) { - CMS.debug("CertRequestPanel findBootstrapServerCert Exception=" - + e.toString()); + CMS.debug("CertRequestPanel findBootstrapServerCert Exception="+e.toString()); } return false; @@ -482,8 +472,7 @@ public class CertRequestPanel extends WizardPanelBase { deleteCert("Internal Key Storage Token", nickname); } catch (Exception e) { - CMS.debug("CertRequestPanel deleteBootstrapServerCert Exception=" - + e.toString()); + CMS.debug("CertRequestPanel deleteBootstrapServerCert Exception="+e.toString()); } } @@ -491,7 +480,8 @@ public class CertRequestPanel extends WizardPanelBase { * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { CMS.debug("CertRequestPanel: in update()"); boolean hasErr = false; IConfigStore config = CMS.getConfigStore(); @@ -512,7 +502,7 @@ public class CertRequestPanel extends WizardPanelBase { String tokenname = ""; try { - tokenname = config.getString("preop.module.token", ""); + tokenname = config.getString("preop.module.token", ""); } catch (Exception e) { } @@ -520,216 +510,202 @@ public class CertRequestPanel extends WizardPanelBase { Cert cert = (Cert) c.nextElement(); String certTag = cert.getCertTag(); String subsystem = cert.getSubsystem(); - boolean enable = config.getBoolean(PCERT_PREFIX + certTag - + ".enable", true); + boolean enable = config.getBoolean(PCERT_PREFIX+certTag+".enable", true); if (!enable) continue; - if (hasErr) + if (hasErr) continue; String nickname = cert.getNickname(); - CMS.debug("CertRequestPanel: update() for cert tag " - + cert.getCertTag()); - // String b64 = config.getString(CERT_PREFIX+ certTag +".cert", - // ""); + CMS.debug( + "CertRequestPanel: update() for cert tag " + + cert.getCertTag()); + // String b64 = config.getString(CERT_PREFIX+ certTag +".cert", ""); String b64 = HttpInput.getCert(request, certTag); if (cert.getType().equals("local") - && b64.equals("...certificate be generated internally...")) { + && b64.equals( + "...certificate be generated internally...")) { - String pubKeyType = config.getString(PCERT_PREFIX + certTag - + ".keytype"); + String pubKeyType = config.getString( + PCERT_PREFIX + certTag + ".keytype"); X509Key x509key = null; if (pubKeyType.equals("rsa")) { - x509key = getRSAX509Key(config, certTag); + x509key = getRSAX509Key(config, certTag); } else if (pubKeyType.equals("ecc")) { - x509key = getECCX509Key(config, certTag); + x509key = getECCX509Key(config, certTag); } - + if (findCertificate(tokenname, nickname)) { if (!certTag.equals("sslserver")) - continue; + continue; } - X509CertImpl impl = CertUtil.createLocalCert(config, - x509key, PCERT_PREFIX, certTag, cert.getType(), - context); + X509CertImpl impl = CertUtil.createLocalCert(config, x509key, + PCERT_PREFIX, certTag, cert.getType(), context); if (impl != null) { - byte[] certb = impl.getEncoded(); + byte[] certb = impl.getEncoded(); String certs = CryptoUtil.base64Encode(certb); cert.setCert(certs); - config.putString(subsystem + "." + certTag + ".cert", - certs); + config.putString(subsystem + "." + certTag + ".cert", certs); /* import certificate */ - CMS.debug("CertRequestPanel configCert: nickname=" - + nickname); + CMS.debug( + "CertRequestPanel configCert: nickname=" + + nickname); try { - if (certTag.equals("sslserver") - && findBootstrapServerCert()) + if (certTag.equals("sslserver") && findBootstrapServerCert()) deleteBootstrapServerCert(); if (findCertificate(tokenname, nickname)) deleteCert(tokenname, nickname); - if (certTag.equals("signing") - && subsystem.equals("ca")) - CryptoUtil - .importUserCertificate(impl, nickname); + if (certTag.equals("signing") && subsystem.equals("ca")) + CryptoUtil.importUserCertificate(impl, nickname); else - CryptoUtil.importUserCertificate(impl, - nickname, false); - CMS.debug("CertRequestPanel configCert: cert imported for certTag " - + certTag); + CryptoUtil.importUserCertificate(impl, nickname, false); + CMS.debug( + "CertRequestPanel configCert: cert imported for certTag " + + certTag); } catch (Exception ee) { - CMS.debug("CertRequestPanel configCert: import certificate for certTag=" - + certTag + " Exception: " + ee.toString()); + CMS.debug( + "CertRequestPanel configCert: import certificate for certTag=" + + certTag + " Exception: " + + ee.toString()); CMS.debug("ok"); - // hasErr = true; +// hasErr = true; } } } else if (cert.getType().equals("remote")) { if (b64 != null && b64.length() > 0 && !b64.startsWith("...")) { - String b64chain = HttpInput.getCertChain(request, - certTag + "_cc"); - CMS.debug("CertRequestPanel: in update() process remote...import cert"); + String b64chain = HttpInput.getCertChain(request, certTag+"_cc"); + CMS.debug( + "CertRequestPanel: in update() process remote...import cert"); - String input = HttpInput.getCert(request, - cert.getCertTag()); + String input = HttpInput.getCert(request, cert.getCertTag()); if (input != null) { try { - if (certTag.equals("sslserver") - && findBootstrapServerCert()) + if (certTag.equals("sslserver") && findBootstrapServerCert()) deleteBootstrapServerCert(); - if (findCertificate(tokenname, nickname)) { - deleteCert(tokenname, nickname); + if (findCertificate(tokenname, nickname)) { + deleteCert(tokenname, nickname); } } catch (Exception e) { - CMS.debug("CertRequestPanel update (remote): deleteCert Exception=" - + e.toString()); + CMS.debug("CertRequestPanel update (remote): deleteCert Exception="+e.toString()); } input = CryptoUtil.stripCertBrackets(input.trim()); String certs = CryptoUtil.normalizeCertStr(input); byte[] certb = CryptoUtil.base64Decode(certs); - config.putString(subsystem + "." + certTag - + ".cert", certs); + config.putString(subsystem + "." + certTag + ".cert", + certs); try { CryptoManager cm = CryptoManager.getInstance(); - X509Certificate x509cert = cm - .importCertPackage(certb, nickname); + X509Certificate x509cert = cm.importCertPackage( + certb, nickname); CryptoUtil.trustCertByNickname(nickname); - X509Certificate[] certchains = cm - .buildCertificateChain(x509cert); + X509Certificate[] certchains = cm.buildCertificateChain( + x509cert); X509Certificate leaf = null; if (certchains != null) { - CMS.debug("CertRequestPanel certchains length=" - + certchains.length); + CMS.debug( + "CertRequestPanel certchains length=" + + certchains.length); leaf = certchains[certchains.length - 1]; } - if (leaf == null) { - CMS.debug("CertRequestPanel::update() - " - + "leaf is null!"); - throw new IOException("leaf is null"); + if( leaf == null ) { + CMS.debug( "CertRequestPanel::update() - " + + "leaf is null!" ); + throw new IOException( "leaf is null" ); } - if (/* (certchains.length <= 1) && */ - (b64chain != null && b64chain.length() != 0)) { - CMS.debug("CertRequestPanel: cert might not have contained chain...calling importCertificateChain: " - + b64chain); - try { - CryptoUtil - .importCertificateChain(CryptoUtil - .normalizeCertAndReq(b64chain)); - } catch (Exception e) { - CMS.debug("CertRequestPanel: importCertChain: Exception: " - + e.toString()); - } + if (/*(certchains.length <= 1) &&*/ + (b64chain != null && b64chain.length() != 0)) { + CMS.debug("CertRequestPanel: cert might not have contained chain...calling importCertificateChain: " + b64chain); + try { + CryptoUtil.importCertificateChain( + CryptoUtil.normalizeCertAndReq(b64chain)); + } catch (Exception e) { + CMS.debug("CertRequestPanel: importCertChain: Exception: "+e.toString()); + } } InternalCertificate icert = (InternalCertificate) leaf; - icert.setSSLTrust(InternalCertificate.TRUSTED_CA - | InternalCertificate.TRUSTED_CLIENT_CA - | InternalCertificate.VALID_CA); - CMS.debug("CertRequestPanel configCert: import certificate successfully, certTag=" - + certTag); + icert.setSSLTrust( + InternalCertificate.TRUSTED_CA + | InternalCertificate.TRUSTED_CLIENT_CA + | InternalCertificate.VALID_CA); + CMS.debug( + "CertRequestPanel configCert: import certificate successfully, certTag=" + + certTag); } catch (Exception ee) { - CMS.debug("CertRequestPanel configCert: import certificate for certTag=" - + certTag - + " Exception: " - + ee.toString()); + CMS.debug( + "CertRequestPanel configCert: import certificate for certTag=" + + certTag + " Exception: " + + ee.toString()); CMS.debug("ok"); - // hasErr=true; +// hasErr=true; } } else { CMS.debug("CertRequestPanel: in update() input null"); hasErr = true; } } else { - CMS.debug("CertRequestPanel: in update() b64 not set"); - hasErr = true; + CMS.debug("CertRequestPanel: in update() b64 not set"); + hasErr=true; } - + } else { b64 = CryptoUtil.stripCertBrackets(b64.trim()); String certs = CryptoUtil.normalizeCertStr(b64); byte[] certb = CryptoUtil.base64Decode(certs); X509CertImpl impl = new X509CertImpl(certb); try { - if (certTag.equals("sslserver") - && findBootstrapServerCert()) + if (certTag.equals("sslserver") && findBootstrapServerCert()) deleteBootstrapServerCert(); if (findCertificate(tokenname, nickname)) { - deleteCert(tokenname, nickname); + deleteCert(tokenname, nickname); } } catch (Exception ee) { - CMS.debug("CertRequestPanel update: deleteCert Exception=" - + ee.toString()); + CMS.debug("CertRequestPanel update: deleteCert Exception="+ee.toString()); } try { if (certTag.equals("signing") && subsystem.equals("ca")) CryptoUtil.importUserCertificate(impl, nickname); else - CryptoUtil.importUserCertificate(impl, nickname, - false); + CryptoUtil.importUserCertificate(impl, nickname, false); } catch (Exception ee) { - CMS.debug("CertRequestPanel: Failed to import user certificate." - + ee.toString()); - hasErr = true; + CMS.debug("CertRequestPanel: Failed to import user certificate."+ee.toString()); + hasErr=true; } } - // update requests in request queue for local certs to allow - // renewal - if ((cert.getType().equals("local")) - || (cert.getType().equals("selfsign"))) { - CertUtil.updateLocalRequest(config, certTag, - cert.getRequest(), "pkcs10", null); + //update requests in request queue for local certs to allow renewal + if ((cert.getType().equals("local")) || (cert.getType().equals("selfsign"))) { + CertUtil.updateLocalRequest(config, certTag, cert.getRequest(), "pkcs10", null); } if (certTag.equals("signing") && subsystem.equals("ca")) { String NickName = nickname; - if (!tokenname.equals("internal") - && !tokenname.equals("Internal Key Storage Token")) - NickName = tokenname + ":" + nickname; + if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token")) + NickName = tokenname+ ":"+ nickname; - CMS.debug("CertRequestPanel update: set trust on CA signing cert " - + NickName); + CMS.debug("CertRequestPanel update: set trust on CA signing cert "+NickName); CryptoUtil.trustCertByNickname(NickName); CMS.reinit(ICertificateAuthority.ID); - } - } // while loop + } + } //while loop if (hasErr == false) { - config.putBoolean("preop.CertRequestPanel.done", true); + config.putBoolean("preop.CertRequestPanel.done", true); } config.commit(false); } catch (Exception e) { @@ -737,7 +713,7 @@ public class CertRequestPanel extends WizardPanelBase { System.err.println("Exception caught: " + e.toString()); } - // reset the attribute of the user certificate to u,u,u + //reset the attribute of the user certificate to u,u,u String certlist = ""; try { certlist = config.getString("preop.cert.list", ""); @@ -747,28 +723,25 @@ public class CertRequestPanel extends WizardPanelBase { String tag = tokenizer.nextToken(); if (tag.equals("signing")) continue; - String nickname = config.getString("preop.cert." + tag - + ".nickname", ""); + String nickname = config.getString("preop.cert."+tag+".nickname", ""); String tokenname = config.getString("preop.module.token", ""); if (!tokenname.equals("Internal Key Storage Token")) - nickname = tokenname + ":" + nickname; + nickname = tokenname+":"+nickname; X509Certificate c = cm.findCertByNickname(nickname); if (c instanceof InternalCertificate) { - InternalCertificate ic = (InternalCertificate) c; + InternalCertificate ic = (InternalCertificate)c; ic.setSSLTrust(InternalCertificate.USER); ic.setEmailTrust(InternalCertificate.USER); if (tag.equals("audit_signing")) { - ic.setObjectSigningTrust(InternalCertificate.USER - | InternalCertificate.VALID_PEER - | InternalCertificate.TRUSTED_PEER); + ic.setObjectSigningTrust(InternalCertificate.USER | InternalCertificate.VALID_PEER | InternalCertificate.TRUSTED_PEER); } else { ic.setObjectSigningTrust(InternalCertificate.USER); } } - } + } } catch (Exception e) { } - if (!hasErr) { + if (!hasErr) { context.put("updateStatus", "success"); } else { context.put("updateStatus", "failure"); @@ -779,7 +752,8 @@ public class CertRequestPanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { context.put("title", "Certificate Request"); context.put("panel", "admin/console/config/certrequestpanel.vm"); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java index 0a6d3c60..3725149d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java @@ -64,12 +64,13 @@ import com.netscape.cmsutil.http.HttpResponse; import com.netscape.cmsutil.http.JssSSLSocketFactory; import com.netscape.cmsutil.xml.XMLObject; + public class CertUtil { static final int LINE_COUNT = 76; - public static X509CertImpl createRemoteCert(String hostname, int port, - String content, HttpServletResponse response, WizardPanelBase panel) - throws IOException { + public static X509CertImpl createRemoteCert(String hostname, + int port, String content, HttpServletResponse response, WizardPanelBase panel) + throws IOException { HttpClient httpclient = new HttpClient(); String c = null; CMS.debug("CertUtil createRemoteCert: content " + content); @@ -97,22 +98,21 @@ public class CertUtil { if (c != null) { try { - ByteArrayInputStream bis = new ByteArrayInputStream( - c.getBytes()); + ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); XMLObject parser = null; try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug("CertUtil::createRemoteCert() - " + "Exception=" - + e.toString()); - throw new IOException(e.toString()); + CMS.debug( "CertUtil::createRemoteCert() - " + + "Exception="+e.toString() ); + throw new IOException( e.toString() ); } String status = parser.getValue("Status"); CMS.debug("CertUtil createRemoteCert: status=" + status); if (status.equals("2")) { - // relogin to the security domain + //relogin to the security domain panel.reloginSecurityDomain(response); return null; } else if (!status.equals("0")) { @@ -136,43 +136,43 @@ public class CertUtil { return null; } - public static String getPKCS10(IConfigStore config, String prefix, + public static String getPKCS10(IConfigStore config, String prefix, Cert certObj, Context context) throws IOException { String certTag = certObj.getCertTag(); X509Key pubk = null; try { - String pubKeyType = config.getString(prefix + certTag + ".keytype"); - String algorithm = config.getString(prefix + certTag - + ".keyalgorithm"); + String pubKeyType = config.getString( + prefix + certTag + ".keytype"); + String algorithm = config.getString( + prefix + certTag + ".keyalgorithm"); if (pubKeyType.equals("rsa")) { - String pubKeyModulus = config.getString(prefix + certTag - + ".pubkey.modulus"); - String pubKeyPublicExponent = config.getString(prefix + certTag - + ".pubkey.exponent"); - pubk = CryptoUtil.getPublicX509Key( - CryptoUtil.string2byte(pubKeyModulus), - CryptoUtil.string2byte(pubKeyPublicExponent)); + String pubKeyModulus = config.getString( + prefix + certTag + ".pubkey.modulus"); + String pubKeyPublicExponent = config.getString( + prefix + certTag + ".pubkey.exponent"); + pubk = CryptoUtil.getPublicX509Key( + CryptoUtil.string2byte(pubKeyModulus), + CryptoUtil.string2byte(pubKeyPublicExponent)); } else if (pubKeyType.equals("ecc")) { - String pubKeyEncoded = config.getString(prefix + certTag - + ".pubkey.encoded"); - pubk = CryptoUtil.getPublicX509ECCKey(CryptoUtil - .string2byte(pubKeyEncoded)); + String pubKeyEncoded = config.getString( + prefix + certTag + ".pubkey.encoded"); + pubk = CryptoUtil.getPublicX509ECCKey( + CryptoUtil.string2byte(pubKeyEncoded)); } else { - CMS.debug("CertRequestPanel::getPKCS10() - " - + "public key type is unsupported!"); - throw new IOException("public key type is unsupported"); + CMS.debug( "CertRequestPanel::getPKCS10() - " + + "public key type is unsupported!" ); + throw new IOException( "public key type is unsupported" ); } if (pubk != null) { CMS.debug("CertRequestPanel: got public key"); } else { CMS.debug("CertRequestPanel: error getting public key null"); - throw new IOException("public key is null"); + throw new IOException( "public key is null" ); } // get private key - String privKeyID = config.getString(prefix + certTag - + ".privkey.id"); + String privKeyID = config.getString(prefix + certTag + ".privkey.id"); byte[] keyIDb = CryptoUtil.string2byte(privKeyID); PrivateKey privk = CryptoUtil.findPrivateKeyFromID(keyIDb); @@ -187,8 +187,8 @@ public class CertUtil { String dn = config.getString(prefix + certTag + ".dn"); PKCS10 certReq = null; - certReq = CryptoUtil.createCertificationRequest(dn, pubk, privk, - algorithm); + certReq = CryptoUtil.createCertificationRequest(dn, pubk, + privk, algorithm); byte[] certReqb = certReq.toByteArray(); String certReqs = CryptoUtil.base64Encode(certReqb); @@ -201,15 +201,15 @@ public class CertUtil { } } - /* - * create requests so renewal can work on these initial certs - */ - public static IRequest createLocalRequest(IRequestQueue queue, - String serialNum, X509CertInfo info) throws EBaseException { - // RequestId rid = new RequestId(serialNum); + +/* + * create requests so renewal can work on these initial certs + */ + public static IRequest createLocalRequest(IRequestQueue queue, String serialNum, X509CertInfo info) throws EBaseException { +// RequestId rid = new RequestId(serialNum); // just need a request, no need to get into a queue - // IRequest r = new EnrollmentRequest(rid); - CMS.debug("CertUtil: createLocalRequest for serial: " + serialNum); +// IRequest r = new EnrollmentRequest(rid); + CMS.debug("CertUtil: createLocalRequest for serial: "+ serialNum); IRequest req = queue.newRequest("enrollment"); CMS.debug("certUtil: newRequest called"); req.setExtData("profile", "true"); @@ -217,14 +217,14 @@ public class CertUtil { req.setExtData("req_seq_num", "0"); req.setExtData(IEnrollProfile.REQUEST_CERTINFO, info); req.setExtData(IEnrollProfile.REQUEST_EXTENSIONS, - new CertificateExtensions()); + new CertificateExtensions()); req.setExtData("requesttype", "enrollment"); req.setExtData("requestor_name", ""); req.setExtData("requestor_email", ""); req.setExtData("requestor_phone", ""); req.setExtData("profileRemoteHost", ""); req.setExtData("profileRemoteAddr", ""); - req.setExtData("requestnotes", ""); + req.setExtData("requestnotes",""); req.setExtData("isencryptioncert", "false"); req.setExtData("profileapprovedby", "system"); @@ -235,19 +235,18 @@ public class CertUtil { return req; } - /** - * update local cert request with the actual request called from - * CertRequestPanel.java - */ - public static void updateLocalRequest(IConfigStore config, String certTag, - String certReq, String reqType, String subjectName) { - try { +/** + * update local cert request with the actual request + * called from CertRequestPanel.java + */ + public static void updateLocalRequest(IConfigStore config, String certTag, String certReq, String reqType, String subjectName) + { + try { CMS.debug("Updating local request... certTag=" + certTag); - RequestId rid = new RequestId(config.getString("preop.cert." - + certTag + ".reqId")); + RequestId rid = new RequestId(config.getString("preop.cert." + certTag + ".reqId")); - ICertificateAuthority ca = (ICertificateAuthority) CMS - .getSubsystem(ICertificateAuthority.ID); + ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem( + ICertificateAuthority.ID); IRequestQueue queue = ca.getRequestQueue(); if (queue != null) { @@ -263,84 +262,76 @@ public class CertUtil { } queue.updateRequest(req); } else { - CMS.debug("CertUtil:updateLocalRequest - request queue = null"); + CMS.debug("CertUtil:updateLocalRequest - request queue = null"); } } catch (Exception e) { CMS.debug("CertUtil:updateLocalRequest - Exception:" + e.toString()); } } - /** - * reads from the admin cert profile caAdminCert.profile and takes the first - * entry in the list of allowed algorithms. Users that wish a different - * algorithm can specify it in the profile using default.params.signingAlg - */ +/** + * reads from the admin cert profile caAdminCert.profile and takes the first + * entry in the list of allowed algorithms. Users that wish a different algorithm + * can specify it in the profile using default.params.signingAlg + */ public static String getAdminProfileAlgorithm(IConfigStore config) { String algorithm = "SHA256withRSA"; try { - String caSigningKeyType = config.getString( - "preop.cert.signing.keytype", "rsa"); + String caSigningKeyType = config.getString("preop.cert.signing.keytype","rsa"); String pfile = config.getString("profile.caAdminCert.config"); FileInputStream fis = new FileInputStream(pfile); DataInputStream in = new DataInputStream(fis); BufferedReader br = new BufferedReader(new InputStreamReader(in)); - String strLine; - while ((strLine = br.readLine()) != null) { - String marker2 = "default.params.signingAlg="; - int indx = strLine.indexOf(marker2); - if (indx != -1) { - String alg = strLine.substring(indx + marker2.length()); - if ((alg.length() > 0) && (!alg.equals("-"))) { - algorithm = alg; - break; - } - ; - } - ; - - String marker = "signingAlgsAllowed="; - indx = strLine.indexOf(marker); - if (indx != -1) { - String[] algs = strLine.substring(indx + marker.length()) - .split(","); - for (int i = 0; i < algs.length; i++) { - if ((caSigningKeyType.equals("rsa") && (algs[i] - .indexOf("RSA") != -1)) - || (caSigningKeyType.equals("ecc") && (algs[i] - .indexOf("EC") != -1))) { - algorithm = algs[i]; - break; - } - } - } - } - in.close(); + String strLine; + while ((strLine = br.readLine()) != null) { + String marker2 = "default.params.signingAlg="; + int indx = strLine.indexOf(marker2); + if (indx != -1) { + String alg = strLine.substring(indx + marker2.length()); + if ((alg.length() > 0) && (!alg.equals("-"))) { + algorithm = alg; + break; + }; + }; + + String marker = "signingAlgsAllowed="; + indx = strLine.indexOf(marker); + if (indx != -1) { + String[] algs = strLine.substring(indx + marker.length()).split(","); + for (int i=0; i<algs.length; i++) { + if ((caSigningKeyType.equals("rsa") && (algs[i].indexOf("RSA") != -1)) || + (caSigningKeyType.equals("ecc") && (algs[i].indexOf("EC" ) != -1)) ) { + algorithm = algs[i]; + break; + } + } + } + } + in.close(); } catch (Exception e) { CMS.debug("getAdminProfleAlgorithm: exception: " + e); } return algorithm; } - public static X509CertImpl createLocalCert(IConfigStore config, - X509Key x509key, String prefix, String certTag, String type, - Context context) throws IOException { + public static X509CertImpl createLocalCert(IConfigStore config, X509Key x509key, + String prefix, String certTag, String type, Context context) throws IOException { CMS.debug("Creating local certificate... certTag=" + certTag); String profile = null; try { profile = config.getString(prefix + certTag + ".profile"); - } catch (Exception e) { - } + } catch (Exception e) {} X509CertImpl cert = null; ICertificateAuthority ca = null; ICertificateRepository cr = null; RequestId reqId = null; String profileId = null; - IRequestQueue queue = null; + IRequestQueue queue = null; IRequest req = null; try { @@ -353,40 +344,38 @@ public class CertUtil { if (certTag.equals("admin")) { keyAlgorithm = getAdminProfileAlgorithm(config); } else { - keyAlgorithm = config.getString(prefix + certTag - + ".keyalgorithm"); + keyAlgorithm = config.getString(prefix + certTag + ".keyalgorithm"); } - ca = (ICertificateAuthority) CMS - .getSubsystem(ICertificateAuthority.ID); + ca = (ICertificateAuthority) CMS.getSubsystem( + ICertificateAuthority.ID); cr = (ICertificateRepository) ca.getCertificateRepository(); BigInteger serialNo = cr.getNextSerialNumber(); if (type.equals("selfsign")) { CMS.debug("Creating local certificate... issuerdn=" + dn); CMS.debug("Creating local certificate... dn=" + dn); - info = CryptoUtil.createX509CertInfo(x509key, - serialNo.intValue(), dn, dn, date, date, keyAlgorithm); - } else { + info = CryptoUtil.createX509CertInfo(x509key, serialNo.intValue(), dn, dn, date, + date, keyAlgorithm); + } else { String issuerdn = config.getString("preop.cert.signing.dn", ""); CMS.debug("Creating local certificate... issuerdn=" + issuerdn); CMS.debug("Creating local certificate... dn=" + dn); info = CryptoUtil.createX509CertInfo(x509key, - serialNo.intValue(), issuerdn, dn, date, date, - keyAlgorithm); + serialNo.intValue(), issuerdn, dn, date, date, keyAlgorithm); } CMS.debug("Cert Template: " + info.toString()); String instanceRoot = config.getString("instanceRoot"); - CertInfoProfile processor = new CertInfoProfile(instanceRoot - + "/conf/" + profile); + CertInfoProfile processor = new CertInfoProfile( + instanceRoot + "/conf/" + profile); // cfu - create request to enable renewal try { queue = ca.getRequestQueue(); if (queue != null) { req = createLocalRequest(queue, serialNo.toString(), info); - CMS.debug("CertUtil profile name= " + profile); + CMS.debug("CertUtil profile name= "+profile); req.setExtData("req_key", x509key.toString()); // store original profile id in cert request @@ -398,60 +387,59 @@ public class CertUtil { String name = profile.substring(0, idx); req.setExtData("origprofileid", name); } - + // store mapped profile ID for use in renewal profileId = processor.getProfileIDMapping(); req.setExtData("profileid", profileId); - req.setExtData("profilesetid", - processor.getProfileSetIDMapping()); + req.setExtData("profilesetid", processor.getProfileSetIDMapping()); reqId = req.getRequestId(); - config.putString("preop.cert." + certTag + ".reqId", - reqId.toString()); + config.putString("preop.cert." + certTag + ".reqId", reqId.toString()); } else { CMS.debug("certUtil: requestQueue null"); } } catch (Exception e) { - CMS.debug("Creating local request exception:" + e.toString()); + CMS.debug("Creating local request exception:"+e.toString()); } processor.populate(info); - String caPriKeyID = config.getString(prefix + "signing" - + ".privkey.id"); + String caPriKeyID = config.getString( + prefix + "signing" + ".privkey.id"); byte[] keyIDb = CryptoUtil.string2byte(caPriKeyID); - PrivateKey caPrik = CryptoUtil.findPrivateKeyFromID(keyIDb); + PrivateKey caPrik = CryptoUtil.findPrivateKeyFromID( + keyIDb); - if (caPrik == null) { - CMS.debug("CertUtil::createSelfSignedCert() - " - + "CA private key is null!"); - throw new IOException("CA private key is null"); + if( caPrik == null ) { + CMS.debug( "CertUtil::createSelfSignedCert() - " + + "CA private key is null!" ); + throw new IOException( "CA private key is null" ); } else { CMS.debug("CertUtil createSelfSignedCert: got CA private key"); } String keyAlgo = x509key.getAlgorithm(); CMS.debug("key algorithm is " + keyAlgo); - String caSigningKeyType = config.getString( - "preop.cert.signing.keytype", "rsa"); - String caSigningKeyAlgo = ""; - if (type.equals("selfsign")) { - caSigningKeyAlgo = config.getString( - "preop.cert.signing.keyalgorithm", "SHA256withRSA"); + String caSigningKeyType = + config.getString("preop.cert.signing.keytype","rsa"); + String caSigningKeyAlgo = ""; + if (type.equals("selfsign")) { + caSigningKeyAlgo = config.getString("preop.cert.signing.keyalgorithm","SHA256withRSA"); } else { - caSigningKeyAlgo = config.getString( - "preop.cert.signing.signingalgorithm", "SHA256withRSA"); + caSigningKeyAlgo = config.getString("preop.cert.signing.signingalgorithm","SHA256withRSA"); } CMS.debug("CA Signing Key type " + caSigningKeyType); CMS.debug("CA Signing Key algorithm " + caSigningKeyAlgo); if (caSigningKeyType.equals("ecc")) { - CMS.debug("CA signing cert is ECC"); - cert = CryptoUtil.signECCCert(caPrik, info, caSigningKeyAlgo); + CMS.debug("CA signing cert is ECC"); + cert = CryptoUtil.signECCCert(caPrik, info, + caSigningKeyAlgo); } else { - CMS.debug("CA signing cert is not ecc"); - cert = CryptoUtil.signCert(caPrik, info, caSigningKeyAlgo); + CMS.debug("CA signing cert is not ecc"); + cert = CryptoUtil.signCert(caPrik, info, + caSigningKeyAlgo); } if (cert != null) { @@ -465,8 +453,7 @@ public class CertUtil { if (cr == null) { context.put("errorString", "Ceritifcate Authority is not ready to serve."); - throw new IOException( - "Ceritifcate Authority is not ready to serve."); + throw new IOException("Ceritifcate Authority is not ready to serve."); } ICertRecord record = null; @@ -475,21 +462,23 @@ public class CertUtil { if (reqId != null) { meta.set(ICertRecord.META_REQUEST_ID, reqId.toString()); } - + meta.set(ICertRecord.META_PROFILE_ID, profileId); - record = (ICertRecord) cr.createCertRecord(cert.getSerialNumber(), - cert, meta); + record = (ICertRecord) cr.createCertRecord( + cert.getSerialNumber(), cert, meta); } catch (Exception e) { - CMS.debug("NamePanel configCert: failed to add metainfo. Exception: " - + e.toString()); + CMS.debug( + "NamePanel configCert: failed to add metainfo. Exception: " + e.toString()); } try { cr.addCertificateRecord(record); - CMS.debug("NamePanel configCert: finished adding certificate record."); + CMS.debug( + "NamePanel configCert: finished adding certificate record."); } catch (Exception e) { - CMS.debug("NamePanel configCert: failed to add certificate record. Exception: " - + e.toString()); + CMS.debug( + "NamePanel configCert: failed to add certificate record. Exception: " + + e.toString()); try { cr.deleteCertificateRecord(record.getSerialNumber()); cr.addCertificateRecord(record); @@ -499,10 +488,10 @@ public class CertUtil { } if (req != null) { - // update request with cert + // update request with cert req.setExtData(IEnrollProfile.REQUEST_ISSUED_CERT, cert); - // store request in db + // store request in db try { CMS.debug("certUtil: before updateRequest"); if (queue != null) { @@ -518,21 +507,21 @@ public class CertUtil { public static void addUserCertificate(X509CertImpl cert) { IConfigStore cs = CMS.getConfigStore(); - int num = 0; + int num=0; try { num = cs.getInteger("preop.subsystem.count", 0); } catch (Exception e) { } IUGSubsystem system = (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID)); - String id = "user" + num; + String id = "user"+num; - try { - String sysType = cs.getString("cs.type", ""); - String machineName = cs.getString("machineName", ""); - String securePort = cs.getString("service.securePort", ""); - id = sysType + "-" + machineName + "-" + securePort; + try { + String sysType = cs.getString("cs.type", ""); + String machineName = cs.getString("machineName", ""); + String securePort = cs.getString("service.securePort", ""); + id = sysType + "-" + machineName + "-" + securePort; } catch (Exception e1) { - // ignore + // ignore } num++; @@ -577,7 +566,7 @@ public class CertUtil { system.addUserCert(user); CMS.debug("CertUtil addUserCertificate: successfully add the user certificate"); } catch (Exception e) { - CMS.debug("CertUtil addUserCertificate exception=" + e.toString()); + CMS.debug("CertUtil addUserCertificate exception="+e.toString()); } IGroup group = null; @@ -591,8 +580,7 @@ public class CertUtil { CMS.debug("CertUtil addUserCertificate: update: successfully added the user to the group."); } } catch (Exception e) { - CMS.debug("CertUtil addUserCertificate update: modifyGroup " - + e.toString()); + CMS.debug("CertUtil addUserCertificate update: modifyGroup " + e.toString()); } } @@ -615,17 +603,17 @@ public class CertUtil { } if (content.length() > 0) result.append(content); - result.append("\n"); + result.append("\n"); return result.toString(); } public static boolean privateKeyExistsOnToken(String certTag, - String tokenname, String nickname) { + String tokenname, String nickname) { IConfigStore cs = CMS.getConfigStore(); String givenid = ""; try { - givenid = cs.getString("preop.cert." + certTag + ".privkey.id"); + givenid = cs.getString("preop.cert."+certTag+".privkey.id"); } catch (Exception e) { CMS.debug("CertUtil privateKeyExistsOnToken: we did not generate private key yet."); return false; @@ -634,10 +622,9 @@ public class CertUtil { String fullnickname = nickname; boolean hardware = false; - if (!tokenname.equals("internal") - && !tokenname.equals("Internal Key Storage Token")) { + if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token")) { hardware = true; - fullnickname = tokenname + ":" + nickname; + fullnickname = tokenname+":"+nickname; } X509Certificate cert = null; @@ -646,8 +633,7 @@ public class CertUtil { cm = CryptoManager.getInstance(); cert = cm.findCertByNickname(fullnickname); } catch (Exception e) { - CMS.debug("CertUtil privateKeyExistsOnToken: nickname=" - + fullnickname + " Exception:" + e.toString()); + CMS.debug("CertUtil privateKeyExistsOnToken: nickname="+fullnickname+" Exception:"+e.toString()); return false; } @@ -655,22 +641,19 @@ public class CertUtil { try { privKey = cm.findPrivKeyByCert(cert); } catch (Exception e) { - CMS.debug("CertUtil privateKeyExistsOnToken: cant find private key (" - + fullnickname + ") exception: " + e.toString()); + CMS.debug("CertUtil privateKeyExistsOnToken: cant find private key ("+fullnickname+") exception: "+e.toString()); return false; } if (privKey == null) { - CMS.debug("CertUtil privateKeyExistsOnToken: cant find private key (" - + fullnickname + ")"); + CMS.debug("CertUtil privateKeyExistsOnToken: cant find private key ("+fullnickname+")"); return false; } else { String str = ""; try { str = CryptoUtil.byte2string(privKey.getUniqueID()); } catch (Exception e) { - CMS.debug("CertUtil privateKeyExistsOnToken: encode string Exception: " - + e.toString()); + CMS.debug("CertUtil privateKeyExistsOnToken: encode string Exception: "+e.toString()); } if (str.equals(givenid)) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CheckIdentity.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CheckIdentity.java index a28ae76b..b3c10b6e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CheckIdentity.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CheckIdentity.java @@ -36,6 +36,7 @@ import com.netscape.cms.servlet.base.UserInfo; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cmsutil.xml.XMLObject; + public class CheckIdentity extends CMSServlet { /** @@ -51,7 +52,6 @@ public class CheckIdentity extends CMSServlet { /** * initialize the servlet. - * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -61,8 +61,7 @@ public class CheckIdentity extends CMSServlet { } /** - * Process the HTTP request. - * + * Process the HTTP request. * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -75,12 +74,12 @@ public class CheckIdentity extends CMSServlet { authToken = authenticate(cmsReq); } catch (Exception e) { CMS.debug("CheckIdentity authentication failed"); - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", - e.toString())); + e.toString())); outputError(httpResp, "Error: Not authenticated"); return; - } + } try { XMLObject xmlObj = null; diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java index e1d18140..f2587300 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.util.Enumeration; import javax.servlet.http.HttpServletRequest; @@ -27,6 +28,7 @@ import org.apache.velocity.context.Context; import com.netscape.certsrv.apps.CMS; + public abstract class ConfigBaseServlet extends BaseServlet { /** * @@ -34,7 +36,8 @@ public abstract class ConfigBaseServlet extends BaseServlet { private static final long serialVersionUID = 7692352201878710530L; public boolean isDisplayMode(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { String display = request.getParameter("display"); if (display == null) { @@ -47,40 +50,43 @@ public abstract class ConfigBaseServlet extends BaseServlet { public abstract void display(HttpServletRequest request, HttpServletResponse response, Context context); - public abstract void update(HttpServletRequest request, + public abstract void update(HttpServletRequest request, HttpServletResponse response, Context context); public abstract Template getTemplate(HttpServletRequest request, - HttpServletResponse response, Context context); + HttpServletResponse response, + Context context); public void outputHttpParameters(HttpServletRequest httpReq) { - CMS.debug("ConfigBaseServlet:service() uri = " - + httpReq.getRequestURI()); + CMS.debug("ConfigBaseServlet:service() uri = " + httpReq.getRequestURI()); Enumeration paramNames = httpReq.getParameterNames(); while (paramNames.hasMoreElements()) { String pn = (String) paramNames.nextElement(); // added this facility so that password can be hidden, - // all sensitive parameters should be prefixed with + // all sensitive parameters should be prefixed with // __ (double underscores); however, in the event that // a security parameter slips through, we perform multiple // additional checks to insure that it is NOT displayed - if (pn.startsWith("__") || pn.endsWith("password") - || pn.endsWith("passwd") || pn.endsWith("pwd") - || pn.equalsIgnoreCase("admin_password_again") - || pn.equalsIgnoreCase("directoryManagerPwd") - || pn.equalsIgnoreCase("bindpassword") - || pn.equalsIgnoreCase("bindpwd") - || pn.equalsIgnoreCase("passwd") - || pn.equalsIgnoreCase("password") - || pn.equalsIgnoreCase("pin") || pn.equalsIgnoreCase("pwd") - || pn.equalsIgnoreCase("pwdagain") - || pn.equalsIgnoreCase("uPasswd")) { - CMS.debug("ConfigBaseServlet::service() param name='" + pn - + "' value='(sensitive)'"); + if( pn.startsWith("__") || + pn.endsWith("password") || + pn.endsWith("passwd") || + pn.endsWith("pwd") || + pn.equalsIgnoreCase("admin_password_again") || + pn.equalsIgnoreCase("directoryManagerPwd") || + pn.equalsIgnoreCase("bindpassword") || + pn.equalsIgnoreCase("bindpwd") || + pn.equalsIgnoreCase("passwd") || + pn.equalsIgnoreCase("password") || + pn.equalsIgnoreCase("pin") || + pn.equalsIgnoreCase("pwd") || + pn.equalsIgnoreCase("pwdagain") || + pn.equalsIgnoreCase("uPasswd") ) { + CMS.debug("ConfigBaseServlet::service() param name='" + pn + + "' value='(sensitive)'" ); } else { - CMS.debug("ConfigBaseServlet::service() param name='" + pn - + "' value='" + httpReq.getParameter(pn) + "'"); + CMS.debug("ConfigBaseServlet::service() param name='" + pn + + "' value='" + httpReq.getParameter(pn) + "'" ); } } } @@ -89,8 +95,9 @@ public abstract class ConfigBaseServlet extends BaseServlet { * Processes request. */ public Template process(HttpServletRequest request, - HttpServletResponse response, Context context) { - + HttpServletResponse response, + Context context) { + if (CMS.debugOn()) { outputHttpParameters(request); } @@ -100,16 +107,16 @@ public abstract class ConfigBaseServlet extends BaseServlet { } else { update(request, response, context); } - + Template template = null; - + try { context.put("name", "Velocity Test"); template = getTemplate(request, response, context); } catch (Exception e) { System.err.println("Exception caught: " + e.getMessage()); } - + return template; } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertApprovalCallback.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertApprovalCallback.java index 8216593a..d95c85d1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertApprovalCallback.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertApprovalCallback.java @@ -20,14 +20,16 @@ package com.netscape.cms.servlet.csadmin; import org.mozilla.jss.crypto.X509Certificate; import org.mozilla.jss.ssl.SSLCertificateApprovalCallback; -public class ConfigCertApprovalCallback implements - SSLCertificateApprovalCallback { + +public class ConfigCertApprovalCallback + implements SSLCertificateApprovalCallback { public ConfigCertApprovalCallback() { } public boolean approve(X509Certificate cert, - SSLCertificateApprovalCallback.ValidityStatus status) { - return true; + SSLCertificateApprovalCallback.ValidityStatus status) { + return true; } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertReqServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertReqServlet.java index 536e953a..37493b6b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertReqServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertReqServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -24,6 +25,7 @@ import org.apache.velocity.Template; import org.apache.velocity.app.Velocity; import org.apache.velocity.context.Context; + public class ConfigCertReqServlet extends BaseServlet { /** @@ -32,14 +34,15 @@ public class ConfigCertReqServlet extends BaseServlet { private static final long serialVersionUID = 4489288758636916446L; public Template process(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { Template template = null; try { context.put("name", "Velocity Test"); - template = Velocity - .getTemplate("admin/console/config/config_certreq.vm"); + template = Velocity.getTemplate( + "admin/console/config/config_certreq.vm"); } catch (Exception e) { System.err.println("Exception caught: " + e.getMessage()); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCloneServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCloneServlet.java index ddd098bc..e7d88a35 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCloneServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCloneServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -24,6 +25,7 @@ import org.apache.velocity.Template; import org.apache.velocity.app.Velocity; import org.apache.velocity.context.Context; + public class ConfigCloneServlet extends BaseServlet { /** @@ -32,14 +34,15 @@ public class ConfigCloneServlet extends BaseServlet { private static final long serialVersionUID = -9065299591659111350L; public Template process(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { Template template = null; try { context.put("name", "Velocity Test"); - template = Velocity - .getTemplate("admin/console/config/config_clone.vm"); + template = Velocity.getTemplate( + "admin/console/config/config_clone.vm"); } catch (Exception e) { System.err.println("Exception caught: " + e.getMessage()); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigDatabaseServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigDatabaseServlet.java index 05fc8936..08ebf08e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigDatabaseServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigDatabaseServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -27,6 +28,7 @@ import org.apache.velocity.context.Context; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.IConfigStore; + public class ConfigDatabaseServlet extends ConfigBaseServlet { /** @@ -45,8 +47,7 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet { try { modified = cs.getString("preop.configDatabase.modified", ""); - } catch (Exception e) { - } + } catch (Exception e) {} if (modified.equals("true")) { return true; @@ -56,7 +57,8 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet { } public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { String hostname = null; String portStr = null; String basedn = null; @@ -73,8 +75,7 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet { basedn = cs.getString("internaldb.basedn", ""); binddn = cs.getString("internaldb.ldapauth.bindDN", ""); database = cs.getString("internaldb.database", ""); - } catch (Exception e) { - } + } catch (Exception e) {} } else { hostname = HOST; portStr = PORT; @@ -94,7 +95,8 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet { } public void update(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { IConfigStore cs = CMS.getConfigStore(); String errorString = ""; String hostname = request.getParameter("host"); @@ -111,7 +113,7 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet { int port = -1; try { - port = Integer.parseInt(portStr); + port = Integer.parseInt(portStr); cs.putInteger("internaldb.ldapconn.port", port); } catch (Exception e) { errorString = "Port is invalid"; @@ -157,7 +159,7 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet { CMS.debug("ConfigDatabaseServlet update: " + e.toString()); return; } - psStore.putString("internaldb", bindpwd); + psStore.putString("internaldb", bindpwd); } else { errorString = "Bind password is empty string"; } @@ -183,11 +185,11 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet { } public Template getTemplate(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { try { return Velocity.getTemplate("admin/console/config/config_db.vm"); - } catch (Exception e) { - } + } catch (Exception e) {} return null; } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java index c524e667..d04fbf2f 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.FileNotFoundException; import java.io.IOException; @@ -45,13 +46,13 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { private CryptoManager mCryptoManager = null; private String mPwdFilePath = ""; - public ConfigHSMLoginPanel() { - } + public ConfigHSMLoginPanel() {} public void init(ServletConfig config, int panelno) throws ServletException { try { mCryptoManager = CryptoManager.getInstance(); - mPwdFilePath = CMS.getConfigStore().getString("passwordFile"); + mPwdFilePath = CMS.getConfigStore().getString( + "passwordFile"); } catch (Exception e) { CMS.debug("ConfigHSMLoginPanel: " + e.toString()); } @@ -59,11 +60,11 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { setName("ConfigHSMLogin"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, - String id) throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) throws ServletException { try { mCryptoManager = CryptoManager.getInstance(); - mPwdFilePath = CMS.getConfigStore().getString("passwordFile"); + mPwdFilePath = CMS.getConfigStore().getString( + "passwordFile"); } catch (Exception e) { CMS.debug("ConfigHSMLoginPanel: " + e.toString()); } @@ -88,7 +89,8 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { } public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { CMS.debug("ConfigHSMLoginPanel: in display()"); context.put("title", "Security Module Login"); @@ -113,8 +115,9 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { try { token = mCryptoManager.getTokenByName(tokName); } catch (Exception e) { - CMS.debug("ConfigHSMLoginPanel: getTokenByName() failed: " - + e.toString()); + CMS.debug( + "ConfigHSMLoginPanel: getTokenByName() failed: " + + e.toString()); context.put("error", "tokenNotFound:" + tokName); context.put("panel", "admin/console/config/config_hsmloginpanel.vm"); return; @@ -129,7 +132,7 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { CMS.debug("ConfigHSMLoginPanel: passwrd file path: " + e.toString()); } CMS.debug("ConfigHSMLoginPanel: checking if passwd in cache"); - String tokPwd = pr.getPassword("hardware-" + tokName); + String tokPwd = pr.getPassword("hardware-"+tokName); boolean loggedIn = false; @@ -154,47 +157,48 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { password = new Password(tokPwd.toCharArray()); try { - if (token.passwordIsInitialized()) { - CMS.debug("ConfigHSMLoginPanel: loginToken():token password is initialized"); - if (!token.isLoggedIn()) { - CMS.debug("ConfigHSMLoginPanel: loginToken():Token is not logged in, try it"); - token.login(password); - context.put("status", "justLoggedIn"); - } else { - CMS.debug("ConfigHSMLoginPanel:Token has already logged on"); - context.put("status", "alreadyLoggedIn"); - } - } else { - CMS.debug("ConfigHSMLoginPanel: loginToken():Token password not initialized"); - context.put("status", "tokenPasswordNotInitialized"); - rv = false; - } - - } catch (IncorrectPasswordException e) { - context.put("status", "incorrectPassword"); - context.put("errorString", e.toString()); - CMS.debug("ConfigHSMLoginPanel: loginToken():" + e.toString()); - rv = false; - } catch (Exception e) { - CMS.debug("ConfigHSMLoginPanel: loginToken():" + e.toString()); - context.put("errorString", e.toString()); - rv = false; - } + if (token.passwordIsInitialized()) { + CMS.debug( + "ConfigHSMLoginPanel: loginToken():token password is initialized"); + if (!token.isLoggedIn()) { + CMS.debug( + "ConfigHSMLoginPanel: loginToken():Token is not logged in, try it"); + token.login(password); + context.put("status", "justLoggedIn"); + } else { + CMS.debug( + "ConfigHSMLoginPanel:Token has already logged on"); + context.put("status", "alreadyLoggedIn"); + } + } else { + CMS.debug( + "ConfigHSMLoginPanel: loginToken():Token password not initialized"); + context.put("status", "tokenPasswordNotInitialized"); + rv = false; + } + + } catch (IncorrectPasswordException e) { + context.put("status", "incorrectPassword"); + context.put("errorString", e.toString()); + CMS.debug("ConfigHSMLoginPanel: loginToken():" + e.toString()); + rv = false; + } catch (Exception e) { + CMS.debug("ConfigHSMLoginPanel: loginToken():" + e.toString()); + context.put("errorString", e.toString()); + rv = false; + } return rv; } // XXX how do you do this? public PropertySet getUsage() { PropertySet set = new PropertySet(); + + Descriptor choiceDesc = new Descriptor(IDescriptor.CHOICE, "", "", null); /* no default parameters */ - Descriptor choiceDesc = new Descriptor(IDescriptor.CHOICE, "", "", null); /* - * no - * default - * parameters - */ - - set.add("choice", choiceDesc); - + set.add( + "choice", choiceDesc); + return set; } @@ -202,11 +206,13 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { } public void update(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { IConfigStore cs = CMS.getConfigStore(); String select = ""; @@ -214,10 +220,10 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { select = cs.getString("preop.subsystem.select", ""); } catch (Exception e) { } - - // if (select.equals("clone")) - // return; - + +// if (select.equals("clone")) + // return; + CMS.debug("ConfigHSMLoginPanel: in update()"); String uTokName = null; @@ -227,7 +233,7 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { uPasswd = HttpInput.getPassword(request, "__uPasswd"); } catch (Exception e) { } - + if (uPasswd == null) { CMS.debug("ConfigHSMLoginPanel: password not found"); context.put("error", "no password"); @@ -242,41 +248,47 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { try { token = mCryptoManager.getTokenByName(uTokName); } catch (Exception e) { - CMS.debug("ConfigHSMLoginPanel: getTokenByName() failed: " - + e.toString()); + CMS.debug( + "ConfigHSMLoginPanel: getTokenByName() failed: " + + e.toString()); context.put("error", "tokenNotFound:" + uTokName); } try { if (loginToken(token, uPasswd, context) == false) { - CMS.debug("ConfigHSMLoginPanel:loginToken failed for " - + uTokName); + CMS.debug( + "ConfigHSMLoginPanel:loginToken failed for " + + uTokName); context.put("error", "tokenLoginFailed"); context.put("updateStatus", "login failed"); context.put("panel", "admin/console/config/config_hsmloginpanel.vm"); return; } - CMS.debug("ConfigHSMLoginPanel: update(): just logged in successfully"); + CMS.debug( + "ConfigHSMLoginPanel: update(): just logged in successfully"); PlainPasswordWriter pw = new PlainPasswordWriter(); pw.init(mPwdFilePath); - pw.putPassword("hardware-" + uTokName, uPasswd); + pw.putPassword("hardware-"+uTokName, uPasswd); pw.commit(); } catch (FileNotFoundException e) { - CMS.debug("ConfigHSMLoginPanel: update(): Exception caught: " - + e.toString() + " writing to " + mPwdFilePath); - CMS.debug("ConfigHSMLoginPanel: update(): password not written to cache"); + CMS.debug( + "ConfigHSMLoginPanel: update(): Exception caught: " + + e.toString() + " writing to "+ mPwdFilePath); + CMS.debug( + "ConfigHSMLoginPanel: update(): password not written to cache"); System.err.println("Exception caught: " + e.toString()); context.put("error", "Exception:" + e.toString()); } catch (Exception e) { - CMS.debug("ConfigHSMLoginPanel: update(): Exception caught: " - + e.toString()); + CMS.debug( + "ConfigHSMLoginPanel: update(): Exception caught: " + + e.toString()); System.err.println("Exception caught: " + e.toString()); context.put("error", "Exception:" + e.toString()); } - + } // found password context.put("panel", "admin/console/config/config_hsmloginpanel.vm"); @@ -290,8 +302,10 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { context.put("title", "Security Module Login"); context.put("panel", "admin/console/config/config_hsmloginpanel.vm"); } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMServlet.java index 814569ed..bfc6e278 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.util.Enumeration; import java.util.Hashtable; import java.util.Vector; @@ -38,6 +39,7 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.IConfigStore; import com.netscape.cmsutil.crypto.Module; + public class ConfigHSMServlet extends ConfigBaseServlet { /** * @@ -66,8 +68,9 @@ public class ConfigHSMServlet extends ConfigBaseServlet { mCurrModTable.put(mod.getName(), mod); } // while } catch (Exception e) { - CMS.debug("ConfigHSMServlet: Exception caught in loadCurrModTable: " - + e.toString()); + CMS.debug( + "ConfigHSMServlet: Exception caught in loadCurrModTable: " + + e.toString()); System.err.println("Exception caught: " + e.toString()); } } @@ -116,19 +119,21 @@ public class ConfigHSMServlet extends ConfigBaseServlet { try { CryptoToken token = (CryptoToken) tokens.nextElement(); - CMS.debug("ConfigHSMServlet: token nick name=" - + token.getName()); - CMS.debug("ConfigHSMServlet: token logged in?" - + token.isLoggedIn()); - CMS.debug("ConfigHSMServlet: token is present?" - + token.isPresent()); + CMS.debug("ConfigHSMServlet: token nick name=" + token.getName()); + CMS.debug( + "ConfigHSMServlet: token logged in?" + + token.isLoggedIn()); + CMS.debug( + "ConfigHSMServlet: token is present?" + + token.isPresent()); if (!token.getName().equals("Internal Crypto Services Token")) { module.addToken(token); } else { - CMS.debug("ConfigHSMServlet: token " + token.getName() + CMS.debug( + "ConfigHSMServlet: token " + token.getName() + " not to be added"); } - + } catch (TokenException ex) { CMS.debug("ConfigHSMServlet:" + ex.toString()); } @@ -160,11 +165,11 @@ public class ConfigHSMServlet extends ConfigBaseServlet { if ((cn == null) || (cn.equals(""))) { break; } - + CMS.debug("ConfigHSMServlet: got from config module: " + cn); // create a Module object Module module = new Module(cn, pn, img); - + if (mCurrModTable.containsKey(cn)) { CMS.debug("ConfigHSMServlet: module found: " + cn); module.setFound(true); @@ -173,7 +178,7 @@ public class ConfigHSMServlet extends ConfigBaseServlet { loadModTokens(module, m); } - + CMS.debug("ConfigHSMServlet: adding module " + cn); // add module to set if (!mSupportedModules.contains(module)) { @@ -182,14 +187,16 @@ public class ConfigHSMServlet extends ConfigBaseServlet { }// for } catch (Exception e) { - CMS.debug("ConfigHSMServlet: Exception caught in loadSupportedModules(): " - + e.toString()); + CMS.debug( + "ConfigHSMServlet: Exception caught in loadSupportedModules(): " + + e.toString()); System.err.println("Exception caught: " + e.toString()); } } public boolean isDisplayMode(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { String choice = request.getParameter("choice"); if (choice == null) { @@ -216,7 +223,8 @@ public class ConfigHSMServlet extends ConfigBaseServlet { } public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { CMS.debug("ConfigHSMServlet: in display()"); loadCurrModTable(); @@ -244,7 +252,8 @@ public class ConfigHSMServlet extends ConfigBaseServlet { } public void update(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { IConfigStore cs = CMS.getConfigStore(); @@ -277,11 +286,12 @@ public class ConfigHSMServlet extends ConfigBaseServlet { } public Template getTemplate(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { try { return Velocity.getTemplate("admin/console/config/config_hsm.vm"); - } catch (Exception e) { - } + } catch (Exception e) {} return null; } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigImportCertServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigImportCertServlet.java index 6bf74af6..3b3b8a64 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigImportCertServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigImportCertServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -24,6 +25,7 @@ import org.apache.velocity.Template; import org.apache.velocity.app.Velocity; import org.apache.velocity.context.Context; + public class ConfigImportCertServlet extends BaseServlet { /** @@ -32,14 +34,15 @@ public class ConfigImportCertServlet extends BaseServlet { private static final long serialVersionUID = 1907102921734394118L; public Template process(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { Template template = null; try { context.put("name", "Velocity Test"); - template = Velocity - .getTemplate("admin/console/config/config_importcert.vm"); + template = Velocity.getTemplate( + "admin/console/config/config_importcert.vm"); } catch (Exception e) { System.err.println("Exception caught: " + e.getMessage()); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigJoinServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigJoinServlet.java index 4415fdbd..01917303 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigJoinServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigJoinServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -29,6 +30,7 @@ import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.cmsutil.crypto.CryptoUtil; + public class ConfigJoinServlet extends ConfigBaseServlet { /** @@ -37,7 +39,8 @@ public class ConfigJoinServlet extends ConfigBaseServlet { private static final long serialVersionUID = -5848083581083497909L; public boolean isDisplayMode(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { String cert = request.getParameter("cert"); if (cert == null) { @@ -49,13 +52,12 @@ public class ConfigJoinServlet extends ConfigBaseServlet { public boolean isPanelModified() { IConfigStore config = CMS.getConfigStore(); - + String cert = null; try { cert = config.getString("preop.join.cert", null); - } catch (EBaseException e) { - } + } catch (EBaseException e) {} if (cert == null || cert.equals("")) { return false; } else { @@ -67,14 +69,15 @@ public class ConfigJoinServlet extends ConfigBaseServlet { * Displays panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { IConfigStore config = CMS.getConfigStore(); try { - String pubKeyModulus = config - .getString("preop.keysize.pubKeyModulus"); - String pubKeyPublicExponent = config - .getString("preop.keysize.pubKeyPublicExponent"); + String pubKeyModulus = config.getString( + "preop.keysize.pubKeyModulus"); + String pubKeyPublicExponent = config.getString( + "preop.keysize.pubKeyPublicExponent"); String dn = config.getString("preop.name.dn"); String priKeyID = config.getString("preop.keysize.priKeyID"); String pkcs10 = CryptoUtil.getPKCS10FromKey(dn, @@ -82,8 +85,7 @@ public class ConfigJoinServlet extends ConfigBaseServlet { CryptoUtil.string2byte(pubKeyPublicExponent), CryptoUtil.string2byte(priKeyID)); context.put("certreq", pkcs10); - } catch (Exception e) { - } + } catch (Exception e) {} String select = "auto"; boolean select_manual = true; @@ -92,8 +94,8 @@ public class ConfigJoinServlet extends ConfigBaseServlet { try { select = config.getString("preop.join.select", null); } catch (EBaseException e) { - CMS.debug("ConfigJoinServlet::display() - " + "Exception=" - + e.toString()); + CMS.debug( "ConfigJoinServlet::display() - " + + "Exception="+e.toString() ); return; } if (select.equals("auto")) { @@ -107,13 +109,12 @@ public class ConfigJoinServlet extends ConfigBaseServlet { String cert = config.getString("preop.join.cert", ""); context.put("cert", cert); - } catch (EBaseException e) { - } + } catch (EBaseException e) {} } } else { context.put("cert", ""); } - if (select_manual) { + if (select_manual) { context.put("check_manual", "checked"); context.put("check_auto", ""); } else { @@ -127,7 +128,8 @@ public class ConfigJoinServlet extends ConfigBaseServlet { * Updates panel. */ public void update(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { CMS.debug("JoinServlet: update"); IConfigStore config = CMS.getConfigStore(); String select = request.getParameter("choice"); @@ -153,21 +155,22 @@ public class ConfigJoinServlet extends ConfigBaseServlet { config.putString("preop.join.pwd", pwd); /* XXX - submit request to the CA, and import it automatically */ - config.putString("preop.join.cert", ""); /* store the chain */ + config.putString( + "preop.join.cert", ""); /* store the chain */ } config.putString("preop.join.select", select); config.commit(false); - } catch (Exception e) { - } + } catch (Exception e) {} } - + public Template getTemplate(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { Template template = null; try { - template = Velocity - .getTemplate("admin/console/config/config_join.vm"); + template = Velocity.getTemplate( + "admin/console/config/config_join.vm"); } catch (Exception e) { System.err.println("Exception caught: " + e.getMessage()); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigRootCAServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigRootCAServlet.java index 9926895b..895c75ac 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigRootCAServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigRootCAServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.util.Vector; import javax.servlet.http.HttpServletRequest; @@ -31,6 +32,7 @@ import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.profile.CertInfoProfile; + public class ConfigRootCAServlet extends ConfigBaseServlet { /** @@ -39,7 +41,8 @@ public class ConfigRootCAServlet extends ConfigBaseServlet { private static final long serialVersionUID = 1128630821163059659L; public boolean isDisplayMode(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { String profile = request.getParameter("profile"); if (profile == null) { @@ -51,13 +54,12 @@ public class ConfigRootCAServlet extends ConfigBaseServlet { public boolean isPanelModified() { IConfigStore config = CMS.getConfigStore(); - + String profile = null; try { profile = config.getString("preop.hierarchy.profile", null); - } catch (EBaseException e) { - } + } catch (EBaseException e) {} if (profile == null || profile.equals("")) { return false; } else { @@ -71,31 +73,29 @@ public class ConfigRootCAServlet extends ConfigBaseServlet { try { instancePath = config.getString("instanceRoot"); - } catch (EBaseException e) { - } + } catch (EBaseException e) {} String p[] = { "caCert.profile" }; Vector profiles = new Vector(); for (int i = 0; i < p.length; i++) { try { - profiles.addElement(new CertInfoProfile(instancePath + "/conf/" - + p[i])); - } catch (Exception e) { - } + profiles.addElement( + new CertInfoProfile(instancePath + "/conf/" + p[i])); + } catch (Exception e) {} } return profiles; } public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { IConfigStore config = CMS.getConfigStore(); String profile = null; if (isPanelModified()) { try { profile = config.getString("preop.hierarchy.profile", null); - } catch (EBaseException e) { - } + } catch (EBaseException e) {} } if (profile == null) { profile = "caCert.profile"; @@ -108,15 +108,15 @@ public class ConfigRootCAServlet extends ConfigBaseServlet { } public void update(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { String profile = request.getParameter("profile"); IConfigStore config = CMS.getConfigStore(); config.putString("preop.hierarchy.profile", profile); try { - config.commit(false); - } catch (Exception e) { - } + config.commit(false); + } catch (Exception e) {} context.put("status", "update"); context.put("error", ""); Vector profiles = getProfiles(); @@ -124,14 +124,15 @@ public class ConfigRootCAServlet extends ConfigBaseServlet { context.put("profiles", profiles); context.put("selected_profile_id", profile); } - + public Template getTemplate(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { Template template = null; try { - template = Velocity - .getTemplate("admin/console/config/config_rootca.vm"); + template = Velocity.getTemplate( + "admin/console/config/config_rootca.vm"); } catch (Exception e) { System.err.println("Exception caught: " + e.getMessage()); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java index febe8f9a..daf14c9e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.IOException; import java.net.URL; import java.util.StringTokenizer; @@ -38,19 +39,19 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class CreateSubsystemPanel extends WizardPanelBase { - public CreateSubsystemPanel() { - } + public CreateSubsystemPanel() {} /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Subsystem Selection"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, - String id) throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException { setPanelNo(panelno); setName("Subsystem Type"); setId(id); @@ -71,16 +72,15 @@ public class CreateSubsystemPanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) { - } + } catch (EBaseException e) {} return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -88,7 +88,8 @@ public class CreateSubsystemPanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { context.put("title", "Subsystem Type"); IConfigStore config = CMS.getConfigStore(); String session_id = request.getParameter("session_id"); @@ -111,8 +112,8 @@ public class CreateSubsystemPanel extends WizardPanelBase { context.put("check_newsubsystem", ""); context.put("check_clonesubsystem", "checked"); } - context.put("subsystemName", - config.getString("preop.subsystem.name")); + context.put("subsystemName", + config.getString("preop.subsystem.name")); } catch (Exception e) { CMS.debug(e.toString()); } @@ -120,8 +121,8 @@ public class CreateSubsystemPanel extends WizardPanelBase { context.put("check_newsubsystem", "checked"); context.put("check_clonesubsystem", ""); try { - context.put("subsystemName", - config.getString("preop.system.fullname")); + context.put("subsystemName", + config.getString("preop.system.fullname")); } catch (Exception e) { CMS.debug(e.toString()); } @@ -134,8 +135,7 @@ public class CreateSubsystemPanel extends WizardPanelBase { context.put("cstype", cstype); context.put("wizardname", config.getString("preop.wizard.name")); context.put("systemname", config.getString("preop.system.name")); - context.put("fullsystemname", - config.getString("preop.system.fullname")); + context.put("fullsystemname", config.getString("preop.system.fullname")); context.put("machineName", config.getString("machineName")); context.put("http_port", CMS.getEENonSSLPort()); context.put("https_agent_port", CMS.getAgentPort()); @@ -144,7 +144,7 @@ public class CreateSubsystemPanel extends WizardPanelBase { } catch (EBaseException e) { } - Vector v = getUrlListFromSecurityDomain(config, cstype, "SecurePort"); + Vector v = getUrlListFromSecurityDomain(config, cstype, "SecurePort" ); StringBuffer list = new StringBuffer(); int size = v.size(); @@ -164,7 +164,7 @@ public class CreateSubsystemPanel extends WizardPanelBase { errorString = "Internal error, cs.type is missing from CS.cfg"; } - if (list.length() == 0) + if (list.length()==0) context.put("disableClone", "true"); context.put("panel", "admin/console/config/createsubsystempanel.vm"); @@ -176,14 +176,16 @@ public class CreateSubsystemPanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { String errorString = ""; IConfigStore config = CMS.getConfigStore(); String select = HttpInput.getID(request, "choice"); @@ -194,8 +196,8 @@ public class CreateSubsystemPanel extends WizardPanelBase { throw new IOException("choice not found"); } - config.putString("preop.subsystem.name", - HttpInput.getName(request, "subsystemName")); + config.putString("preop.subsystem.name", + HttpInput.getName(request, "subsystemName")); if (select.equals("newsubsystem")) { config.putString("preop.subsystem.select", "new"); config.putString("subsystem.select", "New"); @@ -207,7 +209,7 @@ public class CreateSubsystemPanel extends WizardPanelBase { } cstype = toLowerCaseSubsystemType(cstype); - + config.putString("preop.subsystem.select", "clone"); config.putString("subsystem.select", "Clone"); @@ -221,9 +223,9 @@ public class CreateSubsystemPanel extends WizardPanelBase { while (t.hasMoreTokens()) { String tag = t.nextToken(); if (tag.equals("sslserver")) - config.putBoolean(PCERT_PREFIX + tag + ".enable", true); - else - config.putBoolean(PCERT_PREFIX + tag + ".enable", false); + config.putBoolean(PCERT_PREFIX+tag+".enable", true); + else + config.putBoolean(PCERT_PREFIX+tag+".enable", false); } // get the master CA @@ -252,8 +254,10 @@ public class CreateSubsystemPanel extends WizardPanelBase { String host = u.getHost(); int https_ee_port = u.getPort(); - String https_admin_port = getSecurityDomainAdminPort(config, host, - String.valueOf(https_ee_port), cstype); + String https_admin_port = getSecurityDomainAdminPort( config, + host, + String.valueOf(https_ee_port), + cstype ); config.putString("preop.master.hostname", host); config.putInteger("preop.master.httpsport", https_ee_port); @@ -261,12 +265,12 @@ public class CreateSubsystemPanel extends WizardPanelBase { ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); if (cstype.equals("ca")) { - updateCertChainUsingSecureEEPort(config, "clone", host, - https_ee_port, true, context, certApprovalCallback); + updateCertChainUsingSecureEEPort( config, "clone", host, https_ee_port, + true, context, certApprovalCallback ); } - getTokenInfo(config, cstype, host, https_ee_port, true, context, - certApprovalCallback); + getTokenInfo(config, cstype, host, https_ee_port, true, context, + certApprovalCallback); } else { CMS.debug("CreateSubsystemPanel: invalid choice " + select); errorString = "Invalid choice"; @@ -287,7 +291,8 @@ public class CreateSubsystemPanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { context.put("title", "Subsystem Type"); context.put("panel", "admin/console/config/createsubsystempanel.vm"); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java index feb6ad28..17a4bae6 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.BufferedReader; import java.io.File; import java.io.FileOutputStream; @@ -63,7 +64,7 @@ import com.netscape.cmsutil.ldap.LDAPUtil; public class DatabasePanel extends WizardPanelBase { private static final String HOST = "localhost"; - private static final String CLONE_HOST = "Enter FQDN here"; + private static final String CLONE_HOST="Enter FQDN here"; private static final String PORT = "389"; private static final String BASEDN = "o=netscapeCertificateServer"; private static final String BINDDN = "cn=Directory Manager"; @@ -73,19 +74,19 @@ public class DatabasePanel extends WizardPanelBase { private WizardServlet mServlet = null; - public DatabasePanel() { - } + public DatabasePanel() {} /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Internal Database"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, - String id) throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException { setPanelNo(panelno); setName("Internal Database"); setId(id); @@ -100,15 +101,15 @@ public class DatabasePanel extends WizardPanelBase { public boolean isPanelDone() { IConfigStore cs = CMS.getConfigStore(); try { - boolean s = cs.getBoolean("preop.Database.done", false); + boolean s = cs.getBoolean("preop.Database.done", + false); if (s != true) { return false; } else { return true; } - } catch (EBaseException e) { - } + } catch (EBaseException e) {} return false; } @@ -119,7 +120,7 @@ public class DatabasePanel extends WizardPanelBase { "Host name"); set.add("hostname", hostDesc); - + Descriptor portDesc = new Descriptor(IDescriptor.INTEGER, null, null, "Port"); @@ -129,19 +130,19 @@ public class DatabasePanel extends WizardPanelBase { "Base DN"); set.add("basedn", basednDesc); - + Descriptor binddnDesc = new Descriptor(IDescriptor.STRING, null, null, "Bind DN"); set.add("binddn", binddnDesc); - Descriptor bindpwdDesc = new Descriptor(IDescriptor.PASSWORD, null, - null, "Bind Password"); + Descriptor bindpwdDesc = new Descriptor(IDescriptor.PASSWORD, null, null, + "Bind Password"); set.add("bindpwd", bindpwdDesc); - Descriptor databaseDesc = new Descriptor(IDescriptor.STRING, null, - null, "Database"); + Descriptor databaseDesc = new Descriptor(IDescriptor.STRING, null, null, + "Database"); set.add("database", databaseDesc); @@ -152,7 +153,8 @@ public class DatabasePanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { CMS.debug("DatabasePanel: display()"); context.put("title", "Internal Database"); context.put("firsttime", "false"); @@ -185,9 +187,8 @@ public class DatabasePanel extends WizardPanelBase { basedn = cs.getString("internaldb.basedn", ""); binddn = cs.getString("internaldb.ldapauth.bindDN", ""); database = cs.getString("internaldb.database", ""); - secure = cs.getString("internaldb.ldapconn.secureConn", ""); - cloneStartTLS = cs.getString( - "internaldb.ldapconn.cloneStartTLS", ""); + secure = cs.getString("internaldb.ldapconn.secureConn", ""); + cloneStartTLS = cs.getString("internaldb.ldapconn.cloneStartTLS", ""); errorString = cs.getString("preop.database.errorString", ""); } catch (Exception e) { CMS.debug("DatabasePanel display: " + e.toString()); @@ -198,12 +199,12 @@ public class DatabasePanel extends WizardPanelBase { try { basedn = cs.getString("internaldb.basedn", ""); } catch (Exception e) { - CMS.debug("DatabasePanel::display() - " + "Exception=" - + e.toString()); + CMS.debug( "DatabasePanel::display() - " + + "Exception="+e.toString() ); return; } binddn = BINDDN; - database = basedn.substring(basedn.lastIndexOf('=') + 1); + database = basedn.substring(basedn.lastIndexOf('=')+1); CMS.debug("Clone: database=" + database); } else { hostname = HOST; @@ -222,10 +223,11 @@ public class DatabasePanel extends WizardPanelBase { boolean multipleEnable = false; try { multipleEnable = cs.getBoolean( - "internaldb.multipleSuffix.enable", false); + "internaldb.multipleSuffix.enable", false); } catch (Exception e) { } - + + if (multipleEnable) basedn = "ou=" + instanceId + "," + suffix; else @@ -241,15 +243,15 @@ public class DatabasePanel extends WizardPanelBase { context.put("binddn", binddn); context.put("bindpwd", bindpwd); context.put("database", database); - context.put("secureConn", (secure.equals("true") ? "on" : "off")); - context.put("cloneStartTLS", (cloneStartTLS.equals("true") ? "on" - : "off")); + context.put("secureConn", (secure.equals("true")? "on":"off")); + context.put("cloneStartTLS", (cloneStartTLS.equals("true")? "on":"off")); context.put("panel", "admin/console/config/databasepanel.vm"); context.put("errorString", errorString); } public void initParams(HttpServletRequest request, Context context) - throws IOException { + throws IOException + { IConfigStore config = CMS.getConfigStore(); String select = ""; try { @@ -269,7 +271,8 @@ public class DatabasePanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { IConfigStore cs = CMS.getConfigStore(); context.put("firsttime", "false"); @@ -314,15 +317,13 @@ public class DatabasePanel extends WizardPanelBase { String masterport = ""; String masterbasedn = ""; try { - masterhost = cs.getString("preop.internaldb.master.hostname", - ""); + masterhost = cs.getString("preop.internaldb.master.hostname", ""); masterport = cs.getString("preop.internaldb.master.port", ""); - masterbasedn = cs.getString("preop.internaldb.master.basedn", - ""); + masterbasedn = cs.getString("preop.internaldb.master.basedn", ""); } catch (Exception e) { } - // get the real host name + //get the real host name String realhostname = ""; if (hostname.equals("localhost")) { try { @@ -332,14 +333,12 @@ public class DatabasePanel extends WizardPanelBase { } if (masterhost.equals(realhostname) && masterport.equals(portStr)) { context.put("updateStatus", "validate-failure"); - throw new IOException( - "Master and clone must not share the same internal database"); + throw new IOException("Master and clone must not share the same internal database"); } if (!masterbasedn.equals(basedn)) { context.put("updateStatus", "validate-failure"); - throw new IOException( - "Master and clone should have the same base DN"); + throw new IOException("Master and clone should have the same base DN"); } } @@ -366,15 +365,13 @@ public class DatabasePanel extends WizardPanelBase { } if (basedn == null || basedn.length() == 0) { - cs.putString("preop.database.errorString", - "Base DN is empty string"); + cs.putString("preop.database.errorString", "Base DN is empty string"); context.put("updateStatus", "validate-failure"); throw new IOException("Base DN is empty string"); } if (binddn == null || binddn.length() == 0) { - cs.putString("preop.database.errorString", - "Bind DN is empty string"); + cs.putString("preop.database.errorString", "Bind DN is empty string"); context.put("updateStatus", "validate-failure"); throw new IOException("Bind DN is empty string"); } @@ -398,7 +395,8 @@ public class DatabasePanel extends WizardPanelBase { } private LDAPConnection getLocalLDAPConn(Context context, String secure) - throws IOException { + throws IOException + { IConfigStore cs = CMS.getConfigStore(); String host = ""; @@ -411,7 +409,7 @@ public class DatabasePanel extends WizardPanelBase { host = cs.getString("internaldb.ldapconn.host"); port = cs.getString("internaldb.ldapconn.port"); binddn = cs.getString("internaldb.ldapauth.bindDN"); - pwd = (String) context.get("bindpwd"); + pwd = (String) context.get("bindpwd"); security = cs.getString("internaldb.ldapconn.secureConn"); } catch (Exception e) { CMS.debug("DatabasePanel populateDB: " + e.toString()); @@ -430,12 +428,12 @@ public class DatabasePanel extends WizardPanelBase { LDAPConnection conn = null; if (security.equals("true")) { - CMS.debug("DatabasePanel populateDB: creating secure (SSL) connection for internal ldap"); - conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); - } else { - CMS.debug("DatabasePanel populateDB: creating non-secure (non-SSL) connection for internal ldap"); - conn = new LDAPConnection(); - } + CMS.debug("DatabasePanel populateDB: creating secure (SSL) connection for internal ldap"); + conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); + } else { + CMS.debug("DatabasePanel populateDB: creating non-secure (non-SSL) connection for internal ldap"); + conn = new LDAPConnection(); + } CMS.debug("DatabasePanel connecting to " + host + ":" + p); try { @@ -445,80 +443,81 @@ public class DatabasePanel extends WizardPanelBase { throw new IOException("Failed to connect to the internal database."); } - return conn; + return conn; } - private boolean deleteDir(File dir) { + private boolean deleteDir(File dir) + { if (dir.isDirectory()) { String[] children = dir.list(); - for (int i = 0; i < children.length; i++) { + for (int i=0; i<children.length; i++) { boolean success = deleteDir(new File(dir, children[i])); if (!success) { return false; } } } - + // The directory is now empty so delete it return dir.delete(); - } + } - private void cleanupDB(LDAPConnection conn, String baseDN, String database) { + private void cleanupDB(LDAPConnection conn, String baseDN, String database) + { String[] entries = {}; String filter = "objectclass=*"; LDAPSearchConstraints cons = null; String[] attrs = null; - String dn = ""; + String dn=""; try { CMS.debug("Deleting baseDN: " + baseDN); - LDAPSearchResults res = conn.search(baseDN, - LDAPConnection.SCOPE_BASE, filter, attrs, true, cons); - if (res != null) - deleteEntries(res, conn, baseDN, entries); - } catch (LDAPException e) { + LDAPSearchResults res = conn.search(baseDN, LDAPConnection.SCOPE_BASE, filter, + attrs, true, cons); + if (res != null) + deleteEntries(res, conn, baseDN, entries); } - + catch (LDAPException e) {} + try { - dn = "cn=mapping tree, cn=config"; - filter = "nsslapd-backend=" + database; - LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_ONE, - filter, attrs, true, cons); - if (res != null) { - while (res.hasMoreElements()) { - dn = res.next().getDN(); - filter = "objectclass=*"; - LDAPSearchResults res2 = conn.search(dn, - LDAPConnection.SCOPE_BASE, filter, attrs, true, - cons); - if (res2 != null) - deleteEntries(res2, conn, dn, entries); - } - } - } catch (LDAPException e) { - } + dn="cn=mapping tree, cn=config"; + filter = "nsslapd-backend=" + database; + LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_ONE, filter, + attrs, true, cons); + if (res != null) { + while (res.hasMoreElements()) { + dn = res.next().getDN(); + filter = "objectclass=*"; + LDAPSearchResults res2 = conn.search(dn, LDAPConnection.SCOPE_BASE, filter, + attrs, true, cons); + if (res2 != null) + deleteEntries(res2, conn, dn, entries); + } + } + } + catch (LDAPException e) {} try { dn = "cn=" + database + ",cn=ldbm database, cn=plugins, cn=config"; - LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_BASE, - filter, attrs, true, cons); + LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_BASE, filter, + attrs, true, cons); if (res != null) { deleteEntries(res, conn, dn, entries); - String dbdir = getInstanceDir(conn) + "/db/" + database; - if (dbdir != null) { - CMS.debug(" Deleting dbdir " + dbdir); + String dbdir = getInstanceDir(conn) + "/db/" + database; + if (dbdir != null) { + CMS.debug(" Deleting dbdir " + dbdir); boolean success = deleteDir(new File(dbdir)); if (!success) { - CMS.debug("Unable to delete database directory " - + dbdir); + CMS.debug("Unable to delete database directory " + dbdir); } } } - } catch (LDAPException e) { } + catch (LDAPException e) {} } - private void populateDB(HttpServletRequest request, Context context, - String secure) throws IOException { + + private void populateDB(HttpServletRequest request, Context context, String secure) + throws IOException { IConfigStore cs = CMS.getConfigStore(); String baseDN = ""; @@ -543,53 +542,50 @@ public class DatabasePanel extends WizardPanelBase { boolean foundDatabase = false; try { LDAPEntry entry = conn.read(baseDN); - if (entry != null) - foundBaseDN = true; + if (entry != null) foundBaseDN = true; } catch (LDAPException e) { - switch (e.getLDAPResultCode()) { - case LDAPException.NO_SUCH_OBJECT: - break; - default: - CMS.debug("DatabasePanel update: LDAPException " + e.toString()); - throw new IOException("Failed to create the database"); + switch( e.getLDAPResultCode() ) { + case LDAPException.NO_SUCH_OBJECT: + break; + default: + CMS.debug("DatabasePanel update: LDAPException " + e.toString()); + throw new IOException("Failed to create the database"); } } try { dn = "cn=" + database + ",cn=ldbm database, cn=plugins, cn=config"; LDAPEntry entry = conn.read(dn); - if (entry != null) - foundDatabase = true; + if (entry != null) foundDatabase = true; } catch (LDAPException e) { - switch (e.getLDAPResultCode()) { - case LDAPException.NO_SUCH_OBJECT: - break; - default: - CMS.debug("DatabasePanel update: LDAPException " + e.toString()); - throw new IOException("Failed to create the database"); + switch( e.getLDAPResultCode() ) { + case LDAPException.NO_SUCH_OBJECT: + break; + default: + CMS.debug("DatabasePanel update: LDAPException " + e.toString()); + throw new IOException("Failed to create the database"); } } try { dn = "cn=\"" + baseDN + "\",cn=mapping tree, cn=config"; LDAPEntry entry = conn.read(dn); - if (entry != null) - foundDatabase = true; + if (entry != null) foundDatabase = true; } catch (LDAPException e) { - switch (e.getLDAPResultCode()) { - case LDAPException.NO_SUCH_OBJECT: - break; - default: - CMS.debug("DatabasePanel update: LDAPException " + e.toString()); - throw new IOException("Failed to create the database"); + switch( e.getLDAPResultCode() ) { + case LDAPException.NO_SUCH_OBJECT: + break; + default: + CMS.debug("DatabasePanel update: LDAPException " + e.toString()); + throw new IOException("Failed to create the database"); } } if (foundDatabase) { CMS.debug("DatabasePanel update: This database has already been used."); if (remove == null) { - throw new IOException( - "This database has already been used. Select the checkbox below to remove all data and reuse this database"); - } else { + throw new IOException("This database has already been used. Select the checkbox below to remove all data and reuse this database"); + } + else { CMS.debug("DatabasePanel update: Deleting existing DB and reusing base DN"); cleanupDB(conn, baseDN, database); foundBaseDN = false; @@ -600,11 +596,9 @@ public class DatabasePanel extends WizardPanelBase { if (foundBaseDN) { CMS.debug("DatabasePanel update: This base DN has already been used."); if (remove == null) { - throw new IOException( - "This base DN (" - + baseDN - + ") has already been used. Select the checkbox below to remove all data and reuse this base DN"); - } else { + throw new IOException("This base DN ("+baseDN+") has already been used. Select the checkbox below to remove all data and reuse this base DN"); + } + else { CMS.debug("DatabasePanel update: Deleting existing DB and reusing base DN"); cleanupDB(conn, baseDN, database); foundBaseDN = false; @@ -615,7 +609,7 @@ public class DatabasePanel extends WizardPanelBase { // create database try { LDAPAttributeSet attrs = new LDAPAttributeSet(); - String oc[] = { "top", "extensibleObject", "nsBackendInstance" }; + String oc[] = { "top", "extensibleObject", "nsBackendInstance"}; attrs.add(new LDAPAttribute("objectClass", oc)); attrs.add(new LDAPAttribute("cn", database)); attrs.add(new LDAPAttribute("nsslapd-suffix", baseDN)); @@ -629,7 +623,7 @@ public class DatabasePanel extends WizardPanelBase { try { LDAPAttributeSet attrs = new LDAPAttributeSet(); - String oc2[] = { "top", "extensibleObject", "nsMappingTree" }; + String oc2[] = { "top", "extensibleObject", "nsMappingTree"}; attrs.add(new LDAPAttribute("objectClass", oc2)); attrs.add(new LDAPAttribute("cn", baseDN)); attrs.add(new LDAPAttribute("nsslapd-backend", database)); @@ -638,8 +632,7 @@ public class DatabasePanel extends WizardPanelBase { LDAPEntry entry = new LDAPEntry(dn, attrs); conn.add(entry); } catch (Exception e) { - CMS.debug("Warning: database mapping tree creation error - " - + e.toString()); + CMS.debug("Warning: database mapping tree creation error - " + e.toString()); throw new IOException("Failed to create the database."); } @@ -651,19 +644,19 @@ public class DatabasePanel extends WizardPanelBase { String n = st.nextToken(); String v = st.nextToken(); LDAPAttributeSet attrs = new LDAPAttributeSet(); - String oc3[] = { "top", "domain" }; + String oc3[] = { "top", "domain"}; if (n.equals("o")) { - oc3[1] = "organization"; + oc3[1] = "organization"; } else if (n.equals("ou")) { - oc3[1] = "organizationalUnit"; - } + oc3[1] = "organizationalUnit"; + } attrs.add(new LDAPAttribute("objectClass", oc3)); attrs.add(new LDAPAttribute(n, v)); LDAPEntry entry = new LDAPEntry(baseDN, attrs); conn.add(entry); } catch (Exception e) { CMS.debug("Warning: suffix creation error - " + e.toString()); - throw new IOException("Failed to create the base DN: " + baseDN); + throw new IOException("Failed to create the base DN: "+baseDN); } // check to see if the base dn exists @@ -673,23 +666,19 @@ public class DatabasePanel extends WizardPanelBase { LDAPEntry entry = conn.read(baseDN); if (entry != null) { - foundBaseDN = true; + foundBaseDN = true; } - } catch (LDAPException e) { - } + } catch (LDAPException e) {} boolean createBaseDN = true; boolean testing = false; try { testing = cs.getBoolean("internaldb.multipleSuffix.enable", false); - } catch (Exception e) { - } + } catch (Exception e) {} if (!foundBaseDN) { if (!testing) { - context.put( - "errorString", - "Base DN was not found. Please make sure to create the suffix in the internal database."); + context.put("errorString", "Base DN was not found. Please make sure to create the suffix in the internal database."); throw new IOException("Base DN not found"); } @@ -708,7 +697,7 @@ public class DatabasePanel extends WizardPanelBase { // support only one level creation - create new entry // right under the suffix LDAPAttributeSet attrs = new LDAPAttributeSet(); - String oc[] = { "top", "organizationalUnit" }; + String oc[] = { "top", "organizationalUnit"}; attrs.add(new LDAPAttribute("objectClass", oc)); attrs.add(new LDAPAttribute("ou", dns2[0])); @@ -716,7 +705,7 @@ public class DatabasePanel extends WizardPanelBase { try { conn.add(entry); - foundBaseDN = true; + foundBaseDN = true; CMS.debug("DatabasePanel added " + baseDN); } catch (LDAPException e) { throw new IOException("Failed to create " + baseDN); @@ -734,41 +723,39 @@ public class DatabasePanel extends WizardPanelBase { } if (select.equals("clone")) { - // if this is clone, add index before replication - // don't put in the schema or bad things will happen - - importLDIFS("preop.internaldb.ldif", conn); - importLDIFS("preop.internaldb.index_ldif", conn); + // if this is clone, add index before replication + // don't put in the schema or bad things will happen + + importLDIFS("preop.internaldb.ldif", conn); + importLDIFS("preop.internaldb.index_ldif", conn); } else { - // data will be replicated from the master to the clone - // so clone does not need the data - // + // data will be replicated from the master to the clone + // so clone does not need the data + // - importLDIFS("preop.internaldb.schema.ldif", conn); - importLDIFS("preop.internaldb.ldif", conn); - importLDIFS("preop.internaldb.data_ldif", conn); - importLDIFS("preop.internaldb.index_ldif", conn); + importLDIFS("preop.internaldb.schema.ldif", conn); + importLDIFS("preop.internaldb.ldif", conn); + importLDIFS("preop.internaldb.data_ldif", conn); + importLDIFS("preop.internaldb.index_ldif", conn); } try { conn.disconnect(); - } catch (LDAPException e) { - } + } catch (LDAPException e) {} } - private void importLDIFS(String param, LDAPConnection conn) - throws IOException { + private void importLDIFS(String param, LDAPConnection conn) throws IOException { IConfigStore cs = CMS.getConfigStore(); String v = null; CMS.debug("DatabasePanel populateDB param=" + param); try { v = cs.getString(param); - } catch (EBaseException e) { + } catch (EBaseException e) { CMS.debug("DatabasePanel populateDB: " + e.toString()); throw new IOException("Cant find ldif files."); } - + StringTokenizer tokenizer = new StringTokenizer(v, ","); String baseDN = null; String database = null; @@ -783,8 +770,9 @@ public class DatabasePanel extends WizardPanelBase { database = cs.getString("internaldb.database"); CMS.debug("DatabasePanel update: database=" + database); } catch (EBaseException e) { - CMS.debug("DatabasePanel update: Failed to get database name. Exception: " - + e.toString()); + CMS.debug( + "DatabasePanel update: Failed to get database name. Exception: " + + e.toString()); database = "userRoot"; } @@ -799,12 +787,13 @@ public class DatabasePanel extends WizardPanelBase { String instanceId = null; try { - instanceId = cs.getString("instanceId"); + instanceId = cs.getString("instanceId"); } catch (EBaseException e) { throw new IOException("instanceId is missing"); } - String configDir = instancePath + File.separator + "conf"; + + String configDir = instancePath + File.separator + "conf"; while (tokenizer.hasMoreTokens()) { String token = tokenizer.nextToken().trim(); @@ -818,8 +807,7 @@ public class DatabasePanel extends WizardPanelBase { CMS.debug("DatabasePanel importLDIFS: ldif file = " + token); String filename = configDir + File.separator + name; - CMS.debug("DatabasePanel importLDIFS: ldif file copy to " - + filename); + CMS.debug("DatabasePanel importLDIFS: ldif file copy to " + filename); PrintStream ps = null; BufferedReader in = null; @@ -858,14 +846,14 @@ public class DatabasePanel extends WizardPanelBase { if (!endOfline) { ps.println(s); } - } + } } in.close(); ps.close(); - } catch (Exception e) { + } catch (Exception e) { CMS.debug("DBSubsystem popuateDB: " + e.toString()); - throw new IOException("Problem of copying ldif file: " - + filename); + throw new IOException( + "Problem of copying ldif file: " + filename); } LDAPUtil.importLDIF(conn, filename); @@ -876,9 +864,10 @@ public class DatabasePanel extends WizardPanelBase { * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { IConfigStore cs = CMS.getConfigStore(); - boolean hasErr = false; + boolean hasErr = false; boolean firsttime = false; context.put("firsttime", "false"); @@ -914,20 +903,17 @@ public class DatabasePanel extends WizardPanelBase { cs.putString("internaldb.ldapauth.bindDN", binddn); cs.putString("internaldb.database", database2); String secure = HttpInput.getCheckbox(request, "secureConn"); - cs.putString("internaldb.ldapconn.secureConn", - (secure.equals("on") ? "true" : "false")); + cs.putString("internaldb.ldapconn.secureConn", (secure.equals("on")?"true":"false")); String cloneStartTLS = HttpInput.getCheckbox(request, "cloneStartTLS"); - cs.putString("internaldb.ldapconn.cloneStartTLS", - (cloneStartTLS.equals("on") ? "true" : "false")); + cs.putString("internaldb.ldapconn.cloneStartTLS", (cloneStartTLS.equals("on")?"true":"false")); String remove = HttpInput.getID(request, "removeData"); if (isPanelDone() && (remove == null || remove.equals(""))) { - /* - * if user submits the same data, they just want to skip to the next - * panel, no database population is required. - */ - if (hostname1.equals(hostname2) && portStr1.equals(portStr2) - && database1.equals(database2)) { + /* if user submits the same data, they just want to skip + to the next panel, no database population is required. */ + if (hostname1.equals(hostname2) && + portStr1.equals(portStr2) && + database1.equals(database2)) { context.put("updateStatus", "success"); return; } @@ -935,17 +921,15 @@ public class DatabasePanel extends WizardPanelBase { mServlet.cleanUpFromPanel(mServlet.getPanelNo(request)); + try { - populateDB(request, context, (secure.equals("on") ? "true" - : "false")); + populateDB(request, context, (secure.equals("on")?"true":"false")); } catch (IOException e) { - CMS.debug("DatabasePanel update: populateDB Exception: " - + e.toString()); + CMS.debug("DatabasePanel update: populateDB Exception: "+e.toString()); context.put("updateStatus", "failure"); throw e; } catch (Exception e) { - CMS.debug("DatabasePanel update: populateDB Exception: " - + e.toString()); + CMS.debug("DatabasePanel update: populateDB Exception: "+e.toString()); context.put("errorString", e.toString()); cs.putString("preop.database.errorString", e.toString()); context.put("updateStatus", "failure"); @@ -966,11 +950,11 @@ public class DatabasePanel extends WizardPanelBase { } catch (Exception e) { CMS.debug("ConfigDatabaseServlet update: " + e.toString()); context.put("updateStatus", "failure"); - throw new IOException(e.toString()); + throw new IOException( e.toString() ); } psStore.putString("internaldb", bindpwd); psStore.putString("replicationdb", replicationpwd); - cs.putString("preop.internaldb.replicationpwd", replicationpwd); + cs.putString("preop.internaldb.replicationpwd" , replicationpwd); cs.putString("preop.database.removeData", "false"); try { @@ -999,65 +983,57 @@ public class DatabasePanel extends WizardPanelBase { // always populate the index the last try { - CMS.debug("Populating local indexes"); - LDAPConnection conn = getLocalLDAPConn(context, - (secure.equals("on") ? "true" : "false")); - importLDIFS("preop.internaldb.post_ldif", conn); - - /* - * For vlvtask, we need to check if the task has been completed or - * not. Presence of nsTaskExitCode means task is complete - */ - String wait_dn = cs.getString("preop.internaldb.wait_dn", ""); - if (!wait_dn.equals("")) { - int i = 0; - LDAPEntry task = null; - boolean taskComplete = false; - CMS.debug("Checking wait_dn " + wait_dn); - do { - Thread.sleep(1000); - try { - task = conn.read(wait_dn, (String[]) null); - if (task != null) { - LDAPAttribute attr = task - .getAttribute("nsTaskExitCode"); - if (attr != null) { - taskComplete = true; - String val = (String) attr.getStringValues() - .nextElement(); - if (val.compareTo("0") != 0) { - CMS.debug("Error in populating local indexes: nsTaskExitCode=" - + val); - } - } - } - } catch (LDAPException le) { - CMS.debug("Still checking wait_dn '" + wait_dn + "' (" - + le.toString() + ")"); - } catch (Exception e) { - CMS.debug("Still checking wait_dn '" + wait_dn + "' (" - + e.toString() + ")."); - } - } while ((!taskComplete) && (i < 20)); - if (i < 20) { - CMS.debug("Done checking wait_dn " + wait_dn); - } else { - CMS.debug("Done checking wait_dn " + wait_dn - + " due to timeout."); + CMS.debug("Populating local indexes"); + LDAPConnection conn = getLocalLDAPConn(context, + (secure.equals("on")?"true":"false")); + importLDIFS("preop.internaldb.post_ldif", conn); + + /* For vlvtask, we need to check if the task has + been completed or not. Presence of nsTaskExitCode means task is complete + */ + String wait_dn = cs.getString("preop.internaldb.wait_dn", ""); + if (!wait_dn.equals("")) { + int i = 0; + LDAPEntry task = null; + boolean taskComplete = false; + CMS.debug("Checking wait_dn " + wait_dn); + do { + Thread.sleep(1000); + try { + task = conn.read(wait_dn, (String[])null); + if (task != null) { + LDAPAttribute attr = task.getAttribute("nsTaskExitCode"); + if (attr != null) { + taskComplete = true; + String val = (String) attr.getStringValues().nextElement(); + if (val.compareTo("0") != 0) { + CMS.debug("Error in populating local indexes: nsTaskExitCode=" + val); + } + } } + } catch (LDAPException le) { + CMS.debug("Still checking wait_dn '" + wait_dn + "' (" + le.toString() + ")"); + } catch (Exception e) { + CMS.debug("Still checking wait_dn '" + wait_dn + "' (" + e.toString() + ")."); + } + } while ((!taskComplete) && (i < 20)); + if (i < 20) { + CMS.debug("Done checking wait_dn " + wait_dn); + } else { + CMS.debug("Done checking wait_dn " + wait_dn + " due to timeout."); } + } - conn.disconnect(); - CMS.debug("Done populating local indexes"); + conn.disconnect(); + CMS.debug("Done populating local indexes"); } catch (Exception e) { - CMS.debug("Populating index failure - " + e); + CMS.debug("Populating index failure - " + e); } // setup replication after indexes have been created if (select.equals("clone")) { CMS.debug("Start setting up replication."); - setupReplication(request, context, (secure.equals("on") ? "true" - : "false"), (cloneStartTLS.equals("on") ? "true" : "false")); + setupReplication(request, context, (secure.equals("on")?"true":"false"), (cloneStartTLS.equals("on")?"true":"false")); CMS.debug("Finish setting up replication."); try { @@ -1072,23 +1048,25 @@ public class DatabasePanel extends WizardPanelBase { } } + if (hasErr == false) { - cs.putBoolean("preop.Database.done", true); - try { - cs.commit(false); - } catch (EBaseException e) { - CMS.debug("DatabasePanel: update() Exception caught at config commit: " - + e.toString()); - } - } + cs.putBoolean("preop.Database.done", true); + try { + cs.commit(false); + } catch (EBaseException e) { + CMS.debug( + "DatabasePanel: update() Exception caught at config commit: " + + e.toString()); + } + } context.put("updateStatus", "success"); } - private void setupReplication(HttpServletRequest request, Context context, - String secure, String cloneStartTLS) throws IOException { + private void setupReplication(HttpServletRequest request, + Context context, String secure, String cloneStartTLS) throws IOException { String bindpwd = HttpInput.getPassword(request, "__bindpwd"); IConfigStore cs = CMS.getConfigStore(); - + String cstype = ""; String machinename = ""; String instanceId = ""; @@ -1100,14 +1078,13 @@ public class DatabasePanel extends WizardPanelBase { } catch (Exception e) { } - // setup replication agreement - String masterAgreementName = "masterAgreement1-" + machinename + "-" - + instanceId; + + //setup replication agreement + String masterAgreementName = "masterAgreement1-"+machinename+"-"+instanceId; cs.putString("internaldb.replication.master", masterAgreementName); - String cloneAgreementName = "cloneAgreement1-" + machinename + "-" - + instanceId; + String cloneAgreementName = "cloneAgreement1-"+machinename+"-"+instanceId; cs.putString("internaldb.replication.consumer", cloneAgreementName); - + try { cs.commit(false); } catch (Exception e) { @@ -1120,14 +1097,11 @@ public class DatabasePanel extends WizardPanelBase { String master1_replicationpwd = ""; try { - master1_hostname = cs.getString("preop.internaldb.master.hostname", - ""); + master1_hostname = cs.getString("preop.internaldb.master.hostname", ""); master1_port = cs.getInteger("preop.internaldb.master.port", -1); master1_binddn = cs.getString("preop.internaldb.master.binddn", ""); - master1_bindpwd = cs.getString("preop.internaldb.master.bindpwd", - ""); - master1_replicationpwd = cs.getString( - "preop.internaldb.master.replicationpwd", ""); + master1_bindpwd = cs.getString("preop.internaldb.master.bindpwd", ""); + master1_replicationpwd = cs.getString("preop.internaldb.master.replicationpwd", ""); } catch (Exception e) { } @@ -1142,22 +1116,21 @@ public class DatabasePanel extends WizardPanelBase { master2_port = cs.getInteger("internaldb.ldapconn.port", -1); master2_binddn = cs.getString("internaldb.ldapauth.bindDN", ""); master2_bindpwd = bindpwd; - master2_replicationpwd = cs.getString( - "preop.internaldb.replicationpwd", ""); + master2_replicationpwd = cs.getString("preop.internaldb.replicationpwd", ""); } catch (Exception e) { } - + LDAPConnection conn1 = null; LDAPConnection conn2 = null; if (secure.equals("true")) { - CMS.debug("DatabasePanel setupReplication: creating secure (SSL) connections for internal ldap"); - conn1 = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); - conn2 = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); - } else { - CMS.debug("DatabasePanel setupreplication: creating non-secure (non-SSL) connections for internal ldap"); - conn1 = new LDAPConnection(); - conn2 = new LDAPConnection(); - } + CMS.debug("DatabasePanel setupReplication: creating secure (SSL) connections for internal ldap"); + conn1 = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); + conn2 = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); + } else { + CMS.debug("DatabasePanel setupreplication: creating non-secure (non-SSL) connections for internal ldap"); + conn1 = new LDAPConnection(); + conn2 = new LDAPConnection(); + } String basedn = ""; try { @@ -1167,23 +1140,19 @@ public class DatabasePanel extends WizardPanelBase { try { conn1.connect(master1_hostname, master1_port, master1_binddn, - master1_bindpwd); + master1_bindpwd); conn2.connect(master2_hostname, master2_port, master2_binddn, - master2_bindpwd); + master2_bindpwd); String suffix = cs.getString("internaldb.basedn", ""); - String replicadn = "cn=replica,cn=\"" + suffix - + "\",cn=mapping tree,cn=config"; - CMS.debug("DatabasePanel setupReplication: replicadn=" + replicadn); + String replicadn = "cn=replica,cn=\""+suffix+"\",cn=mapping tree,cn=config"; + CMS.debug("DatabasePanel setupReplication: replicadn="+replicadn); - String masterBindUser = "Replication Manager " - + masterAgreementName; + String masterBindUser = "Replication Manager " + masterAgreementName; String cloneBindUser = "Replication Manager " + cloneAgreementName; - createReplicationManager(conn1, masterBindUser, - master1_replicationpwd); - createReplicationManager(conn2, cloneBindUser, - master2_replicationpwd); + createReplicationManager(conn1, masterBindUser, master1_replicationpwd); + createReplicationManager(conn2, cloneBindUser, master2_replicationpwd); String dir1 = getInstanceDir(conn1); createChangeLog(conn1, dir1 + "/changelogs"); @@ -1193,43 +1162,36 @@ public class DatabasePanel extends WizardPanelBase { int replicaId = cs.getInteger("dbs.beginReplicaNumber", 1); - replicaId = enableReplication(replicadn, conn1, masterBindUser, - basedn, replicaId); - replicaId = enableReplication(replicadn, conn2, cloneBindUser, - basedn, replicaId); + replicaId = enableReplication(replicadn, conn1, masterBindUser, basedn, replicaId); + replicaId = enableReplication(replicadn, conn2, cloneBindUser, basedn, replicaId); cs.putString("dbs.beginReplicaNumber", Integer.toString(replicaId)); CMS.debug("DatabasePanel setupReplication: Finished enabling replication"); - createReplicationAgreement(replicadn, conn1, masterAgreementName, - master2_hostname, master2_port, master2_replicationpwd, - basedn, cloneBindUser, secure, cloneStartTLS); + createReplicationAgreement(replicadn, conn1, masterAgreementName, + master2_hostname, master2_port, master2_replicationpwd, basedn, cloneBindUser, secure, cloneStartTLS); - createReplicationAgreement(replicadn, conn2, cloneAgreementName, - master1_hostname, master1_port, master1_replicationpwd, - basedn, masterBindUser, secure, cloneStartTLS); + createReplicationAgreement(replicadn, conn2, cloneAgreementName, + master1_hostname, master1_port, master1_replicationpwd, basedn, masterBindUser, secure, cloneStartTLS); // initialize consumer initializeConsumer(replicadn, conn1, masterAgreementName); - while (!replicationDone(replicadn, conn1, masterAgreementName)) { + while (! replicationDone(replicadn, conn1, masterAgreementName)) { CMS.debug("DatabasePanel setupReplication: Waiting for replication to complete"); Thread.sleep(1000); } - String status = replicationStatus(replicadn, conn1, - masterAgreementName); + String status = replicationStatus(replicadn, conn1, masterAgreementName); if (!status.startsWith("0 ")) { - CMS.debug("DatabasePanel setupReplication: consumer initialization failed. " - + status); - throw new IOException("consumer initialization failed. " - + status); - } + CMS.debug("DatabasePanel setupReplication: consumer initialization failed. " + + status); + throw new IOException("consumer initialization failed. " + status); + } } catch (Exception e) { - CMS.debug("DatabasePanel setupReplication: " + e.toString()); - throw new IOException( - "Failed to setup the replication for cloning."); + CMS.debug("DatabasePanel setupReplication: "+e.toString()); + throw new IOException("Failed to setup the replication for cloning."); } } @@ -1237,26 +1199,27 @@ public class DatabasePanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { try { - initParams(request, context); - } catch (IOException e) { + initParams(request, context); + } catch (IOException e) { } context.put("title", "Database"); context.put("panel", "admin/console/config/databasepanel.vm"); } private boolean isAgreementExist(String replicadn, LDAPConnection conn, - String name) { - String dn = "cn=" + name + "," + replicadn; - String filter = "(cn=" + name + ")"; - String[] attrs = { "cn" }; + String name) { + String dn = "cn="+name+","+replicadn; + String filter = "(cn="+name+")"; + String[] attrs = {"cn"}; try { LDAPSearchResults results = conn.search(dn, LDAPv3.SCOPE_SUB, - filter, attrs, false); + filter, attrs, false); while (results.hasMoreElements()) - return true; + return true; } catch (LDAPException e) { return false; } @@ -1264,8 +1227,8 @@ public class DatabasePanel extends WizardPanelBase { return false; } - private void createReplicationManager(LDAPConnection conn, String bindUser, - String pwd) throws LDAPException { + private void createReplicationManager(LDAPConnection conn, String bindUser, String pwd) + throws LDAPException { LDAPAttributeSet attrs = null; LDAPEntry entry = null; String dn = "cn=" + bindUser + ",cn=config"; @@ -1285,13 +1248,11 @@ public class DatabasePanel extends WizardPanelBase { conn.delete(dn); conn.add(entry); } catch (LDAPException ee) { - CMS.debug("DatabasePanel createReplicationManager: " - + ee.toString()); + CMS.debug("DatabasePanel createReplicationManager: "+ee.toString()); } return; } else { - CMS.debug("DatabasePanel createReplicationManager: Failed to create replication manager. Exception: " - + e.toString()); + CMS.debug("DatabasePanel createReplicationManager: Failed to create replication manager. Exception: "+e.toString()); throw e; } } @@ -1300,7 +1261,7 @@ public class DatabasePanel extends WizardPanelBase { } private void createChangeLog(LDAPConnection conn, String dir) - throws LDAPException { + throws LDAPException { LDAPAttributeSet attrs = null; LDAPEntry entry = null; String dn = "cn=changelog5,cn=config"; @@ -1315,16 +1276,17 @@ public class DatabasePanel extends WizardPanelBase { } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS) { CMS.debug("DatabasePanel createChangeLog: Changelog entry has already used"); - /* - * leave it, dont delete it because it will have operation error - * try { conn.delete(dn); conn.add(entry); } catch - * (LDAPException ee) { - * CMS.debug("DatabasePanel createChangeLog: "+ee.toString()); } - */ +/* leave it, dont delete it because it will have operation error + try { + conn.delete(dn); + conn.add(entry); + } catch (LDAPException ee) { + CMS.debug("DatabasePanel createChangeLog: "+ee.toString()); + } +*/ return; } else { - CMS.debug("DatabasePanel createChangeLog: Failed to create changelog entry. Exception: " - + e.toString()); + CMS.debug("DatabasePanel createChangeLog: Failed to create changelog entry. Exception: "+e.toString()); throw e; } } @@ -1332,9 +1294,9 @@ public class DatabasePanel extends WizardPanelBase { CMS.debug("DatabasePanel createChangeLog: Successfully create change log entry"); } - private int enableReplication(String replicadn, LDAPConnection conn, - String bindUser, String basedn, int id) throws LDAPException { - CMS.debug("DatabasePanel enableReplication: replicadn: " + replicadn); + private int enableReplication(String replicadn, LDAPConnection conn, String bindUser, String basedn, int id) + throws LDAPException { + CMS.debug("DatabasePanel enableReplication: replicadn: "+replicadn); LDAPAttributeSet attrs = null; LDAPEntry entry = null; try { @@ -1344,8 +1306,8 @@ public class DatabasePanel extends WizardPanelBase { attrs.add(new LDAPAttribute("objectclass", "extensibleobject")); attrs.add(new LDAPAttribute("nsDS5ReplicaRoot", basedn)); attrs.add(new LDAPAttribute("nsDS5ReplicaType", "3")); - attrs.add(new LDAPAttribute("nsDS5ReplicaBindDN", "cn=" + bindUser - + ",cn=config")); + attrs.add(new LDAPAttribute("nsDS5ReplicaBindDN", + "cn=" + bindUser + ",cn=config")); attrs.add(new LDAPAttribute("cn", "replica")); attrs.add(new LDAPAttribute("nsDS5ReplicaId", Integer.toString(id))); attrs.add(new LDAPAttribute("nsds5flags", "1")); @@ -1353,57 +1315,49 @@ public class DatabasePanel extends WizardPanelBase { conn.add(entry); } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS) { - /* - * BZ 470918 -we cant just add the new dn. We need to do a - * replace instead until the DS code is fixed - */ - CMS.debug("DatabasePanel enableReplication: " + replicadn - + " has already been used"); - + /* BZ 470918 -we cant just add the new dn. We need to do a replace instead + * until the DS code is fixed */ + CMS.debug("DatabasePanel enableReplication: "+replicadn+" has already been used"); + try { entry = conn.read(replicadn); - LDAPAttribute attr = entry - .getAttribute("nsDS5ReplicaBindDN"); - attr.addValue("cn=" + bindUser + ",cn=config"); - LDAPModification mod = new LDAPModification( - LDAPModification.REPLACE, attr); + LDAPAttribute attr = entry.getAttribute("nsDS5ReplicaBindDN"); + attr.addValue( "cn=" + bindUser + ",cn=config"); + LDAPModification mod = new LDAPModification(LDAPModification.REPLACE, attr); conn.modify(replicadn, mod); } catch (LDAPException ee) { - CMS.debug("DatabasePanel enableReplication: Failed to modify " - + replicadn + " entry. Exception: " + e.toString()); + CMS.debug("DatabasePanel enableReplication: Failed to modify " + +replicadn+" entry. Exception: "+e.toString()); } return id; } else { - CMS.debug("DatabasePanel enableReplication: Failed to create " - + replicadn + " entry. Exception: " + e.toString()); + CMS.debug("DatabasePanel enableReplication: Failed to create "+replicadn+" entry. Exception: "+e.toString()); return id; } } - CMS.debug("DatabasePanel enableReplication: Successfully create " - + replicadn + " entry."); + CMS.debug("DatabasePanel enableReplication: Successfully create "+replicadn+" entry."); return id + 1; } - private void createReplicationAgreement(String replicadn, - LDAPConnection conn, String name, String replicahost, - int replicaport, String replicapwd, String basedn, String bindUser, - String secure, String cloneStartTLS) throws LDAPException { - String dn = "cn=" + name + "," + replicadn; - CMS.debug("DatabasePanel createReplicationAgreement: dn: " + dn); + private void createReplicationAgreement(String replicadn, + LDAPConnection conn, String name, String replicahost, int replicaport, + String replicapwd, String basedn, String bindUser, String secure, String cloneStartTLS) throws LDAPException { + String dn = "cn="+name+","+replicadn; + CMS.debug("DatabasePanel createReplicationAgreement: dn: "+dn); LDAPEntry entry = null; LDAPAttributeSet attrs = null; try { attrs = new LDAPAttributeSet(); attrs.add(new LDAPAttribute("objectclass", "top")); attrs.add(new LDAPAttribute("objectclass", - "nsds5replicationagreement")); + "nsds5replicationagreement")); attrs.add(new LDAPAttribute("cn", name)); attrs.add(new LDAPAttribute("nsDS5ReplicaRoot", basedn)); attrs.add(new LDAPAttribute("nsDS5ReplicaHost", replicahost)); - attrs.add(new LDAPAttribute("nsDS5ReplicaPort", "" + replicaport)); - attrs.add(new LDAPAttribute("nsDS5ReplicaBindDN", "cn=" + bindUser - + ",cn=config")); + attrs.add(new LDAPAttribute("nsDS5ReplicaPort", ""+replicaport)); + attrs.add(new LDAPAttribute("nsDS5ReplicaBindDN", + "cn=" + bindUser + ",cn=config")); attrs.add(new LDAPAttribute("nsDS5ReplicaBindMethod", "Simple")); attrs.add(new LDAPAttribute("nsds5replicacredentials", replicapwd)); @@ -1414,58 +1368,50 @@ public class DatabasePanel extends WizardPanelBase { } CMS.debug("About to set description attr to " + name); - attrs.add(new LDAPAttribute("description", name)); + attrs.add(new LDAPAttribute("description",name)); entry = new LDAPEntry(dn, attrs); conn.add(entry); } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS) { - CMS.debug("DatabasePanel createReplicationAgreement: " + dn - + " has already used"); + CMS.debug("DatabasePanel createReplicationAgreement: "+dn+" has already used"); try { conn.delete(dn); } catch (LDAPException ee) { - CMS.debug("DatabasePanel createReplicationAgreement: " - + ee.toString()); + CMS.debug("DatabasePanel createReplicationAgreement: "+ee.toString()); throw ee; } try { conn.add(entry); } catch (LDAPException ee) { - CMS.debug("DatabasePanel createReplicationAgreement: " - + ee.toString()); + CMS.debug("DatabasePanel createReplicationAgreement: "+ee.toString()); throw ee; } } else { - CMS.debug("DatabasePanel createReplicationAgreement: Failed to create " - + dn + " entry. Exception: " + e.toString()); + CMS.debug("DatabasePanel createReplicationAgreement: Failed to create "+dn+" entry. Exception: "+e.toString()); throw e; } } - CMS.debug("DatabasePanel createReplicationAgreement: Successfully create replication agreement " - + name); + CMS.debug("DatabasePanel createReplicationAgreement: Successfully create replication agreement "+name); } - private void initializeConsumer(String replicadn, LDAPConnection conn, - String name) { - String dn = "cn=" + name + "," + replicadn; - CMS.debug("DatabasePanel initializeConsumer: initializeConsumer dn: " - + dn); - CMS.debug("DatabasePanel initializeConsumer: initializeConsumer host: " - + conn.getHost() + " port: " + conn.getPort()); + private void initializeConsumer(String replicadn, LDAPConnection conn, + String name) { + String dn = "cn="+name+","+replicadn; + CMS.debug("DatabasePanel initializeConsumer: initializeConsumer dn: "+dn); + CMS.debug("DatabasePanel initializeConsumer: initializeConsumer host: "+conn.getHost() + " port: " + conn.getPort()); try { LDAPAttribute attr = new LDAPAttribute("nsds5beginreplicarefresh", - "start"); + "start"); LDAPModification mod = new LDAPModification( - LDAPModification.REPLACE, attr); + LDAPModification.REPLACE, attr); CMS.debug("DatabasePanel initializeConsumer: start modifying"); conn.modify(dn, mod); CMS.debug("DatabasePanel initializeConsumer: Finish modification."); } catch (LDAPException e) { - CMS.debug("DatabasePanel initializeConsumer: Failed to modify " - + dn + " entry. Exception: " + e.toString()); + CMS.debug("DatabasePanel initializeConsumer: Failed to modify "+dn+" entry. Exception: "+e.toString()); return; } catch (Exception e) { CMS.debug("DatabasePanel initializeConsumer: exception " + e); @@ -1476,35 +1422,33 @@ public class DatabasePanel extends WizardPanelBase { Thread.sleep(5000); CMS.debug("DatabasePanel initializeConsumer: finish sleeping."); } catch (InterruptedException ee) { - CMS.debug("DatabasePanel initializeConsumer: exception: " - + ee.toString()); + CMS.debug("DatabasePanel initializeConsumer: exception: "+ee.toString()); } CMS.debug("DatabasePanel initializeConsumer: Successfully initialize consumer"); } - private boolean replicationDone(String replicadn, LDAPConnection conn, - String name) throws IOException { - String dn = "cn=" + name + "," + replicadn; + private boolean replicationDone(String replicadn, LDAPConnection conn, String name) + throws IOException { + String dn = "cn="+name+","+replicadn; String filter = "(objectclass=*)"; - String[] attrs = { "nsds5beginreplicarefresh" }; + String[] attrs = {"nsds5beginreplicarefresh"}; - CMS.debug("DatabasePanel replicationDone: dn: " + dn); + CMS.debug("DatabasePanel replicationDone: dn: "+dn); try { - LDAPSearchResults results = conn.search(dn, - LDAPConnection.SCOPE_BASE, filter, attrs, true); + LDAPSearchResults results = conn.search(dn, LDAPConnection.SCOPE_BASE, filter, + attrs, true); int count = results.getCount(); if (count < 1) { throw new IOException("Replication entry not found"); - } - + } + LDAPEntry entry = results.next(); - LDAPAttribute refresh = entry - .getAttribute("nsds5beginreplicarefresh"); + LDAPAttribute refresh = entry.getAttribute("nsds5beginreplicarefresh"); if (refresh == null) { return true; - } + } return false; } catch (Exception e) { CMS.debug("DatabasePanel replicationDone: exception " + e); @@ -1512,33 +1456,31 @@ public class DatabasePanel extends WizardPanelBase { } } - private String replicationStatus(String replicadn, LDAPConnection conn, - String name) throws IOException { - String dn = "cn=" + name + "," + replicadn; + private String replicationStatus(String replicadn, LDAPConnection conn, String name) + throws IOException { + String dn = "cn="+name+","+replicadn; String filter = "(objectclass=*)"; - String[] attrs = { "nsds5replicalastinitstatus" }; + String[] attrs = {"nsds5replicalastinitstatus"}; String status = null; - CMS.debug("DatabasePanel replicationStatus: dn: " + dn); + CMS.debug("DatabasePanel replicationStatus: dn: "+dn); try { - LDAPSearchResults results = conn.search(dn, - LDAPConnection.SCOPE_BASE, filter, attrs, false); + LDAPSearchResults results = conn.search(dn, LDAPConnection.SCOPE_BASE, filter, + attrs, false); int count = results.getCount(); if (count < 1) { throw new IOException("Replication entry not found"); - } + } LDAPEntry entry = results.next(); - LDAPAttribute attr = entry - .getAttribute("nsds5replicalastinitstatus"); + LDAPAttribute attr = entry.getAttribute("nsds5replicalastinitstatus"); if (attr != null) { Enumeration valsInAttr = attr.getStringValues(); if (valsInAttr.hasMoreElements()) { - return (String) valsInAttr.nextElement(); + return (String)valsInAttr.nextElement(); } else { - throw new IOException( - "No value returned for nsds5replicalastinitstatus"); + throw new IOException("No value returned for nsds5replicalastinitstatus"); } } else { throw new IOException("nsDS5ReplicaLastInitStatus is null."); @@ -1550,42 +1492,35 @@ public class DatabasePanel extends WizardPanelBase { } private String getInstanceDir(LDAPConnection conn) { - String instancedir = ""; + String instancedir=""; try { String filter = "(objectclass=*)"; - String[] attrs = { "nsslapd-directory" }; - LDAPSearchResults results = conn.search( - "cn=config,cn=ldbm database,cn=plugins,cn=config", - LDAPv3.SCOPE_SUB, filter, attrs, false); + String[] attrs = {"nsslapd-directory"}; + LDAPSearchResults results = conn.search("cn=config,cn=ldbm database,cn=plugins,cn=config", LDAPv3.SCOPE_SUB, + filter, attrs, false); while (results.hasMoreElements()) { LDAPEntry entry = results.next(); String dn = entry.getDN(); - CMS.debug("DatabasePanel getInstanceDir: DN for storing nsslapd-directory: " - + dn); + CMS.debug("DatabasePanel getInstanceDir: DN for storing nsslapd-directory: "+dn); LDAPAttributeSet entryAttrs = entry.getAttributeSet(); Enumeration attrsInSet = entryAttrs.getAttributes(); while (attrsInSet.hasMoreElements()) { - LDAPAttribute nextAttr = (LDAPAttribute) attrsInSet - .nextElement(); + LDAPAttribute nextAttr = (LDAPAttribute)attrsInSet.nextElement(); String attrName = nextAttr.getName(); - CMS.debug("DatabasePanel getInstanceDir: attribute name: " - + attrName); + CMS.debug("DatabasePanel getInstanceDir: attribute name: "+attrName); Enumeration valsInAttr = nextAttr.getStringValues(); - while (valsInAttr.hasMoreElements()) { - String nextValue = (String) valsInAttr.nextElement(); + while ( valsInAttr.hasMoreElements() ) { + String nextValue = (String)valsInAttr.nextElement(); if (attrName.equalsIgnoreCase("nsslapd-directory")) { - CMS.debug("DatabasePanel getInstanceDir: instanceDir=" - + nextValue); - return nextValue.substring(0, - nextValue.lastIndexOf("/db")); + CMS.debug("DatabasePanel getInstanceDir: instanceDir="+nextValue); + return nextValue.substring(0,nextValue.lastIndexOf("/db")); } } } } } catch (LDAPException e) { - CMS.debug("DatabasePanel getInstanceDir: Error in retrieving the instance directory. Exception: " - + e.toString()); + CMS.debug("DatabasePanel getInstanceDir: Error in retrieving the instance directory. Exception: "+e.toString()); } return instancedir; diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabaseServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabaseServlet.java index 127e233c..d8fd7526 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabaseServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabaseServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -24,6 +25,7 @@ import org.apache.velocity.Template; import org.apache.velocity.app.Velocity; import org.apache.velocity.context.Context; + public class DatabaseServlet extends BaseServlet { /** @@ -32,7 +34,8 @@ public class DatabaseServlet extends BaseServlet { private static final long serialVersionUID = 6474664942834474385L; public Template process(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { Template template = null; diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java index b2365eb7..1e1b6dec 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.IOException; import java.net.URLEncoder; import java.util.Locale; @@ -41,25 +42,25 @@ import com.netscape.cmsutil.crypto.CryptoUtil; public class DisplayCertChainPanel extends WizardPanelBase { - public DisplayCertChainPanel() { - } + public DisplayCertChainPanel() {} /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Display Certificate Chain"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, - String id) throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException { setPanelNo(panelno); setName("Display Certificate Chain"); setId(id); } - - public boolean isSubPanel() { + + public boolean isSubPanel() { return true; } @@ -69,7 +70,7 @@ public class DisplayCertChainPanel extends WizardPanelBase { public PropertySet getUsage() { PropertySet set = new PropertySet(); - + return set; } @@ -85,8 +86,8 @@ public class DisplayCertChainPanel extends WizardPanelBase { IConfigStore cs = CMS.getConfigStore(); // if we are root, no need to get the certificate chain. - try { - String select = cs.getString("securitydomain.select", ""); + try { + String select = cs.getString("securitydomain.select",""); String type = cs.getString("preop.subsystem.select", ""); String hierarchy = cs.getString("preop.hierarchy.select", ""); @@ -112,10 +113,11 @@ public class DisplayCertChainPanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { CMS.debug("DisplayCertChainPanel: display"); - // update session id + // update session id String session_id = request.getParameter("session_id"); if (session_id != null) { CMS.debug("DisplayCertChainPanel setting session id."); @@ -130,8 +132,7 @@ public class DisplayCertChainPanel extends WizardPanelBase { try { certchain_size = cs.getString(certChainConfigName, ""); - } catch (Exception e) { - } + } catch (Exception e) {} int size = 0; Vector v = new Vector(); @@ -139,22 +140,20 @@ public class DisplayCertChainPanel extends WizardPanelBase { if (!certchain_size.equals("")) { try { size = Integer.parseInt(certchain_size); - } catch (Exception e) { - } + } catch (Exception e) {} for (int i = 0; i < size; i++) { certChainConfigName = "preop." + type + ".certchain." + i; try { String c = cs.getString(certChainConfigName, ""); byte[] b_c = CryptoUtil.base64Decode(c); - CertPrettyPrint pp = new CertPrettyPrint(new X509CertImpl( - b_c)); + CertPrettyPrint pp = new CertPrettyPrint( + new X509CertImpl(b_c)); v.addElement(pp.toString(Locale.getDefault())); - } catch (Exception e) { - } + } catch (Exception e) {} } } - + if (getId().equals("securitydomain")) { context.put("panelid", "securitydomain"); context.put("panelname", "Security Domain Trust Verification"); @@ -172,48 +171,44 @@ public class DisplayCertChainPanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { importCertChain(getId()); if (getId().equals("securitydomain")) { - int panel = getPanelNo() + 1; + int panel = getPanelNo()+1; IConfigStore cs = CMS.getConfigStore(); try { String sd_hostname = cs.getString("securitydomain.host", ""); - int sd_port = cs - .getInteger("securitydomain.httpsadminport", -1); + int sd_port = cs.getInteger("securitydomain.httpsadminport", -1); String cs_hostname = cs.getString("machineName", ""); int cs_port = cs.getInteger("pkicreate.admin_secure_port", -1); String subsystem = cs.getString("cs.type", ""); - String urlVal = "https://" + cs_hostname + ":" + cs_port + "/" - + toLowerCaseSubsystemType(subsystem) - + "/admin/console/config/wizard?p=" + panel - + "&subsystem=" + subsystem; + String urlVal = "https://"+cs_hostname+":"+cs_port+"/"+toLowerCaseSubsystemType(subsystem)+"/admin/console/config/wizard?p="+panel+"&subsystem="+subsystem; String encodedValue = URLEncoder.encode(urlVal, "UTF-8"); - String sdurl = "https://" + sd_hostname + ":" + sd_port - + "/ca/admin/ca/securityDomainLogin?url=" - + encodedValue; + String sdurl = "https://"+sd_hostname+":"+sd_port+"/ca/admin/ca/securityDomainLogin?url="+encodedValue; response.sendRedirect(sdurl); // The user previously specified the CA Security Domain's // SSL Admin port in the "Security Domain Panel"; // now retrieve this specified CA Security Domain's // non-SSL EE, SSL Agent, and SSL EE ports: - cs.putString("securitydomain.httpport", - getSecurityDomainPort(cs, "UnSecurePort")); - cs.putString("securitydomain.httpsagentport", - getSecurityDomainPort(cs, "SecureAgentPort")); - cs.putString("securitydomain.httpseeport", - getSecurityDomainPort(cs, "SecurePort")); + cs.putString( "securitydomain.httpport", + getSecurityDomainPort( cs, "UnSecurePort" ) ); + cs.putString("securitydomain.httpsagentport", + getSecurityDomainPort( cs, "SecureAgentPort" ) ); + cs.putString("securitydomain.httpseeport", + getSecurityDomainPort( cs, "SecurePort" ) ); } catch (Exception ee) { - CMS.debug("DisplayCertChainPanel Exception=" + ee.toString()); + CMS.debug("DisplayCertChainPanel Exception="+ee.toString()); } } context.put("updateStatus", "success"); @@ -223,7 +218,8 @@ public class DisplayCertChainPanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { /* This should never be called */ context.put("title", "Display Certificate Chain"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayServlet.java index cdcc8a47..00871921 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -24,6 +25,7 @@ import org.apache.velocity.Template; import org.apache.velocity.app.Velocity; import org.apache.velocity.context.Context; + public class DisplayServlet extends BaseServlet { /** @@ -32,7 +34,8 @@ public class DisplayServlet extends BaseServlet { private static final long serialVersionUID = -8753831516572779596L; public Template process(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { Template template = null; try { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java index c8c4d56c..9669ddb1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.IOException; import java.math.BigInteger; import java.net.URLEncoder; @@ -56,22 +57,23 @@ public class DonePanel extends WizardPanelBase { public static final BigInteger BIG_ZERO = new BigInteger("0"); public static final Long MINUS_ONE = Long.valueOf(-1); - public static final String RESTART_SERVER_AFTER_CONFIGURATION = "restart_server_after_configuration"; + public static final String RESTART_SERVER_AFTER_CONFIGURATION = + "restart_server_after_configuration"; public static final String PKI_SECURITY_DOMAIN = "pki_security_domain"; - public DonePanel() { - } + public DonePanel() {} /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Done"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, - String id) throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException { setPanelNo(panelno); setName("Done"); setId(id); @@ -86,13 +88,15 @@ public class DonePanel extends WizardPanelBase { public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } - private LDAPConnection getLDAPConn(Context context) throws IOException { + private LDAPConnection getLDAPConn(Context context) + throws IOException + { IConfigStore cs = CMS.getConfigStore(); String host = ""; @@ -108,9 +112,8 @@ public class DonePanel extends WizardPanelBase { pwd = pwdStore.getPassword("internaldb"); } - if (pwd == null) { - throw new IOException( - "DonePanel: Failed to obtain password from password store"); + if ( pwd == null) { + throw new IOException("DonePanel: Failed to obtain password from password store"); } try { @@ -135,11 +138,11 @@ public class DonePanel extends WizardPanelBase { LDAPConnection conn = null; if (security.equals("true")) { - CMS.debug("DonePanel getLDAPConn: creating secure (SSL) connection for internal ldap"); - conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); + CMS.debug("DonePanel getLDAPConn: creating secure (SSL) connection for internal ldap"); + conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); } else { - CMS.debug("DonePanel getLDAPConn: creating non-secure (non-SSL) connection for internal ldap"); - conn = new LDAPConnection(); + CMS.debug("DonePanel getLDAPConn: creating non-secure (non-SSL) connection for internal ldap"); + conn = new LDAPConnection(); } CMS.debug("DonePanel connecting to " + host + ":" + p); @@ -150,17 +153,19 @@ public class DonePanel extends WizardPanelBase { throw new IOException("Failed to connect to the internal database."); } - return conn; + return conn; } + /** * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { CMS.debug("DonePanel: display()"); - // update session id + // update session id String session_id = request.getParameter("session_id"); if (session_id != null) { CMS.debug("NamePanel setting session id."); @@ -188,32 +193,31 @@ public class DonePanel extends WizardPanelBase { instanceRoot = cs.getString("instanceRoot"); select = cs.getString("preop.subsystem.select", ""); systemdService = cs.getString("pkicreate.systemd.servicename", ""); - } catch (Exception e) { - } + } catch (Exception e) {} String initDaemon = ""; if (type.equals("CA")) { - initDaemon = "pki-cad"; + initDaemon = "pki-cad"; } else if (type.equals("KRA")) { - initDaemon = "pki-krad"; + initDaemon = "pki-krad"; } else if (type.equals("OCSP")) { - initDaemon = "pki-ocspd"; + initDaemon = "pki-ocspd"; } else if (type.equals("TKS")) { - initDaemon = "pki-tksd"; + initDaemon = "pki-tksd"; } - String os = System.getProperty("os.name"); - if (os.equalsIgnoreCase("Linux")) { - if (!systemdService.equals("")) { - context.put("initCommand", "/bin/systemctl"); - context.put("instanceId", systemdService); + String os = System.getProperty( "os.name" ); + if( os.equalsIgnoreCase( "Linux" ) ) { + if (! systemdService.equals("")) { + context.put( "initCommand", "/bin/systemctl"); + context.put( "instanceId", systemdService ); } else { - context.put("initCommand", "/sbin/service " + initDaemon); - context.put("instanceId", instanceId); + context.put( "initCommand", "/sbin/service " + initDaemon ); + context.put( "instanceId", instanceId ); } } else { - /* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */ - context.put("initCommand", "/etc/init.d/" + initDaemon); - context.put("instanceId", instanceId); + /* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */ + context.put( "initCommand", "/etc/init.d/" + initDaemon ); + context.put( "instanceId", instanceId ); } context.put("title", "Done"); context.put("panel", "admin/console/config/donepanel.vm"); @@ -229,7 +233,7 @@ public class DonePanel extends WizardPanelBase { return; } else context.put("csstate", "0"); - + } catch (Exception e) { } @@ -263,8 +267,7 @@ public class DonePanel extends WizardPanelBase { boolean cloneMaster = false; - if (select.equals("clone") && type.equalsIgnoreCase("CA") - && isSDHostDomainMaster(cs)) { + if (select.equals("clone") && type.equalsIgnoreCase("CA") && isSDHostDomainMaster(cs)) { cloneMaster = true; CMS.debug("Cloning a domain master"); } @@ -277,22 +280,20 @@ public class DonePanel extends WizardPanelBase { String basedn = cs.getString("internaldb.basedn"); String secdomain = cs.getString("securitydomain.name"); - try { + try { // Create security domain ldap entry String dn = "ou=Security Domain," + basedn; CMS.debug("DonePanel: creating ldap entry : " + dn); - + LDAPEntry entry = null; LDAPAttributeSet attrs = null; attrs = new LDAPAttributeSet(); attrs.add(new LDAPAttribute("objectclass", "top")); - attrs.add(new LDAPAttribute("objectclass", - "pkiSecurityDomain")); + attrs.add(new LDAPAttribute("objectclass", "pkiSecurityDomain")); if (secdomain.equals("")) { // this should not happen - just in case CMS.debug("DonePanel display(): Security domain is an empty string!"); - throw new IOException( - "Security domain is an empty string!"); + throw new IOException("Security domain is an empty string!"); } else { attrs.add(new LDAPAttribute("name", secdomain)); } @@ -304,33 +305,29 @@ public class DonePanel extends WizardPanelBase { throw e; } - try { + try { // create list containers - String clist[] = { "CAList", "OCSPList", "KRAList", - "RAList", "TKSList", "TPSList" }; - for (int i = 0; i < clist.length; i++) { + String clist[] = {"CAList", "OCSPList", "KRAList", "RAList", "TKSList", "TPSList"}; + for (int i=0; i< clist.length; i++) { LDAPEntry entry = null; LDAPAttributeSet attrs = null; - String dn = "cn=" + clist[i] + ",ou=Security Domain," - + basedn; + String dn = "cn=" + clist[i] + ",ou=Security Domain," + basedn; attrs = new LDAPAttributeSet(); attrs.add(new LDAPAttribute("objectclass", "top")); - attrs.add(new LDAPAttribute("objectclass", - "pkiSecurityGroup")); + attrs.add(new LDAPAttribute("objectclass", "pkiSecurityGroup")); attrs.add(new LDAPAttribute("cn", clist[i])); entry = new LDAPEntry(dn, attrs); conn.add(entry); } } catch (Exception e) { - CMS.debug("Unable to create security domain list groups"); + CMS.debug("Unable to create security domain list groups" ); throw e; - } + } try { - // Add this host (only CA can create new domain) + // Add this host (only CA can create new domain) String cn = ownhost + ":" + ownadminsport; - String dn = "cn=" + cn + ",cn=CAList,ou=Security Domain," - + basedn; + String dn = "cn=" + cn + ",cn=CAList,ou=Security Domain," + basedn; LDAPEntry entry = null; LDAPAttributeSet attrs = null; attrs = new LDAPAttributeSet(); @@ -339,12 +336,12 @@ public class DonePanel extends WizardPanelBase { attrs.add(new LDAPAttribute("Host", ownhost)); attrs.add(new LDAPAttribute("SecurePort", ownsport)); attrs.add(new LDAPAttribute("SecureAgentPort", - ownagentsport)); + ownagentsport)); attrs.add(new LDAPAttribute("SecureAdminPort", - ownadminsport)); + ownadminsport)); if (owneeclientauthsport != null) { - attrs.add(new LDAPAttribute("SecureEEClientAuthPort", - owneeclientauthsport)); + attrs.add(new LDAPAttribute("SecureEEClientAuthPort", + owneeclientauthsport)); } attrs.add(new LDAPAttribute("UnSecurePort", ownport)); attrs.add(new LDAPAttribute("Clone", "FALSE")); @@ -360,32 +357,31 @@ public class DonePanel extends WizardPanelBase { CMS.debug("DonePanel display: finish updating domain info"); conn.disconnect(); } catch (Exception e) { - CMS.debug("DonePanel display: " + e.toString()); + CMS.debug("DonePanel display: "+e.toString()); } int sd_admin_port_int = -1; try { - sd_admin_port_int = Integer.parseInt(sd_admin_port); + sd_admin_port_int = Integer.parseInt( sd_admin_port ); } catch (Exception e) { } try { // Fetch the "new" security domain and display it - CMS.debug("Dump contents of new Security Domain . . ."); - String c = getDomainXML(sd_host, sd_admin_port_int, true); - } catch (Exception e) { - } + CMS.debug( "Dump contents of new Security Domain . . ." ); + String c = getDomainXML( sd_host, sd_admin_port_int, true ); + } catch( Exception e ) {} // Since this instance is a new Security Domain, // create an empty file to designate this fact. String security_domain = instanceRoot + "/conf/" - + PKI_SECURITY_DOMAIN; - if (!Utils.isNT()) { - Utils.exec("touch " + security_domain); - Utils.exec("chmod 00660 " + security_domain); + + PKI_SECURITY_DOMAIN; + if( !Utils.isNT() ) { + Utils.exec( "touch " + security_domain ); + Utils.exec( "chmod 00660 " + security_domain ); } - } else { // existing domain + } else { //existing domain int sd_agent_port_int = -1; int sd_admin_port_int = -1; try { @@ -402,30 +398,34 @@ public class DonePanel extends WizardPanelBase { cloneStr = "&clone=false"; String domainMasterStr = ""; - if (cloneMaster) + if (cloneMaster) domainMasterStr = "&dm=true"; - else - domainMasterStr = "&dm=false"; + else + domainMasterStr = "&dm=false"; String eecaStr = ""; - if (owneeclientauthsport != null) - eecaStr = "&eeclientauthsport=" + owneeclientauthsport; - - updateDomainXML(sd_host, sd_agent_port_int, true, - "/ca/agent/ca/updateDomainXML", "list=" + s + "&type=" - + type + "&host=" + ownhost + "&name=" - + subsystemName + "&sport=" + ownsport - + domainMasterStr + cloneStr + "&agentsport=" - + ownagentsport + "&adminsport=" - + ownadminsport + eecaStr + "&httpport=" - + ownport); + if (owneeclientauthsport != null) + eecaStr="&eeclientauthsport=" + owneeclientauthsport; + + updateDomainXML( sd_host, sd_agent_port_int, true, + "/ca/agent/ca/updateDomainXML", + "list=" + s + + "&type=" + type + + "&host=" + ownhost + + "&name=" + subsystemName + + "&sport=" + ownsport + + domainMasterStr + + cloneStr + + "&agentsport=" + ownagentsport + + "&adminsport=" + ownadminsport + + eecaStr + + "&httpport=" + ownport ); // Fetch the "updated" security domain and display it - CMS.debug("Dump contents of updated Security Domain . . ."); - String c = getDomainXML(sd_host, sd_admin_port_int, true); + CMS.debug( "Dump contents of updated Security Domain . . ." ); + String c = getDomainXML( sd_host, sd_admin_port_int, true ); } catch (Exception e) { - context.put("errorString", - "Failed to update the security domain on the domain master."); - // return; + context.put("errorString", "Failed to update the security domain on the domain master."); + //return; } } @@ -436,17 +436,16 @@ public class DonePanel extends WizardPanelBase { cs.putString("securitydomain.store", "ldap"); cs.commit(false); } catch (Exception e) { - CMS.debug("DonePanel: exception in adding service.securityDomainPort to CS.cfg" - + e); + CMS.debug("DonePanel: exception in adding service.securityDomainPort to CS.cfg" + e); } + // need to push connector information to the CA if (type.equals("KRA") && !ca_host.equals("")) { try { updateConnectorInfo(ownagenthost, ownagentsport); } catch (IOException e) { - context.put("errorString", - "Failed to update connector information."); + context.put("errorString", "Failed to update connector information."); return; } setupClientAuthUser(); @@ -470,7 +469,7 @@ public class DonePanel extends WizardPanelBase { setupClientAuthUser(); } - + if (!select.equals("clone")) { if (type.equals("CA") || type.equals("KRA")) { String beginRequestNumStr = ""; @@ -479,7 +478,7 @@ public class DonePanel extends WizardPanelBase { String endSerialNumStr = ""; String requestIncStr = ""; String serialIncStr = ""; - + try { endRequestNumStr = cs.getString("dbs.endRequestNumber", ""); endSerialNumStr = cs.getString("dbs.endSerialNumber", ""); @@ -493,37 +492,28 @@ public class DonePanel extends WizardPanelBase { String serialdn = ""; if (type.equals("CA")) { - serialdn = "ou=certificateRepository,ou=" - + type.toLowerCase() + "," + basedn; + serialdn = "ou=certificateRepository,ou=" + type.toLowerCase() + "," + basedn; } else { - serialdn = "ou=keyRepository,ou=" + type.toLowerCase() - + "," + basedn; - } - LDAPAttribute attrSerialNextRange = new LDAPAttribute( - "nextRange", endSerialNum.add(oneNum).toString()); - LDAPModification serialmod = new LDAPModification( - LDAPModification.REPLACE, attrSerialNextRange); - conn.modify(serialdn, serialmod); - - String requestdn = "ou=" + type.toLowerCase() - + ",ou=requests," + basedn; - LDAPAttribute attrRequestNextRange = new LDAPAttribute( - "nextRange", endRequestNum.add(oneNum).toString()); - LDAPModification requestmod = new LDAPModification( - LDAPModification.REPLACE, attrRequestNextRange); - conn.modify(requestdn, requestmod); - - conn.disconnect(); + serialdn = "ou=keyRepository,ou=" + type.toLowerCase() + "," + basedn; + } + LDAPAttribute attrSerialNextRange = new LDAPAttribute( "nextRange", endSerialNum.add(oneNum).toString()); + LDAPModification serialmod = new LDAPModification( LDAPModification.REPLACE, attrSerialNextRange ); + conn.modify( serialdn, serialmod ); + + String requestdn = "ou=" + type.toLowerCase() + ",ou=requests," + basedn; + LDAPAttribute attrRequestNextRange = new LDAPAttribute( "nextRange", endRequestNum.add(oneNum).toString()); + LDAPModification requestmod = new LDAPModification( LDAPModification.REPLACE, attrRequestNextRange ); + conn.modify( requestdn, requestmod ); + + conn.disconnect(); } catch (Exception e) { - CMS.debug("Unable to update global next range numbers: " - + e); - } + CMS.debug("Unable to update global next range numbers: " + e); + } } - } + } if (cloneMaster) { - // cloning a domain master CA, the clone is also master of its - // domain + // cloning a domain master CA, the clone is also master of its domain try { cs.putString("securitydomain.host", ownhost); cs.putString("securitydomain.httpport", ownport); @@ -546,58 +536,42 @@ public class DonePanel extends WizardPanelBase { String ss = st.nextToken(); if (ss.equals("sslserver")) continue; - cs.putString("cloning." + ss + ".nickname", - cs.getString("preop.cert." + ss + ".nickname", "")); - cs.putString("cloning." + ss + ".dn", - cs.getString("preop.cert." + ss + ".dn", "")); - cs.putString("cloning." + ss + ".keytype", - cs.getString("preop.cert." + ss + ".keytype", "")); - cs.putString("cloning." + ss + ".keyalgorithm", - cs.getString("preop.cert." + ss + ".keyalgorithm", "")); - cs.putString("cloning." + ss + ".privkey.id", - cs.getString("preop.cert." + ss + ".privkey.id", "")); - cs.putString("cloning." + ss + ".pubkey.exponent", cs - .getString("preop.cert." + ss + ".pubkey.exponent", "")); - cs.putString("cloning." + ss + ".pubkey.modulus", cs.getString( - "preop.cert." + ss + ".pubkey.modulus", "")); - cs.putString("cloning." + ss + ".pubkey.encoded", cs.getString( - "preop.cert." + ss + ".pubkey.encoded", "")); + cs.putString("cloning." + ss + ".nickname", cs.getString("preop.cert." + ss + ".nickname", "")); + cs.putString("cloning." + ss + ".dn", cs.getString("preop.cert." + ss + ".dn", "")); + cs.putString("cloning." + ss + ".keytype", cs.getString("preop.cert." + ss + ".keytype", "")); + cs.putString("cloning." + ss + ".keyalgorithm", cs.getString("preop.cert." + ss + ".keyalgorithm", "")); + cs.putString("cloning." + ss + ".privkey.id", cs.getString("preop.cert." + ss + ".privkey.id", "")); + cs.putString("cloning." + ss + ".pubkey.exponent", cs.getString("preop.cert." + ss + ".pubkey.exponent", "")); + cs.putString("cloning." + ss + ".pubkey.modulus", cs.getString("preop.cert." + ss + ".pubkey.modulus", "")); + cs.putString("cloning." + ss + ".pubkey.encoded", cs.getString("preop.cert." + ss + ".pubkey.encoded", "")); } - cs.putString("cloning.module.token", - cs.getString("preop.module.token", "")); + cs.putString("cloning.module.token", cs.getString("preop.module.token", "")); cs.putString("cloning.list", list); // more cloning variables needed for non-ca clones - if (!type.equals("CA")) { + if (! type.equals("CA")) { String val = cs.getString("preop.ca.hostname", ""); - if (val.compareTo("") != 0) - cs.putString("cloning.ca.hostname", val); + if (val.compareTo("") != 0) cs.putString("cloning.ca.hostname", val); val = cs.getString("preop.ca.httpport", ""); - if (val.compareTo("") != 0) - cs.putString("cloning.ca.httpport", val); + if (val.compareTo("") != 0) cs.putString("cloning.ca.httpport", val); - val = cs.getString("preop.ca.httpsport", ""); - if (val.compareTo("") != 0) - cs.putString("cloning.ca.httpsport", val); + val = cs.getString("preop.ca.httpsport", ""); + if (val.compareTo("") != 0) cs.putString("cloning.ca.httpsport", val); val = cs.getString("preop.ca.list", ""); - if (val.compareTo("") != 0) - cs.putString("cloning.ca.list", val); + if (val.compareTo("") != 0) cs.putString("cloning.ca.list", val); val = cs.getString("preop.ca.pkcs7", ""); - if (val.compareTo("") != 0) - cs.putString("cloning.ca.pkcs7", val); + if (val.compareTo("") != 0) cs.putString("cloning.ca.pkcs7", val); val = cs.getString("preop.ca.type", ""); - if (val.compareTo("") != 0) - cs.putString("cloning.ca.type", val); + if (val.compareTo("") != 0) cs.putString("cloning.ca.type", val); } // save EC type for sslserver cert (if present) - cs.putString("jss.ssl.sslserver.ectype", - cs.getString("preop.cert.sslserver.ec.type", "ECDHE")); + cs.putString("jss.ssl.sslserver.ectype", cs.getString("preop.cert.sslserver.ec.type", "ECDHE")); cs.removeSubStore("preop"); cs.commit(false); @@ -606,10 +580,10 @@ public class DonePanel extends WizardPanelBase { // this server instance has been configured, it has NOT yet // been restarted! String restart_server = instanceRoot + "/conf/" - + RESTART_SERVER_AFTER_CONFIGURATION; - if (!Utils.isNT()) { - Utils.exec("touch " + restart_server); - Utils.exec("chmod 00660 " + restart_server); + + RESTART_SERVER_AFTER_CONFIGURATION; + if( !Utils.isNT() ) { + Utils.exec( "touch " + restart_server ); + Utils.exec( "chmod 00660 " + restart_server ); } } catch (Exception e) { @@ -619,11 +593,13 @@ public class DonePanel extends WizardPanelBase { context.put("csstate", "1"); } - private void setupClientAuthUser() { + private void setupClientAuthUser() + { IConfigStore cs = CMS.getConfigStore(); // retrieve CA subsystem certificate from the CA - IUGSubsystem system = (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID)); + IUGSubsystem system = + (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID)); String id = ""; try { String b64 = getCASubsystemCert(); @@ -664,8 +640,9 @@ public class DonePanel extends WizardPanelBase { } } - private void updateOCSPConfig(HttpServletResponse response) - throws IOException { + + private void updateOCSPConfig(HttpServletResponse response) + throws IOException { IConfigStore config = CMS.getConfigStore(); String cahost = ""; int caport = -1; @@ -684,8 +661,7 @@ public class DonePanel extends WizardPanelBase { int ocspport = Integer.parseInt(CMS.getAgentPort()); int ocspagentport = Integer.parseInt(CMS.getAgentPort()); String session_id = CMS.getConfigSDSessionId(); - String content = "xmlOutput=true&sessionID=" + session_id - + "&ocsp_host=" + ocsphost + "&ocsp_port=" + ocspport; + String content = "xmlOutput=true&sessionID="+session_id+"&ocsp_host="+ocsphost+"&ocsp_port="+ocspport; updateOCSPConfig(cahost, caport, true, content, response); } @@ -699,43 +675,38 @@ public class DonePanel extends WizardPanelBase { if (b64.equals("")) throw new IOException("Failed to get certificate chain."); - + try { // this could be a chain X509Certificate[] certs = Cert.mapCertFromPKCS7(b64); X509Certificate leafCert = null; if (certs != null && certs.length > 0) { - if (certs[0].getSubjectDN().getName() - .equals(certs[0].getIssuerDN().getName())) { + if (certs[0].getSubjectDN().getName().equals(certs[0].getIssuerDN().getName())) { leafCert = certs[certs.length - 1]; } else { leafCert = certs[0]; } - - IOCSPAuthority ocsp = (IOCSPAuthority) CMS - .getSubsystem(IOCSPAuthority.ID); + + IOCSPAuthority ocsp = + (IOCSPAuthority)CMS.getSubsystem(IOCSPAuthority.ID); IDefStore defStore = ocsp.getDefaultStore(); // (1) need to normalize (sort) the chain // (2) store certificate (and certificate chain) into // database - ICRLIssuingPointRecord rec = defStore - .createCRLIssuingPointRecord(leafCert - .getSubjectDN().getName(), BIG_ZERO, - MINUS_ONE, null, null); + ICRLIssuingPointRecord rec = defStore.createCRLIssuingPointRecord( + leafCert.getSubjectDN().getName(), + BIG_ZERO, + MINUS_ONE, null, null); try { - rec.set(ICRLIssuingPointRecord.ATTR_CA_CERT, - leafCert.getEncoded()); + rec.set(ICRLIssuingPointRecord.ATTR_CA_CERT, leafCert.getEncoded()); } catch (Exception e) { // error } - defStore.addCRLIssuingPoint(leafCert.getSubjectDN() - .getName(), rec); - // log(ILogger.EV_AUDIT, AuditFormat.LEVEL, - // "Added CA certificate " + - // leafCert.getSubjectDN().getName()); + defStore.addCRLIssuingPoint(leafCert.getSubjectDN().getName(), rec); + //log(ILogger.EV_AUDIT, AuditFormat.LEVEL, "Added CA certificate " + leafCert.getSubjectDN().getName()); CMS.debug("DonePanel importCACertToOCSP: Added CA certificate."); } @@ -746,8 +717,7 @@ public class DonePanel extends WizardPanelBase { throw e; } catch (Exception e) { CMS.debug("DonePanel importCACertToOCSP: Failed to import the certificate chain into the OCSP"); - throw new IOException( - "Failed to import the certificate chain into the OCSP"); + throw new IOException("Failed to import the certificate chain into the OCSP"); } } @@ -778,7 +748,7 @@ public class DonePanel extends WizardPanelBase { } private void updateConnectorInfo(String ownagenthost, String ownagentsport) - throws IOException { + throws IOException { IConfigStore cs = CMS.getConfigStore(); int port = -1; String url = ""; @@ -787,29 +757,21 @@ public class DonePanel extends WizardPanelBase { try { url = cs.getString("preop.ca.url", ""); if (!url.equals("")) { - host = cs.getString("preop.ca.hostname", ""); - port = cs.getInteger("preop.ca.httpsadminport", -1); - transportCert = cs.getString("kra.transport.cert", ""); + host = cs.getString("preop.ca.hostname", ""); + port = cs.getInteger("preop.ca.httpsadminport", -1); + transportCert = cs.getString("kra.transport.cert", ""); } } catch (Exception e) { } if (host == null) { - CMS.debug("DonePanel: preop.ca.url is not defined. External CA selected. No transport certificate setup is required"); + CMS.debug("DonePanel: preop.ca.url is not defined. External CA selected. No transport certificate setup is required"); } else { - CMS.debug("DonePanel: Transport certificate is being setup in " - + url); - String session_id = CMS.getConfigSDSessionId(); - String content = "ca.connector.KRA.enable=true&ca.connector.KRA.local=false&ca.connector.KRA.timeout=30&ca.connector.KRA.uri=/kra/agent/kra/connector&ca.connector.KRA.host=" - + ownagenthost - + "&ca.connector.KRA.port=" - + ownagentsport - + "&ca.connector.KRA.transportCert=" - + URLEncoder.encode(transportCert) - + "&sessionID=" - + session_id; - - updateConnectorInfo(host, port, true, content); + CMS.debug("DonePanel: Transport certificate is being setup in " + url); + String session_id = CMS.getConfigSDSessionId(); + String content = "ca.connector.KRA.enable=true&ca.connector.KRA.local=false&ca.connector.KRA.timeout=30&ca.connector.KRA.uri=/kra/agent/kra/connector&ca.connector.KRA.host="+ownagenthost+"&ca.connector.KRA.port="+ownagentsport+"&ca.connector.KRA.transportCert="+URLEncoder.encode(transportCert)+"&sessionID="+session_id; + + updateConnectorInfo(host, port, true, content); } } @@ -831,23 +793,21 @@ public class DonePanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { - } + HttpServletResponse response, + Context context) throws IOException {} /** * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, Context context) {/* - * This should never - * be called - */ - } + HttpServletResponse response, + Context context) {/* This should never be called */} } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DownloadPKCS12.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DownloadPKCS12.java index 561fbcf6..9d7fc22a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DownloadPKCS12.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DownloadPKCS12.java @@ -50,7 +50,6 @@ public class DownloadPKCS12 extends CMSServlet { /** * initialize the servlet. - * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -60,7 +59,7 @@ public class DownloadPKCS12 extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. */ protected void process(CMSRequest cmsReq) throws EBaseException { CMS.debug("DownloadPKCS12: processing..."); @@ -71,7 +70,7 @@ public class DownloadPKCS12 extends CMSServlet { mRenderResult = false; // check the pin from the session - String pin = (String) httpReq.getSession().getAttribute("pin"); + String pin = (String)httpReq.getSession().getAttribute("pin"); if (pin == null) { CMS.debug("DownloadPKCS12 process: Failed to get the pin from the cookie."); outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated"); @@ -102,26 +101,18 @@ public class DownloadPKCS12 extends CMSServlet { httpResp.getOutputStream().write(pkcs12); return; } catch (Exception e) { - CMS.debug("DownloadPKCS12 process: Exception=" + e.toString()); + CMS.debug("DownloadPKCS12 process: Exception="+e.toString()); } } - protected void setDefaultTemplates(ServletConfig sc) { - } + protected void setDefaultTemplates(ServletConfig sc) {} - protected void renderTemplate(CMSRequest cmsReq, String templateName, - ICMSTemplateFiller filler) throws IOException {// do nothing - } + protected void renderTemplate( + CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) + throws IOException {// do nothing + } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do - // nothing, - // ie, it - // will - // not - // return - // the - // default - // javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCertChain.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCertChain.java index 57af9f9a..87cb7a7c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCertChain.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCertChain.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.ByteArrayOutputStream; import java.io.IOException; import java.util.Locale; @@ -39,6 +40,7 @@ import com.netscape.cms.servlet.base.UserInfo; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cmsutil.xml.XMLObject; + public class GetCertChain extends CMSServlet { /** @@ -54,7 +56,6 @@ public class GetCertChain extends CMSServlet { /** * initialize the servlet. - * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -62,13 +63,11 @@ public class GetCertChain extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> * <li>http.param op 'downloadBIN' - return the binary certificate chain - * <li>http.param op 'displayIND' - display pretty-print of certificate - * chain components + * <li>http.param op 'displayIND' - display pretty-print of certificate chain components * </ul> - * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -77,11 +76,11 @@ public class GetCertChain extends CMSServlet { String outputString = null; - CertificateChain certChain = ((ICertAuthority) mAuthority) - .getCACertChain(); + CertificateChain certChain = ((ICertAuthority) mAuthority).getCACertChain(); if (certChain == null) { - CMS.debug("GetCertChain displayChain: cannot get the certificate chain."); + CMS.debug( + "GetCertChain displayChain: cannot get the certificate chain."); outputError(httpResp, "Error: Failed to get certificate chain."); return; } @@ -96,7 +95,7 @@ public class GetCertChain extends CMSServlet { } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_ENCODING_CA_CHAIN_1", - e.toString())); + e.toString())); outputError(httpResp, "Error: Failed to encode the certificate chain"); } @@ -122,15 +121,7 @@ public class GetCertChain extends CMSServlet { } } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do - // nothing, - // ie, it - // will - // not - // return - // the - // default - // javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetConfigEntries.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetConfigEntries.java index 456bf6c1..c1010b46 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetConfigEntries.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetConfigEntries.java @@ -59,7 +59,6 @@ public class GetConfigEntries extends CMSServlet { /** * initialize the servlet. - * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -68,13 +67,11 @@ public class GetConfigEntries extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> * <li>http.param op 'downloadBIN' - return the binary certificate chain - * <li>http.param op 'displayIND' - display pretty-print of certificate - * chain components + * <li>http.param op 'displayIND' - display pretty-print of certificate chain components * </ul> - * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -87,12 +84,12 @@ public class GetConfigEntries extends CMSServlet { authToken = authenticate(cmsReq); } catch (Exception e) { CMS.debug("GetConfigEntries authentication failed"); - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", - e.toString())); + e.toString())); outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated"); return; - } + } // Construct an ArgBlock IArgBlock args = cmsReq.getHttpParams(); @@ -107,32 +104,32 @@ public class GetConfigEntries extends CMSServlet { try { xmlObj = new XMLObject(); } catch (Exception e) { - CMS.debug("GetConfigEntries process: Exception: " + e.toString()); - throw new EBaseException(e.toString()); + CMS.debug("GetConfigEntries process: Exception: "+e.toString()); + throw new EBaseException( e.toString() ); } Node root = xmlObj.createRoot("XMLResponse"); AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - outputError(httpResp, "Error: Not authorized"); - return; + outputError(httpResp, "Error: Not authorized"); + return; } catch (Exception e) { - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - outputError(httpResp, + outputError(httpResp, "Error: Encountered problem during authorization."); - return; + return; } if (authzToken == null) { - outputError(httpResp, "Error: Not authorized"); - return; + outputError(httpResp, "Error: Not authorized"); + return; } if (op != null) { @@ -143,9 +140,9 @@ public class GetConfigEntries extends CMSServlet { String name1 = t.nextToken(); IConfigStore cs = config.getSubStore(name1); Enumeration enum1 = cs.getPropertyNames(); - + while (enum1.hasMoreElements()) { - String name = name1 + "." + enum1.nextElement(); + String name = name1+"."+enum1.nextElement(); try { String value = config.getString(name); Node container = xmlObj.createContainer(root, "Config"); @@ -174,10 +171,10 @@ public class GetConfigEntries extends CMSServlet { value = getLDAPPassword(); } else if (name.equals("internaldb.replication.password")) { value = getReplicationPassword(); - } else + } else continue; } - + Node container = xmlObj.createContainer(root, "Config"); xmlObj.addItemToContainer(container, "name", name); xmlObj.addItemToContainer(container, "value", value); @@ -211,15 +208,7 @@ public class GetConfigEntries extends CMSServlet { return locale; } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do - // nothing, - // ie, it - // will - // not - // return - // the - // default - // javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. } private String getLDAPPassword() { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java index 1e59bf71..74edda79 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java @@ -45,6 +45,7 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; + public class GetCookie extends CMSServlet { /** @@ -56,8 +57,10 @@ public class GetCookie extends CMSServlet { private String mErrorFormPath = null; private String mFormPath = null; - private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE = "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1"; - private final static String LOGGING_SIGNED_AUDIT_ROLE_ASSUME = "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3"; + private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE = + "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1"; + private final static String LOGGING_SIGNED_AUDIT_ROLE_ASSUME = + "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3"; public GetCookie() { super(); @@ -65,7 +68,6 @@ public class GetCookie extends CMSServlet { /** * initialize the servlet. - * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -76,13 +78,12 @@ public class GetCookie extends CMSServlet { mRandom = new Random(); mErrorFormPath = sc.getInitParameter("errorTemplatePath"); if (mOutputTemplatePath != null) { - mFormPath = mOutputTemplatePath; + mFormPath = mOutputTemplatePath; } } /** - * Process the HTTP request. - * + * Process the HTTP request. * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -99,27 +100,28 @@ public class GetCookie extends CMSServlet { } IArgBlock header = CMS.createArgBlock(); - IArgBlock ctx = CMS.createArgBlock(); + IArgBlock ctx = CMS.createArgBlock(); CMSTemplateParams argSet = new CMSTemplateParams(header, ctx); CMSTemplate form = null; Locale[] locale = new Locale[1]; String url = httpReq.getParameter("url"); - CMS.debug("GetCookie before auth, url =" + url); + CMS.debug("GetCookie before auth, url ="+url); String url_e = ""; URL u = null; try { url_e = URLDecoder.decode(url, "UTF-8"); u = new URL(url_e); } catch (Exception eee) { - throw new ECMSGWException("GetCookie missing parameter: url"); + throw new ECMSGWException( + "GetCookie missing parameter: url"); } int index2 = url_e.indexOf("subsystem="); String subsystem = ""; if (index2 > 0) { - subsystem = url.substring(index2 + 10); + subsystem = url.substring(index2+10); int index1 = subsystem.indexOf("&"); if (index1 > 0) subsystem = subsystem.substring(0, index1); @@ -129,9 +131,9 @@ public class GetCookie extends CMSServlet { authToken = authenticate(cmsReq); } catch (Exception e) { CMS.debug("GetCookie authentication failed"); - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", - e.toString())); + e.toString())); header.addStringValue("sd_uid", ""); header.addStringValue("sd_pwd", ""); header.addStringValue("host", u.getHost()); @@ -147,17 +149,17 @@ public class GetCookie extends CMSServlet { form = getTemplate(mErrorFormPath, httpReq, locale); } catch (IOException eee) { CMS.debug("GetCookie process: cant locate the form"); - /* - * log(ILogger.LL_FAILURE, - * CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); - * throw new ECMSGWException( - * CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - */ - } +/* + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); +*/ + } - if (form == null) { + if( form == null ) { CMS.debug("GetCookie::process() - form is null!"); - throw new EBaseException("form is null"); + throw new EBaseException( "form is null" ); } try { @@ -168,17 +170,16 @@ public class GetCookie extends CMSServlet { form.renderOutput(out, argSet); } catch (IOException ee) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", - ee.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", ee.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } return; - } + } String cookie = ""; String auditMessage = ""; - + if (authToken != null) { String uid = authToken.getInString("uid"); String groupname = getGroupName(uid, subsystem); @@ -186,15 +187,16 @@ public class GetCookie extends CMSServlet { if (groupname != null) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_ROLE_ASSUME, uid, ILogger.SUCCESS, - groupname); + LOGGING_SIGNED_AUDIT_ROLE_ASSUME, + uid, + ILogger.SUCCESS, + groupname); audit(auditMessage); // assign cookie long num = mRandom.nextLong(); - cookie = num + ""; - ISecurityDomainSessionTable ctable = CMS - .getSecurityDomainSessionTable(); + cookie = num+""; + ISecurityDomainSessionTable ctable = CMS.getSecurityDomainSessionTable(); String addr = ""; try { addr = u.getHost(); @@ -205,42 +207,43 @@ public class GetCookie extends CMSServlet { ip = InetAddress.getByName(addr).toString(); int index = ip.indexOf("/"); if (index > 0) - ip = ip.substring(index + 1); + ip = ip.substring(index+1); } catch (Exception e) { } - String auditParams = "operation;;issue_token+token;;" + cookie - + "+ip;;" + ip + "+uid;;" + uid + "+groupname;;" - + groupname; + String auditParams = "operation;;issue_token+token;;"+ cookie + "+ip;;" + ip + + "+uid;;" + uid + "+groupname;;" + groupname; int status = ctable.addEntry(cookie, ip, uid, groupname); if (status == ISecurityDomainSessionTable.SUCCESS) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, uid, - ILogger.SUCCESS, auditParams); + LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, + uid, + ILogger.SUCCESS, + auditParams); audit(auditMessage); } else { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, uid, - ILogger.FAILURE, auditParams); + LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, + uid, + ILogger.FAILURE, + auditParams); audit(auditMessage); } try { - String sd_url = "https://" + CMS.getEESSLHost() + ":" - + CMS.getEESSLPort(); + String sd_url = "https://"+CMS.getEESSLHost()+":"+CMS.getEESSLPort(); if (!url.startsWith("$")) { try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { CMS.debug("GetCookie process: cant locate the form"); - /* - * log(ILogger.LL_FAILURE, - * CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", - * e.toString())); throw new ECMSGWException( - * CMS.getUserMessage - * ("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - */ +/* + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); +*/ } header.addStringValue("url", url); @@ -248,26 +251,26 @@ public class GetCookie extends CMSServlet { EBaseException error = null; try { - ServletOutputStream out = httpResp - .getOutputStream(); + ServletOutputStream out = httpResp.getOutputStream(); cmsReq.setStatus(CMSRequest.SUCCESS); - httpResp.setContentType("text/html"); - form.renderOutput(out, argSet); + httpResp.setContentType("text/html"); + form.renderOutput(out, argSet); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERR_OUT_STREAM_TEMPLATE", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } } catch (Exception e) { } } else { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_ROLE_ASSUME, uid, ILogger.FAILURE, - "Enterprise " + subsystem + " Administrators"); + LOGGING_SIGNED_AUDIT_ROLE_ASSUME, + uid, + ILogger.FAILURE, + "Enterprise " + subsystem + " Administrators"); audit(auditMessage); } } @@ -275,25 +278,25 @@ public class GetCookie extends CMSServlet { private String getGroupName(String uid, String subsystemname) { String groupname = ""; - IUGSubsystem subsystem = (IUGSubsystem) (CMS - .getSubsystem(IUGSubsystem.ID)); - if (subsystem.isMemberOf(uid, "Enterprise CA Administrators") - && subsystemname.equals("CA")) { + IUGSubsystem subsystem = + (IUGSubsystem)(CMS.getSubsystem(IUGSubsystem.ID)); + if (subsystem.isMemberOf(uid, "Enterprise CA Administrators") && + subsystemname.equals("CA")) { return "Enterprise CA Administrators"; - } else if (subsystem.isMemberOf(uid, "Enterprise KRA Administrators") - && subsystemname.equals("KRA")) { + } else if (subsystem.isMemberOf(uid, "Enterprise KRA Administrators") && + subsystemname.equals("KRA")) { return "Enterprise KRA Administrators"; - } else if (subsystem.isMemberOf(uid, "Enterprise OCSP Administrators") - && subsystemname.equals("OCSP")) { + } else if (subsystem.isMemberOf(uid, "Enterprise OCSP Administrators") && + subsystemname.equals("OCSP")) { return "Enterprise OCSP Administrators"; - } else if (subsystem.isMemberOf(uid, "Enterprise TKS Administrators") - && subsystemname.equals("TKS")) { + } else if (subsystem.isMemberOf(uid, "Enterprise TKS Administrators") && + subsystemname.equals("TKS")) { return "Enterprise TKS Administrators"; - } else if (subsystem.isMemberOf(uid, "Enterprise RA Administrators") - && subsystemname.equals("RA")) { + } else if (subsystem.isMemberOf(uid, "Enterprise RA Administrators") && + subsystemname.equals("RA")) { return "Enterprise RA Administrators"; - } else if (subsystem.isMemberOf(uid, "Enterprise TPS Administrators") - && subsystemname.equals("TPS")) { + } else if (subsystem.isMemberOf(uid, "Enterprise TPS Administrators") && + subsystemname.equals("TPS")) { return "Enterprise TPS Administrators"; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java index b3d9470d..f9e6c70e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.FileInputStream; import java.io.IOException; import java.util.Enumeration; @@ -47,6 +48,7 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ICMSTemplateFiller; import com.netscape.cmsutil.xml.XMLObject; + public class GetDomainXML extends CMSServlet { /** @@ -62,7 +64,6 @@ public class GetDomainXML extends CMSServlet { /** * initialize the servlet. - * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -72,13 +73,11 @@ public class GetDomainXML extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> * <li>http.param op 'downloadBIN' - return the binary certificate chain - * <li>http.param op 'displayIND' - display pretty-print of certificate - * chain components + * <li>http.param op 'displayIND' - display pretty-print of certificate chain components * </ul> - * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -96,7 +95,8 @@ public class GetDomainXML extends CMSServlet { try { secstore = cs.getString("securitydomain.store"); basedn = cs.getString("internaldb.basedn"); - } catch (Exception e) { + } + catch (Exception e) { CMS.debug("Unable to determine the security domain name or internal basedn. Please run the domaininfo migration script"); } @@ -104,8 +104,7 @@ public class GetDomainXML extends CMSServlet { XMLObject response = new XMLObject(); Node root = response.createRoot("XMLResponse"); - if ((secstore != null) && (basedn != null) - && (secstore.equals("ldap"))) { + if ((secstore != null) && (basedn != null) && (secstore.equals("ldap"))) { ILdapConnFactory connFactory = null; LDAPConnection conn = null; try { @@ -121,77 +120,64 @@ public class GetDomainXML extends CMSServlet { connFactory.init(ldapConfig); conn = connFactory.getConn(); - // get the security domain name - String secdomain = (String) conn.read(dn) - .getAttribute("name").getStringValues() - .nextElement(); + // get the security domain name + String secdomain = (String) conn.read(dn).getAttribute("name").getStringValues().nextElement(); XMLObject xmlObj = new XMLObject(); Node domainInfo = xmlObj.createRoot("DomainInfo"); xmlObj.addItemToContainer(domainInfo, "Name", secdomain); - // this should return CAList, KRAList etc. - LDAPSearchResults res = conn - .search(dn, LDAPConnection.SCOPE_ONE, filter, - attrs, true, cons); + // this should return CAList, KRAList etc. + LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_ONE, filter, + attrs, true, cons); while (res.hasMoreElements()) { int count = 0; dn = res.next().getDN(); String listName = dn.substring(3, dn.indexOf(",")); - String subType = listName.substring(0, - listName.indexOf("List")); - Node listNode = xmlObj.createContainer(domainInfo, - listName); - + String subType = listName.substring(0, listName.indexOf("List")); + Node listNode = xmlObj.createContainer(domainInfo, listName); + filter = "objectclass=pkiSubsystem"; - LDAPSearchResults res2 = conn.search(dn, - LDAPConnection.SCOPE_ONE, filter, attrs, false, - cons); + LDAPSearchResults res2 = conn.search(dn, LDAPConnection.SCOPE_ONE, filter, + attrs, false, cons); while (res2.hasMoreElements()) { - Node node = xmlObj.createContainer(listNode, - subType); + Node node = xmlObj.createContainer(listNode, subType); LDAPEntry entry = res2.next(); - LDAPAttributeSet entryAttrs = entry - .getAttributeSet(); + LDAPAttributeSet entryAttrs = entry.getAttributeSet(); Enumeration attrsInSet = entryAttrs.getAttributes(); while (attrsInSet.hasMoreElements()) { - LDAPAttribute nextAttr = (LDAPAttribute) attrsInSet - .nextElement(); + LDAPAttribute nextAttr = (LDAPAttribute) attrsInSet.nextElement(); String attrName = nextAttr.getName(); - if ((!attrName.equals("cn")) - && (!attrName.equals("objectClass"))) { - String attrValue = (String) nextAttr - .getStringValues().nextElement(); - xmlObj.addItemToContainer(node, - securityDomainLDAPtoXML(attrName), - attrValue); + if ((! attrName.equals("cn")) && (! attrName.equals("objectClass"))) { + String attrValue = (String) nextAttr.getStringValues().nextElement(); + xmlObj.addItemToContainer(node, securityDomainLDAPtoXML(attrName), attrValue); } } - count++; - } - xmlObj.addItemToContainer(listNode, "SubsystemCount", - Integer.toString(count)); + count ++; + } + xmlObj.addItemToContainer(listNode, "SubsystemCount", Integer.toString(count)); } // Add new xml object as string to response. - response.addItemToContainer(root, "DomainInfo", - xmlObj.toXMLString()); - } catch (Exception e) { - CMS.debug("GetDomainXML: Failed to read domain.xml from ldap " - + e.toString()); + response.addItemToContainer(root, "DomainInfo", xmlObj.toXMLString()); + } + catch (Exception e) { + CMS.debug("GetDomainXML: Failed to read domain.xml from ldap " + e.toString()); status = FAILED; - } finally { - if ((conn != null) && (connFactory != null)) { + } + finally { + if ((conn != null) && (connFactory!= null)) { CMS.debug("Releasing ldap connection"); connFactory.returnConn(conn); } } - } else { - // get data from file store + } + else { + // get data from file store - String path = CMS.getConfigStore() - .getString("instanceRoot", "") + "/conf/domain.xml"; + String path = CMS.getConfigStore().getString("instanceRoot", "") + + "/conf/domain.xml"; CMS.debug("GetDomainXML: got path=" + path); @@ -207,12 +193,11 @@ public class GetDomainXML extends CMSServlet { fis.close(); CMS.debug("GetDomainXML: Done Reading domain.xml..."); - response.addItemToContainer(root, "DomainInfo", new String( - buf)); - } catch (Exception e) { - CMS.debug("Failed to read domain.xml from file" - + e.toString()); - status = FAILED; + response.addItemToContainer(root, "DomainInfo", new String(buf)); + } + catch (Exception e) { + CMS.debug("Failed to read domain.xml from file" + e.toString()); + status = FAILED; } } @@ -221,34 +206,23 @@ public class GetDomainXML extends CMSServlet { outputResult(httpResp, "application/xml", cb); } catch (Exception e) { - CMS.debug("GetDomainXML: Failed to send the XML output" - + e.toString()); + CMS.debug("GetDomainXML: Failed to send the XML output" + e.toString()); } } protected String securityDomainLDAPtoXML(String attribute) { - if (attribute.equals("host")) - return "Host"; - else - return attribute; + if (attribute.equals("host")) return "Host"; + else return attribute; } - protected void setDefaultTemplates(ServletConfig sc) { - } + protected void setDefaultTemplates(ServletConfig sc) {} - protected void renderTemplate(CMSRequest cmsReq, String templateName, - ICMSTemplateFiller filler) throws IOException {// do nothing - } + protected void renderTemplate( + CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) + throws IOException {// do nothing + } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do - // nothing, - // ie, it - // will - // not - // return - // the - // default - // javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetStatus.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetStatus.java index 623acf9a..02fe36c1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetStatus.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetStatus.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.IOException; import java.util.Locale; @@ -35,6 +36,7 @@ import com.netscape.cms.servlet.base.UserInfo; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cmsutil.xml.XMLObject; + public class GetStatus extends CMSServlet { /** @@ -50,7 +52,6 @@ public class GetStatus extends CMSServlet { /** * initialize the servlet. - * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -58,19 +59,18 @@ public class GetStatus extends CMSServlet { } /** - * Process the HTTP request. - * + * Process the HTTP request. * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); - IConfigStore config = CMS.getConfigStore(); + IConfigStore config = CMS.getConfigStore(); String outputString = null; - String state = config.getString("cs.state", ""); - String type = config.getString("cs.type", ""); + String state = config.getString("cs.state", ""); + String type = config.getString("cs.type", ""); try { XMLObject xmlObj = null; @@ -89,15 +89,7 @@ public class GetStatus extends CMSServlet { } } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do - // nothing, - // ie, it - // will - // not - // return - // the - // default - // javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java index 93d7e922..0a6c5ec3 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.IOException; import java.util.Locale; @@ -38,6 +39,7 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cmsutil.crypto.CryptoUtil; import com.netscape.cmsutil.xml.XMLObject; + public class GetSubsystemCert extends CMSServlet { /** @@ -53,7 +55,6 @@ public class GetSubsystemCert extends CMSServlet { /** * initialize the servlet. - * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -61,7 +62,7 @@ public class GetSubsystemCert extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. */ protected void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); @@ -74,29 +75,27 @@ public class GetSubsystemCert extends CMSServlet { try { nickname = cs.getString("ca.subsystem.nickname", ""); String tokenname = cs.getString("ca.subsystem.tokenname", ""); - if (!tokenname.equals("internal") - && !tokenname.equals("Internal Key Storage Token")) - nickname = tokenname + ":" + nickname; + if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token")) + nickname = tokenname+":"+nickname; } catch (Exception e) { } - CMS.debug("GetSubsystemCert process: nickname=" + nickname); + CMS.debug("GetSubsystemCert process: nickname="+nickname); String s = ""; try { CryptoManager cm = CryptoManager.getInstance(); X509Certificate cert = cm.findCertByNickname(nickname); - + if (cert == null) { CMS.debug("GetSubsystemCert process: subsystem cert is null"); - outputError(httpResp, - "Error: Failed to get subsystem certificate."); + outputError(httpResp, "Error: Failed to get subsystem certificate."); return; } byte[] bytes = cert.getEncoded(); s = CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bytes)); } catch (Exception e) { - CMS.debug("GetSubsystemCert process: exception: " + e.toString()); + CMS.debug("GetSubsystemCert process: exception: "+e.toString()); } try { @@ -112,15 +111,7 @@ public class GetSubsystemCert extends CMSServlet { } } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do - // nothing, - // ie, it - // will - // not - // return - // the - // default - // javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTokenInfo.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTokenInfo.java index f4d68392..d7af0740 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTokenInfo.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTokenInfo.java @@ -52,7 +52,6 @@ public class GetTokenInfo extends CMSServlet { /** * initialize the servlet. - * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -61,13 +60,11 @@ public class GetTokenInfo extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> * <li>http.param op 'downloadBIN' - return the binary certificate chain - * <li>http.param op 'displayIND' - display pretty-print of certificate - * chain components + * <li>http.param op 'displayIND' - display pretty-print of certificate chain components * </ul> - * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -81,8 +78,8 @@ public class GetTokenInfo extends CMSServlet { try { xmlObj = new XMLObject(); } catch (Exception e) { - CMS.debug("GetTokenInfo process: Exception: " + e.toString()); - throw new EBaseException(e.toString()); + CMS.debug("GetTokenInfo process: Exception: "+e.toString()); + throw new EBaseException( e.toString() ); } Node root = xmlObj.createRoot("XMLResponse"); @@ -100,7 +97,7 @@ public class GetTokenInfo extends CMSServlet { String name = t1.nextToken(); if (name.equals("sslserver")) continue; - name = "cloning." + name + ".nickname"; + name = "cloning."+name+".nickname"; String value = ""; try { @@ -108,7 +105,7 @@ public class GetTokenInfo extends CMSServlet { } catch (Exception ee) { continue; } - + Node container = xmlObj.createContainer(root, "Config"); xmlObj.addItemToContainer(container, "name", name); xmlObj.addItemToContainer(container, "value", value); @@ -152,14 +149,6 @@ public class GetTokenInfo extends CMSServlet { return locale; } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do - // nothing, - // ie, it - // will - // not - // return - // the - // default - // javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTransportCert.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTransportCert.java index 8d8747b9..bc29b34a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTransportCert.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTransportCert.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.IOException; import java.security.cert.CertificateEncodingException; import java.util.Locale; @@ -62,7 +63,6 @@ public class GetTransportCert extends CMSServlet { /** * initialize the servlet. - * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -72,7 +72,7 @@ public class GetTransportCert extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. */ protected void process(CMSRequest cmsReq) throws EBaseException { CMS.debug("UpdateUpdater: processing..."); @@ -86,9 +86,9 @@ public class GetTransportCert extends CMSServlet { CMS.debug("GetTransportCert authentication successful."); } catch (Exception e) { CMS.debug("GetTransportCert: authentication failed."); - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", - e.toString())); + e.toString())); outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated"); return; } @@ -101,19 +101,19 @@ public class GetTransportCert extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "read"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "read"); CMS.debug("GetTransportCert authorization successful."); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, "Error: Not authorized"); return; } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, - "Error: Encountered problem during authorization."); + "Error: Encountered problem during authorization."); return; } @@ -124,19 +124,19 @@ public class GetTransportCert extends CMSServlet { IConfigStore cs = CMS.getConfigStore(); - IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) mAuthority; - ITransportKeyUnit tu = kra.getTransportKeyUnit(); - org.mozilla.jss.crypto.X509Certificate transportCert = tu - .getCertificate(); + IKeyRecoveryAuthority kra = + (IKeyRecoveryAuthority) mAuthority; + ITransportKeyUnit tu = kra.getTransportKeyUnit(); + org.mozilla.jss.crypto.X509Certificate transportCert = + tu.getCertificate(); - String mime64 = ""; + String mime64 = ""; try { mime64 = CMS.BtoA(transportCert.getEncoded()); - mime64 = com.netscape.cmsutil.util.Cert - .normalizeCertStrAndReq(mime64); - } catch (CertificateEncodingException eee) { + mime64 = com.netscape.cmsutil.util.Cert.normalizeCertStrAndReq(mime64); + } catch (CertificateEncodingException eee) { CMS.debug("GetTransportCert: Failed to encode certificate"); - } + } // send success status back to the requestor try { @@ -154,22 +154,14 @@ public class GetTransportCert extends CMSServlet { } } - protected void setDefaultTemplates(ServletConfig sc) { - } + protected void setDefaultTemplates(ServletConfig sc) {} - protected void renderTemplate(CMSRequest cmsReq, String templateName, - ICMSTemplateFiller filler) throws IOException {// do nothing - } + protected void renderTemplate( + CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) + throws IOException {// do nothing + } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do - // nothing, - // ie, it - // will - // not - // return - // the - // default - // javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java index 02a2c21a..a00b0fb7 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.IOException; import javax.servlet.ServletConfig; @@ -35,19 +36,19 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class HierarchyPanel extends WizardPanelBase { - public HierarchyPanel() { - } + public HierarchyPanel() {} /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("PKI Hierarchy"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, - String id) throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException { setPanelNo(panelno); setName("PKI Hierarchy"); setId(id); @@ -55,15 +56,16 @@ public class HierarchyPanel extends WizardPanelBase { public boolean shouldSkip() { - // we dont need to ask the hierachy if we are + // we dont need to ask the hierachy if we are // setting up a clone try { IConfigStore c = CMS.getConfigStore(); - String s = c.getString("preop.subsystem.select", null); + String s = c.getString("preop.subsystem.select", + null); if (s != null && s.equals("clone")) { // mark this panel as done - c.putString("preop.hierarchy.select", "root"); - c.putString("hierarchy.select", "Clone"); + c.putString("preop.hierarchy.select","root"); + c.putString("hierarchy.select","Clone"); return true; } } catch (EBaseException e) { @@ -87,16 +89,15 @@ public class HierarchyPanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) { - } + } catch (EBaseException e) {} return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -104,7 +105,8 @@ public class HierarchyPanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { context.put("title", "PKI Hierarchy"); IConfigStore config = CMS.getConfigStore(); @@ -115,7 +117,7 @@ public class HierarchyPanel extends WizardPanelBase { if (s.equals("root")) { context.put("check_root", "checked"); } else if (s.equals("join")) { - context.put("check_join", "checked"); + context.put("check_join", "checked"); } } catch (Exception e) { CMS.debug(e.toString()); @@ -132,14 +134,16 @@ public class HierarchyPanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { IConfigStore config = CMS.getConfigStore(); try { String cstype = config.getString("preop.subsystem.select", ""); @@ -159,17 +163,16 @@ public class HierarchyPanel extends WizardPanelBase { } if (select.equals("root")) { - config.putString("preop.hierarchy.select", "root"); - config.putString("hierarchy.select", "Root"); + config.putString("preop.hierarchy.select", "root"); + config.putString("hierarchy.select", "Root"); config.putString("preop.ca.type", "sdca"); try { config.commit(false); - } catch (EBaseException e) { - } + } catch (EBaseException e) {} } else if (select.equals("join")) { config.putString(PCERT_PREFIX + "signing.type", "remote"); config.putString("preop.hierarchy.select", "join"); - config.putString("hierarchy.select", "Subordinate"); + config.putString("hierarchy.select", "Subordinate"); } else { config.putString(PCERT_PREFIX + "signing.type", "remote"); CMS.debug("HierarchyPanel: invalid choice " + select); @@ -183,6 +186,6 @@ public class HierarchyPanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, Context context) { - } + HttpServletResponse response, + Context context) {} } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java index ce5e9795..d4f93a9b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.BufferedReader; import java.io.FileReader; import java.io.IOException; @@ -46,19 +47,19 @@ import com.netscape.cmsutil.crypto.CryptoUtil; public class ImportAdminCertPanel extends WizardPanelBase { - public ImportAdminCertPanel() { - } + public ImportAdminCertPanel() {} /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Import Administrator's Certificate"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, - String id) throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException { setPanelNo(panelno); setName("Import Administrator's Certificate"); setId(id); @@ -85,7 +86,8 @@ public class ImportAdminCertPanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { CMS.debug("ImportAdminCertPanel: display"); context.put("errorString", ""); context.put("title", "Import Administrator's Certificate"); @@ -100,12 +102,11 @@ public class ImportAdminCertPanel extends WizardPanelBase { try { type = cs.getString("preop.ca.type", ""); subsystemtype = cs.getString("cs.type", ""); - } catch (Exception e) { - } + } catch (Exception e) {} try { String serialno = cs.getString("preop.admincert.serialno.0"); - + context.put("serialNumber", serialno); } catch (Exception e) { context.put("errorString", "Failed to get serial number."); @@ -128,26 +129,21 @@ public class ImportAdminCertPanel extends WizardPanelBase { if (ca == null) { if (type.equals("otherca")) { try { - // this is a non-CA system that has elected to have its - // certificates + // this is a non-CA system that has elected to have its certificates // signed by a CA outside of the security domain. - // in this case, we submitted the cert request for the admin - // cert to + // in this case, we submitted the cert request for the admin cert to // to security domain host. caHost = cs.getString("securitydomain.host", ""); caPort = cs.getString("securitydomain.httpsadminport", ""); - } catch (Exception e) { - } + } catch (Exception e) {} } else if (type.equals("sdca")) { try { // this is a non-CA system that submitted its certs to a CA - // within the security domain. In this case, we submitted - // the cert + // within the security domain. In this case, we submitted the cert // request for the admin cert to this CA caHost = cs.getString("preop.ca.hostname", ""); caPort = cs.getString("preop.ca.httpsadminport", ""); - } catch (Exception e) { - } + } catch (Exception e) {} } } else { // for CAs, we always generate our own admin certs @@ -155,8 +151,7 @@ public class ImportAdminCertPanel extends WizardPanelBase { try { caHost = cs.getString("service.machineName", ""); caPort = cs.getString("pkicreate.admin_secure_port", ""); - } catch (Exception e) { - } + } catch (Exception e) {} } String pkcs7 = ""; @@ -175,14 +170,16 @@ public class ImportAdminCertPanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { IConfigStore cs = CMS.getConfigStore(); String type = ""; @@ -195,13 +192,12 @@ public class ImportAdminCertPanel extends WizardPanelBase { subsystemtype = cs.getString("cs.type", ""); security_domain_type = cs.getString("securitydomain.select", ""); selected_hierarchy = cs.getString("preop.hierarchy.select", ""); - } catch (Exception e) { - } + } catch (Exception e) {} - ICertificateAuthority ca = (ICertificateAuthority) CMS - .getSubsystem(ICertificateAuthority.ID); + ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem( + ICertificateAuthority.ID); - if (ca == null) { + if (ca == null) { context.put("ca", "false"); } else { context.put("ca", "true"); @@ -210,23 +206,25 @@ public class ImportAdminCertPanel extends WizardPanelBase { X509CertImpl certs[] = new X509CertImpl[1]; - // REMINDER: This panel is NOT used by "clones" - if (ca != null) { + // REMINDER: This panel is NOT used by "clones" + if( ca != null ) { String serialno = null; - if (selected_hierarchy.equals("root")) { - CMS.debug("ImportAdminCertPanel update: " - + "Root CA subsystem - " + "(new Security Domain)"); + if( selected_hierarchy.equals( "root" ) ) { + CMS.debug( "ImportAdminCertPanel update: " + + "Root CA subsystem - " + + "(new Security Domain)" ); } else { - CMS.debug("ImportAdminCertPanel update: " - + "Subordinate CA subsystem - " - + "(new Security Domain)"); + CMS.debug( "ImportAdminCertPanel update: " + + "Subordinate CA subsystem - " + + "(new Security Domain)" ); } try { serialno = cs.getString("preop.admincert.serialno.0"); } catch (Exception e) { - CMS.debug("ImportAdminCertPanel update: Failed to get request id."); + CMS.debug( + "ImportAdminCertPanel update: Failed to get request id."); context.put("updateStatus", "failure"); throw new IOException("Failed to get request id."); } @@ -234,37 +232,37 @@ public class ImportAdminCertPanel extends WizardPanelBase { ICertificateRepository repost = ca.getCertificateRepository(); try { - certs[0] = repost.getX509Certificate(new BigInteger(serialno, - 16)); - } catch (Exception ee) { - } + certs[0] = repost.getX509Certificate( + new BigInteger(serialno, 16)); + } catch (Exception ee) {} } else { String dir = null; - // REMINDER: This panel is NOT used by "clones" - if (subsystemtype.equals("CA")) { - if (selected_hierarchy.equals("root")) { - CMS.debug("ImportAdminCertPanel update: " - + "Root CA subsystem - " - + "(existing Security Domain)"); + // REMINDER: This panel is NOT used by "clones" + if( subsystemtype.equals( "CA" ) ) { + if( selected_hierarchy.equals( "root" ) ) { + CMS.debug( "ImportAdminCertPanel update: " + + "Root CA subsystem - " + + "(existing Security Domain)" ); } else { - CMS.debug("ImportAdminCertPanel update: " - + "Subordinate CA subsystem - " - + "(existing Security Domain)"); + CMS.debug( "ImportAdminCertPanel update: " + + "Subordinate CA subsystem - " + + "(existing Security Domain)" ); } } else { - CMS.debug("ImportAdminCertPanel update: " + subsystemtype - + " subsystem"); + CMS.debug( "ImportAdminCertPanel update: " + + subsystemtype + + " subsystem" ); } try { - dir = cs.getString("preop.admincert.b64", ""); + dir = cs.getString("preop.admincert.b64", ""); CMS.debug("ImportAdminCertPanel update: dir=" + dir); - } catch (Exception ee) { - } + } catch (Exception ee) {} try { - BufferedReader reader = new BufferedReader(new FileReader(dir)); + BufferedReader reader = new BufferedReader( + new FileReader(dir)); String b64 = ""; StringBuffer sb = new StringBuffer(); @@ -291,15 +289,15 @@ public class ImportAdminCertPanel extends WizardPanelBase { user.setX509Certificates(certs); ug.addUserCert(user); } catch (LDAPException e) { - CMS.debug("ImportAdminCertPanel update: failed to add certificate to the internal database. Exception: " - + e.toString()); + CMS.debug("ImportAdminCertPanel update: failed to add certificate to the internal database. Exception: "+e.toString()); if (e.getLDAPResultCode() != LDAPException.ATTRIBUTE_OR_VALUE_EXISTS) { context.put("updateStatus", "failure"); throw new IOException(e.toString()); } } catch (Exception e) { - CMS.debug("ImportAdminCertPanel update: failed to add certificate. Exception: " - + e.toString()); + CMS.debug( + "ImportAdminCertPanel update: failed to add certificate. Exception: " + + e.toString()); context.put("updateStatus", "failure"); throw new IOException(e.toString()); } @@ -314,7 +312,7 @@ public class ImportAdminCertPanel extends WizardPanelBase { public boolean shouldSkip() { try { IConfigStore c = CMS.getConfigStore(); - String s = c.getString("preop.subsystem.select", null); + String s = c.getString("preop.subsystem.select",null); if (s != null && s.equals("clone")) { return true; } @@ -324,11 +322,13 @@ public class ImportAdminCertPanel extends WizardPanelBase { return false; } + /** * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { /* This should never be called */ context.put("title", "Import Administrator Certificate"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java index 8b0ccc0c..0c2e7fa0 100755 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.IOException; import javax.servlet.ServletConfig; @@ -35,19 +36,19 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class ImportCAChainPanel extends WizardPanelBase { - public ImportCAChainPanel() { - } + public ImportCAChainPanel() {} /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Import CA's Certificate Chain"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, - String id) throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException { setPanelNo(panelno); setName("Import CA's Certificate Chain"); setId(id); @@ -74,7 +75,8 @@ public class ImportCAChainPanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { CMS.debug("ImportCACertChain: display"); context.put("errorString", ""); context.put("title", "Import CA's Certificate Chain"); @@ -87,9 +89,8 @@ public class ImportCAChainPanel extends WizardPanelBase { context.put("https_port", cs.getString("pkicreate.ee_secure_port")); context.put("http_port", cs.getString("pkicreate.unsecure_port")); } catch (EBaseException e) { - CMS.debug("ImportCACertChain:display: Exception: " + e.toString()); - context.put("errorString", - "Error loading values for Import CA Certificate Panel"); + CMS.debug("ImportCACertChain:display: Exception: " + e.toString()); + context.put("errorString", "Error loading values for Import CA Certificate Panel"); } ISubsystem ca = (ISubsystem) CMS.getSubsystem("ca"); @@ -106,16 +107,19 @@ public class ImportCAChainPanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { IConfigStore cs = CMS.getConfigStore(); + context.put("errorString", ""); context.put("title", "Import CA's Certificate Chain"); context.put("panel", "admin/console/config/importcachainpanel.vm"); @@ -126,7 +130,8 @@ public class ImportCAChainPanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { /* This should never be called */ IConfigStore cs = CMS.getConfigStore(); @@ -136,7 +141,6 @@ public class ImportCAChainPanel extends WizardPanelBase { context.put("http_port", cs.getString("pkicreate.unsecure_port")); context.put("title", "Import CA's Certificate Chain"); context.put("panel", "admin/console/config/importcachainpanel.vm"); - } catch (EBaseException e) { - } + } catch (EBaseException e) {} } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportTransportCert.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportTransportCert.java index a5efbbfe..3f54ec1c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportTransportCert.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportTransportCert.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.IOException; import java.util.Locale; @@ -60,7 +61,6 @@ public class ImportTransportCert extends CMSServlet { /** * initialize the servlet. - * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -70,7 +70,7 @@ public class ImportTransportCert extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. */ protected void process(CMSRequest cmsReq) throws EBaseException { CMS.debug("UpdateUpdater: processing..."); @@ -84,9 +84,9 @@ public class ImportTransportCert extends CMSServlet { CMS.debug("ImportTransportCert authentication successful."); } catch (Exception e) { CMS.debug("ImportTransportCert: authentication failed."); - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", - e.toString())); + e.toString())); outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated"); return; } @@ -99,19 +99,19 @@ public class ImportTransportCert extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "modify"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "modify"); CMS.debug("ImportTransportCert authorization successful."); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, "Error: Not authorized"); return; } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, - "Error: Encountered problem during authorization."); + "Error: Encountered problem during authorization."); return; } @@ -126,17 +126,17 @@ public class ImportTransportCert extends CMSServlet { String certsString = httpReq.getParameter("certificate"); try { - CryptoManager cm = CryptoManager.getInstance(); - CMS.debug("ImportTransportCert: Importing certificate"); - org.mozilla.jss.crypto.X509Certificate cert = cm - .importCACertPackage(CMS.AtoB(certsString)); - String nickName = cert.getNickname(); - CMS.debug("ImportTransportCert: nickname " + nickName); - cs.putString("tks.drm_transport_cert_nickname", nickName); - CMS.debug("ImportTransportCert: Commiting configuration"); - cs.commit(false); - - // send success status back to the requestor + CryptoManager cm = CryptoManager.getInstance(); + CMS.debug("ImportTransportCert: Importing certificate"); + org.mozilla.jss.crypto.X509Certificate cert = + cm.importCACertPackage(CMS.AtoB(certsString)); + String nickName = cert.getNickname(); + CMS.debug("ImportTransportCert: nickname " + nickName); + cs.putString("tks.drm_transport_cert_nickname", nickName); + CMS.debug("ImportTransportCert: Commiting configuration"); + cs.commit(false); + + // send success status back to the requestor CMS.debug("ImportTransportCert: Sending response"); XMLObject xmlObj = new XMLObject(); Node root = xmlObj.createRoot("XMLResponse"); @@ -150,22 +150,14 @@ public class ImportTransportCert extends CMSServlet { } } - protected void setDefaultTemplates(ServletConfig sc) { - } + protected void setDefaultTemplates(ServletConfig sc) {} - protected void renderTemplate(CMSRequest cmsReq, String templateName, - ICMSTemplateFiller filler) throws IOException {// do nothing - } + protected void renderTemplate( + CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) + throws IOException {// do nothing + } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do - // nothing, - // ie, it - // will - // not - // return - // the - // default - // javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java index b7b52129..da2a3ccb 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java @@ -36,11 +36,11 @@ import com.netscape.certsrv.base.ISecurityDomainSessionTable; import com.netscape.cmsutil.password.IPasswordStore; /** - * This object stores the values for IP, uid and group based on the cookie id in - * LDAP. Entries are stored under ou=Security Domain, ou=sessions, $basedn + * This object stores the values for IP, uid and group based on the cookie id in LDAP. + * Entries are stored under ou=Security Domain, ou=sessions, $basedn */ -public class LDAPSecurityDomainSessionTable implements - ISecurityDomainSessionTable { +public class LDAPSecurityDomainSessionTable + implements ISecurityDomainSessionTable { private long m_timeToLive; @@ -48,7 +48,8 @@ public class LDAPSecurityDomainSessionTable implements m_timeToLive = timeToLive; } - public int addEntry(String sessionId, String ip, String uid, String group) { + public int addEntry(String sessionId, String ip, + String uid, String group) { IConfigStore cs = CMS.getConfigStore(); LDAPConnection conn = null; boolean sessions_exists = true; @@ -60,8 +61,7 @@ public class LDAPSecurityDomainSessionTable implements basedn = cs.getString("internaldb.basedn"); sessionsdn = "ou=sessions,ou=Security Domain," + basedn; } catch (Exception e) { - CMS.debug("SecurityDomainSessionTable: addEntry: failed to read basedn" - + e); + CMS.debug("SecurityDomainSessionTable: addEntry: failed to read basedn" + e); return status; } @@ -77,16 +77,14 @@ public class LDAPSecurityDomainSessionTable implements attrs.add(new LDAPAttribute("ou", "sessions")); entry = new LDAPEntry(sessionsdn, attrs); conn.add(entry); - } catch (Exception e) { - if ((e instanceof LDAPException) - && (((LDAPException) e).getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS)) { + } catch (Exception e) { + if ((e instanceof LDAPException) && (((LDAPException) e).getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS)) { // continue } else { - CMS.debug("SecurityDomainSessionTable: unable to create ou=sessions:" - + e); + CMS.debug("SecurityDomainSessionTable: unable to create ou=sessions:" + e); sessions_exists = false; } - } + } // add new entry try { @@ -95,32 +93,27 @@ public class LDAPSecurityDomainSessionTable implements String entrydn = "cn=" + sessionId + "," + sessionsdn; attrs = new LDAPAttributeSet(); attrs.add(new LDAPAttribute("objectclass", "top")); - attrs.add(new LDAPAttribute("objectclass", - "securityDomainSessionEntry")); + attrs.add(new LDAPAttribute("objectclass", "securityDomainSessionEntry")); attrs.add(new LDAPAttribute("cn", sessionId)); attrs.add(new LDAPAttribute("host", ip)); attrs.add(new LDAPAttribute("uid", uid)); attrs.add(new LDAPAttribute("cmsUserGroup", group)); - attrs.add(new LDAPAttribute("dateOfCreate", Long - .toString((new Date()).getTime()))); + attrs.add(new LDAPAttribute("dateOfCreate", Long.toString((new Date()).getTime()))); entry = new LDAPEntry(entrydn, attrs); if (sessions_exists) { conn.add(entry); - CMS.debug("SecurityDomainSessionTable: added session entry" - + sessionId); + CMS.debug("SecurityDomainSessionTable: added session entry" + sessionId); status = SUCCESS; } - } catch (Exception e) { - CMS.debug("SecurityDomainSessionTable: unable to create session entry" - + sessionId + ": " + e); - } + } catch(Exception e) { + CMS.debug("SecurityDomainSessionTable: unable to create session entry" + sessionId + ": " + e); + } try { conn.disconnect(); } catch (Exception e) { - CMS.debug("SecurityDomainSessionTable:addEntry: Error in disconnecting from database: " - + e); + CMS.debug("SecurityDomainSessionTable:addEntry: Error in disconnecting from database: " + e); } return status; } @@ -131,25 +124,21 @@ public class LDAPSecurityDomainSessionTable implements int status = FAILURE; try { String basedn = cs.getString("internaldb.basedn"); - String dn = "cn=" + sessionId + ",ou=sessions,ou=Security Domain," - + basedn; + String dn = "cn=" + sessionId + ",ou=sessions,ou=Security Domain," + basedn; conn = getLDAPConn(); conn.delete(dn); status = SUCCESS; } catch (Exception e) { - if ((e instanceof LDAPException) - && (((LDAPException) e).getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT)) { + if ((e instanceof LDAPException) && (((LDAPException) e).getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT)) { // continue } else { - CMS.debug("SecurityDomainSessionTable: unable to delete session " - + sessionId + ": " + e); + CMS.debug("SecurityDomainSessionTable: unable to delete session " + sessionId + ": " + e); } } try { conn.disconnect(); } catch (Exception e) { - CMS.debug("SecurityDomainSessionTable: removeEntry: Error in disconnecting from database: " - + e); + CMS.debug("SecurityDomainSessionTable: removeEntry: Error in disconnecting from database: " + e); } return status; } @@ -165,24 +154,21 @@ public class LDAPSecurityDomainSessionTable implements String[] attrs = { "cn" }; conn = getLDAPConn(); - LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, - filter, attrs, false); - if (res.getCount() > 0) - ret = true; - } catch (Exception e) { - CMS.debug("SecurityDomainSessionTable: unable to query session " - + sessionId + ": " + e); + LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false); + if (res.getCount() > 0) ret = true; + } catch(Exception e) { + CMS.debug("SecurityDomainSessionTable: unable to query session " + sessionId + ": " + e); } try { conn.disconnect(); } catch (Exception e) { - CMS.debug("SecurityDomainSessionTable: isSessionIdExist: Error in disconnecting from database: " - + e); + CMS.debug("SecurityDomainSessionTable: isSessionIdExist: Error in disconnecting from database: " + e); } return ret; } + public Enumeration getSessionIds() { IConfigStore cs = CMS.getConfigStore(); LDAPConnection conn = null; @@ -195,31 +181,27 @@ public class LDAPSecurityDomainSessionTable implements String[] attrs = { "cn" }; conn = getLDAPConn(); - LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, - filter, attrs, false); + LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false); while (res.hasMoreElements()) { LDAPEntry entry = res.next(); ret.add(entry.getAttribute("cn").getStringValueArray()[0]); } } catch (LDAPException e) { switch (e.getLDAPResultCode()) { - case LDAPException.NO_SUCH_OBJECT: - CMS.debug("SecurityDomainSessionTable: getSessionIds(): no sessions have been created"); - break; - default: - CMS.debug("SecurityDomainSessionTable: unable to query sessionIds due to ldap exception: " - + e); + case LDAPException.NO_SUCH_OBJECT: + CMS.debug("SecurityDomainSessionTable: getSessionIds(): no sessions have been created"); + break; + default: + CMS.debug("SecurityDomainSessionTable: unable to query sessionIds due to ldap exception: " + e); } - } catch (Exception e) { - CMS.debug("SecurityDomainSessionTable: unable to query sessionIds: " - + e); + } catch(Exception e) { + CMS.debug("SecurityDomainSessionTable: unable to query sessionIds: " + e); } try { conn.disconnect(); } catch (Exception e) { - CMS.debug("SecurityDomainSessionTable: getSessionIds: Error in disconnecting from database: " - + e); + CMS.debug("SecurityDomainSessionTable: getSessionIds: Error in disconnecting from database: " + e); } return ret.elements(); @@ -229,28 +211,25 @@ public class LDAPSecurityDomainSessionTable implements IConfigStore cs = CMS.getConfigStore(); LDAPConnection conn = null; String ret = null; - try { + try { String basedn = cs.getString("internaldb.basedn"); String sessionsdn = "ou=sessions,ou=Security Domain," + basedn; String filter = "(cn=" + sessionId + ")"; String[] attrs = { attr }; conn = getLDAPConn(); - LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, - filter, attrs, false); - if (res.getCount() > 0) { + LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false); + if (res.getCount() > 0) { LDAPEntry entry = res.next(); ret = entry.getAttribute(attr).getStringValueArray()[0]; } - } catch (Exception e) { - CMS.debug("SecurityDomainSessionTable: unable to query session " - + sessionId + ": " + e); + } catch(Exception e) { + CMS.debug("SecurityDomainSessionTable: unable to query session " + sessionId + ": " + e); } try { conn.disconnect(); } catch (Exception e) { - CMS.debug("SecurityDomainSessionTable: isSessionIdExist: Error in disconnecting from database: " - + e); + CMS.debug("SecurityDomainSessionTable: isSessionIdExist: Error in disconnecting from database: " + e); } return ret; } @@ -282,7 +261,7 @@ public class LDAPSecurityDomainSessionTable implements public int getSize() { IConfigStore cs = CMS.getConfigStore(); LDAPConnection conn = null; - int ret = 0; + int ret =0; try { String basedn = cs.getString("internaldb.basedn"); @@ -291,25 +270,24 @@ public class LDAPSecurityDomainSessionTable implements String[] attrs = { "cn" }; conn = getLDAPConn(); - LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, - filter, attrs, false); + LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false); ret = res.getCount(); - } catch (Exception e) { - CMS.debug("SecurityDomainSessionTable: unable to query sessionIds: " - + e); + } catch(Exception e) { + CMS.debug("SecurityDomainSessionTable: unable to query sessionIds: " + e); } try { conn.disconnect(); } catch (Exception e) { - CMS.debug("SecurityDomainSessionTable: getSessionIds: Error in disconnecting from database: " - + e); + CMS.debug("SecurityDomainSessionTable: getSessionIds: Error in disconnecting from database: " + e); } return ret; } - private LDAPConnection getLDAPConn() throws IOException { + private LDAPConnection getLDAPConn() + throws IOException + { IConfigStore cs = CMS.getConfigStore(); String host = ""; @@ -321,13 +299,12 @@ public class LDAPSecurityDomainSessionTable implements IPasswordStore pwdStore = CMS.getPasswordStore(); if (pwdStore != null) { - // CMS.debug("SecurityDomainSessionTable: getLDAPConn: password store available"); + //CMS.debug("SecurityDomainSessionTable: getLDAPConn: password store available"); pwd = pwdStore.getPassword("internaldb"); } - if (pwd == null) { - throw new IOException( - "SecurityDomainSessionTable: Failed to obtain password from password store"); + if ( pwd == null) { + throw new IOException("SecurityDomainSessionTable: Failed to obtain password from password store"); } try { @@ -352,15 +329,14 @@ public class LDAPSecurityDomainSessionTable implements LDAPConnection conn = null; if (security.equals("true")) { - // CMS.debug("SecurityDomainSessionTable getLDAPConn: creating secure (SSL) connection for internal ldap"); - conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); + //CMS.debug("SecurityDomainSessionTable getLDAPConn: creating secure (SSL) connection for internal ldap"); + conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); } else { - // CMS.debug("SecurityDomainSessionTable getLDAPConn: creating non-secure (non-SSL) connection for internal ldap"); - conn = new LDAPConnection(); + //CMS.debug("SecurityDomainSessionTable getLDAPConn: creating non-secure (non-SSL) connection for internal ldap"); + conn = new LDAPConnection(); } - // CMS.debug("SecurityDomainSessionTable connecting to " + host + ":" + - // p); + //CMS.debug("SecurityDomainSessionTable connecting to " + host + ":" + p); try { conn.connect(host, p, binddn, pwd); } catch (LDAPException e) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LoginServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LoginServlet.java index 844a5a36..e7fdbe3f 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LoginServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LoginServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -26,6 +27,7 @@ import org.apache.velocity.context.Context; import com.netscape.certsrv.apps.CMS; + public class LoginServlet extends BaseServlet { /** @@ -34,12 +36,14 @@ public class LoginServlet extends BaseServlet { private static final long serialVersionUID = -4766622132710080340L; public boolean authenticate(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { return true; } public Template process(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { Template template = null; try { @@ -48,7 +52,7 @@ public class LoginServlet extends BaseServlet { if (pin == null) { context.put("error", ""); } else { - String cspin = CMS.getConfigStore().getString("preop.pin"); + String cspin = CMS.getConfigStore().getString("preop.pin"); if (cspin != null && cspin.equals(pin)) { // create session @@ -58,7 +62,7 @@ public class LoginServlet extends BaseServlet { return null; } else { context.put("error", "Login Failed"); - } + } } template = Velocity.getTemplate("admin/console/config/login.vm"); } catch (Exception e) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/MainPageServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/MainPageServlet.java index 2fcb1f2f..a91ca979 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/MainPageServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/MainPageServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.IOException; import java.util.Locale; @@ -42,7 +43,7 @@ public class MainPageServlet extends CMSServlet { * */ private static final long serialVersionUID = 2425301522251239666L; - private static final String PROP_AUTHORITY_ID = "authorityId"; + private static final String PROP_AUTHORITY_ID="authorityId"; private String mAuthorityId = null; private String mFormPath = null; @@ -74,12 +75,12 @@ public class MainPageServlet extends CMSServlet { form = getTemplate(mFormPath, request, locale); } catch (IOException e) { CMS.debug("MainPageServlet process: cant locate the form"); - /* - * log(ILogger.LL_FAILURE, - * CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); throw - * new ECMSGWException( - * CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - */ +/* + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); +*/ } process(argSet, header, ctx, request, response); @@ -89,22 +90,21 @@ public class MainPageServlet extends CMSServlet { ServletOutputStream out = response.getOutputStream(); cmsReq.setStatus(CMSRequest.SUCCESS); - response.setContentType("text/html"); - form.renderOutput(out, argSet); + response.setContentType("text/html"); + form.renderOutput(out, argSet); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", - e.toString())); + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } private void process(CMSTemplateParams argSet, IArgBlock header, - IArgBlock ctx, HttpServletRequest req, HttpServletResponse resp) - throws EBaseException { + IArgBlock ctx, HttpServletRequest req, HttpServletResponse resp) + throws EBaseException { - int num = 0; + int num = 0; IArgBlock rarg = null; IConfigStore cs = CMS.getConfigStore(); int state = 0; @@ -125,8 +125,8 @@ public class MainPageServlet extends CMSServlet { rarg = CMS.createArgBlock(); rarg.addStringValue("type", "admin"); rarg.addStringValue("prefix", "http"); - rarg.addIntegerValue("port", Integer.valueOf(CMS.getEENonSSLPort()) - .intValue()); + rarg.addIntegerValue("port", + Integer.valueOf(CMS.getEENonSSLPort()).intValue()); rarg.addStringValue("host", host); rarg.addStringValue("uri", adminInterface); argSet.addRepeatRecord(rarg); @@ -136,8 +136,8 @@ public class MainPageServlet extends CMSServlet { rarg = CMS.createArgBlock(); rarg.addStringValue("type", "ee"); rarg.addStringValue("prefix", "https"); - rarg.addIntegerValue("port", Integer - .valueOf(CMS.getEESSLPort()).intValue()); + rarg.addIntegerValue("port", + Integer.valueOf(CMS.getEESSLPort()).intValue()); rarg.addStringValue("host", host); rarg.addStringValue("uri", eeInterface); argSet.addRepeatRecord(rarg); @@ -147,8 +147,8 @@ public class MainPageServlet extends CMSServlet { rarg = CMS.createArgBlock(); rarg.addStringValue("type", "agent"); rarg.addStringValue("prefix", "https"); - rarg.addIntegerValue("port", Integer - .valueOf(CMS.getAgentPort()).intValue()); + rarg.addIntegerValue("port", + Integer.valueOf(CMS.getAgentPort()).intValue()); rarg.addStringValue("host", host); rarg.addStringValue("uri", agentInterface); argSet.addRepeatRecord(rarg); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModulePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModulePanel.java index ef9255f3..38185a33 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModulePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModulePanel.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.IOException; import java.util.Enumeration; import java.util.Hashtable; @@ -49,20 +50,19 @@ public class ModulePanel extends WizardPanelBase { private Vector mOtherModules = null; private Hashtable mCurrModTable = new Hashtable(); private WizardServlet mServlet = null; - - public ModulePanel() { - } + public ModulePanel() {} /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Key Store"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, - String id) throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException { setPanelNo(panelno); setName("Key Store"); setId(id); @@ -71,7 +71,7 @@ public class ModulePanel extends WizardPanelBase { public void cleanUp() throws IOException { IConfigStore cs = CMS.getConfigStore(); - cs.putBoolean("preop.ModulePanel.done", false); + cs.putBoolean("preop.ModulePanel.done",false); } public void loadCurrModTable() { @@ -87,8 +87,9 @@ public class ModulePanel extends WizardPanelBase { mCurrModTable.put(mod.getName(), mod); } // while } catch (Exception e) { - CMS.debug("ModulePanel: Exception caught in loadCurrModTable: " - + e.toString()); + CMS.debug( + "ModulePanel: Exception caught in loadCurrModTable: " + + e.toString()); System.err.println("Exception caught: " + e.toString()); } } @@ -140,15 +141,15 @@ public class ModulePanel extends WizardPanelBase { CMS.debug("ModulePanel: token nick name=" + token.getName()); CMS.debug("ModulePanel: token logged in?" + token.isLoggedIn()); CMS.debug("ModulePanel: token is present?" + token.isPresent()); - if (!token.getName().equals("Internal Crypto Services Token") - && !token.getName().equals( - "NSS Generic Crypto Services")) { + if (!token.getName().equals("Internal Crypto Services Token") && + !token.getName().equals("NSS Generic Crypto Services")) { module.addToken(token); } else { - CMS.debug("ModulePanel: token " + token.getName() + CMS.debug( + "ModulePanel: token " + token.getName() + " not to be added"); } - + } catch (TokenException ex) { CMS.debug("ModulePanel:" + ex.toString()); } @@ -180,11 +181,11 @@ public class ModulePanel extends WizardPanelBase { if ((cn == null) || (cn.equals(""))) { break; } - + CMS.debug("ModulePanel: got from config module: " + cn); // create a Module object Module module = new Module(cn, pn, img); - + if (mCurrModTable.containsKey(cn)) { CMS.debug("ModulePanel: module found: " + cn); module.setFound(true); @@ -193,7 +194,7 @@ public class ModulePanel extends WizardPanelBase { loadModTokens(module, m); } - + CMS.debug("ModulePanel: adding module " + cn); // add module to set if (!mSupportedModules.contains(module)) { @@ -202,41 +203,39 @@ public class ModulePanel extends WizardPanelBase { }// for } catch (Exception e) { - CMS.debug("ModulePanel: Exception caught in loadSupportedModules(): " - + e.toString()); + CMS.debug( + "ModulePanel: Exception caught in loadSupportedModules(): " + + e.toString()); System.err.println("Exception caught: " + e.toString()); } } public PropertySet getUsage() { - // it a token choice. Available tokens are discovered dynamically so + // it a token choice. Available tokens are discovered dynamically so // can't be a real CHOICE PropertySet set = new PropertySet(); - - Descriptor tokenDesc = new Descriptor(IDescriptor.STRING, null, /* - * no - * constraint - */ - null, /* default parameter */ - "module token selection"); + + Descriptor tokenDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */ + null, /* default parameter */ + "module token selection"); set.add("choice", tokenDesc); - + return set; } public boolean isPanelDone() { IConfigStore cs = CMS.getConfigStore(); try { - boolean s = cs.getBoolean("preop.ModulePanel.done", false); + boolean s = cs.getBoolean("preop.ModulePanel.done", + false); if (s != true) { return false; } else { return true; } - } catch (EBaseException e) { - } + } catch (EBaseException e) {} return false; } @@ -249,7 +248,8 @@ public class ModulePanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { CMS.debug("ModulePanel: display()"); context.put("title", "Key Store"); @@ -272,8 +272,8 @@ public class ModulePanel extends WizardPanelBase { context.put("oms", mOtherModules); context.put("sms", mSupportedModules); // context.put("status_token", "None"); - String subpanelno = String.valueOf(getPanelNo() + 1); - CMS.debug("ModulePanel subpanelno =" + subpanelno); + String subpanelno = String.valueOf(getPanelNo()+1); + CMS.debug("ModulePanel subpanelno =" +subpanelno); context.put("subpanelno", subpanelno); context.put("panel", "admin/console/config/modulepanel.vm"); } @@ -282,15 +282,17 @@ public class ModulePanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { - boolean hasErr = false; + HttpServletResponse response, + Context context) throws IOException { + boolean hasErr = false; try { // get the value of the choice @@ -304,13 +306,13 @@ public class ModulePanel extends WizardPanelBase { IConfigStore config = CMS.getConfigStore(); String oldtokenname = config.getString("preop.module.token", ""); - if (!oldtokenname.equals(select)) + if (!oldtokenname.equals(select)) mServlet.cleanUpFromPanel(mServlet.getPanelNo(request)); - if (hasErr == false) { - config.putString("preop.module.token", select); - config.putBoolean("preop.ModulePanel.done", true); - } + if (hasErr == false) { + config.putString("preop.module.token", select); + config.putBoolean("preop.ModulePanel.done", true); + } config.commit(false); context.put("updateStatus", "success"); } catch (Exception e) { @@ -324,7 +326,8 @@ public class ModulePanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { context.put("title", "Security Module"); context.put("panel", "admin/console/config/modulepanel.vm"); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModuleServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModuleServlet.java index 861eee16..a0a627ee 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModuleServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModuleServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -26,6 +27,7 @@ import org.apache.velocity.context.Context; import com.netscape.certsrv.apps.CMS; + public class ModuleServlet extends BaseServlet { /** @@ -34,16 +36,19 @@ public class ModuleServlet extends BaseServlet { private static final long serialVersionUID = 6518965840466227888L; /** - * Collect information on where keys are to be generated. Once collected, - * write to CS.cfg: "preop.module=soft" or "preop.module=hard" - * + * Collect information on where keys are to be generated. + * Once collected, write to CS.cfg: + * "preop.module=soft" + * or + * "preop.module=hard" + * * <ul> - * <li>http.param selection "soft" or "hard" for software token or hardware - * token + * <li>http.param selection "soft" or "hard" for software token or hardware token * </ul> */ public Template process(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { Template template = null; @@ -71,7 +76,7 @@ public class ModuleServlet extends BaseServlet { CMS.debug("ModuleServlet: illegal selection: " + selection); context.put("error", "failed selection"); } - + } else { CMS.debug("ModuleServlet: no selection"); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java index 1f680b64..ec3686e9 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.File; import java.io.FileOutputStream; import java.io.IOException; @@ -53,19 +54,19 @@ public class NamePanel extends WizardPanelBase { private Vector mCerts = null; private WizardServlet mServlet = null; - public NamePanel() { - } + public NamePanel() {} /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Subject Names"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, - String id) throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException { setPanelNo(panelno); setName("Subject Names"); setId(id); @@ -78,39 +79,27 @@ public class NamePanel extends WizardPanelBase { public PropertySet getUsage() { PropertySet set = new PropertySet(); - Descriptor caDN = new Descriptor(IDescriptor.STRING, null, /* - * no - * constraint - */ - null, /* no default parameter */ - "CA Signing Certificate's DN"); + Descriptor caDN = new Descriptor(IDescriptor.STRING, null, /* no constraint */ + null, /* no default parameter */ + "CA Signing Certificate's DN"); set.add("caDN", caDN); - Descriptor sslDN = new Descriptor(IDescriptor.STRING, null, /* - * no - * constraint - */ - null, /* no default parameter */ - "SSL Server Certificate's DN"); + Descriptor sslDN = new Descriptor(IDescriptor.STRING, null, /* no constraint */ + null, /* no default parameter */ + "SSL Server Certificate's DN"); set.add("sslDN", sslDN); - Descriptor subsystemDN = new Descriptor(IDescriptor.STRING, null, /* - * no - * constraint - */ - null, /* no default parameter */ - "CA Subsystem Certificate's DN"); + Descriptor subsystemDN = new Descriptor(IDescriptor.STRING, null, /* no constraint */ + null, /* no default parameter */ + "CA Subsystem Certificate's DN"); set.add("subsystemDN", subsystemDN); - Descriptor ocspDN = new Descriptor(IDescriptor.STRING, null, /* - * no - * constraint - */ - null, /* no default parameter */ - "OCSP Signing Certificate's DN"); + Descriptor ocspDN = new Descriptor(IDescriptor.STRING, null, /* no constraint */ + null, /* no default parameter */ + "OCSP Signing Certificate's DN"); set.add("ocspDN", ocspDN); @@ -135,7 +124,7 @@ public class NamePanel extends WizardPanelBase { StringTokenizer st = new StringTokenizer(list, ","); while (st.hasMoreTokens()) { String t = st.nextToken(); - cs.remove("preop.cert." + t + ".done"); + cs.remove("preop.cert."+t+".done"); } try { @@ -153,8 +142,7 @@ public class NamePanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) { - } + } catch (EBaseException e) {} return false; } @@ -171,11 +159,12 @@ public class NamePanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { CMS.debug("NamePanel: display()"); context.put("title", "Subject Names"); - // update session id + // update session id String session_id = request.getParameter("session_id"); if (session_id != null) { CMS.debug("NamePanel setting session id."); @@ -190,16 +179,16 @@ public class NamePanel extends WizardPanelBase { String hselect = ""; String cstype = ""; try { - // if CA, at the hierarchy panel, was it root or subord? + //if CA, at the hierarchy panel, was it root or subord? hselect = config.getString("preop.hierarchy.select", ""); select = config.getString("preop.subsystem.select", ""); cstype = config.getString("cs.type", ""); context.put("select", select); if (cstype.equals("CA") && hselect.equals("root")) { - CMS.debug("NamePanel ca is root"); + CMS.debug("NamePanel ca is root"); context.put("isRoot", "true"); } else { - CMS.debug("NamePanel not ca or not root"); + CMS.debug("NamePanel not ca or not root"); context.put("isRoot", "false"); } } catch (Exception e) { @@ -218,53 +207,47 @@ public class NamePanel extends WizardPanelBase { int sd_admin_port = -1; if (domaintype.equals("existing")) { host = config.getString("securitydomain.host", ""); - sd_admin_port = config.getInteger( - "securitydomain.httpsadminport", -1); + sd_admin_port = config.getInteger("securitydomain.httpsadminport", -1); count = getSubsystemCount(host, sd_admin_port, true, cstype); } while (st.hasMoreTokens()) { String certTag = st.nextToken(); - CMS.debug("NamePanel: display() about to process certTag :" - + certTag); - String nn = config.getString(PCERT_PREFIX + certTag - + ".nickname"); + CMS.debug("NamePanel: display() about to process certTag :" + certTag); + String nn = config.getString( + PCERT_PREFIX + certTag + ".nickname"); Cert c = new Cert(token, nn, certTag); - String userfriendlyname = config.getString(PCERT_PREFIX - + certTag + ".userfriendlyname"); - String subsystem = config.getString(PCERT_PREFIX + certTag - + ".subsystem"); + String userfriendlyname = config.getString( + PCERT_PREFIX + certTag + ".userfriendlyname"); + String subsystem = config.getString( + PCERT_PREFIX + certTag + ".subsystem"); c.setUserFriendlyName(userfriendlyname); - String type = config - .getString(PCERT_PREFIX + certTag + ".type"); + String type = config.getString(PCERT_PREFIX + certTag + ".type"); c.setType(type); - boolean enable = config.getBoolean(PCERT_PREFIX + certTag - + ".enable", true); + boolean enable = config.getBoolean(PCERT_PREFIX+certTag+".enable", true); c.setEnable(enable); - String cert = config.getString(subsystem + "." + certTag - + ".cert", ""); - String certreq = config.getString(subsystem + "." + certTag - + ".certreq", ""); + String cert = config.getString(subsystem +"."+certTag +".cert", ""); + String certreq = + config.getString(subsystem + "." +certTag +".certreq", ""); String dn = config.getString(PCERT_PREFIX + certTag + ".dn"); - boolean override = config.getBoolean(PCERT_PREFIX + certTag - + ".cncomponent.override", true); - // o_sd is to add o=secritydomainname - boolean o_sd = config.getBoolean(PCERT_PREFIX + certTag - + "o_securitydomain", true); - domainname = config.getString("securitydomain.name", ""); - CMS.debug("NamePanel: display() override is " + override); - CMS.debug("NamePanel: display() o_securitydomain is " + o_sd); - CMS.debug("NamePanel: display() domainname is " + domainname); + boolean override = config.getBoolean(PCERT_PREFIX + certTag + + ".cncomponent.override", true); + //o_sd is to add o=secritydomainname + boolean o_sd = config.getBoolean(PCERT_PREFIX + certTag + + "o_securitydomain", true); + domainname = config.getString("securitydomain.name", ""); + CMS.debug("NamePanel: display() override is "+override); + CMS.debug("NamePanel: display() o_securitydomain is "+o_sd); + CMS.debug("NamePanel: display() domainname is "+domainname); boolean dnUpdated = false; try { - dnUpdated = config.getBoolean(PCERT_PREFIX + certTag - + ".updatedDN"); + dnUpdated = config.getBoolean(PCERT_PREFIX+certTag+".updatedDN"); } catch (Exception e) { } @@ -272,36 +255,28 @@ public class NamePanel extends WizardPanelBase { boolean done = config.getBoolean("preop.NamePanel.done"); c.setDN(dn); } catch (Exception e) { - String instanceId = config.getString("service.instanceID", - ""); + String instanceId = config.getString("service.instanceID", ""); if (select.equals("clone") || dnUpdated) { c.setDN(dn); - } else if (count != 0 && override - && (cert.equals("") || certreq.equals(""))) { - CMS.debug("NamePanel subsystemCount = " + count); - c.setDN(dn - + " " - + count - + ((!instanceId.equals("")) ? (",OU=" + instanceId) - : "") - + ((o_sd) ? (",O=" + domainname) : "")); - config.putBoolean( - PCERT_PREFIX + certTag + ".updatedDN", true); + } else if (count != 0 && override && (cert.equals("") || certreq.equals(""))) { + CMS.debug("NamePanel subsystemCount = "+count); + c.setDN(dn + " "+count+ + ((!instanceId.equals(""))? (",OU=" + instanceId):"") + + ((o_sd)? (",O=" + domainname):"")); + config.putBoolean(PCERT_PREFIX+certTag+".updatedDN", true); } else { - c.setDN(dn - + ((!instanceId.equals("")) ? (",OU=" + instanceId) - : "") - + ((o_sd) ? (",O=" + domainname) : "")); - config.putBoolean( - PCERT_PREFIX + certTag + ".updatedDN", true); + c.setDN(dn + + ((!instanceId.equals(""))? (",OU=" + instanceId):"") + + ((o_sd)? (",O=" + domainname):"")); + config.putBoolean(PCERT_PREFIX+certTag+".updatedDN", true); } } mCerts.addElement(c); - CMS.debug("NamePanel: display() added cert to mCerts: certTag " - + certTag); - config.putString(PCERT_PREFIX + c.getCertTag() + ".dn", - c.getDN()); + CMS.debug( + "NamePanel: display() added cert to mCerts: certTag " + + certTag); + config.putString(PCERT_PREFIX + c.getCertTag() + ".dn", c.getDN()); }// while } catch (EBaseException e) { CMS.debug("NamePanel: display() exception caught:" + e.toString()); @@ -327,8 +302,7 @@ public class NamePanel extends WizardPanelBase { try { config.putString("preop.ca.list", list.toString()); config.commit(false); - } catch (Exception e) { - } + } catch (Exception e) {} context.put("urls", v); @@ -342,7 +316,8 @@ public class NamePanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { Enumeration c = mCerts.elements(); while (c.hasMoreElements()) { @@ -353,34 +328,30 @@ public class NamePanel extends WizardPanelBase { if (dn == null || dn.length() == 0) { context.put("updateStatus", "validate-failure"); - throw new IOException("Empty DN for " - + cert.getUserFriendlyName()); + throw new IOException("Empty DN for " + cert.getUserFriendlyName()); } } } // while } - /* + /* * update some parameters for clones */ - public void updateCloneConfig(IConfigStore config) throws EBaseException, - IOException { + public void updateCloneConfig(IConfigStore config) + throws EBaseException, IOException { String cstype = config.getString("cs.type", null); cstype = toLowerCaseSubsystemType(cstype); if (cstype.equals("kra")) { String token = config.getString(PRE_CONF_CA_TOKEN); if (!token.equals("Internal Key Storage Token")) { - CMS.debug("NamePanel: updating configuration for KRA clone with hardware token"); - String subsystem = config.getString(PCERT_PREFIX - + "storage.subsystem"); + CMS.debug("NamePanel: updating configuration for KRA clone with hardware token"); + String subsystem = config.getString(PCERT_PREFIX + "storage.subsystem"); String storageNickname = getNickname(config, "storage"); String transportNickname = getNickname(config, "transport"); config.putString(subsystem + ".storageUnit.hardware", token); - config.putString(subsystem + ".storageUnit.nickName", token - + ":" + storageNickname); - config.putString(subsystem + ".transportUnit.nickName", token - + ":" + transportNickname); + config.putString(subsystem + ".storageUnit.nickName", token+":"+storageNickname); + config.putString(subsystem + ".transportUnit.nickName", token+":"+transportNickname); config.commit(false); } else { // software token // parameters already set @@ -388,19 +359,14 @@ public class NamePanel extends WizardPanelBase { } // audit signing cert - String audit_nn = config.getString(cstype + ".audit_signing" - + ".nickname", ""); - String audit_tk = config.getString(cstype + ".audit_signing" - + ".tokenname", ""); - if (!audit_tk.equals("Internal Key Storage Token") - && !audit_tk.equals("")) { - config.putString( - "log.instance.SignedAudit.signedAuditCertNickname", - audit_tk + ":" + audit_nn); + String audit_nn = config.getString(cstype + ".audit_signing" + ".nickname", ""); + String audit_tk = config.getString(cstype + ".audit_signing" + ".tokenname", ""); + if (!audit_tk.equals("Internal Key Storage Token") && !audit_tk.equals("")) { + config.putString("log.instance.SignedAudit.signedAuditCertNickname", + audit_tk + ":" + audit_nn); } else { - config.putString( - "log.instance.SignedAudit.signedAuditCertNickname", - audit_nn); + config.putString("log.instance.SignedAudit.signedAuditCertNickname", + audit_nn); } } @@ -408,10 +374,9 @@ public class NamePanel extends WizardPanelBase { * get some of the "preop" parameters to persisting parameters */ public void updateConfig(IConfigStore config, String certTag) - throws EBaseException, IOException { + throws EBaseException, IOException { String token = config.getString(PRE_CONF_CA_TOKEN); - String subsystem = config.getString(PCERT_PREFIX + certTag - + ".subsystem"); + String subsystem = config.getString(PCERT_PREFIX + certTag + ".subsystem"); CMS.debug("NamePanel: subsystem " + subsystem); String nickname = getNickname(config, certTag); @@ -420,46 +385,38 @@ public class NamePanel extends WizardPanelBase { // should change the entire system to use the uniformed names later if (certTag.equals("signing") || certTag.equals("ocsp_signing")) { CMS.debug("NamePanel: setting signing nickname=" + nickname); - config.putString(subsystem + "." + certTag + ".cacertnickname", - nickname); - config.putString(subsystem + "." + certTag + ".certnickname", - nickname); + config.putString(subsystem + "." + certTag + ".cacertnickname", nickname); + config.putString(subsystem + "." + certTag + ".certnickname", nickname); } - // if KRA, hardware token needs param "kra.storageUnit.hardware" in - // CS.cfg + // if KRA, hardware token needs param "kra.storageUnit.hardware" in CS.cfg String cstype = config.getString("cs.type", null); cstype = toLowerCaseSubsystemType(cstype); if (cstype.equals("kra")) { - if (!token.equals("Internal Key Storage Token")) { - if (certTag.equals("storage")) { - config.putString(subsystem + ".storageUnit.hardware", token); - config.putString(subsystem + ".storageUnit.nickName", token - + ":" + nickname); - } else if (certTag.equals("transport")) { - config.putString(subsystem + ".transportUnit.nickName", - token + ":" + nickname); - } - } else { // software token - if (certTag.equals("storage")) { - config.putString(subsystem + ".storageUnit.nickName", - nickname); - } else if (certTag.equals("transport")) { - config.putString(subsystem + ".transportUnit.nickName", - nickname); - } - } + if (!token.equals("Internal Key Storage Token")) { + if (certTag.equals("storage")) { + config.putString(subsystem + ".storageUnit.hardware", token); + config.putString(subsystem + ".storageUnit.nickName", token+":"+nickname); + } else if (certTag.equals("transport")) { + config.putString(subsystem + ".transportUnit.nickName", token+":"+nickname); + } + } else { // software token + if (certTag.equals("storage")) { + config.putString(subsystem + ".storageUnit.nickName", nickname); + } else if (certTag.equals("transport")) { + config.putString(subsystem + ".transportUnit.nickName", nickname); + } + } } String serverCertNickname = nickname; String path = CMS.getConfigStore().getString("instanceRoot", ""); if (certTag.equals("sslserver")) { - if (!token.equals("Internal Key Storage Token")) { - serverCertNickname = token + ":" + nickname; + if (!token.equals("Internal Key Storage Token")) { + serverCertNickname = token+":"+nickname; } - File file = new File(path + "/conf/serverCertNick.conf"); - PrintStream ps = new PrintStream(new FileOutputStream(path - + "/conf/serverCertNick.conf")); + File file = new File(path+"/conf/serverCertNick.conf"); + PrintStream ps = new PrintStream(new FileOutputStream(path+"/conf/serverCertNick.conf")); ps.println(serverCertNickname); ps.close(); } @@ -467,29 +424,25 @@ public class NamePanel extends WizardPanelBase { config.putString(subsystem + "." + certTag + ".nickname", nickname); config.putString(subsystem + "." + certTag + ".tokenname", token); if (certTag.equals("audit_signing")) { - if (!token.equals("Internal Key Storage Token") - && !token.equals("")) { - config.putString( - "log.instance.SignedAudit.signedAuditCertNickname", - token + ":" + nickname); - } else { - config.putString( - "log.instance.SignedAudit.signedAuditCertNickname", - nickname); - } + if (!token.equals("Internal Key Storage Token") && !token.equals("")) { + config.putString("log.instance.SignedAudit.signedAuditCertNickname", + token + ":" + nickname); + } else { + config.putString("log.instance.SignedAudit.signedAuditCertNickname", + nickname); + } } /* - * config.putString(CERT_PREFIX + certTag + ".defaultSigningAlgorithm", - * "SHA1withRSA"); + config.putString(CERT_PREFIX + certTag + ".defaultSigningAlgorithm", + "SHA1withRSA"); */ // for system certs verification - if (!token.equals("Internal Key Storage Token") && !token.equals("")) { + if (!token.equals("Internal Key Storage Token") && !token.equals("")) { config.putString(subsystem + ".cert." + certTag + ".nickname", - token + ":" + nickname); + token + ":" + nickname); } else { - config.putString(subsystem + ".cert." + certTag + ".nickname", - nickname); + config.putString(subsystem + ".cert." + certTag + ".nickname", nickname); } config.commit(false); @@ -500,13 +453,13 @@ public class NamePanel extends WizardPanelBase { * create and sign a cert locally (handles both "selfsign" and "local") */ public void configCert(HttpServletRequest request, - HttpServletResponse response, Context context, Cert certObj) - throws IOException { + HttpServletResponse response, + Context context, Cert certObj) throws IOException { CMS.debug("NamePanel: configCert called"); IConfigStore config = CMS.getConfigStore(); String caType = certObj.getType(); - CMS.debug("NamePanel: in configCert caType is " + caType); + CMS.debug("NamePanel: in configCert caType is "+ caType); X509CertImpl cert = null; String certTag = certObj.getCertTag(); @@ -516,40 +469,31 @@ public class NamePanel extends WizardPanelBase { String v = config.getString("preop.ca.type", ""); CMS.debug("NamePanel configCert: remote CA"); - String pkcs10 = CertUtil.getPKCS10(config, PCERT_PREFIX, - certObj, context); + String pkcs10 = CertUtil.getPKCS10(config, PCERT_PREFIX, + certObj, context); certObj.setRequest(pkcs10); - String subsystem = config.getString(PCERT_PREFIX + certTag - + ".subsystem"); + String subsystem = config.getString( + PCERT_PREFIX + certTag + ".subsystem"); config.putString(subsystem + "." + certTag + ".certreq", pkcs10); - String profileId = config.getString(PCERT_PREFIX + certTag - + ".profile"); + String profileId = config.getString(PCERT_PREFIX+certTag+".profile"); String session_id = CMS.getConfigSDSessionId(); String sd_hostname = ""; int sd_ee_port = -1; try { sd_hostname = config.getString("securitydomain.host", ""); - sd_ee_port = config.getInteger( - "securitydomain.httpseeport", -1); + sd_ee_port = config.getInteger("securitydomain.httpseeport", -1); } catch (Exception ee) { - CMS.debug("NamePanel: configCert() exception caught:" - + ee.toString()); + CMS.debug("NamePanel: configCert() exception caught:"+ee.toString()); } String sysType = config.getString("cs.type", ""); String machineName = config.getString("machineName", ""); String securePort = config.getString("service.securePort", ""); if (certTag.equals("subsystem")) { - String content = "requestor_name=" + sysType + "-" - + machineName + "-" + securePort + "&profileId=" - + profileId - + "&cert_request_type=pkcs10&cert_request=" - + URLEncoder.encode(pkcs10, "UTF-8") - + "&xmlOutput=true&sessionID=" + session_id; - cert = CertUtil.createRemoteCert(sd_hostname, sd_ee_port, - content, response, this); + String content = "requestor_name=" + sysType + "-" + machineName + "-" + securePort + "&profileId="+profileId+"&cert_request_type=pkcs10&cert_request="+URLEncoder.encode(pkcs10, "UTF-8")+"&xmlOutput=true&sessionID="+session_id; + cert = CertUtil.createRemoteCert(sd_hostname, sd_ee_port, + content, response, this); if (cert == null) { - throw new IOException( - "Error: remote certificate is null"); + throw new IOException("Error: remote certificate is null"); } } else if (v.equals("sdca")) { String ca_hostname = ""; @@ -560,105 +504,96 @@ public class NamePanel extends WizardPanelBase { } catch (Exception ee) { } - String content = "requestor_name=" + sysType + "-" - + machineName + "-" + securePort + "&profileId=" - + profileId - + "&cert_request_type=pkcs10&cert_request=" - + URLEncoder.encode(pkcs10, "UTF-8") - + "&xmlOutput=true&sessionID=" + session_id; - cert = CertUtil.createRemoteCert(ca_hostname, ca_port, - content, response, this); + String content = "requestor_name=" + sysType + "-" + machineName + "-" + securePort + "&profileId="+profileId+"&cert_request_type=pkcs10&cert_request="+URLEncoder.encode(pkcs10, "UTF-8")+"&xmlOutput=true&sessionID="+session_id; + cert = CertUtil.createRemoteCert(ca_hostname, ca_port, + content, response, this); if (cert == null) { - throw new IOException( - "Error: remote certificate is null"); + throw new IOException("Error: remote certificate is null"); } } else if (v.equals("otherca")) { config.putString(subsystem + "." + certTag + ".cert", "...paste certificate here..."); - } else { + } else { CMS.debug("NamePanel: no preop.ca.type is provided"); - } + } } else { // not remote CA, ie, self-signed or local ISubsystem ca = CMS.getSubsystem(ICertificateAuthority.ID); if (ca == null) { String s = PCERT_PREFIX + certTag + ".type"; - CMS.debug("The value for " + s + CMS.debug( + "The value for " + s + " should be remote, nothing else."); - throw new IOException("The value for " + s - + " should be remote"); - } - - String pubKeyType = config.getString(PCERT_PREFIX + certTag - + ".keytype"); + throw new IOException( + "The value for " + s + " should be remote"); + } + + String pubKeyType = config.getString( + PCERT_PREFIX + certTag + ".keytype"); if (pubKeyType.equals("rsa")) { - String pubKeyModulus = config.getString(PCERT_PREFIX - + certTag + ".pubkey.modulus"); - String pubKeyPublicExponent = config.getString(PCERT_PREFIX - + certTag + ".pubkey.exponent"); - String subsystem = config.getString(PCERT_PREFIX + certTag - + ".subsystem"); - - if (certTag.equals("signing")) { + String pubKeyModulus = config.getString( + PCERT_PREFIX + certTag + ".pubkey.modulus"); + String pubKeyPublicExponent = config.getString( + PCERT_PREFIX + certTag + ".pubkey.exponent"); + String subsystem = config.getString( + PCERT_PREFIX + certTag + ".subsystem"); + + if (certTag.equals("signing")) { + X509Key x509key = CryptoUtil.getPublicX509Key( + CryptoUtil.string2byte(pubKeyModulus), + CryptoUtil.string2byte(pubKeyPublicExponent)); + + cert = CertUtil.createLocalCert(config, x509key, + PCERT_PREFIX, certTag, caType, context); + } else { + String cacert = config.getString("ca.signing.cert", ""); + + if (cacert.equals("") || cacert.startsWith("...")) { + certObj.setCert( + "...certificate be generated internally..."); + config.putString(subsystem + "." + certTag + ".cert", + "...certificate be generated internally..."); + } else { X509Key x509key = CryptoUtil.getPublicX509Key( CryptoUtil.string2byte(pubKeyModulus), CryptoUtil.string2byte(pubKeyPublicExponent)); cert = CertUtil.createLocalCert(config, x509key, PCERT_PREFIX, certTag, caType, context); - } else { - String cacert = config.getString("ca.signing.cert", ""); - - if (cacert.equals("") || cacert.startsWith("...")) { - certObj.setCert("...certificate be generated internally..."); - config.putString(subsystem + "." + certTag - + ".cert", - "...certificate be generated internally..."); - } else { - X509Key x509key = CryptoUtil.getPublicX509Key( - CryptoUtil.string2byte(pubKeyModulus), - CryptoUtil - .string2byte(pubKeyPublicExponent)); - - cert = CertUtil.createLocalCert(config, x509key, - PCERT_PREFIX, certTag, caType, context); - } } + } } else if (pubKeyType.equals("ecc")) { - String pubKeyEncoded = config.getString(PCERT_PREFIX - + certTag + ".pubkey.encoded"); - String subsystem = config.getString(PCERT_PREFIX + certTag - + ".subsystem"); - - if (certTag.equals("signing")) { + String pubKeyEncoded = config.getString( + PCERT_PREFIX + certTag + ".pubkey.encoded"); + String subsystem = config.getString( + PCERT_PREFIX + certTag + ".subsystem"); + + if (certTag.equals("signing")) { + + X509Key x509key = CryptoUtil.getPublicX509ECCKey(CryptoUtil.string2byte(pubKeyEncoded)); + cert = CertUtil.createLocalCert(config, x509key, + PCERT_PREFIX, certTag, caType, context); + } else { + String cacert = config.getString("ca.signing.cert", ""); + + if (cacert.equals("") || cacert.startsWith("...")) { + certObj.setCert( + "...certificate be generated internally..."); + config.putString(subsystem + "." + certTag + ".cert", + "...certificate be generated internally..."); + } else { + X509Key x509key = CryptoUtil.getPublicX509ECCKey( + CryptoUtil.string2byte(pubKeyEncoded)); - X509Key x509key = CryptoUtil - .getPublicX509ECCKey(CryptoUtil - .string2byte(pubKeyEncoded)); cert = CertUtil.createLocalCert(config, x509key, PCERT_PREFIX, certTag, caType, context); - } else { - String cacert = config.getString("ca.signing.cert", ""); - - if (cacert.equals("") || cacert.startsWith("...")) { - certObj.setCert("...certificate be generated internally..."); - config.putString(subsystem + "." + certTag - + ".cert", - "...certificate be generated internally..."); - } else { - X509Key x509key = CryptoUtil - .getPublicX509ECCKey(CryptoUtil - .string2byte(pubKeyEncoded)); - - cert = CertUtil.createLocalCert(config, x509key, - PCERT_PREFIX, certTag, caType, context); - } } + } } else { - // invalid key type - CMS.debug("Invalid key type " + pubKeyType); + // invalid key type + CMS.debug("Invalid key type " + pubKeyType); } if (cert != null) { if (certTag.equals("subsystem")) @@ -670,9 +605,9 @@ public class NamePanel extends WizardPanelBase { byte[] certb = cert.getEncoded(); String certs = CryptoUtil.base64Encode(certb); - // certObj.setCert(certs); - String subsystem = config.getString(PCERT_PREFIX + certTag - + ".subsystem"); + // certObj.setCert(certs); + String subsystem = config.getString( + PCERT_PREFIX + certTag + ".subsystem"); config.putString(subsystem + "." + certTag + ".cert", certs); } config.commit(false); @@ -682,76 +617,72 @@ public class NamePanel extends WizardPanelBase { CMS.debug("NamePanel configCert() exception caught:" + e.toString()); } } - + public void configCertWithTag(HttpServletRequest request, - HttpServletResponse response, Context context, String tag) - throws IOException { - CMS.debug("NamePanel: configCertWithTag start"); - Enumeration c = mCerts.elements(); - IConfigStore config = CMS.getConfigStore(); - - while (c.hasMoreElements()) { - Cert cert = (Cert) c.nextElement(); - String ct = cert.getCertTag(); - CMS.debug("NamePanel: configCertWithTag ct=" + ct + " tag=" + tag); - if (ct.equals(tag)) { - try { - String nickname = HttpInput.getNickname(request, ct - + "_nick"); - if (nickname != null) { - CMS.debug("configCertWithTag: Setting nickname for " - + ct + " to " + nickname); - config.putString(PCERT_PREFIX + ct + ".nickname", - nickname); - cert.setNickname(nickname); - config.commit(false); - } - String dn = HttpInput.getDN(request, ct); - if (dn != null) { - config.putString(PCERT_PREFIX + ct + ".dn", dn); - config.commit(false); + HttpServletResponse response, + Context context, String tag) throws IOException + { + CMS.debug("NamePanel: configCertWithTag start"); + Enumeration c = mCerts.elements(); + IConfigStore config = CMS.getConfigStore(); + + while (c.hasMoreElements()) { + Cert cert = (Cert) c.nextElement(); + String ct = cert.getCertTag(); + CMS.debug("NamePanel: configCertWithTag ct=" + ct + + " tag=" +tag); + if (ct.equals(tag)) { + try { + String nickname = HttpInput.getNickname(request, ct + "_nick"); + if (nickname != null) { + CMS.debug("configCertWithTag: Setting nickname for " + ct + " to " + nickname); + config.putString(PCERT_PREFIX + ct + ".nickname", nickname); + cert.setNickname(nickname); + config.commit(false); + } + String dn = HttpInput.getDN(request, ct); + if (dn != null) { + config.putString(PCERT_PREFIX + ct + ".dn", dn); + config.commit(false); + } + } catch (Exception e) { + CMS.debug("NamePanel: configCertWithTag: Exception in setting nickname for " + ct + ": " + e.toString()); } - } catch (Exception e) { - CMS.debug("NamePanel: configCertWithTag: Exception in setting nickname for " - + ct + ": " + e.toString()); - } - configCert(request, response, context, cert); - CMS.debug("NamePanel: configCertWithTag done with tag=" + tag); - return; - } - } - CMS.debug("NamePanel: configCertWithTag done"); + configCert(request, response, context, cert); + CMS.debug("NamePanel: configCertWithTag done with tag=" + tag); + return; + } + } + CMS.debug("NamePanel: configCertWithTag done"); } - private boolean inputChanged(HttpServletRequest request) throws IOException { - IConfigStore config = CMS.getConfigStore(); - + private boolean inputChanged(HttpServletRequest request) + throws IOException { + IConfigStore config = CMS.getConfigStore(); + boolean hasChanged = false; try { Enumeration c = mCerts.elements(); while (c.hasMoreElements()) { Cert cert = (Cert) c.nextElement(); - String ct = cert.getCertTag(); - boolean enable = config.getBoolean(PCERT_PREFIX + ct - + ".enable", true); + String ct = cert.getCertTag(); + boolean enable = config.getBoolean(PCERT_PREFIX+ct+".enable", true); if (!enable) continue; - String olddn = config.getString( - PCERT_PREFIX + cert.getCertTag() + ".dn", ""); + String olddn = config.getString(PCERT_PREFIX + cert.getCertTag() + ".dn", ""); // get the dn's and put in config String dn = HttpInput.getDN(request, cert.getCertTag()); if (!olddn.equals(dn)) hasChanged = true; - String oldnick = config.getString(PCERT_PREFIX + ct - + ".nickname"); - String nick = HttpInput.getNickname(request, ct + "_nick"); - if (!oldnick.equals(nick)) - hasChanged = true; + String oldnick = config.getString(PCERT_PREFIX + ct + ".nickname"); + String nick = HttpInput.getNickname(request, ct + "_nick"); + if (!oldnick.equals(nick)) + hasChanged = true; } } catch (Exception e) { @@ -759,43 +690,44 @@ public class NamePanel extends WizardPanelBase { return hasChanged; } - - public String getURL(HttpServletRequest request, IConfigStore config) { + + public String getURL(HttpServletRequest request, IConfigStore config) + { String index = request.getParameter("urls"); - if (index == null) { - return null; + if (index == null){ + return null; } String url = ""; if (index.startsWith("http")) { - // user may submit url directlry - url = index; + // user may submit url directlry + url = index; } else { - try { - int x = Integer.parseInt(index); - String list = config.getString("preop.ca.list", ""); - StringTokenizer tokenizer = new StringTokenizer(list, ","); - int counter = 0; - - while (tokenizer.hasMoreTokens()) { - url = tokenizer.nextToken(); - if (counter == x) { - break; - } - counter++; + try { + int x = Integer.parseInt(index); + String list = config.getString("preop.ca.list", ""); + StringTokenizer tokenizer = new StringTokenizer(list, ","); + int counter = 0; + + while (tokenizer.hasMoreTokens()) { + url = tokenizer.nextToken(); + if (counter == x) { + break; } - } catch (Exception e) { + counter++; } + } catch (Exception e) {} } - return url; + return url; } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { CMS.debug("NamePanel: in update()"); - boolean hasErr = false; + boolean hasErr = false; if (inputChanged(request)) { mServlet.cleanUpFromPanel(mServlet.getPanelNo(request)); @@ -804,12 +736,12 @@ public class NamePanel extends WizardPanelBase { return; } - IConfigStore config = CMS.getConfigStore(); + IConfigStore config = CMS.getConfigStore(); String hselect = ""; ISubsystem subsystem = CMS.getSubsystem(ICertificateAuthority.ID); try { - // if CA, at the hierarchy panel, was it root or subord? + //if CA, at the hierarchy panel, was it root or subord? hselect = config.getString("preop.hierarchy.select", ""); String cstype = config.getString("preop.subsystem.select", ""); if (cstype.equals("clone")) { @@ -818,14 +750,13 @@ public class NamePanel extends WizardPanelBase { configCertWithTag(request, response, context, "sslserver"); String url = getURL(request, config); if (url != null && !url.equals("External CA")) { - // preop.ca.url and admin port are required for setting KRA - // connector - url = url.substring(url.indexOf("https")); - config.putString("preop.ca.url", url); + // preop.ca.url and admin port are required for setting KRA connector + url = url.substring(url.indexOf("https")); + config.putString("preop.ca.url", url); - URL urlx = new URL(url); - updateCloneSDCAInfo(request, context, urlx.getHost(), - Integer.toString(urlx.getPort())); + URL urlx = new URL(url); + updateCloneSDCAInfo(request, context, urlx.getHost(), + Integer.toString(urlx.getPort())); } updateCloneConfig(config); @@ -839,75 +770,71 @@ public class NamePanel extends WizardPanelBase { return; } - // if no hselect, then not CA - if (hselect.equals("") || hselect.equals("join")) { - String select = null; - String url = getURL(request, config); + //if no hselect, then not CA + if (hselect.equals("") || hselect.equals("join")) { + String select = null; + String url = getURL(request, config); - URL urlx = null; - - if (url.equals("External CA")) { - CMS.debug("NamePanel: external CA selected"); - select = "otherca"; - config.putString("preop.ca.type", "otherca"); - if (subsystem != null) { - config.putString(PCERT_PREFIX + "signing.type", "remote"); - } + URL urlx = null; - config.putString("preop.ca.pkcs7", ""); - config.putInteger("preop.ca.certchain.size", 0); - context.put("check_otherca", "checked"); - CMS.debug("NamePanel: update: this is the external CA."); - } else { - CMS.debug("NamePanel: local CA selected"); - select = "sdca"; - // parse URL (CA1 - https://...) - url = url.substring(url.indexOf("https")); - config.putString("preop.ca.url", url); - - urlx = new URL(url); - config.putString("preop.ca.type", "sdca"); - CMS.debug("NamePanel: update: this is a CA in the security domain."); - context.put("check_sdca", "checked"); - sdca(request, context, urlx.getHost(), - Integer.toString(urlx.getPort())); - if (subsystem != null) { - config.putString(PCERT_PREFIX + "signing.type", "remote"); - config.putString(PCERT_PREFIX + "signing.profile", - "caInstallCACert"); - } + if (url.equals("External CA")) { + CMS.debug("NamePanel: external CA selected"); + select = "otherca"; + config.putString("preop.ca.type", "otherca"); + if (subsystem != null) { + config.putString(PCERT_PREFIX+"signing.type", "remote"); } - try { - config.commit(false); - } catch (Exception e) { + config.putString("preop.ca.pkcs7", ""); + config.putInteger("preop.ca.certchain.size", 0); + context.put("check_otherca", "checked"); + CMS.debug("NamePanel: update: this is the external CA."); + } else { + CMS.debug("NamePanel: local CA selected"); + select = "sdca"; + // parse URL (CA1 - https://...) + url = url.substring(url.indexOf("https")); + config.putString("preop.ca.url", url); + + urlx = new URL(url); + config.putString("preop.ca.type", "sdca"); + CMS.debug("NamePanel: update: this is a CA in the security domain."); + context.put("check_sdca", "checked"); + sdca(request, context, urlx.getHost(), + Integer.toString(urlx.getPort())); + if (subsystem != null) { + config.putString(PCERT_PREFIX + "signing.type", "remote"); + config.putString(PCERT_PREFIX + "signing.profile", + "caInstallCACert"); } - } try { + config.commit(false); + } catch (Exception e) {} + + } + + try { Enumeration c = mCerts.elements(); while (c.hasMoreElements()) { Cert cert = (Cert) c.nextElement(); - String ct = cert.getCertTag(); + String ct = cert.getCertTag(); String tokenname = cert.getTokenname(); - boolean enable = config.getBoolean(PCERT_PREFIX + ct - + ".enable", true); + boolean enable = config.getBoolean(PCERT_PREFIX+ct+".enable", true); if (!enable) continue; - boolean certDone = config.getBoolean(PCERT_PREFIX + ct - + ".done", false); + boolean certDone = config.getBoolean(PCERT_PREFIX+ct+".done", false); if (certDone) continue; // get the nicknames and put in config String nickname = HttpInput.getNickname(request, ct + "_nick"); if (nickname != null) { - CMS.debug("NamePanel: update: Setting nickname for " + ct - + " to " + nickname); + CMS.debug("NamePanel: update: Setting nickname for " + ct + " to " + nickname); config.putString(PCERT_PREFIX + ct + ".nickname", nickname); cert.setNickname(nickname); } else { @@ -923,31 +850,32 @@ public class NamePanel extends WizardPanelBase { try { configCert(request, response, context, cert); - config.putBoolean("preop.cert." + cert.getCertTag() - + ".done", true); + config.putBoolean("preop.cert."+cert.getCertTag()+".done", + true); config.commit(false); } catch (Exception e) { - CMS.debug("NamePanel: update() exception caught:" - + e.toString()); - hasErr = true; + CMS.debug( + "NamePanel: update() exception caught:" + + e.toString()); + hasErr = true; System.err.println("Exception caught: " + e.toString()); } - } // while - if (hasErr == false) { - config.putBoolean("preop.NamePanel.done", true); - config.commit(false); - } + } // while + if (hasErr == false) { + config.putBoolean("preop.NamePanel.done", true); + config.commit(false); + } } catch (Exception e) { CMS.debug("NamePanel: Exception caught: " + e.toString()); System.err.println("Exception caught: " + e.toString()); }// try + try { config.commit(false); - } catch (Exception e) { - } + } catch (Exception e) {} if (!hasErr) { context.put("updateStatus", "success"); @@ -957,11 +885,8 @@ public class NamePanel extends WizardPanelBase { CMS.debug("NamePanel: update() done"); } - private void updateCloneSDCAInfo(HttpServletRequest request, - Context context, String hostname, String httpsPortStr) - throws IOException { - CMS.debug("NamePanel updateCloneSDCAInfo: selected CA hostname=" - + hostname + " port=" + httpsPortStr); + private void updateCloneSDCAInfo(HttpServletRequest request, Context context, String hostname, String httpsPortStr) throws IOException { + CMS.debug("NamePanel updateCloneSDCAInfo: selected CA hostname=" + hostname + " port=" + httpsPortStr); String https_admin_port = ""; IConfigStore config = CMS.getConfigStore(); @@ -972,16 +897,19 @@ public class NamePanel extends WizardPanelBase { // Retrieve the associated HTTPS Admin port so that it // may be stored for use with ImportAdminCertPanel - https_admin_port = getSecurityDomainAdminPort(config, hostname, - httpsPortStr, "CA"); + https_admin_port = getSecurityDomainAdminPort( config, + hostname, + httpsPortStr, + "CA" ); int httpsport = -1; try { - httpsport = Integer.parseInt(httpsPortStr); + httpsport = Integer.parseInt(httpsPortStr); } catch (Exception e) { - CMS.debug("NamePanel update: Https port is not valid. Exception: " - + e.toString()); + CMS.debug( + "NamePanel update: Https port is not valid. Exception: " + + e.toString()); throw new IOException("Https Port is not valid."); } @@ -990,11 +918,9 @@ public class NamePanel extends WizardPanelBase { config.putString("preop.ca.httpsadminport", https_admin_port); } - private void sdca(HttpServletRequest request, Context context, - String hostname, String httpsPortStr) throws IOException { + private void sdca(HttpServletRequest request, Context context, String hostname, String httpsPortStr) throws IOException { CMS.debug("NamePanel update: this is the CA in the security domain."); - CMS.debug("NamePanel update: selected CA hostname=" + hostname - + " port=" + httpsPortStr); + CMS.debug("NamePanel update: selected CA hostname=" + hostname + " port=" + httpsPortStr); String https_admin_port = ""; IConfigStore config = CMS.getConfigStore(); @@ -1008,16 +934,19 @@ public class NamePanel extends WizardPanelBase { // Retrieve the associated HTTPS Admin port so that it // may be stored for use with ImportAdminCertPanel - https_admin_port = getSecurityDomainAdminPort(config, hostname, - httpsPortStr, "CA"); + https_admin_port = getSecurityDomainAdminPort( config, + hostname, + httpsPortStr, + "CA" ); int httpsport = -1; try { - httpsport = Integer.parseInt(httpsPortStr); + httpsport = Integer.parseInt(httpsPortStr); } catch (Exception e) { - CMS.debug("NamePanel update: Https port is not valid. Exception: " - + e.toString()); + CMS.debug( + "NamePanel update: Https port is not valid. Exception: " + + e.toString()); throw new IOException("Https Port is not valid."); } @@ -1025,18 +954,21 @@ public class NamePanel extends WizardPanelBase { config.putString("preop.ca.httpsport", httpsPortStr); config.putString("preop.ca.httpsadminport", https_admin_port); ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); - updateCertChainUsingSecureEEPort(config, "ca", hostname, httpsport, - true, context, certApprovalCallback); + updateCertChainUsingSecureEEPort( config, "ca", hostname, + httpsport, true, context, + certApprovalCallback ); try { - CMS.debug("Importing CA chain"); - importCertChain("ca"); + CMS.debug("Importing CA chain"); + importCertChain("ca"); } catch (Exception e1) { - CMS.debug("Failed in importing CA chain"); + CMS.debug("Failed in importing CA chain"); } } + public void initParams(HttpServletRequest request, Context context) - throws IOException { + throws IOException + { context.put("certs", mCerts); } @@ -1044,9 +976,11 @@ public class NamePanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) + { try { - initParams(request, context); + initParams(request, context); } catch (IOException e) { } context.put("title", "Subject Names"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java index 8d484f4e..cf37fdff 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.IOException; import java.security.cert.X509Certificate; import java.util.Enumeration; @@ -49,9 +50,11 @@ import com.netscape.cms.servlet.common.ICMSTemplateFiller; import com.netscape.cmsutil.xml.XMLObject; /** - * This servlet creates a TPS user in the CA, and it associates TPS's server - * certificate to the user. Finally, it addes the user to the administrator - * group. This procedure will allows TPS to connect to the CA for certificate + * This servlet creates a TPS user in the CA, + * and it associates TPS's server certificate to + * the user. Finally, it addes the user to the + * administrator group. This procedure will + * allows TPS to connect to the CA for certificate * issuance. */ public class RegisterUser extends CMSServlet { @@ -64,7 +67,9 @@ public class RegisterUser extends CMSServlet { private final static String FAILED = "1"; private final static String AUTH_FAILURE = "2"; private String mGroupName = null; - private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE = "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; + private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE = + "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; + public RegisterUser() { super(); @@ -72,7 +77,6 @@ public class RegisterUser extends CMSServlet { /** * initialize the servlet. - * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -84,7 +88,7 @@ public class RegisterUser extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. */ protected void process(CMSRequest cmsReq) throws EBaseException { CMS.debug("UpdateUpdater: processing..."); @@ -98,9 +102,9 @@ public class RegisterUser extends CMSServlet { CMS.debug("RegisterUser authentication successful."); } catch (Exception e) { CMS.debug("RegisterUser: authentication failed."); - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", - e.toString())); + e.toString())); outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated"); return; } @@ -113,19 +117,19 @@ public class RegisterUser extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "modify"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "modify"); CMS.debug("RegisterUser authorization successful."); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, "Error: Not authorized"); return; } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, - "Error: Encountered problem during authorization."); + "Error: Encountered problem during authorization."); return; } @@ -146,112 +150,119 @@ public class RegisterUser extends CMSServlet { String auditMessage = null; String auditSubjectID = auditSubjectID(); - String auditParams = "Scope;;users+Operation;;OP_ADD+source;;RegisterUser" - + "+Resource;;" - + uid - + "+fullname;;" - + name - + "+state;;1" - + "+userType;;<null>+email;;<null>+password;;<null>+phone;;<null>"; + String auditParams = "Scope;;users+Operation;;OP_ADD+source;;RegisterUser" + + "+Resource;;"+ uid + + "+fullname;;"+ name + + "+state;;1" + + "+userType;;<null>+email;;<null>+password;;<null>+phone;;<null>"; - IUGSubsystem ugsys = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG); + IUGSubsystem ugsys = (IUGSubsystem)CMS.getSubsystem(CMS.SUBSYSTEM_UG); IUser user = null; boolean foundByCert = false; X509Certificate certs[] = new X509Certificate[1]; try { - byte bCert[] = null; - X509CertImpl cert = null; - bCert = (byte[]) (com.netscape.osutil.OSUtil.AtoB(certsString)); - cert = new X509CertImpl(bCert); - certs[0] = (X509Certificate) cert; - - // test to see if the cert already belongs to a user - ICertUserLocator cul = ugsys.getCertUserLocator(); - com.netscape.certsrv.usrgrp.Certificates c = new com.netscape.certsrv.usrgrp.Certificates( - certs); - user = (IUser) cul.locateUser(c); + byte bCert[] = null; + X509CertImpl cert = null; + bCert = (byte[]) (com.netscape.osutil.OSUtil.AtoB(certsString)); + cert = new X509CertImpl(bCert); + certs[0] = (X509Certificate)cert; + + // test to see if the cert already belongs to a user + ICertUserLocator cul = ugsys.getCertUserLocator(); + com.netscape.certsrv.usrgrp.Certificates c = + new com.netscape.certsrv.usrgrp.Certificates(certs); + user = (IUser) cul.locateUser(c); } catch (Exception ec) { - CMS.debug("RegisterUser: exception thrown: " + ec.toString()); + CMS.debug("RegisterUser: exception thrown: "+ec.toString()); } if (user == null) { - CMS.debug("RegisterUser NOT found user by cert"); - try { - user = ugsys.getUser(uid); - CMS.debug("RegisterUser found user by uid " + uid); - } catch (Exception eee) { - } + CMS.debug("RegisterUser NOT found user by cert"); + try { + user = ugsys.getUser(uid); + CMS.debug("RegisterUser found user by uid "+uid); + } catch (Exception eee) { + } } else { - foundByCert = true; - CMS.debug("RegisterUser found user by cert"); + foundByCert = true; + CMS.debug("RegisterUser found user by cert"); } - - try { - - if (user == null) { - // create user only if such user does not exist - user = ugsys.createUser(uid); - user.setFullName(name); - user.setState("1"); - user.setUserType(""); - user.setEmail(""); - user.setPhone(""); - user.setPassword(""); - - ugsys.addUser(user); - CMS.debug("RegisterUser created user " + uid); - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, - ILogger.SUCCESS, auditParams); - audit(auditMessage); - } - - // extract all line separators - StringBuffer sb = new StringBuffer(); - for (int i = 0; i < certsString.length(); i++) { - if (!Character.isWhitespace(certsString.charAt(i))) { - sb.append(certsString.charAt(i)); - } - } - certsString = sb.toString(); - - auditParams = "Scope;;certs+Operation;;OP_ADD+source;;RegisterUser" - + "+Resource;;" + uid + "+cert;;" + certsString; - - user.setX509Certificates(certs); - if (!foundByCert) { - ugsys.addUserCert(user); - CMS.debug("RegisterUser added user certificate"); - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, - ILogger.SUCCESS, auditParams); - audit(auditMessage); - } else - CMS.debug("RegisterUser no need to add user certificate"); - } catch (Exception eee) { + + try { + + if (user == null) { + // create user only if such user does not exist + user = ugsys.createUser(uid); + user.setFullName(name); + user.setState("1"); + user.setUserType(""); + user.setEmail(""); + user.setPhone(""); + user.setPassword(""); + + ugsys.addUser(user); + CMS.debug("RegisterUser created user " + uid); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.SUCCESS, + auditParams); + audit(auditMessage); + } + + // extract all line separators + StringBuffer sb = new StringBuffer(); + for (int i = 0; i < certsString.length(); i++) { + if (!Character.isWhitespace(certsString.charAt(i))) { + sb.append(certsString.charAt(i)); + } + } + certsString = sb.toString(); + + auditParams = "Scope;;certs+Operation;;OP_ADD+source;;RegisterUser" + + "+Resource;;"+ uid + + "+cert;;"+certsString; + + user.setX509Certificates(certs); + if (!foundByCert) { + ugsys.addUserCert(user); + CMS.debug("RegisterUser added user certificate"); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.SUCCESS, + auditParams); + audit(auditMessage); + } else + CMS.debug("RegisterUser no need to add user certificate"); + } catch (Exception eee) { CMS.debug("RegisterUser error " + eee.toString()); - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, ILogger.FAILURE, auditParams); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams); audit(auditMessage); outputError(httpResp, "Error: Certificate malformed"); return; } + // add user to the group - auditParams = "Scope;;groups+Operation;;OP_MODIFY+source;;RegisterUser" - + "+Resource;;" + mGroupName; + auditParams = "Scope;;groups+Operation;;OP_MODIFY+source;;RegisterUser" + + "+Resource;;"+ mGroupName; try { Enumeration groups = ugsys.findGroups(mGroupName); - IGroup group = (IGroup) groups.nextElement(); + IGroup group = (IGroup)groups.nextElement(); auditParams += "+user;;"; Enumeration members = group.getMemberNames(); while (members.hasMoreElements()) { auditParams += (String) members.nextElement(); if (members.hasMoreElements()) { - auditParams += ","; + auditParams +=","; } } @@ -262,17 +273,22 @@ public class RegisterUser extends CMSServlet { CMS.debug("RegisterUser modified group"); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, - ILogger.SUCCESS, auditParams); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.SUCCESS, + auditParams); audit(auditMessage); } - } catch (Exception e) { - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, ILogger.FAILURE, auditParams); + } catch (Exception e) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams); - audit(auditMessage); - } + audit(auditMessage); + } // send success status back to the requestor try { @@ -289,22 +305,14 @@ public class RegisterUser extends CMSServlet { } } - protected void setDefaultTemplates(ServletConfig sc) { - } + protected void setDefaultTemplates(ServletConfig sc) {} - protected void renderTemplate(CMSRequest cmsReq, String templateName, - ICMSTemplateFiller filler) throws IOException {// do nothing - } + protected void renderTemplate( + CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) + throws IOException {// do nothing + } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do - // nothing, - // ie, it - // will - // not - // return - // the - // default - // javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java index d03bc313..76f5a749 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.FileInputStream; @@ -75,19 +76,19 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class RestoreKeyCertPanel extends WizardPanelBase { - public RestoreKeyCertPanel() { - } + public RestoreKeyCertPanel() {} /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Import Keys and Certificates"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, - String id) throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException { setPanelNo(panelno); setName("Import Keys and Certificates"); setId(id); @@ -98,18 +99,18 @@ public class RestoreKeyCertPanel extends WizardPanelBase { */ public boolean shouldSkip() { CMS.debug("RestoreKeyCertPanel: should skip"); - + IConfigStore cs = CMS.getConfigStore(); // if we are root, no need to get the certificate chain. - + try { - String select = cs.getString("preop.subsystem.select", ""); + String select = cs.getString("preop.subsystem.select",""); if (select.equals("clone")) { return false; } } catch (EBaseException e) { } - + return true; } @@ -137,16 +138,15 @@ public class RestoreKeyCertPanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) { - } + } catch (EBaseException e) {} return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -154,12 +154,13 @@ public class RestoreKeyCertPanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { context.put("title", "Import Keys and Certificates"); IConfigStore config = CMS.getConfigStore(); if (isPanelDone()) { - + try { String s = config.getString("preop.pk12.path", ""); String type = config.getString("preop.subsystem.select", ""); @@ -180,7 +181,8 @@ public class RestoreKeyCertPanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { IConfigStore config = CMS.getConfigStore(); String tokenname = ""; try { @@ -191,14 +193,15 @@ public class RestoreKeyCertPanel extends WizardPanelBase { if (!tokenname.equals("Internal Key Storage Token")) return; - // Path can be empty. If this case, we just want to + // Path can be empty. If this case, we just want to // get to the next panel. Customer has HSM. String s = HttpInput.getString(request, "path"); // if (s == null || s.equals("")) { - // CMS.debug("RestoreKeyCertPanel validate: path is empty"); - // throw new IOException("Path is empty"); + // CMS.debug("RestoreKeyCertPanel validate: path is empty"); + // throw new IOException("Path is empty"); // } + if (s != null && !s.equals("")) { s = HttpInput.getPassword(request, "__password"); if (s == null || s.equals("")) { @@ -213,14 +216,16 @@ public class RestoreKeyCertPanel extends WizardPanelBase { * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException + { IConfigStore config = CMS.getConfigStore(); String path = HttpInput.getString(request, "path"); if (path == null || path.equals("")) { - // skip to next panel + // skip to next panel config.putBoolean("preop.restorekeycert.done", true); try { - config.commit(false); + config.commit(false); } catch (EBaseException e) { } getConfigEntriesFromMaster(request, response, context); @@ -228,7 +233,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase { return; } String pwd = HttpInput.getPassword(request, "__password"); - + String tokenn = ""; String instanceRoot = ""; @@ -240,9 +245,8 @@ public class RestoreKeyCertPanel extends WizardPanelBase { if (tokenn.equals("Internal Key Storage Token")) { byte b[] = new byte[1000000]; - FileInputStream fis = new FileInputStream(instanceRoot + "/alias/" - + path); - while (fis.available() > 0) + FileInputStream fis = new FileInputStream(instanceRoot + "/alias/" + path); + while (fis.available() > 0) fis.read(b); fis.close(); @@ -252,11 +256,10 @@ public class RestoreKeyCertPanel extends WizardPanelBase { PFX pfx = null; boolean verifypfx = false; try { - pfx = (PFX) (new PFX.Template()).decode(bis); - verifypfx = pfx.verifyAuthSafes(password, reason); + pfx = (PFX)(new PFX.Template()).decode(bis); + verifypfx = pfx.verifyAuthSafes(password, reason); } catch (Exception e) { - CMS.debug("RestoreKeyCertPanel update: Exception=" - + e.toString()); + CMS.debug("RestoreKeyCertPanel update: Exception="+e.toString()); } if (verifypfx) { @@ -264,60 +267,50 @@ public class RestoreKeyCertPanel extends WizardPanelBase { AuthenticatedSafes safes = pfx.getAuthSafes(); Vector pkeyinfo_collection = new Vector(); Vector cert_collection = new Vector(); - for (int i = 0; i < safes.getSize(); i++) { + for (int i=0; i<safes.getSize(); i++) { try { - SEQUENCE scontent = safes.getSafeContentsAt(null, i); - for (int j = 0; j < scontent.size(); j++) { - SafeBag bag = (SafeBag) scontent.elementAt(j); + SEQUENCE scontent = safes.getSafeContentsAt(null, i); + for (int j=0; j<scontent.size(); j++) { + SafeBag bag = (SafeBag)scontent.elementAt(j); OBJECT_IDENTIFIER oid = bag.getBagType(); if (oid.equals(SafeBag.PKCS8_SHROUDED_KEY_BAG)) { - EncryptedPrivateKeyInfo privkeyinfo = (EncryptedPrivateKeyInfo) bag - .getInterpretedBagContent(); + EncryptedPrivateKeyInfo privkeyinfo = + (EncryptedPrivateKeyInfo)bag.getInterpretedBagContent(); PasswordConverter passConverter = new PasswordConverter(); - PrivateKeyInfo pkeyinfo = privkeyinfo.decrypt( - password, new PasswordConverter()); + PrivateKeyInfo pkeyinfo = privkeyinfo.decrypt(password, new PasswordConverter()); Vector pkeyinfo_v = new Vector(); pkeyinfo_v.addElement(pkeyinfo); SET bagAttrs = bag.getBagAttributes(); - for (int k = 0; k < bagAttrs.size(); k++) { - Attribute attrs = (Attribute) bagAttrs - .elementAt(k); + for (int k=0; k<bagAttrs.size(); k++) { + Attribute attrs = (Attribute)bagAttrs.elementAt(k); OBJECT_IDENTIFIER aoid = attrs.getType(); if (aoid.equals(SafeBag.FRIENDLY_NAME)) { SET val = attrs.getValues(); - ANY ss = (ANY) val.elementAt(0); - ByteArrayInputStream bbis = new ByteArrayInputStream( - ss.getEncoded()); - BMPString sss = (BMPString) (new BMPString.Template()) - .decode(bbis); + ANY ss = (ANY)val.elementAt(0); + ByteArrayInputStream bbis = new ByteArrayInputStream(ss.getEncoded()); + BMPString sss = (BMPString)(new BMPString.Template()).decode(bbis); String s = sss.toString(); pkeyinfo_v.addElement(s); } } pkeyinfo_collection.addElement(pkeyinfo_v); } else if (oid.equals(SafeBag.CERT_BAG)) { - CertBag cbag = (CertBag) bag - .getInterpretedBagContent(); - OCTET_STRING str = (OCTET_STRING) cbag - .getInterpretedCert(); + CertBag cbag = (CertBag)bag.getInterpretedBagContent(); + OCTET_STRING str = (OCTET_STRING)cbag.getInterpretedCert(); byte[] x509cert = str.toByteArray(); Vector cert_v = new Vector(); cert_v.addElement(x509cert); SET bagAttrs = bag.getBagAttributes(); - + if (bagAttrs != null) { - for (int k = 0; k < bagAttrs.size(); k++) { - Attribute attrs = (Attribute) bagAttrs - .elementAt(k); - OBJECT_IDENTIFIER aoid = attrs - .getType(); + for (int k=0; k<bagAttrs.size(); k++) { + Attribute attrs = (Attribute)bagAttrs.elementAt(k); + OBJECT_IDENTIFIER aoid = attrs.getType(); if (aoid.equals(SafeBag.FRIENDLY_NAME)) { SET val = attrs.getValues(); - ANY ss = (ANY) val.elementAt(0); - ByteArrayInputStream bbis = new ByteArrayInputStream( - ss.getEncoded()); - BMPString sss = (BMPString) (new BMPString.Template()) - .decode(bbis); + ANY ss = (ANY)val.elementAt(0); + ByteArrayInputStream bbis = new ByteArrayInputStream(ss.getEncoded()); + BMPString sss = (BMPString)(new BMPString.Template()).decode(bbis); String s = sss.toString(); cert_v.addElement(s); } @@ -328,11 +321,10 @@ public class RestoreKeyCertPanel extends WizardPanelBase { } } } catch (Exception e) { - CMS.debug("RestoreKeyCertPanel update: Exception=" - + e.toString()); + CMS.debug("RestoreKeyCertPanel update: Exception="+e.toString()); } } - + importkeycert(pkeyinfo_collection, cert_collection); } else { context.put("updateStatus", "failure"); @@ -350,12 +342,11 @@ public class RestoreKeyCertPanel extends WizardPanelBase { cstype = toLowerCaseSubsystemType(cstype); if (subsystemtype.equals("clone")) { - CMS.debug("RestoreKeyCertPanel: this is the clone subsystem"); + CMS.debug("RestoreKeyCertPanel: this is the clone subsystem"); boolean cloneReady = isCertdbCloned(request, context); if (!cloneReady) { CMS.debug("RestoreKeyCertPanel update: clone does not have all the certificates."); - context.put("errorString", - "Make sure you have copied the certificate database over to the clone"); + context.put("errorString", "Make sure you have copied the certificate database over to the clone"); context.put("updateStatus", "failure"); throw new IOException("Clone is not ready"); } @@ -372,7 +363,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase { } private void getConfigEntriesFromMaster(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { try { IConfigStore config = CMS.getConfigStore(); String cstype = ""; @@ -390,31 +381,22 @@ public class RestoreKeyCertPanel extends WizardPanelBase { int master_ee_port = -1; try { sd_hostname = config.getString("securitydomain.host", ""); - sd_port = config - .getInteger("securitydomain.httpsadminport", -1); + sd_port = config.getInteger("securitydomain.httpsadminport", -1); master_hostname = config.getString("preop.master.hostname", ""); - master_port = config.getInteger("preop.master.httpsadminport", - -1); - master_ee_port = config - .getInteger("preop.master.httpsport", -1); + master_port = config.getInteger("preop.master.httpsadminport", -1); + master_ee_port = config.getInteger("preop.master.httpsport", -1); String content = ""; if (cstype.equals("ca") || cstype.equals("kra")) { - content = "type=request&xmlOutput=true&sessionID=" - + session_id; + content = "type=request&xmlOutput=true&sessionID="+session_id; CMS.debug("http content=" + content); - updateNumberRange(master_hostname, master_ee_port, true, - content, "request", response); - - content = "type=serialNo&xmlOutput=true&sessionID=" - + session_id; - updateNumberRange(master_hostname, master_ee_port, true, - content, "serialNo", response); - - content = "type=replicaId&xmlOutput=true&sessionID=" - + session_id; - updateNumberRange(master_hostname, master_ee_port, true, - content, "replicaId", response); + updateNumberRange(master_hostname, master_ee_port, true, content, "request", response); + + content = "type=serialNo&xmlOutput=true&sessionID="+session_id; + updateNumberRange(master_hostname, master_ee_port, true, content, "serialNo", response); + + content = "type=replicaId&xmlOutput=true&sessionID="+session_id; + updateNumberRange(master_hostname, master_ee_port, true, content, "replicaId", response); } String list = ""; @@ -424,7 +406,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase { } StringBuffer c1 = new StringBuffer(); - StringBuffer s1 = new StringBuffer(); + StringBuffer s1 = new StringBuffer(); StringTokenizer tok = new StringTokenizer(list, ","); while (tok.hasMoreTokens()) { String t1 = tok.nextToken(); @@ -456,7 +438,8 @@ public class RestoreKeyCertPanel extends WizardPanelBase { c1.append(t1); c1.append(".pubkey.encoded"); - if (s1.length() != 0) + + if (s1.length()!=0) s1.append(","); s1.append(cstype); @@ -466,29 +449,21 @@ public class RestoreKeyCertPanel extends WizardPanelBase { if (!cstype.equals("ca")) { c1.append(",cloning.ca.hostname,cloning.ca.httpport,cloning.ca.httpsport,cloning.ca.list,cloning.ca.pkcs7,cloning.ca.type"); - } + } if (cstype.equals("ca")) { /* get ca connector details */ - if (s1.length() != 0) + if (s1.length()!=0) s1.append(","); s1.append("ca.connector.KRA"); } - content = "op=get&names=cloning.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,internaldb.replication.password,internaldb.ldapconn.host,internaldb.ldapconn.port,internaldb.ldapauth.bindDN" - + c1.toString() - + "&substores=" - + s1.toString() - + "&xmlOutput=true&sessionID=" + session_id; - boolean success = updateConfigEntries(master_hostname, - master_port, true, "/" + cstype + "/admin/" + cstype - + "/getConfigEntries", content, config, - response); + content = "op=get&names=cloning.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,internaldb.replication.password,internaldb.ldapconn.host,internaldb.ldapconn.port,internaldb.ldapauth.bindDN"+c1.toString()+"&substores="+s1.toString()+"&xmlOutput=true&sessionID="+session_id; + boolean success = updateConfigEntries(master_hostname, master_port, true, + "/"+cstype+"/admin/"+cstype+"/getConfigEntries", content, config, response); if (!success) { - context.put("errorString", - "Failed to get configuration entries from the master"); - throw new IOException( - "Failed to get configuration entries from the master"); + context.put("errorString", "Failed to get configuration entries from the master"); + throw new IOException("Failed to get configuration entries from the master"); } config.putString("preop.clone.configuration", "true"); try { @@ -498,8 +473,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase { } catch (IOException eee) { throw eee; } catch (Exception eee) { - CMS.debug("RestoreKeyCertPanel: update exception caught:" - + eee.toString()); + CMS.debug("RestoreKeyCertPanel: update exception caught:"+eee.toString()); } } catch (IOException ee) { @@ -517,42 +491,38 @@ public class RestoreKeyCertPanel extends WizardPanelBase { String s = st.nextToken(); if (s.equals("sslserver")) continue; - String name = "preop.master." + s + ".nickname"; + String name = "preop.master."+s+".nickname"; String nickname = cs.getString(name, ""); CryptoManager cm = CryptoManager.getInstance(); X509Certificate xcert = null; try { xcert = cm.findCertByNickname(nickname); } catch (Exception ee) { - CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception=" - + ee.toString()); + CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception="+ee.toString()); } CryptoToken ct = cm.getInternalKeyStorageToken(); CryptoStore store = ct.getCryptoStore(); try { store.deleteCert(xcert); } catch (Exception ee) { - CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception=" - + ee.toString()); + CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception="+ee.toString()); } } } catch (Exception e) { - CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception=" - + e.toString()); - } + CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception="+e.toString()); + } } - private org.mozilla.jss.crypto.PrivateKey.Type getPrivateKeyType( - PublicKey pubkey) { - CMS.debug("Key Algorithm '" + pubkey.getAlgorithm() + "'"); - if (pubkey.getAlgorithm().equals("EC")) { - return org.mozilla.jss.crypto.PrivateKey.Type.EC; - } - return org.mozilla.jss.crypto.PrivateKey.Type.RSA; + private org.mozilla.jss.crypto.PrivateKey.Type getPrivateKeyType(PublicKey pubkey) { + CMS.debug("Key Algorithm '"+pubkey.getAlgorithm()+"'"); + if (pubkey.getAlgorithm().equals("EC")) { + return org.mozilla.jss.crypto.PrivateKey.Type.EC; + } + return org.mozilla.jss.crypto.PrivateKey.Type.RSA; } - private void importkeycert(Vector pkeyinfo_collection, - Vector cert_collection) throws IOException { + private void importkeycert(Vector pkeyinfo_collection, + Vector cert_collection) throws IOException { CryptoManager cm = null; try { cm = CryptoManager.getInstance(); @@ -562,13 +532,12 @@ public class RestoreKeyCertPanel extends WizardPanelBase { // delete all existing certificates first deleteExistingCerts(); - for (int i = 0; i < pkeyinfo_collection.size(); i++) { + for (int i=0; i<pkeyinfo_collection.size(); i++) { try { - Vector pkeyinfo_v = (Vector) pkeyinfo_collection.elementAt(i); - PrivateKeyInfo pkeyinfo = (PrivateKeyInfo) pkeyinfo_v - .elementAt(0); - String nickname = (String) pkeyinfo_v.elementAt(1); - byte[] x509cert = getX509Cert(nickname, cert_collection); + Vector pkeyinfo_v = (Vector)pkeyinfo_collection.elementAt(i); + PrivateKeyInfo pkeyinfo = (PrivateKeyInfo)pkeyinfo_v.elementAt(0); + String nickname = (String)pkeyinfo_v.elementAt(1); + byte[] x509cert = getX509Cert(nickname, cert_collection); X509Certificate cert = cm.importCACertPackage(x509cert); ByteArrayOutputStream bos = new ByteArrayOutputStream(); pkeyinfo.encode(bos); @@ -581,37 +550,32 @@ public class RestoreKeyCertPanel extends WizardPanelBase { try { store.deleteCert(cert); } catch (Exception ee) { - CMS.debug("RestoreKeyCertPanel importKeyCert: Exception=" - + ee.toString()); + CMS.debug("RestoreKeyCertPanel importKeyCert: Exception="+ee.toString()); } KeyGenerator kg = token.getKeyGenerator(KeyGenAlgorithm.DES3); SymmetricKey sk = kg.generate(); - byte iv[] = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 }; + byte iv[] = {0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1}; IVParameterSpec param = new IVParameterSpec(iv); - Cipher c = token - .getCipherContext(EncryptionAlgorithm.DES3_CBC_PAD); + Cipher c = token.getCipherContext(EncryptionAlgorithm.DES3_CBC_PAD); c.initEncrypt(sk, param); byte[] encpkey = c.doFinal(pkey); - - KeyWrapper wrapper = token - .getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD); + + KeyWrapper wrapper = token.getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD); wrapper.initUnwrap(sk, param); - org.mozilla.jss.crypto.PrivateKey pp = wrapper.unwrapPrivate( - encpkey, getPrivateKeyType(publickey), publickey); + org.mozilla.jss.crypto.PrivateKey pp = wrapper.unwrapPrivate(encpkey, getPrivateKeyType(publickey), publickey); } catch (Exception e) { - CMS.debug("RestoreKeyCertPanel importkeycert: Exception=" - + e.toString()); + CMS.debug("RestoreKeyCertPanel importkeycert: Exception="+e.toString()); } } - for (int i = 0; i < cert_collection.size(); i++) { + for (int i=0; i<cert_collection.size(); i++) { try { - Vector cert_v = (Vector) cert_collection.elementAt(i); - byte[] cert = (byte[]) cert_v.elementAt(0); + Vector cert_v = (Vector)cert_collection.elementAt(i); + byte[] cert = (byte[])cert_v.elementAt(0); if (cert_v.size() > 1) { - String name = (String) cert_v.elementAt(1); + String name = (String)cert_v.elementAt(1); // we need to delete the trusted CA certificate if it is // the same as the ca signing certificate if (isCASigningCert(name)) { @@ -622,35 +586,30 @@ public class RestoreKeyCertPanel extends WizardPanelBase { CMS.debug("RestoreKeyCertPanel deleteCert: this is pk11store"); if (store instanceof PK11Store) { try { - PK11Store pk11store = (PK11Store) store; + PK11Store pk11store = (PK11Store)store; pk11store.deleteCertOnly(certchain); } catch (Exception ee) { - CMS.debug("RestoreKeyCertPanel importKeyCert: Exception=" - + ee.toString()); + CMS.debug("RestoreKeyCertPanel importKeyCert: Exception="+ee.toString()); } } } } - X509Certificate xcert = cm.importUserCACertPackage(cert, - name); + X509Certificate xcert = cm.importUserCACertPackage(cert, name); if (name.startsWith("caSigningCert")) { // we need to change the trust attribute to CT - InternalCertificate icert = (InternalCertificate) xcert; - icert.setSSLTrust(InternalCertificate.TRUSTED_CA - | InternalCertificate.TRUSTED_CLIENT_CA - | InternalCertificate.VALID_CA); + InternalCertificate icert = (InternalCertificate)xcert; + icert.setSSLTrust(InternalCertificate.TRUSTED_CA + | InternalCertificate.TRUSTED_CLIENT_CA + | InternalCertificate.VALID_CA); } else if (name.startsWith("auditSigningCert")) { - InternalCertificate icert = (InternalCertificate) xcert; - icert.setObjectSigningTrust(InternalCertificate.USER - | InternalCertificate.VALID_PEER - | InternalCertificate.TRUSTED_PEER); + InternalCertificate icert = (InternalCertificate)xcert; + icert.setObjectSigningTrust(InternalCertificate.USER | InternalCertificate.VALID_PEER | InternalCertificate.TRUSTED_PEER); } } else cm.importCACertPackage(cert); } catch (Exception e) { - CMS.debug("RestoreKeyCertPanel importkeycert: Exception=" - + e.toString()); + CMS.debug("RestoreKeyCertPanel importkeycert: Exception="+e.toString()); } } } @@ -669,44 +628,41 @@ public class RestoreKeyCertPanel extends WizardPanelBase { return false; } - private X509Certificate getX509CertFromToken(byte[] cert) - throws IOException { + private X509Certificate getX509CertFromToken(byte[] cert) + throws IOException { try { X509CertImpl impl = new X509CertImpl(cert); String issuer_impl = impl.getIssuerDN().toString(); BigInteger serial_impl = impl.getSerialNumber(); CryptoManager cm = CryptoManager.getInstance(); X509Certificate[] permcerts = cm.getPermCerts(); - for (int i = 0; i < permcerts.length; i++) { + for (int i=0; i<permcerts.length; i++) { String issuer_p = permcerts[i].getSubjectDN().toString(); BigInteger serial_p = permcerts[i].getSerialNumber(); - if (issuer_p.equals(issuer_impl) - && serial_p.compareTo(serial_impl) == 0) { + if (issuer_p.equals(issuer_impl) && serial_p.compareTo(serial_impl) == 0) { return permcerts[i]; } } } catch (Exception e) { - CMS.debug("RestoreKeyCertPanel getX509CertFromToken: Exception=" - + e.toString()); + CMS.debug("RestoreKeyCertPanel getX509CertFromToken: Exception="+e.toString()); } return null; } - private byte[] getX509Cert(String nickname, Vector cert_collection) - throws IOException { - for (int i = 0; i < cert_collection.size(); i++) { - Vector v = (Vector) cert_collection.elementAt(i); - byte[] b = (byte[]) v.elementAt(0); + private byte[] getX509Cert(String nickname, Vector cert_collection) + throws IOException { + for (int i=0; i<cert_collection.size(); i++) { + Vector v = (Vector)cert_collection.elementAt(i); + byte[] b = (byte[])v.elementAt(0); X509CertImpl impl = null; try { impl = new X509CertImpl(b); } catch (Exception e) { - CMS.debug("RestoreKeyCertPanel getX509Cert: Exception=" - + e.toString()); - throw new IOException(e.toString()); + CMS.debug("RestoreKeyCertPanel getX509Cert: Exception="+e.toString()); + throw new IOException( e.toString() ); } - Principal subjectdn = impl.getSubjectDN(); + Principal subjectdn = impl.getSubjectDN(); if (LDAPDN.equals(subjectdn.toString(), nickname)) return b; } @@ -718,14 +674,17 @@ public class RestoreKeyCertPanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) + { context.put("title", "Import Keys and Certificates"); context.put("password", ""); context.put("path", ""); context.put("panel", "admin/console/config/restorekeycertpanel.vm"); } - private boolean isCertdbCloned(HttpServletRequest request, Context context) { + private boolean isCertdbCloned(HttpServletRequest request, + Context context) { IConfigStore config = CMS.getConfigStore(); String certList = ""; try { @@ -739,13 +698,13 @@ public class RestoreKeyCertPanel extends WizardPanelBase { String tokenname = config.getString("preop.module.token", ""); CryptoToken tok = cm.getTokenByName(tokenname); CryptoStore store = tok.getCryptoStore(); - String name1 = "preop.master." + token + ".nickname"; + String name1 = "preop.master."+token+".nickname"; String nickname = config.getString(name1, ""); - if (!tokenname.equals("Internal Key Storage Token") - && !tokenname.equals("internal")) - nickname = tokenname + ":" + nickname; + if (!tokenname.equals("Internal Key Storage Token") && + !tokenname.equals("internal")) + nickname = tokenname+":"+nickname; - CMS.debug("RestoreKeyCertPanel isCertdbCloned: " + nickname); + CMS.debug("RestoreKeyCertPanel isCertdbCloned: "+nickname); X509Certificate cert = cm.findCertByNickname(nickname); if (cert == null) return false; diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java index 83d8413e..854e8f10 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java @@ -34,19 +34,19 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class SavePKCS12Panel extends WizardPanelBase { - public SavePKCS12Panel() { - } + public SavePKCS12Panel() {} /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Save Keys and Certificates"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, - String id) throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException { setPanelNo(panelno); setName("Save Keys and Certificates"); setId(id); @@ -60,11 +60,11 @@ public class SavePKCS12Panel extends WizardPanelBase { try { boolean enable = cs.getBoolean("preop.backupkeys.enable", false); - if (!enable) + if (!enable) return true; } catch (Exception e) { } - + return false; } @@ -77,14 +77,13 @@ public class SavePKCS12Panel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) { - } + } catch (EBaseException e) {} return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + return set; } @@ -96,7 +95,8 @@ public class SavePKCS12Panel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { context.put("title", "Save Keys and Certificates"); IConfigStore config = CMS.getConfigStore(); String subsystemtype = ""; @@ -116,14 +116,15 @@ public class SavePKCS12Panel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { context.put("title", "Save Keys and Certificates"); context.put("panel", "admin/console/config/savepkcs12panel.vm"); context.put("updateStatus", "success"); @@ -133,7 +134,9 @@ public class SavePKCS12Panel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) + { context.put("title", "Save Keys and Certificates"); context.put("panel", "admin/console/config/savepkcs12panel.vm"); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainLogin.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainLogin.java index 14e52a38..3a5d82d1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainLogin.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainLogin.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.net.URL; import java.net.URLDecoder; @@ -38,12 +39,14 @@ public class SecurityDomainLogin extends BaseServlet { private static final long serialVersionUID = -1616344299101179396L; public boolean authenticate(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { return true; } public Template process(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { Template template = null; try { @@ -56,9 +59,9 @@ public class SecurityDomainLogin extends BaseServlet { int index = url.indexOf("subsystem="); String subsystem = ""; if (index > 0) { - subsystem = url.substring(index + 10); + subsystem = url.substring(index+10); int index1 = subsystem.indexOf("&"); - if (index1 > 0) + if (index1 > 0) subsystem = subsystem.substring(0, index1); } context.put("sd_uid", ""); @@ -67,16 +70,15 @@ public class SecurityDomainLogin extends BaseServlet { context.put("host", u.getHost()); context.put("sdhost", CMS.getEESSLHost()); if (subsystem.equals("KRA")) { - subsystem = "DRM"; + subsystem = "DRM"; } context.put("subsystem", subsystem); // The "securitydomain.name" property ONLY resides in the "CS.cfg" // associated with the CS subsystem hosting the security domain. IConfigStore cs = CMS.getConfigStore(); String sdname = cs.getString("securitydomain.name", ""); - context.put("name", sdname); - template = Velocity - .getTemplate("admin/console/config/securitydomainloginpanel.vm"); + context.put("name", sdname); + template = Velocity.getTemplate("admin/console/config/securitydomainloginpanel.vm"); } catch (Exception e) { System.err.println("Exception caught: " + e.getMessage()); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java index e43fa913..90a6aeb0 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.IOException; import java.net.MalformedURLException; import java.net.URL; @@ -38,19 +39,19 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class SecurityDomainPanel extends WizardPanelBase { - public SecurityDomainPanel() { - } + public SecurityDomainPanel() {} /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Security Domain"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, - String id) throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException { setPanelNo(panelno); setName("Security Domain"); setId(id); @@ -71,16 +72,15 @@ public class SecurityDomainPanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) { - } + } catch (EBaseException e) {} return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -88,7 +88,8 @@ public class SecurityDomainPanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { context.put("title", "Security Domain"); IConfigStore config = CMS.getConfigStore(); String errorString = ""; @@ -98,12 +99,10 @@ public class SecurityDomainPanel extends WizardPanelBase { String systemdService = ""; try { - default_admin_url = config.getString( - "preop.securitydomain.admin_url", ""); + default_admin_url = config.getString("preop.securitydomain.admin_url", ""); name = config.getString("preop.securitydomain.name", ""); cstype = config.getString("cs.type", ""); - systemdService = config.getString("pkicreate.systemd.servicename", - ""); + systemdService = config.getString("pkicreate.systemd.servicename", ""); } catch (Exception e) { CMS.debug(e.toString()); } @@ -137,8 +136,7 @@ public class SecurityDomainPanel extends WizardPanelBase { context.put("https_ee_port", CMS.getEESSLPort()); context.put("https_admin_port", CMS.getAdminPort()); context.put("sdomainAdminURL", default_admin_url); - } catch (EBaseException e) { - } + } catch (EBaseException e) {} context.put("panel", "admin/console/config/securitydomainpanel.vm"); context.put("errorString", errorString); @@ -159,19 +157,18 @@ public class SecurityDomainPanel extends WizardPanelBase { while (st.hasMoreTokens()) { count++; String n = st.nextToken(); - if (first) { // skip the hostname + if (first) { //skip the hostname first = false; continue; } if (count == numTokens) // skip the last element (e.g. com) continue; - sb.append((defaultDomain.length() == 0) ? "" : " "); + sb.append((defaultDomain.length()==0)? "":" "); sb.append(capitalize(n)); } - defaultDomain = sb.toString() + " " + "Domain"; + defaultDomain = sb.toString() + " "+ "Domain"; name = defaultDomain; - CMS.debug("SecurityDomainPanel: defaultDomain generated:" - + name); + CMS.debug("SecurityDomainPanel: defaultDomain generated:"+ name); } catch (MalformedURLException e) { errorString = "Malformed URL"; // not being able to come up with default domain name is ok @@ -179,53 +176,54 @@ public class SecurityDomainPanel extends WizardPanelBase { } context.put("sdomainName", name); - if (default_admin_url != null) { + if( default_admin_url != null ) { String r = null; try { // check to see if "default" security domain exists // on local machine - URL u = new URL(default_admin_url); + URL u = new URL( default_admin_url ); String hostname = u.getHost(); int port = u.getPort(); - ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); - r = pingCS(hostname, port, true, certApprovalCallback); + ConfigCertApprovalCallback + certApprovalCallback = new ConfigCertApprovalCallback(); + r = pingCS( hostname, port, true, certApprovalCallback ); } catch (Exception e) { - CMS.debug("SecurityDomainPanel: exception caught: " - + e.toString()); + CMS.debug( "SecurityDomainPanel: exception caught: " + + e.toString() ); } - - if (r != null) { + + if( r != null ) { // "default" security domain exists on local machine; // fill "sdomainURL" in with "default" security domain // as an initial "guess" - CMS.debug("SecurityDomainPanel: pingCS returns: " + r); - context.put("sdomainURL", default_admin_url); + CMS.debug( "SecurityDomainPanel: pingCS returns: "+r ); + context.put( "sdomainURL", default_admin_url ); } else { // "default" security domain does NOT exist on local machine; // leave "sdomainURL" blank - CMS.debug("SecurityDomainPanel: pingCS no successful response"); - context.put("sdomainURL", ""); + CMS.debug( "SecurityDomainPanel: pingCS no successful response" ); + context.put( "sdomainURL", "" ); } } // Information for "existing" Security Domain CAs String initDaemon = "pki-cad"; String instanceId = "<security_domain_instance_name>"; - String os = System.getProperty("os.name"); - if (os.equalsIgnoreCase("Linux")) { - if (!systemdService.equals("")) { - context.put("initCommand", "/usr/bin/pkicontrol"); - context.put("instanceId", "ca " + systemdService); + String os = System.getProperty( "os.name" ); + if( os.equalsIgnoreCase( "Linux" ) ) { + if (! systemdService.equals("")) { + context.put( "initCommand", "/usr/bin/pkicontrol" ); + context.put( "instanceId", "ca " + systemdService ); } else { - context.put("initCommand", "/sbin/service " + initDaemon); - context.put("instanceId", instanceId); + context.put( "initCommand", "/sbin/service " + initDaemon ); + context.put( "instanceId", instanceId ); } } else { - /* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */ - context.put("initCommand", "/etc/init.d/" + initDaemon); - context.put("instanceId", instanceId); + /* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */ + context.put( "initCommand", "/etc/init.d/" + initDaemon ); + context.put( "instanceId", instanceId ); } } @@ -233,7 +231,7 @@ public class SecurityDomainPanel extends WizardPanelBase { if (s.length() == 0) { return s; } else { - return s.substring(0, 1).toUpperCase() + s.substring(1); + return s.substring(0,1).toUpperCase() + s.substring(1); } } @@ -241,59 +239,62 @@ public class SecurityDomainPanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { - + HttpServletResponse response, + Context context) throws IOException { + String select = HttpInput.getID(request, "choice"); if (select.equals("newdomain")) { - String name = HttpInput.getSecurityDomainName(request, - "sdomainName"); + String name = HttpInput.getSecurityDomainName(request, "sdomainName"); if (name == null || name.equals("")) { initParams(request, context); context.put("updateStatus", "validate-failure"); - throw new IOException( - "Missing name value for the security domain"); + throw new IOException("Missing name value for the security domain"); } } else if (select.equals("existingdomain")) { - CMS.debug("SecurityDomainPanel: validating " - + "SSL Admin HTTPS . . ."); - String admin_url = HttpInput.getURL(request, "sdomainURL"); - if (admin_url == null || admin_url.equals("")) { - initParams(request, context); + CMS.debug( "SecurityDomainPanel: validating " + + "SSL Admin HTTPS . . ." ); + String admin_url = HttpInput.getURL( request, "sdomainURL" ); + if( admin_url == null || admin_url.equals("") ) { + initParams( request, context ); context.put("updateStatus", "validate-failure"); - throw new IOException("Missing SSL Admin HTTPS url value " - + "for the security domain"); + throw new IOException( "Missing SSL Admin HTTPS url value " + + "for the security domain" ); } else { String r = null; try { - URL u = new URL(admin_url); + URL u = new URL( admin_url ); String hostname = u.getHost(); int admin_port = u.getPort(); - ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); - r = pingCS(hostname, admin_port, true, certApprovalCallback); - } catch (Exception e) { - CMS.debug("SecurityDomainPanel: exception caught: " - + e.toString()); + ConfigCertApprovalCallback + certApprovalCallback = new ConfigCertApprovalCallback(); + r = pingCS( hostname, admin_port, true, + certApprovalCallback ); + } catch( Exception e ) { + CMS.debug( "SecurityDomainPanel: exception caught: " + + e.toString() ); context.put("updateStatus", "validate-failure"); - throw new IOException("Illegal SSL Admin HTTPS url value " - + "for the security domain"); + throw new IOException( "Illegal SSL Admin HTTPS url value " + + "for the security domain" ); } if (r != null) { - CMS.debug("SecurityDomainPanel: pingAdminCS returns: " + r); - context.put("sdomainURL", admin_url); + CMS.debug("SecurityDomainPanel: pingAdminCS returns: " + + r ); + context.put( "sdomainURL", admin_url ); } else { - CMS.debug("SecurityDomainPanel: pingAdminCS " - + "no successful response for SSL Admin HTTPS"); - context.put("sdomainURL", ""); + CMS.debug( "SecurityDomainPanel: pingAdminCS " + + "no successful response for SSL Admin HTTPS" ); + context.put( "sdomainURL", "" ); } } } } - public void initParams(HttpServletRequest request, Context context) - throws IOException { + public void initParams(HttpServletRequest request, Context context) + throws IOException + { IConfigStore config = CMS.getConfigStore(); try { context.put("cstype", config.getString("cs.type")); @@ -305,7 +306,7 @@ public class SecurityDomainPanel extends WizardPanelBase { context.put("check_newdomain", "checked"); context.put("check_existingdomain", ""); } else if (select.equals("existingdomain")) { - context.put("check_newdomain", ""); + context.put("check_newdomain", ""); context.put("check_existingdomain", "checked"); } @@ -324,7 +325,8 @@ public class SecurityDomainPanel extends WizardPanelBase { * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { String errorString = ""; String select = HttpInput.getID(request, "choice"); @@ -338,28 +340,29 @@ public class SecurityDomainPanel extends WizardPanelBase { if (select.equals("newdomain")) { config.putString("preop.securitydomain.select", "new"); config.putString("securitydomain.select", "new"); - config.putString("preop.securitydomain.name", - HttpInput.getDomainName(request, "sdomainName")); - config.putString("securitydomain.name", - HttpInput.getDomainName(request, "sdomainName")); - config.putString("securitydomain.host", CMS.getEENonSSLHost()); - config.putString("securitydomain.httpport", CMS.getEENonSSLPort()); - config.putString("securitydomain.httpsagentport", - CMS.getAgentPort()); - config.putString("securitydomain.httpseeport", CMS.getEESSLPort()); - config.putString("securitydomain.httpsadminport", - CMS.getAdminPort()); - - // make sure the subsystem certificate is issued by the security + config.putString("preop.securitydomain.name", + HttpInput.getDomainName(request, "sdomainName")); + config.putString("securitydomain.name", + HttpInput.getDomainName(request, "sdomainName")); + config.putString("securitydomain.host", + CMS.getEENonSSLHost()); + config.putString("securitydomain.httpport", + CMS.getEENonSSLPort()); + config.putString("securitydomain.httpsagentport", + CMS.getAgentPort()); + config.putString("securitydomain.httpseeport", + CMS.getEESSLPort()); + config.putString("securitydomain.httpsadminport", + CMS.getAdminPort()); + + // make sure the subsystem certificate is issued by the security // domain config.putString("preop.cert.subsystem.type", "local"); - config.putString("preop.cert.subsystem.profile", - "subsystemCert.profile"); - + config.putString("preop.cert.subsystem.profile", "subsystemCert.profile"); + try { config.commit(false); - } catch (EBaseException e) { - } + } catch (EBaseException e) {} String instanceRoot = ""; try { @@ -374,38 +377,37 @@ public class SecurityDomainPanel extends WizardPanelBase { // make sure the subsystem certificate is issued by the security // domain config.putString("preop.cert.subsystem.type", "remote"); - config.putString("preop.cert.subsystem.profile", - "caInternalAuthSubsystemCert"); + config.putString("preop.cert.subsystem.profile", "caInternalAuthSubsystemCert"); String admin_url = HttpInput.getURL(request, "sdomainURL"); String hostname = ""; int admin_port = -1; - if (admin_url != null) { + if( admin_url != null ) { try { - URL admin_u = new URL(admin_url); + URL admin_u = new URL( admin_url ); hostname = admin_u.getHost(); admin_port = admin_u.getPort(); - } catch (MalformedURLException e) { + } catch( MalformedURLException e ) { errorString = "Malformed SSL Admin HTTPS URL"; context.put("updateStatus", "failure"); - throw new IOException(errorString); + throw new IOException( errorString ); } - context.put("sdomainURL", admin_url); - config.putString("securitydomain.host", hostname); - config.putInteger("securitydomain.httpsadminport", admin_port); + context.put( "sdomainURL", admin_url ); + config.putString( "securitydomain.host", hostname ); + config.putInteger( "securitydomain.httpsadminport", + admin_port ); } try { config.commit(false); - } catch (EBaseException e) { - } + } catch (EBaseException e) {} ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); - updateCertChain(config, "securitydomain", hostname, admin_port, - true, context, certApprovalCallback); + updateCertChain( config, "securitydomain", hostname, admin_port, + true, context, certApprovalCallback ); } else { CMS.debug("SecurityDomainPanel: invalid choice " + select); errorString = "Invalid choice"; @@ -423,8 +425,7 @@ public class SecurityDomainPanel extends WizardPanelBase { context.put("wizardname", config.getString("preop.wizard.name")); context.put("panelname", "Security Domain Configuration"); context.put("systemname", config.getString("preop.system.name")); - } catch (EBaseException e) { - } + } catch (EBaseException e) {} context.put("errorString", errorString); context.put("updateStatus", "success"); @@ -434,7 +435,8 @@ public class SecurityDomainPanel extends WizardPanelBase { * If validate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { IConfigStore config = CMS.getConfigStore(); String default_admin_url = ""; try { @@ -443,35 +445,33 @@ public class SecurityDomainPanel extends WizardPanelBase { } try { - default_admin_url = config.getString( - "preop.securitydomain.admin_url", ""); - } catch (Exception e) { - } + default_admin_url = config.getString("preop.securitydomain.admin_url", ""); + } catch (Exception e) {} - if (default_admin_url != null) { + if( default_admin_url != null ) { String r = null; try { // check to see if "default" security domain exists // on local machine - URL u = new URL(default_admin_url); + URL u = new URL( default_admin_url ); String hostname = u.getHost(); int port = u.getPort(); - ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); - r = pingCS(hostname, port, true, certApprovalCallback); - } catch (Exception e) { - } - - if (r != null) { + ConfigCertApprovalCallback + certApprovalCallback = new ConfigCertApprovalCallback(); + r = pingCS( hostname, port, true, certApprovalCallback ); + } catch (Exception e) {} + + if( r != null ) { // "default" security domain exists on local machine; // refill "sdomainURL" in with "default" security domain // as an initial "guess" - context.put("sdomainURL", default_admin_url); + context.put( "sdomainURL", default_admin_url ); } else { // "default" security domain does NOT exist on local machine; // leave "sdomainURL" blank - context.put("sdomainURL", ""); + context.put( "sdomainURL", "" ); } } @@ -482,21 +482,20 @@ public class SecurityDomainPanel extends WizardPanelBase { context.put("https_ee_port", CMS.getEESSLPort()); context.put("https_admin_port", CMS.getAdminPort()); context.put("sdomainAdminURL", - config.getString("preop.securitydomain.admin_url")); - } catch (EBaseException e) { - } + config.getString("preop.securitydomain.admin_url")); + } catch (EBaseException e) {} // Information for "existing" Security Domain CAs String initDaemon = "pki-cad"; String instanceId = "<security_domain_instance_name>"; - String os = System.getProperty("os.name"); - if (os.equalsIgnoreCase("Linux")) { - context.put("initCommand", "/sbin/service " + initDaemon); - context.put("instanceId", instanceId); + String os = System.getProperty( "os.name" ); + if( os.equalsIgnoreCase( "Linux" ) ) { + context.put( "initCommand", "/sbin/service " + initDaemon ); + context.put( "instanceId", instanceId ); } else { - /* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */ - context.put("initCommand", "/etc/init.d/" + initDaemon); - context.put("instanceId", instanceId); + /* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */ + context.put( "initCommand", "/etc/init.d/" + initDaemon ); + context.put( "instanceId", instanceId ); } context.put("title", "Security Domain"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java index f881ba7c..3d3530f2 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java @@ -27,7 +27,8 @@ import com.netscape.certsrv.base.ISecurityDomainSessionTable; /** * This object stores the values for IP, uid and group based on the cookie id. */ -public class SecurityDomainSessionTable implements ISecurityDomainSessionTable { +public class SecurityDomainSessionTable + implements ISecurityDomainSessionTable { private Hashtable m_sessions; private long m_timeToLive; @@ -37,7 +38,8 @@ public class SecurityDomainSessionTable implements ISecurityDomainSessionTable { m_timeToLive = timeToLive; } - public int addEntry(String sessionId, String ip, String uid, String group) { + public int addEntry(String sessionId, String ip, + String uid, String group) { Vector v = new Vector(); v.addElement(ip); v.addElement(uid); @@ -63,30 +65,30 @@ public class SecurityDomainSessionTable implements ISecurityDomainSessionTable { } public String getIP(String sessionId) { - Vector v = (Vector) m_sessions.get(sessionId); + Vector v = (Vector)m_sessions.get(sessionId); if (v != null) - return (String) v.elementAt(0); + return (String)v.elementAt(0); return null; } public String getUID(String sessionId) { - Vector v = (Vector) m_sessions.get(sessionId); + Vector v = (Vector)m_sessions.get(sessionId); if (v != null) - return (String) v.elementAt(1); + return (String)v.elementAt(1); return null; } public String getGroup(String sessionId) { - Vector v = (Vector) m_sessions.get(sessionId); + Vector v = (Vector)m_sessions.get(sessionId); if (v != null) - return (String) v.elementAt(2); + return (String)v.elementAt(2); return null; } public long getBeginTime(String sessionId) { - Vector v = (Vector) m_sessions.get(sessionId); - if (v != null) { - Long n = (Long) v.elementAt(3); + Vector v = (Vector)m_sessions.get(sessionId); + if (v != null) { + Long n = (Long)v.elementAt(3); if (n != null) return n.longValue(); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java index 05769dc5..c3a1e325 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java @@ -28,7 +28,8 @@ import com.netscape.certsrv.logging.ILogger; public class SessionTimer extends TimerTask { private ISecurityDomainSessionTable m_sessiontable = null; private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); - private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE = "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1"; + private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE = + "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1"; public SessionTimer(ISecurityDomainSessionTable table) { super(); @@ -38,27 +39,32 @@ public class SessionTimer extends TimerTask { public void run() { Enumeration keys = m_sessiontable.getSessionIds(); while (keys.hasMoreElements()) { - String sessionId = (String) keys.nextElement(); + String sessionId = (String)keys.nextElement(); long beginTime = m_sessiontable.getBeginTime(sessionId); Date nowDate = new Date(); long nowTime = nowDate.getTime(); long timeToLive = m_sessiontable.getTimeToLive(); - if ((nowTime - beginTime) > timeToLive) { + if ((nowTime-beginTime) > timeToLive) { m_sessiontable.removeEntry(sessionId); CMS.debug("SessionTimer run: successfully remove the session id entry from the table."); - + // audit message - String auditParams = "operation;;expire_token+token;;" - + sessionId; + String auditParams = "operation;;expire_token+token;;" + sessionId; String auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, "system", - ILogger.SUCCESS, auditParams); + LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, + "system", + ILogger.SUCCESS, + auditParams); - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, null, - ILogger.S_SIGNED_AUDIT, ILogger.LL_SECURITY, - auditMessage); + mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, + null, + ILogger.S_SIGNED_AUDIT, + ILogger.LL_SECURITY, + auditMessage); + } } } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java index a096963c..0e6a507a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.IOException; import java.security.KeyPair; import java.security.NoSuchAlgorithmException; @@ -53,14 +54,13 @@ public class SizePanel extends WizardPanelBase { private String default_rsa_key_size; private boolean mShowSigning = false; - public SizePanel() { - } + public SizePanel() {} /** * Initializes this panel. */ - public void init(WizardServlet servlet, ServletConfig config, int panelno, - String id) throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException { setPanelNo(panelno); setName("Key Pairs"); setId(id); @@ -69,30 +69,25 @@ public class SizePanel extends WizardPanelBase { public PropertySet getUsage() { PropertySet set = new PropertySet(); - - Descriptor choiceDesc = new Descriptor( - IDescriptor.CHOICE, - "default,custom", - null, /* no default parameter */ + + Descriptor choiceDesc = new Descriptor(IDescriptor.CHOICE, + "default,custom", null, /* no default parameter */ "If 'default', the key size will be configured automatically. If 'custom', the key size will be set to the value of the parameter 'custom_size'."); set.add("choice", choiceDesc); - - Descriptor customSizeDesc = new Descriptor(IDescriptor.STRING, null, /* - * no - * constraint - */ - null, /* no default parameter */ - "Custom Key Size"); + + Descriptor customSizeDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */ + null, /* no default parameter */ + "Custom Key Size"); set.add("custom_size", customSizeDesc); - + return set; } public void cleanUp() throws IOException { IConfigStore cs = CMS.getConfigStore(); - /* clean up if necessary */ + /* clean up if necessary*/ try { boolean done = cs.getBoolean("preop.SizePanel.done"); cs.putBoolean("preop.SizePanel.done", false); @@ -110,8 +105,7 @@ public class SizePanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) { - } + } catch (EBaseException e) {} return false; } @@ -120,10 +114,11 @@ public class SizePanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { CMS.debug("SizePanel: display()"); try { - initParams(request, context); + initParams(request, context); } catch (IOException e) { } @@ -139,14 +134,12 @@ public class SizePanel extends WizardPanelBase { } try { - default_ecc_curve_name = config.getString("keys.ecc.curve.default", - "nistp256"); + default_ecc_curve_name = config.getString("keys.ecc.curve.default", "nistp256"); } catch (Exception e) { } try { - default_rsa_key_size = config.getString("keys.rsa.keysize.default", - "2048"); + default_rsa_key_size = config.getString("keys.rsa.keysize.default", "2048"); } catch (Exception e) { } @@ -159,12 +152,12 @@ public class SizePanel extends WizardPanelBase { while (st.hasMoreTokens()) { String certTag = st.nextToken(); - String nn = config.getString(PCERT_PREFIX + certTag - + ".nickname"); + String nn = config.getString( + PCERT_PREFIX + certTag + ".nickname"); Cert c = new Cert(token, nn, certTag); - String s = config.getString(PCERT_PREFIX + certTag - + ".keysize.select", "default"); + String s = config.getString( + PCERT_PREFIX + certTag + ".keysize.select", "default"); if (s.equals("default")) { c.setKeyOption("default"); @@ -173,25 +166,26 @@ public class SizePanel extends WizardPanelBase { c.setKeyOption("custom"); } - s = config.getString(PCERT_PREFIX + certTag - + ".keysize.custom_size", default_rsa_key_size); + s = config.getString( + PCERT_PREFIX + certTag + ".keysize.custom_size", + default_rsa_key_size); c.setCustomKeysize(s); - s = config.getString(PCERT_PREFIX + certTag - + ".curvename.custom_name", default_ecc_curve_name); + s = config.getString( + PCERT_PREFIX + certTag + ".curvename.custom_name", + default_ecc_curve_name); c.setCustomCurvename(s); - boolean signingRequired = config.getBoolean(PCERT_PREFIX - + certTag + ".signing.required", false); + boolean signingRequired = config.getBoolean( + PCERT_PREFIX + certTag + ".signing.required", + false); c.setSigningRequired(signingRequired); - if (signingRequired) - mShowSigning = true; + if (signingRequired) mShowSigning = true; - String userfriendlyname = config.getString(PCERT_PREFIX - + certTag + ".userfriendlyname"); + String userfriendlyname = config.getString( + PCERT_PREFIX + certTag + ".userfriendlyname"); c.setUserFriendlyName(userfriendlyname); - boolean enable = config.getBoolean(PCERT_PREFIX + certTag - + ".enable", true); + boolean enable = config.getBoolean(PCERT_PREFIX+certTag+".enable", true); c.setEnable(enable); mCerts.addElement(c); }// while @@ -212,15 +206,16 @@ public class SizePanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException, - NumberFormatException { + HttpServletResponse response, + Context context) throws IOException, NumberFormatException { CMS.debug("SizePanel: update()"); boolean hasErr = false; IConfigStore config = CMS.getConfigStore(); @@ -241,15 +236,13 @@ public class SizePanel extends WizardPanelBase { if (select1.equals("clone")) { // preset the sslserver dn for cloning case try { - String val = config - .getString("preop.cert.sslserver.dn", ""); - config.putString("preop.cert.sslserver.dn", val - + ",o=clone"); + String val = config.getString("preop.cert.sslserver.dn", ""); + config.putString("preop.cert.sslserver.dn", val+",o=clone"); } catch (Exception ee) { } } } - + String token = ""; try { token = config.getString(PRE_CONF_CA_TOKEN, ""); @@ -258,17 +251,13 @@ public class SizePanel extends WizardPanelBase { while (c.hasMoreElements()) { Cert cert = (Cert) c.nextElement(); String ct = cert.getCertTag(); - boolean enable = config.getBoolean(PCERT_PREFIX + ct - + ".enable", true); + boolean enable = config.getBoolean(PCERT_PREFIX+ct+".enable", true); if (!enable) continue; - String keytype = HttpInput.getKeyType(request, ct + "_keytype"); // rsa - // or - // ecc + String keytype = HttpInput.getKeyType(request, ct + "_keytype"); // rsa or ecc - String keyalgorithm = HttpInput.getString(request, ct - + "_keyalgorithm"); + String keyalgorithm = HttpInput.getString(request, ct + "_keyalgorithm"); if (keyalgorithm == null) { if (keytype != null && keytype.equals("ecc")) { keyalgorithm = "SHA256withEC"; @@ -277,8 +266,7 @@ public class SizePanel extends WizardPanelBase { } } - String signingalgorithm = HttpInput.getString(request, ct - + "_signingalgorithm"); + String signingalgorithm = HttpInput.getString(request, ct + "_signingalgorithm"); if (signingalgorithm == null) { signingalgorithm = keyalgorithm; } @@ -287,136 +275,114 @@ public class SizePanel extends WizardPanelBase { if (select == null) { CMS.debug("SizePanel: " + ct + "_choice not found"); - throw new IOException("SizePanel: " + ct - + "_choice not found"); + throw new IOException( + "SizePanel: " + ct + "_choice not found"); } - CMS.debug("SizePanel: update() keysize choice selected:" - + select); - String oldkeysize = config.getString(PCERT_PREFIX + ct - + ".keysize.size", ""); - String oldkeytype = config.getString(PCERT_PREFIX + ct - + ".keytype", ""); - String oldkeyalgorithm = config.getString(PCERT_PREFIX + ct - + ".keyalgorithm", ""); - String oldsigningalgorithm = config.getString(PCERT_PREFIX + ct - + ".signingalgorithm", ""); - String oldcurvename = config.getString(PCERT_PREFIX + ct - + ".curvename.name", ""); + CMS.debug( + "SizePanel: update() keysize choice selected:" + select); + String oldkeysize = + config.getString(PCERT_PREFIX+ct+".keysize.size", ""); + String oldkeytype = + config.getString(PCERT_PREFIX + ct + ".keytype", ""); + String oldkeyalgorithm = + config.getString(PCERT_PREFIX + ct + ".keyalgorithm", ""); + String oldsigningalgorithm = + config.getString(PCERT_PREFIX + ct + ".signingalgorithm", ""); + String oldcurvename = + config.getString(PCERT_PREFIX + ct + ".curvename.name", ""); if (select.equals("default")) { // XXXrenaming these...keep for now just in case config.putString("preop.keysize.select", "default"); if (keytype != null && keytype.equals("ecc")) { - config.putString("preop.curvename.custom_name", - default_ecc_curve_name); - config.putString("preop.curvename.name", - default_ecc_curve_name); + config.putString("preop.curvename.custom_name", + default_ecc_curve_name); + config.putString("preop.curvename.name", default_ecc_curve_name); } else { - config.putString("preop.keysize.custom_size", - default_rsa_key_size); - config.putString("preop.keysize.size", - default_rsa_key_size); + config.putString("preop.keysize.custom_size", + default_rsa_key_size); + config.putString("preop.keysize.size", default_rsa_key_size); } config.putString(PCERT_PREFIX + ct + ".keytype", keytype); - config.putString(PCERT_PREFIX + ct + ".keyalgorithm", - keyalgorithm); - config.putString(PCERT_PREFIX + ct + ".signingalgorithm", - signingalgorithm); + config.putString(PCERT_PREFIX + ct + ".keyalgorithm", keyalgorithm); + config.putString(PCERT_PREFIX + ct + ".signingalgorithm", signingalgorithm); config.putString(PCERT_PREFIX + ct + ".keysize.select", "default"); if (keytype != null && keytype.equals("ecc")) { - config.putString(PCERT_PREFIX + ct - + ".curvename.custom_name", - default_ecc_curve_name); - config.putString(PCERT_PREFIX + ct + ".curvename.name", - default_ecc_curve_name); + config.putString(PCERT_PREFIX + ct + + ".curvename.custom_name", + default_ecc_curve_name); + config.putString(PCERT_PREFIX + ct + ".curvename.name", + default_ecc_curve_name); } else { - config.putString(PCERT_PREFIX + ct - + ".keysize.custom_size", default_rsa_key_size); - config.putString(PCERT_PREFIX + ct + ".keysize.size", - default_rsa_key_size); + config.putString(PCERT_PREFIX + ct + + ".keysize.custom_size", + default_rsa_key_size); + config.putString(PCERT_PREFIX + ct + ".keysize.size", + default_rsa_key_size); } } else if (select.equals("custom")) { // XXXrenaming these...keep for now just in case config.putString("preop.keysize.select", "custom"); if (keytype != null && keytype.equals("ecc")) { - config.putString( - "preop.curvename.name", - HttpInput.getString(request, ct - + "_custom_curvename")); - config.putString( - "preop.curvename.custom_name", - HttpInput.getString(request, ct - + "_custom_curvename")); + config.putString("preop.curvename.name", + HttpInput.getString(request, ct + "_custom_curvename")); + config.putString("preop.curvename.custom_name", + HttpInput.getString(request, ct + "_custom_curvename")); } else { - config.putString( - "preop.keysize.size", - HttpInput.getKeySize(request, ct - + "_custom_size", keytype)); - config.putString( - "preop.keysize.custom_size", - HttpInput.getKeySize(request, ct - + "_custom_size", keytype)); + config.putString("preop.keysize.size", + HttpInput.getKeySize(request, ct + "_custom_size", keytype)); + config.putString("preop.keysize.custom_size", + HttpInput.getKeySize(request, ct + "_custom_size", keytype)); } config.putString(PCERT_PREFIX + ct + ".keytype", keytype); - config.putString(PCERT_PREFIX + ct + ".keyalgorithm", - keyalgorithm); - config.putString(PCERT_PREFIX + ct + ".signingalgorithm", - signingalgorithm); + config.putString(PCERT_PREFIX + ct + ".keyalgorithm", keyalgorithm); + config.putString(PCERT_PREFIX + ct + ".signingalgorithm", signingalgorithm); config.putString(PCERT_PREFIX + ct + ".keysize.select", "custom"); if (keytype != null && keytype.equals("ecc")) { - config.putString( - PCERT_PREFIX + ct + ".curvename.custom_name", - HttpInput.getString(request, ct - + "_custom_curvename")); - config.putString( - PCERT_PREFIX + ct + ".curvename.name", - HttpInput.getString(request, ct - + "_custom_curvename")); + config.putString(PCERT_PREFIX + ct + ".curvename.custom_name", + HttpInput.getString(request, ct + "_custom_curvename")); + config.putString(PCERT_PREFIX + ct + ".curvename.name", + HttpInput.getString(request, ct + "_custom_curvename")); } else { - config.putString( - PCERT_PREFIX + ct + ".keysize.custom_size", - HttpInput.getKeySize(request, ct - + "_custom_size")); - config.putString( - PCERT_PREFIX + ct + ".keysize.size", - HttpInput.getKeySize(request, ct - + "_custom_size")); + config.putString(PCERT_PREFIX + ct + ".keysize.custom_size", + HttpInput.getKeySize(request, ct + "_custom_size")); + config.putString(PCERT_PREFIX + ct + ".keysize.size", + HttpInput.getKeySize(request, ct + "_custom_size")); } } else { CMS.debug("SizePanel: invalid choice " + select); throw new IOException("invalid choice " + select); } - String newkeysize = config.getString(PCERT_PREFIX + ct - + ".keysize.size", ""); - String newkeytype = config.getString(PCERT_PREFIX + ct - + ".keytype", ""); - String newkeyalgorithm = config.getString(PCERT_PREFIX + ct - + ".keyalgorithm", ""); - String newsigningalgorithm = config.getString(PCERT_PREFIX + ct - + ".signingalgorithm", ""); - String newcurvename = config.getString(PCERT_PREFIX + ct - + ".curvename.name", ""); - - if (!oldkeysize.equals(newkeysize) - || !oldkeytype.equals(newkeytype) - || !oldkeyalgorithm.equals(newkeyalgorithm) - || !oldsigningalgorithm.equals(newsigningalgorithm) - || !oldcurvename.equals(newcurvename)) + String newkeysize = + config.getString(PCERT_PREFIX+ct+".keysize.size", ""); + String newkeytype = + config.getString(PCERT_PREFIX + ct + ".keytype", ""); + String newkeyalgorithm = + config.getString(PCERT_PREFIX + ct + ".keyalgorithm", ""); + String newsigningalgorithm = + config.getString(PCERT_PREFIX + ct + ".signingalgorithm", ""); + String newcurvename = + config.getString(PCERT_PREFIX+ct+".curvename.name", ""); + + if (!oldkeysize.equals(newkeysize) || + !oldkeytype.equals(newkeytype) || + !oldkeyalgorithm.equals(newkeyalgorithm) || + !oldsigningalgorithm.equals(newsigningalgorithm) || + !oldcurvename.equals(newcurvename)) hasChanged = true; }// while try { config.commit(false); - } catch (EBaseException e) { - CMS.debug("SizePanel: update() Exception caught at config commit: " - + e.toString()); + } catch (EBaseException e) { + CMS.debug("SizePanel: update() Exception caught at config commit: " + e.toString()); } val1 = HttpInput.getID(request, "generateKeyPair"); @@ -427,20 +393,19 @@ public class SizePanel extends WizardPanelBase { context.put("updateStatus", "success"); return; } - } catch (IOException e) { + } catch (IOException e) { CMS.debug("SizePanel: update() IOException caught: " + e.toString()); context.put("updateStatus", "failure"); throw e; } catch (NumberFormatException e) { - CMS.debug("SizePanel: update() NumberFormatException caught: " - + e.toString()); + CMS.debug("SizePanel: update() NumberFormatException caught: " + e.toString()); context.put("updateStatus", "failure"); throw e; - } catch (Exception e) { + } catch (Exception e) { CMS.debug("SizePanel: update() Exception caught: " + e.toString()); } - // generate key pair + // generate key pair Enumeration c = mCerts.elements(); while (c.hasMoreElements()) { @@ -449,9 +414,8 @@ public class SizePanel extends WizardPanelBase { String friendlyName = ct; boolean enable = true; try { - enable = config.getBoolean(PCERT_PREFIX + ct + ".enable", true); - friendlyName = config.getString(PCERT_PREFIX + ct - + ".userfriendlyname", ct); + enable = config.getBoolean(PCERT_PREFIX+ct+".enable", true); + friendlyName = config.getString(PCERT_PREFIX + ct + ".userfriendlyname", ct); } catch (Exception e) { } @@ -459,19 +423,17 @@ public class SizePanel extends WizardPanelBase { continue; try { - String keytype = config.getString(PCERT_PREFIX + ct - + ".keytype"); - String keyalgorithm = config.getString(PCERT_PREFIX + ct - + ".keyalgorithm"); - + String keytype = config.getString(PCERT_PREFIX + ct + ".keytype"); + String keyalgorithm = config.getString(PCERT_PREFIX + ct + ".keyalgorithm"); + if (keytype.equals("rsa")) { - int keysize = config.getInteger(PCERT_PREFIX + ct - + ".keysize.size"); + int keysize = config.getInteger( + PCERT_PREFIX + ct + ".keysize.size"); createRSAKeyPair(token, keysize, config, ct); } else { - String curveName = config.getString(PCERT_PREFIX + ct - + ".curvename.name", default_ecc_curve_name); + String curveName = config.getString( + PCERT_PREFIX + ct + ".curvename.name", default_ecc_curve_name); createECCKeyPair(token, curveName, config, ct); } config.commit(false); @@ -479,41 +441,40 @@ public class SizePanel extends WizardPanelBase { CMS.debug(e); CMS.debug("SizePanel: key generation failure: " + e.toString()); context.put("updateStatus", "failure"); - throw new IOException( - "key generation failure for the certificate: " - + friendlyName + ". See the logs for details."); + throw new IOException("key generation failure for the certificate: " + friendlyName + + ". See the logs for details."); } } // while if (hasErr == false) { - config.putBoolean("preop.SizePanel.done", true); - try { - config.commit(false); - } catch (EBaseException e) { - CMS.debug("SizePanel: update() Exception caught at config commit: " - + e.toString()); - } - } + config.putBoolean("preop.SizePanel.done", true); + try { + config.commit(false); + } catch (EBaseException e) { + CMS.debug( + "SizePanel: update() Exception caught at config commit: " + + e.toString()); + } + } CMS.debug("SizePanel: update() done"); context.put("updateStatus", "success"); } - public void createECCKeyPair(String token, String curveName, - IConfigStore config, String ct) throws NoSuchAlgorithmException, - NoSuchTokenException, TokenException, - CryptoManager.NotInitializedException { - CMS.debug("Generating ECC key pair with curvename=" + curveName - + ", token=" + token); + public void createECCKeyPair(String token, String curveName, IConfigStore config, String ct) + throws NoSuchAlgorithmException, NoSuchTokenException, TokenException, CryptoManager.NotInitializedException + { + CMS.debug("Generating ECC key pair with curvename="+ curveName + + ", token="+token); KeyPair pair = null; /* - * default ssl server cert to ECDHE unless stated otherwise note: IE - * only supports "ECDHE", but "ECDH" is more efficient - * + * default ssl server cert to ECDHE unless stated otherwise + * note: IE only supports "ECDHE", but "ECDH" is more efficient + * * for "ECDHE", server.xml should have the following for ciphers: * +TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, * -TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - * + * * for "ECDH", server.xml should have the following for ciphers: * -TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, * +TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA @@ -526,45 +487,49 @@ public class SizePanel extends WizardPanelBase { } // ECDHE needs "SIGN" but no "DERIVE" - org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage usages_mask[] = { org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.DERIVE }; + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage usages_mask[] = { + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.DERIVE + }; // ECDH needs "DERIVE" but no any kind of "SIGN" org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage ECDH_usages_mask[] = { - org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN, - org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN_RECOVER, }; + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN, + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN_RECOVER, + }; do { - if (ct.equals("sslserver") && sslType.equalsIgnoreCase("ECDH")) { - CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDH. Make sure server.xml is set properly with -TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"); - pair = CryptoUtil.generateECCKeyPair(token, curveName, null, - ECDH_usages_mask); - } else { - if (ct.equals("sslserver")) { - CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDHE. Make sure server.xml is set properly with +TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"); - } - pair = CryptoUtil.generateECCKeyPair(token, curveName, null, - usages_mask); - } - - // XXX - store curve , w - byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()) - .getUniqueID(); - String kid = CryptoUtil.byte2string(id); - config.putString(PCERT_PREFIX + ct + ".privkey.id", kid); - - // try to locate the private key - org.mozilla.jss.crypto.PrivateKey privk = CryptoUtil - .findPrivateKeyFromID(CryptoUtil.string2byte(kid)); - if (privk == null) { - CMS.debug("Found bad ECC key id " + kid); - pair = null; + if (ct.equals("sslserver") && sslType.equalsIgnoreCase("ECDH")) { + CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDH. Make sure server.xml is set properly with -TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"); + pair = CryptoUtil.generateECCKeyPair(token, curveName, + null, + ECDH_usages_mask); + } else { + if (ct.equals("sslserver")) { + CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDHE. Make sure server.xml is set properly with +TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"); + } + pair = CryptoUtil.generateECCKeyPair(token, curveName, + null, + usages_mask); + } + + // XXX - store curve , w + byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()).getUniqueID(); + String kid = CryptoUtil.byte2string(id); + config.putString(PCERT_PREFIX + ct + ".privkey.id", kid); + + // try to locate the private key + org.mozilla.jss.crypto.PrivateKey privk = + CryptoUtil.findPrivateKeyFromID(CryptoUtil.string2byte(kid)); + if (privk == null) { + CMS.debug("Found bad ECC key id " + kid); + pair = null; } } while (pair == null); - CMS.debug("Public key class " + pair.getPublic().getClass().getName()); + CMS.debug("Public key class " + pair.getPublic().getClass().getName()); byte encoded[] = pair.getPublic().getEncoded(); config.putString(PCERT_PREFIX + ct + ".pubkey.encoded", - CryptoUtil.byte2string(encoded)); + CryptoUtil.byte2string(encoded)); String keyAlgo = ""; try { @@ -572,39 +537,35 @@ public class SizePanel extends WizardPanelBase { } catch (Exception e1) { } - setSigningAlgorithm(ct, keyAlgo, config); + setSigningAlgorithm(ct, keyAlgo, config); } - public void createRSAKeyPair(String token, int keysize, - IConfigStore config, String ct) throws NoSuchAlgorithmException, - NoSuchTokenException, TokenException, - CryptoManager.NotInitializedException { + public void createRSAKeyPair(String token, int keysize, IConfigStore config, String ct) + throws NoSuchAlgorithmException, NoSuchTokenException, TokenException, CryptoManager.NotInitializedException + { /* generate key pair */ KeyPair pair = null; do { - pair = CryptoUtil.generateRSAKeyPair(token, keysize); - byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()) - .getUniqueID(); - String kid = CryptoUtil.byte2string(id); - config.putString(PCERT_PREFIX + ct + ".privkey.id", kid); - // try to locate the private key - org.mozilla.jss.crypto.PrivateKey privk = CryptoUtil - .findPrivateKeyFromID(CryptoUtil.string2byte(kid)); - if (privk == null) { - CMS.debug("Found bad RSA key id " + kid); - pair = null; + pair = CryptoUtil.generateRSAKeyPair(token, keysize); + byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()).getUniqueID(); + String kid = CryptoUtil.byte2string(id); + config.putString(PCERT_PREFIX + ct + ".privkey.id", kid); + // try to locate the private key + org.mozilla.jss.crypto.PrivateKey privk = + CryptoUtil.findPrivateKeyFromID(CryptoUtil.string2byte(kid)); + if (privk == null) { + CMS.debug("Found bad RSA key id " + kid); + pair = null; } } while (pair == null); - byte modulus[] = ((RSAPublicKey) pair.getPublic()).getModulus() - .toByteArray(); - byte exponent[] = ((RSAPublicKey) pair.getPublic()).getPublicExponent() - .toByteArray(); + byte modulus[] = ((RSAPublicKey) pair.getPublic()).getModulus().toByteArray(); + byte exponent[] = ((RSAPublicKey) pair.getPublic()).getPublicExponent().toByteArray(); config.putString(PCERT_PREFIX + ct + ".pubkey.modulus", - CryptoUtil.byte2string(modulus)); + CryptoUtil.byte2string(modulus)); config.putString(PCERT_PREFIX + ct + ".pubkey.exponent", - CryptoUtil.byte2string(exponent)); + CryptoUtil.byte2string(exponent)); String keyAlgo = ""; try { @@ -612,39 +573,41 @@ public class SizePanel extends WizardPanelBase { } catch (Exception e1) { } - setSigningAlgorithm(ct, keyAlgo, config); + setSigningAlgorithm(ct, keyAlgo, config); } - public void setSigningAlgorithm(String ct, String keyAlgo, - IConfigStore config) { + public void setSigningAlgorithm(String ct, String keyAlgo, IConfigStore config) { String systemType = ""; try { - systemType = config.getString("preop.system.name"); + systemType = config.getString("preop.system.name"); } catch (Exception e1) { } if (systemType.equalsIgnoreCase("CA")) { - if (ct.equals("signing")) { - config.putString("ca.signing.defaultSigningAlgorithm", keyAlgo); - config.putString("ca.crl.MasterCRL.signingAlgorithm", keyAlgo); - } else if (ct.equals("ocsp_signing")) { - config.putString("ca.ocsp_signing.defaultSigningAlgorithm", - keyAlgo); - } + if (ct.equals("signing")) { + config.putString("ca.signing.defaultSigningAlgorithm", + keyAlgo); + config.putString("ca.crl.MasterCRL.signingAlgorithm", + keyAlgo); + } else if (ct.equals("ocsp_signing")) { + config.putString("ca.ocsp_signing.defaultSigningAlgorithm", + keyAlgo); + } } else if (systemType.equalsIgnoreCase("OCSP")) { - if (ct.equals("signing")) { - config.putString("ocsp.signing.defaultSigningAlgorithm", - keyAlgo); - } - } else if (systemType.equalsIgnoreCase("KRA") - || systemType.equalsIgnoreCase("DRM")) { - if (ct.equals("transport")) { + if (ct.equals("signing")) { + config.putString("ocsp.signing.defaultSigningAlgorithm", + keyAlgo); + } + } else if (systemType.equalsIgnoreCase("KRA") || + systemType.equalsIgnoreCase("DRM")) { + if (ct.equals("transport")) { config.putString("kra.transportUnit.signingAlgorithm", keyAlgo); - } + } } } public void initParams(HttpServletRequest request, Context context) - throws IOException { + throws IOException + { IConfigStore config = CMS.getConfigStore(); String s = ""; try { @@ -656,13 +619,10 @@ public class SizePanel extends WizardPanelBase { s = config.getString("preop.hierarchy.select", "root"); context.put("hselect", s); - s = config.getString("preop.ecc.algorithm.list", - "SHA256withEC,SHA1withEC,SHA384withEC,SHA512withEC"); + s = config.getString("preop.ecc.algorithm.list", "SHA256withEC,SHA1withEC,SHA384withEC,SHA512withEC"); context.put("ecclist", s); - s = config - .getString("preop.rsa.algorithm.list", - "SHA256withRSA,SHA1withRSA,SHA512withRSA,MD5withRSA,MD2withRSA"); + s = config.getString("preop.rsa.algorithm.list", "SHA256withRSA,SHA1withRSA,SHA512withRSA,MD5withRSA,MD2withRSA"); context.put("rsalist", s); s = config.getString("keys.ecc.curve.list", "nistp256"); @@ -675,8 +635,7 @@ public class SizePanel extends WizardPanelBase { context.put("subsystemtype", s); } catch (Exception e) { - CMS.debug("SizePanel(): initParams: unable to set all initial parameters:" - + e); + CMS.debug("SizePanel(): initParams: unable to set all initial parameters:" + e); } } @@ -684,9 +643,10 @@ public class SizePanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { try { - initParams(request, context); + initParams(request, context); } catch (IOException e) { } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java index b1c16d65..cf59e07c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java @@ -51,7 +51,6 @@ public class TokenAuthenticate extends CMSServlet { /** * initialize the servlet. - * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -59,14 +58,13 @@ public class TokenAuthenticate extends CMSServlet { } /** - * Process the HTTP request. - * + * Process the HTTP request. * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); - IConfigStore config = CMS.getConfigStore(); + IConfigStore config = CMS.getConfigStore(); String sessionId = httpReq.getParameter("sessionID"); CMS.debug("TokenAuthentication: sessionId=" + sessionId); @@ -87,9 +85,9 @@ public class TokenAuthenticate extends CMSServlet { CMS.debug("TokenAuthentication: found session"); if (checkIP) { String hostname = table.getIP(sessionId); - if (!hostname.equals(givenHost)) { - CMS.debug("TokenAuthentication: hostname=" + hostname - + " and givenHost=" + givenHost + " are different"); + if (! hostname.equals(givenHost)) { + CMS.debug("TokenAuthentication: hostname=" + hostname + " and givenHost=" + + givenHost + " are different"); CMS.debug("TokenAuthenticate authenticate failed, wrong hostname."); outputError(httpResp, "Error: Failed Authentication"); return; @@ -124,15 +122,7 @@ public class TokenAuthenticate extends CMSServlet { } } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do - // nothing, - // ie, it - // will - // not - // return - // the - // default - // javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java index b71cbb3c..cf699c61 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -44,6 +45,7 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ICMSTemplateFiller; import com.netscape.cmsutil.xml.XMLObject; + public class UpdateConnector extends CMSServlet { /** @@ -60,7 +62,6 @@ public class UpdateConnector extends CMSServlet { /** * initialize the servlet. - * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -70,7 +71,7 @@ public class UpdateConnector extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. */ protected void process(CMSRequest cmsReq) throws EBaseException { CMS.debug("UpdateConnector: processing..."); @@ -84,9 +85,9 @@ public class UpdateConnector extends CMSServlet { CMS.debug("UpdateConnector authentication successful."); } catch (Exception e) { CMS.debug("UpdateConnector: authentication failed."); - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", - e.toString())); + e.toString())); outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated"); return; } @@ -99,19 +100,19 @@ public class UpdateConnector extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "modify"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "modify"); CMS.debug("UpdateConnector authorization successful."); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, "Error: Not authorized"); return; } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, - "Error: Encountered problem during authorization."); + "Error: Encountered problem during authorization."); return; } @@ -124,35 +125,33 @@ public class UpdateConnector extends CMSServlet { Enumeration list = httpReq.getParameterNames(); while (list.hasMoreElements()) { - String name = (String) list.nextElement(); + String name = (String)list.nextElement(); String val = httpReq.getParameter(name); if (name != null && name.startsWith("ca.connector")) { - CMS.debug("Adding connector update name=" + name + " val=" - + val); + CMS.debug("Adding connector update name=" + name + " val=" + val); cs.putString(name, val); } else { - CMS.debug("Skipping connector update name=" + name + " val=" - + val); + CMS.debug("Skipping connector update name=" + name + " val=" + val); } } - - try { + + try { String nickname = cs.getString("ca.subsystem.nickname", ""); String tokenname = cs.getString("ca.subsystem.tokenname", ""); if (!tokenname.equals("Internal Key Storage Token")) - nickname = tokenname + ":" + nickname; + nickname = tokenname+":"+nickname; cs.putString("ca.connector.KRA.nickName", nickname); cs.commit(false); } catch (Exception e) { } // start the connector - try { - ICertificateAuthority ca = (ICertificateAuthority) CMS - .getSubsystem("ca"); - ICAService caService = (ICAService) ca.getCAService(); - IConnector kraConnector = caService.getConnector(cs - .getSubStore("ca.connector.KRA")); + try { + ICertificateAuthority ca = (ICertificateAuthority) + CMS.getSubsystem("ca"); + ICAService caService = (ICAService)ca.getCAService(); + IConnector kraConnector = caService.getConnector( + cs.getSubStore("ca.connector.KRA")); caService.setKRAConnector(kraConnector); kraConnector.start(); } catch (Exception e) { @@ -174,22 +173,14 @@ public class UpdateConnector extends CMSServlet { } } - protected void setDefaultTemplates(ServletConfig sc) { - } + protected void setDefaultTemplates(ServletConfig sc) {} - protected void renderTemplate(CMSRequest cmsReq, String templateName, - ICMSTemplateFiller filler) throws IOException {// do nothing - } + protected void renderTemplate( + CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) + throws IOException {// do nothing + } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do - // nothing, - // ie, it - // will - // not - // return - // the - // default - // javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java index 57c58df3..c9fe27ef 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.IOException; @@ -54,6 +55,7 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ICMSTemplateFiller; import com.netscape.cmsutil.xml.XMLObject; + public class UpdateDomainXML extends CMSServlet { /** @@ -62,8 +64,10 @@ public class UpdateDomainXML extends CMSServlet { private static final long serialVersionUID = 4059169588555717548L; private final static String SUCCESS = "0"; private final static String FAILED = "1"; - private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE = "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1"; - private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE = "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; + private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE = + "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1"; + private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE = + "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; public UpdateDomainXML() { super(); @@ -71,7 +75,6 @@ public class UpdateDomainXML extends CMSServlet { /** * initialize the servlet. - * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -98,19 +101,20 @@ public class UpdateDomainXML extends CMSServlet { status = FAILED; CMS.debug("Failed to delete entry" + e.toString()); } - } catch (Exception e) { - CMS.debug("Failed to delete entry" + e.toString()); - } finally { + } catch (Exception e) { + CMS.debug("Failed to delete entry" + e.toString()); + } finally { try { - if ((conn != null) && (connFactory != null)) { + if ((conn != null) && (connFactory!= null)) { CMS.debug("Releasing ldap connection"); connFactory.returnConn(conn); } - } catch (Exception e) { + } + catch (Exception e) { CMS.debug("Error releasing the ldap connection" + e.toString()); } - } - return status; + } + return status; } private String modify_ldap(String dn, LDAPModification mod) { @@ -131,21 +135,23 @@ public class UpdateDomainXML extends CMSServlet { status = FAILED; CMS.debug("Failed to modify entry" + e.toString()); } - } catch (Exception e) { + } catch (Exception e) { CMS.debug("Failed to modify entry" + e.toString()); - } finally { + } finally { try { - if ((conn != null) && (connFactory != null)) { + if ((conn != null) && (connFactory!= null)) { CMS.debug("Releasing ldap connection"); connFactory.returnConn(conn); } - } catch (Exception e) { + } + catch (Exception e) { CMS.debug("Error releasing the ldap connection" + e.toString()); } - } - return status; + } + return status; } + private String add_to_ldap(LDAPEntry entry, String dn) { CMS.debug("UpdateDomainXML: add_to_ldap: starting"); String status = SUCCESS; @@ -166,38 +172,37 @@ public class UpdateDomainXML extends CMSServlet { conn.delete(dn); conn.add(entry); } catch (LDAPException ee) { - CMS.debug("UpdateDomainXML: Error when replacing existing entry " - + ee.toString()); + CMS.debug("UpdateDomainXML: Error when replacing existing entry "+ee.toString()); status = FAILED; } } else { - CMS.debug("UpdateDomainXML: Failed to update ldap domain info. Exception: " - + e.toString()); + CMS.debug("UpdateDomainXML: Failed to update ldap domain info. Exception: "+e.toString()); status = FAILED; } } catch (Exception e) { CMS.debug("Failed to add entry" + e.toString()); } finally { try { - if ((conn != null) && (connFactory != null)) { + if ((conn != null) && (connFactory!= null)) { CMS.debug("Releasing ldap connection"); connFactory.returnConn(conn); } - } catch (Exception e) { + } + catch (Exception e) { CMS.debug("Error releasing the ldap connection" + e.toString()); } - } - return status; + } + return status; } + + /** - * Process the HTTP request. + * Process the HTTP request. * <ul> * <li>http.param op 'downloadBIN' - return the binary certificate chain - * <li>http.param op 'displayIND' - display pretty-print of certificate - * chain components + * <li>http.param op 'displayIND' - display pretty-print of certificate chain components * </ul> - * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -214,7 +219,7 @@ public class UpdateDomainXML extends CMSServlet { authToken = authenticate(cmsReq); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated"); return; } @@ -228,18 +233,19 @@ public class UpdateDomainXML extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "modify"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "modify"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, AUTH_FAILURE, "Error: Not authorized"); return; } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - outputError(httpResp, AUTH_FAILURE, - "Error: Encountered problem during authorization."); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + outputError(httpResp, + AUTH_FAILURE, + "Error: Encountered problem during authorization."); return; } if (authzToken == null) { @@ -266,7 +272,7 @@ public class UpdateDomainXML extends CMSServlet { String missing = ""; if ((host == null) || host.equals("")) { missing += " host "; - } + } if ((name == null) || name.equals("")) { missing += " name "; } @@ -280,20 +286,20 @@ public class UpdateDomainXML extends CMSServlet { clone = "false"; } - if (!missing.equals("")) { - CMS.debug("UpdateDomainXML process: required parameters:" + missing - + "not provided in request"); - outputError(httpResp, "Error: required parameters: " + missing - + "not provided in request"); + if (! missing.equals("")) { + CMS.debug("UpdateDomainXML process: required parameters:" + missing + + "not provided in request"); + outputError(httpResp, "Error: required parameters: " + missing + + "not provided in request"); return; } String auditMessage = null; String auditSubjectID = auditSubjectID(); - String auditParams = "host;;" + host + "+name;;" + name + "+sport;;" - + sport + "+clone;;" + clone + "+type;;" + type; + String auditParams = "host;;"+host+"+name;;"+name+"+sport;;"+sport+ + "+clone;;"+clone+"+type;;"+type; if (operation != null) { - auditParams += "+operation;;" + operation; + auditParams += "+operation;;"+operation; } else { auditParams += "+operation;;add"; } @@ -306,7 +312,8 @@ public class UpdateDomainXML extends CMSServlet { try { basedn = cs.getString("internaldb.basedn"); secstore = cs.getString("securitydomain.store"); - } catch (Exception e) { + } + catch (Exception e) { CMS.debug("Unable to determine security domain name or basedn. Please run the domaininfo migration script"); } @@ -319,14 +326,13 @@ public class UpdateDomainXML extends CMSServlet { String listName = type + "List"; String cn = host + ":"; - if ((adminsport != null) && (adminsport != "")) { + if ((adminsport!= null) && (adminsport != "")) { cn += adminsport; } else { cn += sport; } - String dn = "cn=" + cn + ",cn=" + listName + ",ou=Security Domain," - + basedn; + String dn = "cn=" + cn + ",cn=" + listName + ",ou=Security Domain," + basedn; CMS.debug("UpdateDomainXML: updating LDAP entry: " + dn); LDAPAttributeSet attrs = null; @@ -350,69 +356,69 @@ public class UpdateDomainXML extends CMSServlet { attrs.add(new LDAPAttribute("SecureEEClientAuthPort", eecaport)); } if ((domainmgr != null) && (!domainmgr.equals(""))) { - attrs.add(new LDAPAttribute("DomainManager", domainmgr - .toUpperCase())); + attrs.add(new LDAPAttribute("DomainManager", domainmgr.toUpperCase())); } attrs.add(new LDAPAttribute("clone", clone.toUpperCase())); attrs.add(new LDAPAttribute("SubsystemName", name)); entry = new LDAPEntry(dn, attrs); - - if ((operation != null) && (operation.equals("remove"))) { - status = remove_from_ldap(dn); - String adminUserDN; - if ((agentsport != null) && (!agentsport.equals(""))) { - adminUserDN = "uid=" + type + "-" + host + "-" + agentsport - + ",ou=People," + basedn; - } else { - adminUserDN = "uid=" + type + "-" + host + "-" + sport - + ",ou=People," + basedn; - } - String userAuditParams = "Scope;;users+Operation;;OP_DELETE+source;;UpdateDomainXML" - + "+resource;;" + adminUserDN; - if (status.equals(SUCCESS)) { - // remove the user for this subsystem's admin - status2 = remove_from_ldap(adminUserDN); - if (status2.equals(SUCCESS)) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, ILogger.SUCCESS, - userAuditParams); - audit(auditMessage); - - // remove this user from the subsystem group - userAuditParams = "Scope;;groups+Operation;;OP_DELETE_USER" - + "+source;;UpdateDomainXML" - + "+resource;;Subsystem Group+user;;" - + adminUserDN; - dn = "cn=Subsystem Group, ou=groups," + basedn; - LDAPModification mod = new LDAPModification( - LDAPModification.DELETE, new LDAPAttribute( - "uniqueMember", adminUserDN)); - status2 = modify_ldap(dn, mod); + + if ((operation != null) && (operation.equals("remove"))) { + status = remove_from_ldap(dn); + String adminUserDN; + if ((agentsport != null) && (!agentsport.equals(""))) { + adminUserDN = "uid=" + type + "-" + host + "-" + agentsport + ",ou=People," + basedn; + } else { + adminUserDN = "uid=" + type + "-" + host + "-" + sport + ",ou=People," + basedn; + } + String userAuditParams = "Scope;;users+Operation;;OP_DELETE+source;;UpdateDomainXML" + + "+resource;;"+adminUserDN; + if (status.equals(SUCCESS)) { + // remove the user for this subsystem's admin + status2 = remove_from_ldap(adminUserDN); if (status2.equals(SUCCESS)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, ILogger.SUCCESS, - userAuditParams); - } else { + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.SUCCESS, + userAuditParams); + audit(auditMessage); + + // remove this user from the subsystem group + userAuditParams = "Scope;;groups+Operation;;OP_DELETE_USER" + + "+source;;UpdateDomainXML" + + "+resource;;Subsystem Group+user;;"+adminUserDN; + dn = "cn=Subsystem Group, ou=groups," + basedn; + LDAPModification mod = new LDAPModification(LDAPModification.DELETE, + new LDAPAttribute("uniqueMember", adminUserDN)); + status2 = modify_ldap(dn, mod); + if (status2.equals(SUCCESS)) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.SUCCESS, + userAuditParams); + } else { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + userAuditParams); + } + audit(auditMessage); + } else { // error deleting user auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, ILogger.FAILURE, - userAuditParams); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + userAuditParams); + audit(auditMessage); } - audit(auditMessage); - } else { // error deleting user - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, ILogger.FAILURE, - userAuditParams); - audit(auditMessage); } - } } else { - status = add_to_ldap(entry, dn); + status = add_to_ldap(entry, dn); } - } else { + } + else { // update the domain.xml file String path = CMS.getConfigStore().getString("instanceRoot", "") + "/conf/domain.xml"; @@ -424,7 +430,7 @@ public class UpdateDomainXML extends CMSServlet { CMS.debug("UpdateDomainXML: Inserting new domain info"); XMLObject parser = new XMLObject(new FileInputStream(path)); Node n = parser.getContainer(list); - int count = 0; + int count =0; if ((operation != null) && (operation.equals("remove"))) { // delete node @@ -434,19 +440,15 @@ public class UpdateDomainXML extends CMSServlet { for (int i = 0; i < len; i++) { Node nn = (Node) nodeList.item(i); - Vector v_name = parser.getValuesFromContainer(nn, - "SubsystemName"); - Vector v_host = parser.getValuesFromContainer(nn, - "Host"); - Vector v_adminport = parser.getValuesFromContainer(nn, - "SecureAdminPort"); - if ((v_name.elementAt(0).equals(name)) - && (v_host.elementAt(0).equals(host)) - && (v_adminport.elementAt(0).equals(adminsport))) { - Node parent = nn.getParentNode(); - Node remNode = parent.removeChild(nn); - count--; - break; + Vector v_name = parser.getValuesFromContainer(nn, "SubsystemName"); + Vector v_host = parser.getValuesFromContainer(nn, "Host"); + Vector v_adminport = parser.getValuesFromContainer(nn, "SecureAdminPort"); + if ((v_name.elementAt(0).equals(name)) && (v_host.elementAt(0).equals(host)) + && (v_adminport.elementAt(0).equals(adminsport))) { + Node parent = nn.getParentNode(); + Node remNode = parent.removeChild(nn); + count --; + break; } } } else { @@ -455,44 +457,39 @@ public class UpdateDomainXML extends CMSServlet { parser.addItemToContainer(parent, "SubsystemName", name); parser.addItemToContainer(parent, "Host", host); parser.addItemToContainer(parent, "SecurePort", sport); - parser.addItemToContainer(parent, "SecureAgentPort", - agentsport); - parser.addItemToContainer(parent, "SecureAdminPort", - adminsport); - parser.addItemToContainer(parent, "SecureEEClientAuthPort", - eecaport); + parser.addItemToContainer(parent, "SecureAgentPort", agentsport); + parser.addItemToContainer(parent, "SecureAdminPort", adminsport); + parser.addItemToContainer(parent, "SecureEEClientAuthPort", eecaport); parser.addItemToContainer(parent, "UnSecurePort", httpport); - parser.addItemToContainer(parent, "DomainManager", - domainmgr.toUpperCase()); - parser.addItemToContainer(parent, "Clone", - clone.toUpperCase()); - count++; + parser.addItemToContainer(parent, "DomainManager", domainmgr.toUpperCase()); + parser.addItemToContainer(parent, "Clone", clone.toUpperCase()); + count ++; } - // update count + //update count String countS = ""; NodeList nlist = n.getChildNodes(); Node countnode = null; - for (int i = 0; i < nlist.getLength(); i++) { - Element nn = (Element) nlist.item(i); + for (int i=0; i<nlist.getLength(); i++) { + Element nn = (Element)nlist.item(i); String tagname = nn.getTagName(); if (tagname.equals("SubsystemCount")) { countnode = nn; NodeList nlist1 = nn.getChildNodes(); Node nn1 = nlist1.item(0); - countS = nn1.getNodeValue(); + countS = nn1.getNodeValue(); break; } } - CMS.debug("UpdateDomainXML process: SubsystemCount=" + countS); + CMS.debug("UpdateDomainXML process: SubsystemCount="+countS); try { - count += Integer.parseInt(countS); + count += Integer.parseInt(countS); } catch (Exception ee) { } Node nn2 = n.removeChild(countnode); - parser.addItemToContainer(n, "SubsystemCount", "" + count); + parser.addItemToContainer(n, "SubsystemCount", ""+count); // recreate domain.xml CMS.debug("UpdateDomainXML: Recreating domain.xml"); @@ -506,24 +503,28 @@ public class UpdateDomainXML extends CMSServlet { } } - + if (status.equals(SUCCESS)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, - auditSubjectID, ILogger.SUCCESS, auditParams); + LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, + auditSubjectID, + ILogger.SUCCESS, + auditParams); } else { // what if already exists or already deleted auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, - auditSubjectID, ILogger.FAILURE, auditParams); + LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, + auditSubjectID, + ILogger.FAILURE, + auditParams); } audit(auditMessage); - if (status.equals(SUCCESS) && status2.equals(SUCCESS)) { - status = SUCCESS; - } else { - status = FAILED; - } + if (status.equals(SUCCESS) && status2.equals(SUCCESS)) { + status = SUCCESS; + } else { + status = FAILED; + } try { // send success status back to the requestor @@ -536,34 +537,24 @@ public class UpdateDomainXML extends CMSServlet { outputResult(httpResp, "application/xml", cb); } catch (Exception e) { - CMS.debug("UpdateDomainXML: Failed to send the XML output" - + e.toString()); + CMS.debug("UpdateDomainXML: Failed to send the XML output" + e.toString()); } } protected String securityDomainXMLtoLDAP(String xmltag) { - if (xmltag.equals("Host")) - return "host"; - else - return xmltag; + if (xmltag.equals("Host")) return "host"; + else return xmltag; } - protected void setDefaultTemplates(ServletConfig sc) { - } - protected void renderTemplate(CMSRequest cmsReq, String templateName, - ICMSTemplateFiller filler) throws IOException {// do nothing - } + protected void setDefaultTemplates(ServletConfig sc) {} + + protected void renderTemplate( + CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) + throws IOException {// do nothing + } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do - // nothing, - // ie, it - // will - // not - // return - // the - // default - // javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java index f563c9f6..0a1787aa 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.IOException; import java.math.BigInteger; import java.util.Locale; @@ -44,6 +45,7 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ICMSTemplateFiller; import com.netscape.cmsutil.xml.XMLObject; + public class UpdateNumberRange extends CMSServlet { /** @@ -53,7 +55,8 @@ public class UpdateNumberRange extends CMSServlet { private final static String SUCCESS = "0"; private final static String FAILED = "1"; private final static String AUTH_FAILURE = "2"; - private final static String LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER = "LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER_1"; + private final static String LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER = + "LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER_1"; public UpdateNumberRange() { super(); @@ -61,7 +64,6 @@ public class UpdateNumberRange extends CMSServlet { /** * initialize the servlet. - * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -71,13 +73,11 @@ public class UpdateNumberRange extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> * <li>http.param op 'downloadBIN' - return the binary certificate chain - * <li>http.param op 'displayIND' - display pretty-print of certificate - * chain components + * <li>http.param op 'displayIND' - display pretty-print of certificate chain components * </ul> - * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -96,18 +96,18 @@ public class UpdateNumberRange extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "modify"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "modify"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, "Error: Not authorized"); return; } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, - "Error: Encountered problem during authorization."); + "Error: Encountered problem during authorization."); return; } if (authzToken == null) { @@ -131,13 +131,13 @@ public class UpdateNumberRange extends CMSServlet { BigInteger oneNum = new BigInteger("1"); String endNumConfig = null; String cloneNumConfig = null; - String nextEndConfig = null; + String nextEndConfig = null; int radix = 10; IRepository repo = null; if (cstype.equals("KRA")) { - IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS - .getSubsystem(IKeyRecoveryAuthority.ID); + IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS.getSubsystem( + IKeyRecoveryAuthority.ID); if (type.equals("request")) { repo = kra.getRequestQueue().getRequestRepository(); } else if (type.equals("serialNo")) { @@ -146,8 +146,8 @@ public class UpdateNumberRange extends CMSServlet { repo = kra.getReplicaRepository(); } } else { // CA - ICertificateAuthority ca = (ICertificateAuthority) CMS - .getSubsystem(ICertificateAuthority.ID); + ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem( + ICertificateAuthority.ID); if (type.equals("request")) { repo = ca.getRequestQueue().getRequestRepository(); } else if (type.equals("serialNo")) { @@ -157,28 +157,26 @@ public class UpdateNumberRange extends CMSServlet { } } - // checkRanges for replicaID - we do this each time a replica is - // created. - // This needs to be done beforehand to ensure that we always have - // enough + // checkRanges for replicaID - we do this each time a replica is created. + // This needs to be done beforehand to ensure that we always have enough // replica numbers if (type.equals("replicaId")) { - CMS.debug("Checking replica number ranges"); - repo.checkRanges(); + CMS.debug("Checking replica number ranges"); + repo.checkRanges(); } - + if (type.equals("request")) { radix = 10; endNumConfig = "dbs.endRequestNumber"; cloneNumConfig = "dbs.requestCloneTransferNumber"; nextEndConfig = "dbs.nextEndRequestNumber"; } else if (type.equals("serialNo")) { - radix = 16; + radix=16; endNumConfig = "dbs.endSerialNumber"; cloneNumConfig = "dbs.serialCloneTransferNumber"; nextEndConfig = "dbs.nextEndSerialNumber"; } else if (type.equals("replicaId")) { - radix = 10; + radix=10; endNumConfig = "dbs.endReplicaNumber"; cloneNumConfig = "dbs.replicaCloneTransferNumber"; nextEndConfig = "dbs.nextEndReplicaNumber"; @@ -194,11 +192,11 @@ public class UpdateNumberRange extends CMSServlet { String nextEndNumStr = cs.getString(nextEndConfig, ""); BigInteger endNum2 = new BigInteger(nextEndNumStr, radix); CMS.debug("Transferring from the end of on-deck range"); - String newValStr = endNum2.subtract(decrement).toString(radix); - repo.setNextMaxSerial(newValStr); - cs.putString(nextEndConfig, newValStr); - beginNum = endNum2.subtract(decrement).add(oneNum); - endNum = endNum2; + String newValStr = endNum2.subtract(decrement).toString(radix); + repo.setNextMaxSerial(newValStr); + cs.putString(nextEndConfig, newValStr); + beginNum = endNum2.subtract(decrement).add(oneNum); + endNum = endNum2; } else { CMS.debug("Transferring from the end of the current range"); String newValStr = beginNum.subtract(oneNum).toString(radix); @@ -206,19 +204,22 @@ public class UpdateNumberRange extends CMSServlet { cs.putString(endNumConfig, newValStr); } - if (beginNum == null) { - CMS.debug("UpdateNumberRange::process() - " - + "beginNum is null!"); + + if( beginNum == null ) { + CMS.debug( "UpdateNumberRange::process() - " + + "beginNum is null!" ); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER, - auditSubjectID, ILogger.FAILURE, auditParams); + LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER, + auditSubjectID, + ILogger.FAILURE, + auditParams); audit(auditMessage); return; } // Enable serial number management in master for certs and requests if (type.equals("replicaId")) { - repo.setEnableSerialMgmt(true); + repo.setEnableSerialMgmt(true); } // insert info @@ -229,51 +230,45 @@ public class UpdateNumberRange extends CMSServlet { Node root = xmlObj.createRoot("XMLResponse"); xmlObj.addItemToContainer(root, "Status", SUCCESS); - xmlObj.addItemToContainer(root, "beginNumber", - beginNum.toString(radix)); + xmlObj.addItemToContainer(root, "beginNumber", beginNum.toString(radix)); xmlObj.addItemToContainer(root, "endNumber", endNum.toString(radix)); byte[] cb = xmlObj.toByteArray(); outputResult(httpResp, "application/xml", cb); cs.commit(false); - auditParams += "+beginNumber;;" + beginNum.toString(radix) - + "+endNumber;;" + endNum.toString(radix); + auditParams += "+beginNumber;;" + beginNum.toString(radix) + + "+endNumber;;" + endNum.toString(radix); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER, auditSubjectID, - ILogger.SUCCESS, auditParams); + LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER, + auditSubjectID, + ILogger.SUCCESS, + auditParams); audit(auditMessage); } catch (Exception e) { - CMS.debug("UpdateNumberRange: Failed to update number range. Exception: " - + e.toString()); + CMS.debug("UpdateNumberRange: Failed to update number range. Exception: "+e.toString()); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER, auditSubjectID, - ILogger.FAILURE, auditParams); + LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER, + auditSubjectID, + ILogger.FAILURE, + auditParams); audit(auditMessage); outputError(httpResp, "Error: Failed to update number range."); } } - protected void setDefaultTemplates(ServletConfig sc) { - } + protected void setDefaultTemplates(ServletConfig sc) {} - protected void renderTemplate(CMSRequest cmsReq, String templateName, - ICMSTemplateFiller filler) throws IOException {// do nothing - } + protected void renderTemplate( + CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) + throws IOException {// do nothing + } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do - // nothing, - // ie, it - // will - // not - // return - // the - // default - // javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java index 266633cb..2339c4c7 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java @@ -40,6 +40,7 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ICMSTemplateFiller; import com.netscape.cmsutil.xml.XMLObject; + public class UpdateOCSPConfig extends CMSServlet { /** @@ -56,7 +57,6 @@ public class UpdateOCSPConfig extends CMSServlet { /** * initialize the servlet. - * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -81,18 +81,18 @@ public class UpdateOCSPConfig extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "modify"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "modify"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, "Error: Not authorized"); return; } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, - "Error: Encountered problem during authorization."); + "Error: Encountered problem during authorization."); return; } if (authzToken == null) { @@ -107,38 +107,32 @@ public class UpdateOCSPConfig extends CMSServlet { try { nickname = cs.getString("ca.subsystem.nickname", ""); String tokenname = cs.getString("ca.subsystem.tokenname", ""); - if (!tokenname.equals("internal") - && !tokenname.equals("Internal Key Storage Token")) - nickname = tokenname + ":" + nickname; + if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token")) + nickname = tokenname+":"+nickname; } catch (Exception e) { } - CMS.debug("UpdateOCSPConfig process: nickname=" + nickname); + CMS.debug("UpdateOCSPConfig process: nickname="+nickname); String ocsphost = httpReq.getParameter("ocsp_host"); String ocspport = httpReq.getParameter("ocsp_port"); try { cs.putString("ca.publish.enable", "true"); - cs.putString("ca.publish.publisher.instance.OCSPPublisher.host", - ocsphost); - cs.putString("ca.publish.publisher.instance.OCSPPublisher.port", - ocspport); - cs.putString( - "ca.publish.publisher.instance.OCSPPublisher.nickName", - nickname); + cs.putString("ca.publish.publisher.instance.OCSPPublisher.host", + ocsphost); + cs.putString("ca.publish.publisher.instance.OCSPPublisher.port", + ocspport); + cs.putString("ca.publish.publisher.instance.OCSPPublisher.nickName", + nickname); cs.putString("ca.publish.publisher.instance.OCSPPublisher.path", - "/ocsp/agent/ocsp/addCRL"); - cs.putString( - "ca.publish.publisher.instance.OCSPPublisher.pluginName", - "OCSPPublisher"); - cs.putString( - "ca.publish.publisher.instance.OCSPPublisher.enableClientAuth", - "true"); + "/ocsp/agent/ocsp/addCRL"); + cs.putString("ca.publish.publisher.instance.OCSPPublisher.pluginName", "OCSPPublisher"); + cs.putString("ca.publish.publisher.instance.OCSPPublisher.enableClientAuth", "true"); cs.putString("ca.publish.rule.instance.ocsprule.enable", "true"); cs.putString("ca.publish.rule.instance.ocsprule.mapper", "NoMap"); cs.putString("ca.publish.rule.instance.ocsprule.pluginName", "Rule"); - cs.putString("ca.publish.rule.instance.ocsprule.publisher", - "OCSPPublisher"); + cs.putString("ca.publish.rule.instance.ocsprule.publisher", + "OCSPPublisher"); cs.putString("ca.publish.rule.instance.ocsprule.type", "crl"); cs.commit(false); // insert info @@ -153,28 +147,19 @@ public class UpdateOCSPConfig extends CMSServlet { outputResult(httpResp, "application/xml", cb); } catch (Exception e) { - CMS.debug("UpdateOCSPConfig: Failed to update OCSP configuration. Exception: " - + e.toString()); + CMS.debug("UpdateOCSPConfig: Failed to update OCSP configuration. Exception: "+e.toString()); outputError(httpResp, "Error: Failed to update OCSP configuration."); } } - protected void setDefaultTemplates(ServletConfig sc) { - } + protected void setDefaultTemplates(ServletConfig sc) {} - protected void renderTemplate(CMSRequest cmsReq, String templateName, - ICMSTemplateFiller filler) throws IOException {// do nothing - } + protected void renderTemplate( + CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) + throws IOException {// do nothing + } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do - // nothing, - // ie, it - // will - // not - // return - // the - // default - // javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomePanel.java index ff545b71..7b1c9959 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomePanel.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.IOException; import javax.servlet.ServletConfig; @@ -34,14 +35,13 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class WelcomePanel extends WizardPanelBase { - public WelcomePanel() { - } + public WelcomePanel() {} /** * Initializes this panel. */ - public void init(WizardServlet servlet, ServletConfig config, int panelno, - String id) throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException { setPanelNo(panelno); setName("Welcome"); setId(id); @@ -52,20 +52,19 @@ public class WelcomePanel extends WizardPanelBase { cs.putBoolean("preop.welcome.done", false); } - public boolean isPanelDone() { + public boolean isPanelDone() { IConfigStore cs = CMS.getConfigStore(); try { return cs.getBoolean("preop.welcome.done"); - } catch (EBaseException e) { - } + } catch (EBaseException e) {} return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -73,21 +72,25 @@ public class WelcomePanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { IConfigStore cs = CMS.getConfigStore(); CMS.debug("WelcomePanel: display()"); context.put("title", "Welcome"); try { context.put("cstype", cs.getString("cs.type")); context.put("wizardname", cs.getString("preop.wizard.name")); - context.put("panelname", cs.getString("preop.system.fullname") - + " Configuration Wizard"); - context.put("systemname", cs.getString("preop.system.name")); - context.put("fullsystemname", cs.getString("preop.system.fullname")); - context.put("productname", cs.getString("preop.product.name")); - context.put("productversion", cs.getString("preop.product.version")); - } catch (EBaseException e) { - } + context.put("panelname", + cs.getString("preop.system.fullname") + " Configuration Wizard"); + context.put("systemname", + cs.getString("preop.system.name")); + context.put("fullsystemname", + cs.getString("preop.system.fullname")); + context.put("productname", + cs.getString("preop.product.name")); + context.put("productversion", + cs.getString("preop.product.version")); + } catch (EBaseException e) {} context.put("panel", "admin/console/config/welcomepanel.vm"); } @@ -95,29 +98,27 @@ public class WelcomePanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { IConfigStore cs = CMS.getConfigStore(); try { cs.putBoolean("preop.welcome.done", true); cs.commit(false); - } catch (EBaseException e) { - } + } catch (EBaseException e) {} } /** * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, Context context) {/* - * This should never - * be called - */ - } + HttpServletResponse response, + Context context) {/* This should never be called */} } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomeServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomeServlet.java index 1faca0f8..06eb63ff 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomeServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomeServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -24,6 +25,7 @@ import org.apache.velocity.Template; import org.apache.velocity.app.Velocity; import org.apache.velocity.context.Context; + public class WelcomeServlet extends BaseServlet { /** @@ -32,7 +34,8 @@ public class WelcomeServlet extends BaseServlet { private static final long serialVersionUID = 1179761802633506502L; public Template process(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { Template template = null; diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java index 570c5158..a2a7d5df 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.ByteArrayInputStream; import java.io.IOException; import java.net.ConnectException; @@ -78,8 +79,8 @@ public class WizardPanelBase implements IWizardPanel { public static final String PRE_CONF_AGENT_GROUP = "preop.admin.group"; /** - * Definition for "preop" static variables in CS.cfg -- "preop" config - * parameters should not assumed to exist after configuation + * Definition for "preop" static variables in CS.cfg + * -- "preop" config parameters should not assumed to exist after configuation */ public static final String PRE_CONF_CA_TOKEN = "preop.module.token"; @@ -94,12 +95,15 @@ public class WizardPanelBase implements IWizardPanel { /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException + { mPanelNo = panelno; } - public void init(WizardServlet servlet, ServletConfig config, int panelno, - String id) throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException + { mPanelNo = panelno; } @@ -138,7 +142,7 @@ public class WizardPanelBase implements IWizardPanel { return set; } - + /** * Should we skip this panel? */ @@ -182,29 +186,30 @@ public class WizardPanelBase implements IWizardPanel { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, Context context) { - } + HttpServletResponse response, + Context context) {} /** * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, + Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { - } + HttpServletResponse response, + Context context) throws IOException {} /** * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, Context context) { - } + HttpServletResponse response, + Context context) {} /** * Retrieves locale based on the request. @@ -228,17 +233,15 @@ public class WizardPanelBase implements IWizardPanel { try { instanceID = config.getString("instanceId", ""); - } catch (Exception e) { - } + } catch (Exception e) {} String nickname = certTag + "Cert cert-" + instanceID; String preferredNickname = null; try { - preferredNickname = config.getString(PCERT_PREFIX + certTag - + ".nickname", null); - } catch (Exception e) { - } + preferredNickname = config.getString( + PCERT_PREFIX + certTag + ".nickname", null); + } catch (Exception e) {} if (preferredNickname != null) { nickname = preferredNickname; @@ -247,41 +250,37 @@ public class WizardPanelBase implements IWizardPanel { } public void updateDomainXML(String hostname, int port, boolean https, - String servlet, String uri) throws IOException { - CMS.debug("WizardPanelBase updateDomainXML start hostname=" + hostname - + " port=" + port); + String servlet, String uri) throws IOException { + CMS.debug("WizardPanelBase updateDomainXML start hostname=" + hostname + " port=" + port); IConfigStore cs = CMS.getConfigStore(); String nickname = ""; String tokenname = ""; try { nickname = cs.getString("preop.cert.subsystem.nickname", ""); tokenname = cs.getString("preop.module.token", ""); - } catch (Exception e) { - } + } catch (Exception e) {} - if (!tokenname.equals("") - && !tokenname.equals("Internal Key Storage Token") - && !tokenname.equals("internal")) { - nickname = tokenname + ":" + nickname; + if (!tokenname.equals("") && + !tokenname.equals("Internal Key Storage Token") && + !tokenname.equals("internal")) { + nickname = tokenname+":"+nickname; } CMS.debug("WizardPanelBase updateDomainXML nickname=" + nickname); CMS.debug("WizardPanelBase: start sending updateDomainXML request"); - String c = getHttpResponse(hostname, port, https, servlet, uri, - nickname); + String c = getHttpResponse(hostname, port, https, servlet, uri, nickname); CMS.debug("WizardPanelBase: done sending updateDomainXML request"); if (c != null) { try { - ByteArrayInputStream bis = new ByteArrayInputStream( - c.getBytes()); + ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); XMLObject obj = null; try { obj = new XMLObject(bis); } catch (Exception e) { - CMS.debug("WizardPanelBase::updateDomainXML() - " - + "Exception=" + e.toString()); - throw new IOException(e.toString()); + CMS.debug( "WizardPanelBase::updateDomainXML() - " + + "Exception="+e.toString() ); + throw new IOException( e.toString() ); } String status = obj.getValue("Status"); @@ -292,7 +291,7 @@ public class WizardPanelBase implements IWizardPanel { } else { String error = obj.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { CMS.debug("WizardPanelBase: updateDomainXML: " + e.toString()); throw e; @@ -303,21 +302,21 @@ public class WizardPanelBase implements IWizardPanel { } } - public int getSubsystemCount(String hostname, int https_admin_port, - boolean https, String type) throws IOException { + public int getSubsystemCount( String hostname, int https_admin_port, + boolean https, String type ) + throws IOException { CMS.debug("WizardPanelBase getSubsystemCount start"); String c = getDomainXML(hostname, https_admin_port, true); if (c != null) { try { - ByteArrayInputStream bis = new ByteArrayInputStream( - c.getBytes()); + ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); XMLObject obj = new XMLObject(bis); - String containerName = type + "List"; + String containerName = type+"List"; Node n = obj.getContainer(containerName); NodeList nlist = n.getChildNodes(); String countS = ""; - for (int i = 0; i < nlist.getLength(); i++) { - Element nn = (Element) nlist.item(i); + for (int i=0; i<nlist.getLength(); i++) { + Element nn = (Element)nlist.item(i); String tagname = nn.getTagName(); if (tagname.equals("SubsystemCount")) { NodeList nlist1 = nn.getChildNodes(); @@ -326,8 +325,7 @@ public class WizardPanelBase implements IWizardPanel { break; } } - CMS.debug("WizardPanelBase getSubsystemCount: SubsystemCount=" - + countS); + CMS.debug("WizardPanelBase getSubsystemCount: SubsystemCount="+countS); int num = 0; if (countS != null && !countS.equals("")) { @@ -339,7 +337,7 @@ public class WizardPanelBase implements IWizardPanel { return num; } catch (Exception e) { - CMS.debug("WizardPanelBase: getSubsystemCount: " + e.toString()); + CMS.debug("WizardPanelBase: getSubsystemCount: "+e.toString()); throw new IOException(e.toString()); } } @@ -347,23 +345,23 @@ public class WizardPanelBase implements IWizardPanel { return -1; } - public String getDomainXML(String hostname, int https_admin_port, - boolean https) throws IOException { + public String getDomainXML( String hostname, int https_admin_port, + boolean https ) + throws IOException { CMS.debug("WizardPanelBase getDomainXML start"); - String c = getHttpResponse(hostname, https_admin_port, https, - "/ca/admin/ca/getDomainXML", null, null); + String c = getHttpResponse( hostname, https_admin_port, https, + "/ca/admin/ca/getDomainXML", null, null ); if (c != null) { try { - ByteArrayInputStream bis = new ByteArrayInputStream( - c.getBytes()); + ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); XMLObject parser = null; try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug("WizardPanelBase::getDomainXML() - " - + "Exception=" + e.toString()); - throw new IOException(e.toString()); + CMS.debug( "WizardPanelBase::getDomainXML() - " + + "Exception="+e.toString() ); + throw new IOException( e.toString() ); } String status = parser.getValue("Status"); @@ -373,14 +371,15 @@ public class WizardPanelBase implements IWizardPanel { if (status.equals(SUCCESS)) { String domainInfo = parser.getValue("DomainInfo"); - CMS.debug("WizardPanelBase getDomainXML: domainInfo=" - + domainInfo); - return domainInfo; + CMS.debug( + "WizardPanelBase getDomainXML: domainInfo=" + + domainInfo); + return domainInfo; } else { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { CMS.debug("WizardPanelBase: getDomainXML: " + e.toString()); throw e; @@ -393,29 +392,29 @@ public class WizardPanelBase implements IWizardPanel { return null; } - public String getSubsystemCert(String host, int port, boolean https) - throws IOException { + public String getSubsystemCert(String host, int port, boolean https) + throws IOException { CMS.debug("WizardPanelBase getSubsystemCert start"); - String c = getHttpResponse(host, port, https, - "/ca/admin/ca/getSubsystemCert", null, null); + String c = getHttpResponse(host, port, https, + "/ca/admin/ca/getSubsystemCert", null, null); if (c != null) { try { - ByteArrayInputStream bis = new ByteArrayInputStream( - c.getBytes()); + ByteArrayInputStream bis = + new ByteArrayInputStream(c.getBytes()); XMLObject parser = null; try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug("WizardPanelBase::getSubsystemCert() - " - + "Exception=" + e.toString()); - throw new IOException(e.toString()); + CMS.debug( "WizardPanelBase::getSubsystemCert() - " + + "Exception="+e.toString() ); + throw new IOException( e.toString() ); } String status = parser.getValue("Status"); if (status.equals(SUCCESS)) { String s = parser.getValue("Cert"); return s; } else - return null; + return null; } catch (Exception e) { } } @@ -424,90 +423,87 @@ public class WizardPanelBase implements IWizardPanel { } public void updateConnectorInfo(String host, int port, boolean https, - String content) throws IOException { + String content) throws IOException { CMS.debug("WizardPanelBase updateConnectorInfo start"); - String c = getHttpResponse(host, port, https, - "/ca/admin/ca/updateConnector", content, null); + String c = getHttpResponse(host, port, https, + "/ca/admin/ca/updateConnector", content, null); if (c != null) { try { - ByteArrayInputStream bis = new ByteArrayInputStream( - c.getBytes()); + ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); XMLObject parser = null; try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug("WizardPanelBase::updateConnectorInfo() - " - + "Exception=" + e.toString()); - throw new IOException(e.toString()); + CMS.debug( "WizardPanelBase::updateConnectorInfo() - " + + "Exception="+e.toString() ); + throw new IOException( e.toString() ); } String status = parser.getValue("Status"); - CMS.debug("WizardPanelBase updateConnectorInfo: status=" - + status); + CMS.debug("WizardPanelBase updateConnectorInfo: status=" + status); if (!status.equals(SUCCESS)) { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { - CMS.debug("WizardPanelBase: updateConnectorInfo: " - + e.toString()); + CMS.debug("WizardPanelBase: updateConnectorInfo: " + e.toString()); throw e; } catch (Exception e) { - CMS.debug("WizardPanelBase: updateConnectorInfo: " - + e.toString()); + CMS.debug("WizardPanelBase: updateConnectorInfo: " + e.toString()); throw new IOException(e.toString()); } } } - public String getCertChainUsingSecureAdminPort(String hostname, - int https_admin_port, boolean https, - ConfigCertApprovalCallback certApprovalCallback) throws IOException { + public String getCertChainUsingSecureAdminPort( String hostname, + int https_admin_port, + boolean https, + ConfigCertApprovalCallback + certApprovalCallback ) + throws IOException { CMS.debug("WizardPanelBase getCertChainUsingSecureAdminPort start"); - String c = getHttpResponse(hostname, https_admin_port, https, - "/ca/admin/ca/getCertChain", null, null, certApprovalCallback); + String c = getHttpResponse( hostname, https_admin_port, https, + "/ca/admin/ca/getCertChain", null, null, + certApprovalCallback ); if (c != null) { try { - ByteArrayInputStream bis = new ByteArrayInputStream( - c.getBytes()); + ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); XMLObject parser = null; try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug("WizardPanelBase::getCertChainUsingSecureAdminPort() - " - + "Exception=" + e.toString()); - throw new IOException(e.toString()); + CMS.debug( "WizardPanelBase::getCertChainUsingSecureAdminPort() - " + + "Exception="+e.toString() ); + throw new IOException( e.toString() ); } String status = parser.getValue("Status"); - CMS.debug("WizardPanelBase getCertChainUsingSecureAdminPort: status=" - + status); + CMS.debug("WizardPanelBase getCertChainUsingSecureAdminPort: status=" + status); if (status.equals(SUCCESS)) { String certchain = parser.getValue("ChainBase64"); certchain = CryptoUtil.normalizeCertStr(certchain); - CMS.debug("WizardPanelBase getCertChainUsingSecureAdminPort: certchain=" - + certchain); - return certchain; + CMS.debug( + "WizardPanelBase getCertChainUsingSecureAdminPort: certchain=" + + certchain); + return certchain; } else { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { - CMS.debug("WizardPanelBase: getCertChainUsingSecureAdminPort: " - + e.toString()); + CMS.debug("WizardPanelBase: getCertChainUsingSecureAdminPort: " + e.toString()); throw e; } catch (Exception e) { - CMS.debug("WizardPanelBase: getCertChainUsingSecureAdminPort: " - + e.toString()); + CMS.debug("WizardPanelBase: getCertChainUsingSecureAdminPort: " + e.toString()); throw new IOException(e.toString()); } } @@ -515,51 +511,52 @@ public class WizardPanelBase implements IWizardPanel { return null; } - public String getCertChainUsingSecureEEPort(String hostname, - int https_ee_port, boolean https, - ConfigCertApprovalCallback certApprovalCallback) throws IOException { + public String getCertChainUsingSecureEEPort( String hostname, + int https_ee_port, + boolean https, + ConfigCertApprovalCallback + certApprovalCallback ) + throws IOException { CMS.debug("WizardPanelBase getCertChainUsingSecureEEPort start"); - String c = getHttpResponse(hostname, https_ee_port, https, - "/ca/ee/ca/getCertChain", null, null, certApprovalCallback); + String c = getHttpResponse( hostname, https_ee_port, https, + "/ca/ee/ca/getCertChain", null, null, + certApprovalCallback ); if (c != null) { try { - ByteArrayInputStream bis = new ByteArrayInputStream( - c.getBytes()); + ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); XMLObject parser = null; try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug("WizardPanelBase::getCertChainUsingSecureEEPort() - " - + "Exception=" + e.toString()); - throw new IOException(e.toString()); + CMS.debug( "WizardPanelBase::getCertChainUsingSecureEEPort() - " + + "Exception="+e.toString() ); + throw new IOException( e.toString() ); } String status = parser.getValue("Status"); - CMS.debug("WizardPanelBase getCertChainUsingSecureEEPort: status=" - + status); + CMS.debug("WizardPanelBase getCertChainUsingSecureEEPort: status=" + status); if (status.equals(SUCCESS)) { String certchain = parser.getValue("ChainBase64"); certchain = CryptoUtil.normalizeCertStr(certchain); - CMS.debug("WizardPanelBase getCertChainUsingSecureEEPort: certchain=" - + certchain); - return certchain; + CMS.debug( + "WizardPanelBase getCertChainUsingSecureEEPort: certchain=" + + certchain); + return certchain; } else { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { - CMS.debug("WizardPanelBase: getCertChainUsingSecureEEPort: " - + e.toString()); + CMS.debug("WizardPanelBase: getCertChainUsingSecureEEPort: " + e.toString()); throw e; } catch (Exception e) { - CMS.debug("WizardPanelBase: getCertChainUsingSecureEEPort: " - + e.toString()); + CMS.debug("WizardPanelBase: getCertChainUsingSecureEEPort: " + e.toString()); throw new IOException(e.toString()); } } @@ -567,44 +564,41 @@ public class WizardPanelBase implements IWizardPanel { return null; } - public boolean updateConfigEntries(String hostname, int port, - boolean https, String servlet, String uri, IConfigStore config, - HttpServletResponse response) throws IOException { + public boolean updateConfigEntries(String hostname, int port, boolean https, + String servlet, String uri, IConfigStore config, + HttpServletResponse response) throws IOException { CMS.debug("WizardPanelBase updateConfigEntries start"); String c = getHttpResponse(hostname, port, https, servlet, uri, null); if (c != null) { try { - ByteArrayInputStream bis = new ByteArrayInputStream( - c.getBytes()); + ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); XMLObject parser = null; try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug("WizardPanelBase::updateConfigEntries() - " - + "Exception=" + e.toString()); - throw new IOException(e.toString()); + CMS.debug( "WizardPanelBase::updateConfigEntries() - " + + "Exception="+e.toString() ); + throw new IOException( e.toString() ); } String status = parser.getValue("Status"); - CMS.debug("WizardPanelBase updateConfigEntries: status=" - + status); + CMS.debug("WizardPanelBase updateConfigEntries: status=" + status); if (status.equals(SUCCESS)) { String cstype = ""; try { cstype = config.getString("cs.type", ""); } catch (Exception e) { - CMS.debug("WizardPanelBase::updateConfigEntries() - unable to get cs.type: " - + e.toString()); + CMS.debug("WizardPanelBase::updateConfigEntries() - unable to get cs.type: " + e.toString()); } - - Document doc = parser.getDocument(); + + Document doc = parser.getDocument(); NodeList list = doc.getElementsByTagName("name"); int len = list.getLength(); - for (int i = 0; i < len; i++) { + for (int i=0; i<len; i++) { Node n = list.item(i); NodeList nn = n.getChildNodes(); String name = nn.item(0).getNodeValue(); @@ -612,104 +606,73 @@ public class WizardPanelBase implements IWizardPanel { nn = parent.getChildNodes(); int len1 = nn.getLength(); String v = ""; - for (int j = 0; j < len1; j++) { + for (int j=0; j<len1; j++) { Node nv = nn.item(j); String val = nv.getNodeName(); if (val.equals("value")) { NodeList n2 = nv.getChildNodes(); if (n2.getLength() > 0) - v = n2.item(0).getNodeValue(); - break; + v = n2.item(0).getNodeValue(); + break; } } if (name.equals("internaldb.ldapconn.host")) { - config.putString( - "preop.internaldb.master.hostname", v); + config.putString("preop.internaldb.master.hostname", v); } else if (name.equals("internaldb.ldapconn.port")) { config.putString("preop.internaldb.master.port", v); } else if (name.equals("internaldb.ldapauth.bindDN")) { - config.putString("preop.internaldb.master.binddn", - v); + config.putString("preop.internaldb.master.binddn", v); } else if (name.equals("internaldb.basedn")) { config.putString(name, v); - config.putString("preop.internaldb.master.basedn", - v); + config.putString("preop.internaldb.master.basedn", v); } else if (name.equals("internaldb.ldapauth.password")) { - config.putString("preop.internaldb.master.bindpwd", - v); - } else if (name - .equals("internaldb.replication.password")) { - config.putString( - "preop.internaldb.master.replicationpwd", v); + config.putString("preop.internaldb.master.bindpwd", v); + } else if (name.equals("internaldb.replication.password")) { + config.putString("preop.internaldb.master.replicationpwd", v); } else if (name.equals("instanceId")) { config.putString("preop.master.instanceId", v); } else if (name.equals("cloning.cert.signing.nickname")) { config.putString("preop.master.signing.nickname", v); config.putString("preop.cert.signing.nickname", v); } else if (name.equals("cloning.ocsp_signing.nickname")) { - config.putString( - "preop.master.ocsp_signing.nickname", v); - config.putString( - "preop.cert.ocsp_signing.nickname", v); + config.putString("preop.master.ocsp_signing.nickname", v); + config.putString("preop.cert.ocsp_signing.nickname", v); } else if (name.equals("cloning.subsystem.nickname")) { - config.putString("preop.master.subsystem.nickname", - v); + config.putString("preop.master.subsystem.nickname", v); config.putString("preop.cert.subsystem.nickname", v); } else if (name.equals("cloning.transport.nickname")) { - config.putString("preop.master.transport.nickname", - v); + config.putString("preop.master.transport.nickname", v); config.putString("kra.transportUnit.nickName", v); config.putString("preop.cert.transport.nickname", v); } else if (name.equals("cloning.storage.nickname")) { config.putString("preop.master.storage.nickname", v); config.putString("kra.storageUnit.nickName", v); config.putString("preop.cert.storage.nickname", v); - } else if (name - .equals("cloning.audit_signing.nickname")) { - config.putString( - "preop.master.audit_signing.nickname", v); - config.putString( - "preop.cert.audit_signing.nickname", v); + } else if (name.equals("cloning.audit_signing.nickname")) { + config.putString("preop.master.audit_signing.nickname", v); + config.putString("preop.cert.audit_signing.nickname", v); config.putString(name, v); } else if (name.startsWith("cloning.ca")) { - config.putString( - name.replaceFirst("cloning", "preop"), v); + config.putString(name.replaceFirst("cloning", "preop"), v); } else if (name.equals("cloning.signing.keyalgorithm")) { - config.putString( - name.replaceFirst("cloning", "preop.cert"), - v); + config.putString(name.replaceFirst("cloning", "preop.cert"), v); if (cstype.equals("CA")) { - config.putString( - "ca.crl.MasterCRL.signingAlgorithm", v); - config.putString( - "ca.signing.defaultSigningAlgorithm", v); + config.putString("ca.crl.MasterCRL.signingAlgorithm", v); + config.putString("ca.signing.defaultSigningAlgorithm", v); } else if (cstype.equals("OCSP")) { - config.putString( - "ocsp.signing.defaultSigningAlgorithm", - v); + config.putString("ocsp.signing.defaultSigningAlgorithm", v); } - } else if (name - .equals("cloning.transport.keyalgorithm")) { - config.putString( - name.replaceFirst("cloning", "preop.cert"), - v); - config.putString( - "kra.transportUnit.signingAlgorithm", v); - } else if (name - .equals("cloning.ocsp_signing.keyalgorithm")) { - config.putString( - name.replaceFirst("cloning", "preop.cert"), - v); + } else if (name.equals("cloning.transport.keyalgorithm")) { + config.putString(name.replaceFirst("cloning", "preop.cert"), v); + config.putString("kra.transportUnit.signingAlgorithm", v); + } else if (name.equals("cloning.ocsp_signing.keyalgorithm")) { + config.putString(name.replaceFirst("cloning", "preop.cert"), v); if (cstype.equals("CA")) { - config.putString( - "ca.ocsp_signing.defaultSigningAlgorithm", - v); + config.putString("ca.ocsp_signing.defaultSigningAlgorithm", v); } } else if (name.startsWith("cloning")) { - config.putString( - name.replaceFirst("cloning", "preop.cert"), - v); + config.putString(name.replaceFirst("cloning", "preop.cert"), v); } else { config.putString(name, v); } @@ -723,14 +686,12 @@ public class WizardPanelBase implements IWizardPanel { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { - CMS.debug("WizardPanelBase: updateConfigEntries: " - + e.toString()); + CMS.debug("WizardPanelBase: updateConfigEntries: " + e.toString()); throw e; } catch (Exception e) { - CMS.debug("WizardPanelBase: updateConfigEntries: " - + e.toString()); + CMS.debug("WizardPanelBase: updateConfigEntries: " + e.toString()); throw new IOException(e.toString()); } } @@ -746,16 +707,15 @@ public class WizardPanelBase implements IWizardPanel { if (c != null) { try { - ByteArrayInputStream bis = new ByteArrayInputStream( - c.getBytes()); + ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); XMLObject parser = null; try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug("WizardPanelBase::authenticate() - " - + "Exception=" + e.toString()); - throw new IOException(e.toString()); + CMS.debug( "WizardPanelBase::authenticate() - " + + "Exception="+e.toString() ); + throw new IOException( e.toString() ); } String status = parser.getValue("Status"); @@ -769,7 +729,7 @@ public class WizardPanelBase implements IWizardPanel { } else { String error = parser.getValue("Error"); return false; - } + } } catch (Exception e) { CMS.debug("WizardPanelBase: authenticate: " + e.toString()); throw new IOException(e.toString()); @@ -779,27 +739,26 @@ public class WizardPanelBase implements IWizardPanel { return false; } - public void updateOCSPConfig(String hostname, int port, boolean https, - String content, HttpServletResponse response) throws IOException { + public void updateOCSPConfig(String hostname, int port, boolean https, + String content, HttpServletResponse response) + throws IOException { CMS.debug("WizardPanelBase updateOCSPConfig start"); - String c = getHttpResponse(hostname, port, https, - "/ca/ee/ca/updateOCSPConfig", content, null); + String c = getHttpResponse(hostname, port, https, + "/ca/ee/ca/updateOCSPConfig", content, null); if (c == null || c.equals("")) { CMS.debug("WizardPanelBase updateOCSPConfig: content is null."); - throw new IOException( - "The server you want to contact is not available"); + throw new IOException("The server you want to contact is not available"); } else { try { - ByteArrayInputStream bis = new ByteArrayInputStream( - c.getBytes()); + ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); XMLObject parser = null; try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug("WizardPanelBase::updateOCSPConfig() - " - + "Exception=" + e.toString()); - throw new IOException(e.toString()); + CMS.debug( "WizardPanelBase::updateOCSPConfig() - " + + "Exception="+e.toString() ); + throw new IOException( e.toString() ); } String status = parser.getValue("Status"); @@ -815,7 +774,7 @@ public class WizardPanelBase implements IWizardPanel { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { CMS.debug("WizardPanelBase updateOCSPConfig: " + e.toString()); throw e; @@ -826,11 +785,11 @@ public class WizardPanelBase implements IWizardPanel { } } - public void updateNumberRange(String hostname, int port, boolean https, - String content, String type, HttpServletResponse response) - throws IOException { - CMS.debug("WizardPanelBase updateNumberRange start host=" + hostname - + " port=" + port); + public void updateNumberRange(String hostname, int port, boolean https, + String content, String type, HttpServletResponse response) + throws IOException { + CMS.debug("WizardPanelBase updateNumberRange start host=" + hostname + + " port=" + port); IConfigStore cs = CMS.getConfigStore(); String cstype = ""; try { @@ -839,25 +798,23 @@ public class WizardPanelBase implements IWizardPanel { } cstype = toLowerCaseSubsystemType(cstype); - String c = getHttpResponse(hostname, port, https, "/" + cstype + "/ee/" - + cstype + "/updateNumberRange", content, null); + String c = getHttpResponse(hostname, port, https, + "/"+cstype+"/ee/"+cstype+"/updateNumberRange", content, null); if (c == null || c.equals("")) { CMS.debug("WizardPanelBase updateNumberRange: content is null."); - throw new IOException( - "The server you want to contact is not available"); + throw new IOException("The server you want to contact is not available"); } else { - CMS.debug("content=" + c); + CMS.debug("content="+c); try { - ByteArrayInputStream bis = new ByteArrayInputStream( - c.getBytes()); + ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); XMLObject parser = null; try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug("WizardPanelBase::updateNumberRange() - " - + "Exception=" + e.toString()); - throw new IOException(e.toString()); + CMS.debug( "WizardPanelBase::updateNumberRange() - " + + "Exception="+e.toString() ); + throw new IOException( e.toString() ); } String status = parser.getValue("Status"); @@ -886,7 +843,7 @@ public class WizardPanelBase implements IWizardPanel { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { CMS.debug("WizardPanelBase: updateNumberRange: " + e.toString()); CMS.debug(e); @@ -899,24 +856,24 @@ public class WizardPanelBase implements IWizardPanel { } } - public int getPort(String hostname, int port, boolean https, - String portServlet, boolean sport) throws IOException { + public int getPort(String hostname, int port, boolean https, + String portServlet, boolean sport) + throws IOException { CMS.debug("WizardPanelBase getPort start"); String c = getHttpResponse(hostname, port, https, portServlet, "secure=" + sport, null); if (c != null) { try { - ByteArrayInputStream bis = new ByteArrayInputStream( - c.getBytes()); + ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); XMLObject parser = null; try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug("WizardPanelBase::getPort() - " + "Exception=" - + e.toString()); - throw new IOException(e.toString()); + CMS.debug( "WizardPanelBase::getPort() - " + + "Exception="+e.toString() ); + throw new IOException( e.toString() ); } String status = parser.getValue("Status"); @@ -932,7 +889,7 @@ public class WizardPanelBase implements IWizardPanel { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { CMS.debug("WizardPanelBase: getPort: " + e.toString()); throw e; @@ -946,16 +903,14 @@ public class WizardPanelBase implements IWizardPanel { } public String getHttpResponse(String hostname, int port, boolean secure, - String uri, String content, String clientnickname) - throws IOException { - return getHttpResponse(hostname, port, secure, uri, content, - clientnickname, null); + String uri, String content, String clientnickname) throws IOException { + return getHttpResponse(hostname, port, secure, uri, content, clientnickname, null); } - public String getHttpResponse(String hostname, int port, boolean secure, - String uri, String content, String clientnickname, - SSLCertificateApprovalCallback certApprovalCallback) - throws IOException { + public String getHttpResponse(String hostname, int port, boolean secure, + String uri, String content, String clientnickname, + SSLCertificateApprovalCallback certApprovalCallback) + throws IOException { HttpClient httpclient = null; String c = null; @@ -984,8 +939,7 @@ public class WizardPanelBase implements IWizardPanel { if (content != null && content.length() > 0) { String content_c = content; - httprequest - .setHeader("content-length", "" + content_c.length()); + httprequest.setHeader("content-length", "" + content_c.length()); httprequest.setContent(content_c); } HttpResponse httpresponse = httpclient.send(httprequest); @@ -993,8 +947,7 @@ public class WizardPanelBase implements IWizardPanel { c = httpresponse.getContent(); } catch (ConnectException e) { CMS.debug("WizardPanelBase getHttpResponse: " + e.toString()); - throw new IOException( - "The server you tried to contact is not running."); + throw new IOException("The server you tried to contact is not running."); } catch (Exception e) { CMS.debug("WizardPanelBase getHttpResponse: " + e.toString()); throw new IOException(e.toString()); @@ -1007,55 +960,56 @@ public class WizardPanelBase implements IWizardPanel { return c; } - public boolean isSDHostDomainMaster(IConfigStore config) { - String dm = "false"; + public boolean isSDHostDomainMaster (IConfigStore config) { + String dm="false"; try { String hostname = config.getString("securitydomain.host"); - int httpsadminport = config - .getInteger("securitydomain.httpsadminport"); + int httpsadminport = config.getInteger("securitydomain.httpsadminport"); CMS.debug("Getting domain.xml from CA..."); String c = getDomainXML(hostname, httpsadminport, true); CMS.debug("Getting DomainMaster from security domain"); - ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); - XMLObject parser = new XMLObject(bis); + ByteArrayInputStream bis = new ByteArrayInputStream( c.getBytes() ); + XMLObject parser = new XMLObject( bis ); Document doc = parser.getDocument(); - NodeList nodeList = doc.getElementsByTagName("CA"); + NodeList nodeList = doc.getElementsByTagName( "CA" ); int len = nodeList.getLength(); - for (int i = 0; i < len; i++) { - Vector v_hostname = parser.getValuesFromContainer( - nodeList.item(i), "Host"); - - Vector v_https_admin_port = parser.getValuesFromContainer( - nodeList.item(i), "SecureAdminPort"); - - Vector v_domain_mgr = parser.getValuesFromContainer( - nodeList.item(i), "DomainManager"); - - if (v_hostname.elementAt(0).equals(hostname) - && v_https_admin_port.elementAt(0).equals( - Integer.toString(httpsadminport))) { - dm = v_domain_mgr.elementAt(0).toString(); + for( int i = 0; i < len; i++ ) { + Vector v_hostname = + parser.getValuesFromContainer( nodeList.item(i), + "Host" ); + + Vector v_https_admin_port = + parser.getValuesFromContainer( nodeList.item(i), + "SecureAdminPort" ); + + Vector v_domain_mgr = + parser.getValuesFromContainer( nodeList.item(i), + "DomainManager" ); + + if( v_hostname.elementAt( 0 ).equals( hostname ) && + v_https_admin_port.elementAt( 0 ).equals( Integer.toString(httpsadminport) ) ) { + dm = v_domain_mgr.elementAt( 0 ).toString(); break; } } } catch (Exception e) { - CMS.debug(e.toString()); + CMS.debug( e.toString() ); } return dm.equalsIgnoreCase("true"); } - - public Vector getMasterUrlListFromSecurityDomain(IConfigStore config, - String type, String portType) { + + public Vector getMasterUrlListFromSecurityDomain( IConfigStore config, + String type, + String portType ) { Vector v = new Vector(); try { String hostname = config.getString("securitydomain.host"); - int httpsadminport = config - .getInteger("securitydomain.httpsadminport"); + int httpsadminport = config.getInteger("securitydomain.httpsadminport"); CMS.debug("Getting domain.xml from CA..."); String c = getDomainXML(hostname, httpsadminport, true); @@ -1072,13 +1026,13 @@ public class WizardPanelBase implements IWizardPanel { list = "TKSList"; } - CMS.debug("Getting " + portType + " from Security Domain ..."); - if (!portType.equals("UnSecurePort") - && !portType.equals("SecureAgentPort") - && !portType.equals("SecurePort") - && !portType.equals("SecureAdminPort")) { - CMS.debug("getPortFromSecurityDomain: " + "unknown port type " - + portType); + CMS.debug( "Getting " + portType + " from Security Domain ..." ); + if( !portType.equals( "UnSecurePort" ) && + !portType.equals( "SecureAgentPort" ) && + !portType.equals( "SecurePort" ) && + !portType.equals( "SecureAdminPort" ) ) { + CMS.debug( "getPortFromSecurityDomain: " + + "unknown port type " + portType ); return v; } @@ -1088,15 +1042,16 @@ public class WizardPanelBase implements IWizardPanel { NodeList nodeList = doc.getElementsByTagName(type); // save domain name in cfg - config.putString("securitydomain.name", parser.getValue("Name")); + config.putString("securitydomain.name", + parser.getValue("Name")); int len = nodeList.getLength(); CMS.debug("Len " + len); for (int i = 0; i < len; i++) { - Vector v_clone = parser.getValuesFromContainer( - nodeList.item(i), "Clone"); - String clone = (String) v_clone.elementAt(0); + Vector v_clone = parser.getValuesFromContainer(nodeList.item(i), + "Clone"); + String clone = (String)v_clone.elementAt(0); if (clone.equalsIgnoreCase("true")) continue; Vector v_name = parser.getValuesFromContainer(nodeList.item(i), @@ -1106,8 +1061,11 @@ public class WizardPanelBase implements IWizardPanel { Vector v_port = parser.getValuesFromContainer(nodeList.item(i), portType); - v.addElement(v_name.elementAt(0) + " - https://" - + v_host.elementAt(0) + ":" + v_port.elementAt(0)); + v.addElement( v_name.elementAt(0) + + " - https://" + + v_host.elementAt(0) + + ":" + + v_port.elementAt(0) ); } } catch (Exception e) { CMS.debug(e.toString()); @@ -1116,14 +1074,14 @@ public class WizardPanelBase implements IWizardPanel { return v; } - public Vector getUrlListFromSecurityDomain(IConfigStore config, - String type, String portType) { + public Vector getUrlListFromSecurityDomain( IConfigStore config, + String type, + String portType ) { Vector v = new Vector(); try { String hostname = config.getString("securitydomain.host"); - int httpsadminport = config - .getInteger("securitydomain.httpsadminport"); + int httpsadminport = config.getInteger("securitydomain.httpsadminport"); CMS.debug("Getting domain.xml from CA..."); String c = getDomainXML(hostname, httpsadminport, true); @@ -1140,13 +1098,13 @@ public class WizardPanelBase implements IWizardPanel { list = "TKSList"; } - CMS.debug("Getting " + portType + " from Security Domain ..."); - if (!portType.equals("UnSecurePort") - && !portType.equals("SecureAgentPort") - && !portType.equals("SecurePort") - && !portType.equals("SecureAdminPort")) { - CMS.debug("getPortFromSecurityDomain: " + "unknown port type " - + portType); + CMS.debug( "Getting " + portType + " from Security Domain ..." ); + if( !portType.equals( "UnSecurePort" ) && + !portType.equals( "SecureAgentPort" ) && + !portType.equals( "SecurePort" ) && + !portType.equals( "SecureAdminPort" ) ) { + CMS.debug( "getPortFromSecurityDomain: " + + "unknown port type " + portType ); return v; } @@ -1156,7 +1114,8 @@ public class WizardPanelBase implements IWizardPanel { NodeList nodeList = doc.getElementsByTagName(type); // save domain name in cfg - config.putString("securitydomain.name", parser.getValue("Name")); + config.putString("securitydomain.name", + parser.getValue("Name")); int len = nodeList.getLength(); @@ -1168,20 +1127,22 @@ public class WizardPanelBase implements IWizardPanel { "Host"); Vector v_port = parser.getValuesFromContainer(nodeList.item(i), portType); - Vector v_admin_port = parser.getValuesFromContainer( - nodeList.item(i), "SecureAdminPort"); + Vector v_admin_port = parser.getValuesFromContainer(nodeList.item(i), + "SecureAdminPort"); - if (v_host.elementAt(0).equals(hostname) - && v_admin_port.elementAt(0).equals( - new Integer(httpsadminport).toString())) { + if (v_host.elementAt(0).equals(hostname) && v_admin_port.elementAt(0).equals(new Integer(httpsadminport).toString())) { // add security domain CA to the beginning of list - v.add(0, - v_name.elementAt(0) + " - https://" - + v_host.elementAt(0) + ":" - + v_port.elementAt(0)); + v.add( 0, v_name.elementAt(0) + + " - https://" + + v_host.elementAt(0) + + ":" + + v_port.elementAt(0) ); } else { - v.addElement(v_name.elementAt(0) + " - https://" - + v_host.elementAt(0) + ":" + v_port.elementAt(0)); + v.addElement( v_name.elementAt(0) + + " - https://" + + v_host.elementAt(0) + + ":" + + v_port.elementAt(0) ); } } } catch (Exception e) { @@ -1193,147 +1154,155 @@ public class WizardPanelBase implements IWizardPanel { // Given an HTTPS Hostname and EE port, // retrieve the associated HTTPS Admin port - public String getSecurityDomainAdminPort(IConfigStore config, - String hostname, String https_ee_port, String cstype) { + public String getSecurityDomainAdminPort( IConfigStore config, + String hostname, + String https_ee_port, + String cstype ) { String https_admin_port = new String(); try { - String sd_hostname = config.getString("securitydomain.host"); - int sd_httpsadminport = config - .getInteger("securitydomain.httpsadminport"); - - CMS.debug("Getting domain.xml from CA ..."); - String c = getDomainXML(sd_hostname, sd_httpsadminport, true); - - CMS.debug("Getting associated HTTPS Admin port from " - + "HTTPS Hostname '" + hostname + "' and EE port '" - + https_ee_port + "'"); - ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); - XMLObject parser = new XMLObject(bis); + String sd_hostname = config.getString( "securitydomain.host" ); + int sd_httpsadminport = + config.getInteger( "securitydomain.httpsadminport" ); + + CMS.debug( "Getting domain.xml from CA ..." ); + String c = getDomainXML( sd_hostname, sd_httpsadminport, true ); + + CMS.debug( "Getting associated HTTPS Admin port from " + + "HTTPS Hostname '" + hostname + + "' and EE port '" + https_ee_port + "'" ); + ByteArrayInputStream bis = new ByteArrayInputStream( c.getBytes() ); + XMLObject parser = new XMLObject( bis ); Document doc = parser.getDocument(); - NodeList nodeList = doc.getElementsByTagName(cstype.toUpperCase()); + NodeList nodeList = doc.getElementsByTagName( cstype.toUpperCase() ); int len = nodeList.getLength(); - for (int i = 0; i < len; i++) { - Vector v_hostname = parser.getValuesFromContainer( - nodeList.item(i), "Host"); - - Vector v_https_ee_port = parser.getValuesFromContainer( - nodeList.item(i), "SecurePort"); - - Vector v_https_admin_port = parser.getValuesFromContainer( - nodeList.item(i), "SecureAdminPort"); - - if (v_hostname.elementAt(0).equals(hostname) - && v_https_ee_port.elementAt(0).equals(https_ee_port)) { - https_admin_port = v_https_admin_port.elementAt(0) - .toString(); + for( int i = 0; i < len; i++ ) { + Vector v_hostname = + parser.getValuesFromContainer( nodeList.item(i), + "Host" ); + + Vector v_https_ee_port = + parser.getValuesFromContainer( nodeList.item(i), + "SecurePort" ); + + Vector v_https_admin_port = + parser.getValuesFromContainer( nodeList.item(i), + "SecureAdminPort" ); + + if( v_hostname.elementAt( 0 ).equals( hostname ) && + v_https_ee_port.elementAt( 0 ).equals( https_ee_port ) ) { + https_admin_port = + v_https_admin_port.elementAt( 0 ).toString(); break; } } } catch (Exception e) { - CMS.debug(e.toString()); + CMS.debug( e.toString() ); } - return (https_admin_port); + return( https_admin_port ); } - public String getSecurityDomainPort(IConfigStore config, String portType) { + public String getSecurityDomainPort( IConfigStore config, + String portType ) { String port = new String(); try { - String hostname = config.getString("securitydomain.host"); - int httpsadminport = config - .getInteger("securitydomain.httpsadminport"); - - CMS.debug("Getting domain.xml from CA ..."); - String c = getDomainXML(hostname, httpsadminport, true); - - CMS.debug("Getting " + portType + " from Security Domain ..."); - if (!portType.equals("UnSecurePort") - && !portType.equals("SecureAgentPort") - && !portType.equals("SecurePort") - && !portType.equals("SecureAdminPort")) { - CMS.debug("getPortFromSecurityDomain: " + "unknown port type " - + portType); + String hostname = config.getString( "securitydomain.host" ); + int httpsadminport = + config.getInteger( "securitydomain.httpsadminport" ); + + CMS.debug( "Getting domain.xml from CA ..." ); + String c = getDomainXML( hostname, httpsadminport, true ); + + CMS.debug( "Getting " + portType + " from Security Domain ..." ); + if( !portType.equals( "UnSecurePort" ) && + !portType.equals( "SecureAgentPort" ) && + !portType.equals( "SecurePort" ) && + !portType.equals( "SecureAdminPort" ) ) { + CMS.debug( "getPortFromSecurityDomain: " + + "unknown port type " + portType ); return ""; } - ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); - XMLObject parser = new XMLObject(bis); + ByteArrayInputStream bis = new ByteArrayInputStream( c.getBytes() ); + XMLObject parser = new XMLObject( bis ); Document doc = parser.getDocument(); - NodeList nodeList = doc.getElementsByTagName("CA"); + NodeList nodeList = doc.getElementsByTagName( "CA" ); int len = nodeList.getLength(); - for (int i = 0; i < len; i++) { - Vector v_admin_port = parser.getValuesFromContainer( - nodeList.item(i), "SecureAdminPort"); + for( int i = 0; i < len; i++ ) { + Vector v_admin_port = + parser.getValuesFromContainer( nodeList.item(i), + "SecureAdminPort" ); Vector v_port = null; - if (portType.equals("UnSecurePort")) { - v_port = parser.getValuesFromContainer(nodeList.item(i), - "UnSecurePort"); - } else if (portType.equals("SecureAgentPort")) { - v_port = parser.getValuesFromContainer(nodeList.item(i), - "SecureAgentPort"); - } else if (portType.equals("SecurePort")) { - v_port = parser.getValuesFromContainer(nodeList.item(i), - "SecurePort"); - } else if (portType.equals("SecureAdminPort")) { - v_port = parser.getValuesFromContainer(nodeList.item(i), - "SecureAdminPort"); + if( portType.equals( "UnSecurePort" ) ) { + v_port = parser.getValuesFromContainer( nodeList.item(i), + "UnSecurePort" ); + } else if( portType.equals( "SecureAgentPort" ) ) { + v_port = parser.getValuesFromContainer( nodeList.item(i), + "SecureAgentPort" ); + } else if( portType.equals( "SecurePort" ) ) { + v_port = parser.getValuesFromContainer( nodeList.item(i), + "SecurePort" ); + } else if( portType.equals( "SecureAdminPort" ) ) { + v_port = parser.getValuesFromContainer( nodeList.item(i), + "SecureAdminPort" ); } - if ((v_port != null) - && (v_admin_port.elementAt(0).equals(Integer - .toString(httpsadminport)))) { - port = v_port.elementAt(0).toString(); + if( ( v_port != null ) && + ( v_admin_port.elementAt( 0 ).equals( + Integer.toString( httpsadminport ) ) ) ) { + port = v_port.elementAt( 0 ).toString(); break; } } } catch (Exception e) { - CMS.debug(e.toString()); + CMS.debug( e.toString() ); } - return (port); + return( port ); } - public String pingCS(String hostname, int port, boolean https, - SSLCertificateApprovalCallback certApprovalCallback) - throws IOException { - CMS.debug("WizardPanelBase pingCS: started"); + public String pingCS( String hostname, int port, boolean https, + SSLCertificateApprovalCallback certApprovalCallback ) + throws IOException { + CMS.debug( "WizardPanelBase pingCS: started" ); - String c = getHttpResponse(hostname, port, https, - "/ca/admin/ca/getStatus", null, null, certApprovalCallback); + String c = getHttpResponse( hostname, port, https, + "/ca/admin/ca/getStatus", + null, null, certApprovalCallback ); - if (c != null) { + if( c != null ) { try { - ByteArrayInputStream bis = new ByteArrayInputStream( - c.getBytes()); + ByteArrayInputStream bis = new + ByteArrayInputStream( c.getBytes() ); XMLObject parser = null; String state = null; try { - parser = new XMLObject(bis); - CMS.debug("WizardPanelBase pingCS: got XML parsed"); - state = parser.getValue("State"); + parser = new XMLObject( bis ); + CMS.debug( "WizardPanelBase pingCS: got XML parsed" ); + state = parser.getValue( "State" ); - if (state != null) { - CMS.debug("WizardPanelBase pingCS: state=" + state); + if( state != null ) { + CMS.debug( "WizardPanelBase pingCS: state=" + state ); } } catch (Exception e) { - CMS.debug("WizardPanelBase: pingCS: parser failed" - + e.toString()); + CMS.debug( "WizardPanelBase: pingCS: parser failed" + + e.toString() ); } return state; - } catch (Exception e) { - CMS.debug("WizardPanelBase: pingCS: " + e.toString()); - throw new IOException(e.toString()); + } catch( Exception e ) { + CMS.debug( "WizardPanelBase: pingCS: " + e.toString() ); + throw new IOException( e.toString() ); } } - CMS.debug("WizardPanelBase pingCS: stopped"); + CMS.debug( "WizardPanelBase pingCS: stopped" ); return null; } @@ -1342,7 +1311,7 @@ public class WizardPanelBase implements IWizardPanel { if (s.equals("CA")) { x = "ca"; } else if (s.equals("KRA")) { - x = "kra"; + x = "kra"; } else if (s.equals("OCSP")) { x = "ocsp"; } else if (s.equals("TKS")) { @@ -1352,26 +1321,25 @@ public class WizardPanelBase implements IWizardPanel { return x; } - public void getTokenInfo(IConfigStore config, String type, String host, - int https_ee_port, boolean https, Context context, - ConfigCertApprovalCallback certApprovalCallback) throws IOException { + public void getTokenInfo(IConfigStore config, String type, String host, + int https_ee_port, boolean https, Context context, + ConfigCertApprovalCallback certApprovalCallback) throws IOException { CMS.debug("WizardPanelBase getTokenInfo start"); - String uri = "/" + type + "/ee/" + type + "/getTokenInfo"; - CMS.debug("WizardPanelBase getTokenInfo: uri=" + uri); + String uri = "/"+type+"/ee/"+type+"/getTokenInfo"; + CMS.debug("WizardPanelBase getTokenInfo: uri="+uri); String c = getHttpResponse(host, https_ee_port, https, uri, null, null, - certApprovalCallback); + certApprovalCallback); if (c != null) { try { - ByteArrayInputStream bis = new ByteArrayInputStream( - c.getBytes()); + ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); XMLObject parser = null; try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug("WizardPanelBase::getTokenInfo() - " - + "Exception=" + e.toString()); - throw new IOException(e.toString()); + CMS.debug( "WizardPanelBase::getTokenInfo() - " + + "Exception="+e.toString() ); + throw new IOException( e.toString() ); } String status = parser.getValue("Status"); @@ -1382,7 +1350,7 @@ public class WizardPanelBase implements IWizardPanel { Document doc = parser.getDocument(); NodeList list = doc.getElementsByTagName("name"); int len = list.getLength(); - for (int i = 0; i < len; i++) { + for (int i=0; i<len; i++) { Node n = list.item(i); NodeList nn = n.getChildNodes(); String name = nn.item(0).getNodeValue(); @@ -1390,35 +1358,30 @@ public class WizardPanelBase implements IWizardPanel { nn = parent.getChildNodes(); int len1 = nn.getLength(); String v = ""; - for (int j = 0; j < len1; j++) { + for (int j=0; j<len1; j++) { Node nv = nn.item(j); String val = nv.getNodeName(); if (val.equals("value")) { NodeList n2 = nv.getChildNodes(); if (n2.getLength() > 0) v = n2.item(0).getNodeValue(); - break; + break; } } - if (name.equals("cloning.signing.nickname")) { + if (name.equals("cloning.signing.nickname")) { config.putString("preop.master.signing.nickname", v); config.putString(type + ".cert.signing.nickname", v); config.putString(name, v); } else if (name.equals("cloning.ocsp_signing.nickname")) { - config.putString( - "preop.master.ocsp_signing.nickname", v); - config.putString(type - + ".cert.ocsp_signing.nickname", v); + config.putString("preop.master.ocsp_signing.nickname", v); + config.putString(type + ".cert.ocsp_signing.nickname", v); config.putString(name, v); } else if (name.equals("cloning.subsystem.nickname")) { - config.putString("preop.master.subsystem.nickname", - v); - config.putString(type + ".cert.subsystem.nickname", - v); + config.putString("preop.master.subsystem.nickname", v); + config.putString(type + ".cert.subsystem.nickname", v); config.putString(name, v); } else if (name.equals("cloning.transport.nickname")) { - config.putString("preop.master.transport.nickname", - v); + config.putString("preop.master.transport.nickname", v); config.putString("kra.transportUnit.nickName", v); config.putString("kra.cert.transport.nickname", v); config.putString(name, v); @@ -1427,45 +1390,35 @@ public class WizardPanelBase implements IWizardPanel { config.putString("kra.storageUnit.nickName", v); config.putString("kra.cert.storage.nickname", v); config.putString(name, v); - } else if (name - .equals("cloning.audit_signing.nickname")) { - config.putString( - "preop.master.audit_signing.nickname", v); - config.putString(type - + ".cert.audit_signing.nickname", v); + } else if (name.equals("cloning.audit_signing.nickname")) { + config.putString("preop.master.audit_signing.nickname", v); + config.putString(type + ".cert.audit_signing.nickname", v); config.putString(name, v); } else if (name.equals("cloning.module.token")) { config.putString("preop.module.token", v); } else if (name.startsWith("cloning.ca")) { - config.putString( - name.replaceFirst("cloning", "preop"), v); + config.putString(name.replaceFirst("cloning", "preop"), v); } else if (name.startsWith("cloning")) { - config.putString( - name.replaceFirst("cloning", "preop.cert"), - v); + config.putString(name.replaceFirst("cloning", "preop.cert"), v); } else { config.putString(name, v); } } // reset nicknames for system cert verification - String token = config.getString("preop.module.token", - "Internal Key Storage Token"); - if (!token.equals("Internal Key Storage Token")) { + String token = config.getString("preop.module.token", + "Internal Key Storage Token"); + if (! token.equals("Internal Key Storage Token")) { String certlist = config.getString("preop.cert.list"); StringTokenizer t1 = new StringTokenizer(certlist, ","); while (t1.hasMoreTokens()) { String tag = t1.nextToken(); - if (tag.equals("sslserver")) - continue; - config.putString( - type + ".cert." + tag + ".nickname", - token - + ":" - + config.getString(type + ".cert." - + tag + ".nickname", "")); - } + if (tag.equals("sslserver")) continue; + config.putString(type + ".cert." + tag + ".nickname", + token + ":" + + config.getString(type + ".cert." + tag + ".nickname", "")); + } } } else { String error = parser.getValue("Error"); @@ -1478,7 +1431,7 @@ public class WizardPanelBase implements IWizardPanel { CMS.debug("WizardPanelBase: getTokenInfo: " + e.toString()); throw new IOException(e.toString()); } - } + } } public void importCertChain(String id) throws IOException { @@ -1489,32 +1442,31 @@ public class WizardPanelBase implements IWizardPanel { try { pkcs7 = config.getString(configName, ""); - } catch (Exception e) { - } + } catch (Exception e) {} if (pkcs7.length() > 0) { try { CryptoUtil.importCertificateChain(pkcs7); } catch (Exception e) { - CMS.debug("DisplayCertChainPanel importCertChain: Exception: " - + e.toString()); + CMS.debug("DisplayCertChainPanel importCertChain: Exception: "+e.toString()); } } } public void updateCertChain(IConfigStore config, String name, String host, - int https_admin_port, boolean https, Context context) - throws IOException { - updateCertChain(config, name, host, https_admin_port, https, context, - null); + int https_admin_port, boolean https, Context context) throws IOException { + updateCertChain( config, name, host, https_admin_port, + https, context, null ); } public void updateCertChain(IConfigStore config, String name, String host, - int https_admin_port, boolean https, Context context, - ConfigCertApprovalCallback certApprovalCallback) throws IOException { - String certchain = getCertChainUsingSecureAdminPort(host, - https_admin_port, https, certApprovalCallback); - config.putString("preop." + name + ".pkcs7", certchain); + int https_admin_port, boolean https, Context context, + ConfigCertApprovalCallback certApprovalCallback) throws IOException { + String certchain = getCertChainUsingSecureAdminPort( host, + https_admin_port, + https, + certApprovalCallback ); + config.putString("preop."+name+".pkcs7", certchain); byte[] decoded = CryptoUtil.base64Decode(certchain); java.security.cert.X509Certificate[] b_certchain = null; @@ -1522,7 +1474,8 @@ public class WizardPanelBase implements IWizardPanel { try { b_certchain = CryptoUtil.getX509CertificateFromPKCS7(decoded); } catch (Exception e) { - context.put("errorString", "Failed to get the certificate chain."); + context.put("errorString", + "Failed to get the certificate chain."); return; } @@ -1530,7 +1483,7 @@ public class WizardPanelBase implements IWizardPanel { if (b_certchain != null) { size = b_certchain.length; } - config.putInteger("preop." + name + ".certchain.size", size); + config.putInteger("preop."+name+".certchain.size", size); for (int i = 0; i < size; i++) { byte[] bb = null; @@ -1538,11 +1491,11 @@ public class WizardPanelBase implements IWizardPanel { bb = b_certchain[i].getEncoded(); } catch (Exception e) { context.put("errorString", - "Failed to get the der-encoded certificate chain."); + "Failed to get the der-encoded certificate chain."); return; } - config.putString("preop." + name + ".certchain." + i, - CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bb))); + config.putString("preop."+name+".certchain." + i, + CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bb))); } try { @@ -1551,13 +1504,16 @@ public class WizardPanelBase implements IWizardPanel { } } - public void updateCertChainUsingSecureEEPort(IConfigStore config, - String name, String host, int https_ee_port, boolean https, - Context context, ConfigCertApprovalCallback certApprovalCallback) - throws IOException { - String certchain = getCertChainUsingSecureEEPort(host, https_ee_port, - https, certApprovalCallback); - config.putString("preop." + name + ".pkcs7", certchain); + public void updateCertChainUsingSecureEEPort( IConfigStore config, + String name, String host, + int https_ee_port, + boolean https, + Context context, + ConfigCertApprovalCallback certApprovalCallback ) throws IOException { + String certchain = getCertChainUsingSecureEEPort( host, https_ee_port, + https, + certApprovalCallback); + config.putString("preop."+name+".pkcs7", certchain); byte[] decoded = CryptoUtil.base64Decode(certchain); java.security.cert.X509Certificate[] b_certchain = null; @@ -1565,7 +1521,8 @@ public class WizardPanelBase implements IWizardPanel { try { b_certchain = CryptoUtil.getX509CertificateFromPKCS7(decoded); } catch (Exception e) { - context.put("errorString", "Failed to get the certificate chain."); + context.put("errorString", + "Failed to get the certificate chain."); return; } @@ -1573,7 +1530,7 @@ public class WizardPanelBase implements IWizardPanel { if (b_certchain != null) { size = b_certchain.length; } - config.putInteger("preop." + name + ".certchain.size", size); + config.putInteger("preop."+name+".certchain.size", size); for (int i = 0; i < size; i++) { byte[] bb = null; @@ -1581,11 +1538,11 @@ public class WizardPanelBase implements IWizardPanel { bb = b_certchain[i].getEncoded(); } catch (Exception e) { context.put("errorString", - "Failed to get the der-encoded certificate chain."); + "Failed to get the der-encoded certificate chain."); return; } - config.putString("preop." + name + ".certchain." + i, - CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bb))); + config.putString("preop."+name+".certchain." + i, + CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bb))); } try { @@ -1600,28 +1557,27 @@ public class WizardPanelBase implements IWizardPanel { CryptoToken tok = cm.getTokenByName(tokenname); CryptoStore store = tok.getCryptoStore(); String fullnickname = nickname; - if (!tokenname.equals("") - && !tokenname.equals("Internal Key Storage Token") - && !tokenname.equals("internal")) - fullnickname = tokenname + ":" + nickname; + if (!tokenname.equals("") && + !tokenname.equals("Internal Key Storage Token") && + !tokenname.equals("internal")) + fullnickname = tokenname+":"+nickname; - CMS.debug("WizardPanelBase deleteCert: nickname=" + fullnickname); - org.mozilla.jss.crypto.X509Certificate cert = cm - .findCertByNickname(fullnickname); + CMS.debug("WizardPanelBase deleteCert: nickname="+fullnickname); + org.mozilla.jss.crypto.X509Certificate cert = cm.findCertByNickname(fullnickname); if (store instanceof PK11Store) { CMS.debug("WizardPanelBase deleteCert: this is pk11store"); - PK11Store pk11store = (PK11Store) store; + PK11Store pk11store = (PK11Store)store; pk11store.deleteCertOnly(cert); CMS.debug("WizardPanelBase deleteCert: cert deleted successfully"); } } catch (Exception e) { - CMS.debug("WizardPanelBase deleteCert: Exception=" + e.toString()); + CMS.debug("WizardPanelBase deleteCert: Exception="+e.toString()); } } public void deleteEntries(LDAPSearchResults res, LDAPConnection conn, - String dn, String[] entries) { + String dn, String[] entries) { String[] attrs = null; LDAPSearchConstraints cons = null; String filter = "objectclass=*"; @@ -1633,32 +1589,29 @@ public class WizardPanelBase implements IWizardPanel { while (res.hasMoreElements()) { LDAPEntry entry = res.next(); String dn1 = entry.getDN(); - LDAPSearchResults res1 = conn.search(dn1, 1, filter, attrs, - true, cons); + LDAPSearchResults res1 = conn.search(dn1, 1, filter, attrs, true, cons); deleteEntries(res1, conn, dn1, entries); deleteEntry(conn, dn1, entries); } } } catch (Exception ee) { - CMS.debug("WizardPanelBase deleteEntries: Exception=" - + ee.toString()); + CMS.debug("WizardPanelBase deleteEntries: Exception="+ee.toString()); } } public void deleteEntry(LDAPConnection conn, String dn, String[] entries) { try { - for (int i = 0; i < entries.length; i++) { + for (int i=0; i<entries.length; i++) { if (LDAPDN.equals(dn, entries[i])) { - CMS.debug("WizardPanelBase deleteEntry: entry with this dn " - + dn + " is not deleted."); + CMS.debug("WizardPanelBase deleteEntry: entry with this dn "+dn+" is not deleted."); return; } } - CMS.debug("WizardPanelBase deleteEntry: deleting dn=" + dn); + CMS.debug("WizardPanelBase deleteEntry: deleting dn="+dn); conn.delete(dn); } catch (Exception e) { - CMS.debug("WizardPanelBase deleteEntry: Exception=" + e.toString()); + CMS.debug("WizardPanelBase deleteEntry: Exception="+e.toString()); } } @@ -1671,17 +1624,12 @@ public class WizardPanelBase implements IWizardPanel { int cs_port = cs.getInteger("pkicreate.admin_secure_port", -1); int panel = getPanelNo(); String subsystem = cs.getString("cs.type", ""); - String urlVal = "https://" + cs_hostname + ":" + cs_port + "/" - + toLowerCaseSubsystemType(subsystem) - + "/admin/console/config/wizard?p=" + panel + "&subsystem=" - + subsystem; + String urlVal = "https://"+cs_hostname+":"+cs_port+"/"+toLowerCaseSubsystemType(subsystem)+"/admin/console/config/wizard?p="+panel+"&subsystem="+subsystem; String encodedValue = URLEncoder.encode(urlVal, "UTF-8"); - String sdurl = "https://" + hostname + ":" + port - + "/ca/admin/ca/securityDomainLogin?url=" + encodedValue; + String sdurl = "https://"+hostname+":"+port+"/ca/admin/ca/securityDomainLogin?url="+encodedValue; response.sendRedirect(sdurl); } catch (Exception e) { - CMS.debug("WizardPanelBase reloginSecurityDomain: Exception=" - + e.toString()); + CMS.debug("WizardPanelBase reloginSecurityDomain: Exception="+e.toString()); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/filter/AdminRequestFilter.java b/pki/base/common/src/com/netscape/cms/servlet/filter/AdminRequestFilter.java index 73f4e367..bbfa4b39 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/filter/AdminRequestFilter.java +++ b/pki/base/common/src/com/netscape/cms/servlet/filter/AdminRequestFilter.java @@ -28,24 +28,30 @@ import javax.servlet.http.HttpServletResponse; import com.netscape.certsrv.apps.CMS; -public class AdminRequestFilter implements Filter { +public class AdminRequestFilter implements Filter +{ private static final String HTTPS_SCHEME = "https"; private static final String HTTPS_PORT = "https_port"; private static final String HTTPS_ROLE = "Admin"; private static final String PROXY_PORT = "proxy_port"; private FilterConfig config; - + /* Create a new AdminRequestFilter */ - public AdminRequestFilter() { - } - - public void init(FilterConfig filterConfig) throws ServletException { + public AdminRequestFilter() {} + + public void init( FilterConfig filterConfig ) + throws ServletException + { this.config = filterConfig; } - - public void doFilter(ServletRequest request, ServletResponse response, - FilterChain chain) throws java.io.IOException, ServletException { + + public void doFilter( ServletRequest request, + ServletResponse response, + FilterChain chain ) + throws java.io.IOException, + ServletException + { String filterName = getClass().getName(); String scheme = null; @@ -58,32 +64,32 @@ public class AdminRequestFilter implements Filter { String param_active = null; // CMS.debug("Entering the admin filter"); - param_active = config.getInitParameter("active"); + param_active = config.getInitParameter( "active"); - if (request instanceof HttpServletRequest) { - HttpServletResponse resp = (HttpServletResponse) response; + if( request instanceof HttpServletRequest ) { + HttpServletResponse resp = ( HttpServletResponse ) response; - // RFC 1738: verify that scheme is "https" + // RFC 1738: verify that scheme is "https" scheme = request.getScheme(); - if (!scheme.equals(HTTPS_SCHEME)) { - msg = "The scheme MUST be '" + HTTPS_SCHEME + "', NOT '" - + scheme + "'!"; - CMS.debug(filterName + ": " + msg); - resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, msg); + if( ! scheme.equals( HTTPS_SCHEME ) ) { + msg = "The scheme MUST be '" + HTTPS_SCHEME + + "', NOT '" + scheme + "'!"; + CMS.debug( filterName + ": " + msg ); + resp.sendError( HttpServletResponse.SC_UNAUTHORIZED, msg ); return; } // Always obtain an "https" port from request port = request.getLocalPort(); - request_port = Integer.toString(port); + request_port = Integer.toString( port ); // Always obtain the "https" port passed in as a parameter - param_https_port = config.getInitParameter(HTTPS_PORT); - if (param_https_port == null) { - msg = "The <param-name> '" + HTTPS_PORT + "' </param-name> " - + "MUST be specified in 'web.xml'!"; - CMS.debug(filterName + ": " + msg); - resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg); + param_https_port = config.getInitParameter( HTTPS_PORT ); + if( param_https_port == null ) { + msg = "The <param-name> '" + HTTPS_PORT + + "' </param-name> " + "MUST be specified in 'web.xml'!"; + CMS.debug( filterName + ": " + msg ); + resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg ); return; } @@ -91,30 +97,29 @@ public class AdminRequestFilter implements Filter { boolean bad_port = false; // Compare the request and param "https" ports - if (!param_https_port.equals(request_port)) { + if( ! param_https_port.equals( request_port ) ) { String uri = ((HttpServletRequest) request).getRequestURI(); - if (param_proxy_port != null) { + if (param_proxy_port != null) { if (!param_proxy_port.equals(request_port)) { msg = "Use HTTPS port '" + param_https_port - + "' or proxy port '" + param_proxy_port - + "' instead of '" + request_port - + "' when performing " + HTTPS_ROLE + " tasks!"; + + "' or proxy port '" + param_proxy_port + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; bad_port = true; } } else { msg = "Use HTTPS port '" + param_https_port - + "' instead of '" + request_port - + "' when performing " + HTTPS_ROLE + " tasks!"; + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; bad_port = true; } if (bad_port) { - CMS.debug(filterName + ": " + msg); - CMS.debug(filterName + ": uri is " + uri); - if ((param_active != null) - && (param_active.equals("false"))) { + CMS.debug( filterName + ": " + msg ); + CMS.debug( filterName + ": uri is " + uri); + if ((param_active != null) &&(param_active.equals("false"))) { CMS.debug("Filter is disabled .. continuing"); } else { - resp.sendError(HttpServletResponse.SC_NOT_FOUND, msg); + resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg ); return; } } @@ -123,9 +128,11 @@ public class AdminRequestFilter implements Filter { // CMS.debug("Exiting the admin filter"); - chain.doFilter(request, response); + chain.doFilter( request, response ); } - - public void destroy() { + + public void destroy() + { } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/filter/AgentRequestFilter.java b/pki/base/common/src/com/netscape/cms/servlet/filter/AgentRequestFilter.java index c9c651b6..1ae44a64 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/filter/AgentRequestFilter.java +++ b/pki/base/common/src/com/netscape/cms/servlet/filter/AgentRequestFilter.java @@ -28,24 +28,30 @@ import javax.servlet.http.HttpServletResponse; import com.netscape.certsrv.apps.CMS; -public class AgentRequestFilter implements Filter { +public class AgentRequestFilter implements Filter +{ private static final String HTTPS_SCHEME = "https"; private static final String HTTPS_PORT = "https_port"; private static final String HTTPS_ROLE = "Agent"; private static final String PROXY_PORT = "proxy_port"; private FilterConfig config; - + /* Create a new AgentRequestFilter */ - public AgentRequestFilter() { - } - - public void init(FilterConfig filterConfig) throws ServletException { + public AgentRequestFilter() {} + + public void init( FilterConfig filterConfig ) + throws ServletException + { this.config = filterConfig; } - - public void doFilter(ServletRequest request, ServletResponse response, - FilterChain chain) throws java.io.IOException, ServletException { + + public void doFilter( ServletRequest request, + ServletResponse response, + FilterChain chain ) + throws java.io.IOException, + ServletException + { String filterName = getClass().getName(); String scheme = null; @@ -59,32 +65,32 @@ public class AgentRequestFilter implements Filter { String param_active = null; // CMS.debug("Entering the agent filter"); - param_active = config.getInitParameter("active"); + param_active = config.getInitParameter( "active"); - if (request instanceof HttpServletRequest) { - HttpServletResponse resp = (HttpServletResponse) response; + if( request instanceof HttpServletRequest ) { + HttpServletResponse resp = ( HttpServletResponse ) response; - // RFC 1738: verify that scheme is "https" + // RFC 1738: verify that scheme is "https" scheme = request.getScheme(); - if (!scheme.equals(HTTPS_SCHEME)) { - msg = "The scheme MUST be '" + HTTPS_SCHEME + "', NOT '" - + scheme + "'!"; - CMS.debug(filterName + ": " + msg); - resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, msg); + if( ! scheme.equals( HTTPS_SCHEME ) ) { + msg = "The scheme MUST be '" + HTTPS_SCHEME + + "', NOT '" + scheme + "'!"; + CMS.debug( filterName + ": " + msg ); + resp.sendError( HttpServletResponse.SC_UNAUTHORIZED, msg ); return; } // Always obtain an "https" port from request port = request.getLocalPort(); - request_port = Integer.toString(port); + request_port = Integer.toString( port ); // Always obtain the "https" port passed in as a parameter - param_https_port = config.getInitParameter(HTTPS_PORT); - if (param_https_port == null) { - msg = "The <param-name> '" + HTTPS_PORT + "' </param-name> " - + "MUST be specified in 'web.xml'!"; - CMS.debug(filterName + ": " + msg); - resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg); + param_https_port = config.getInitParameter( HTTPS_PORT ); + if( param_https_port == null ) { + msg = "The <param-name> '" + HTTPS_PORT + + "' </param-name> " + "MUST be specified in 'web.xml'!"; + CMS.debug( filterName + ": " + msg ); + resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg ); return; } @@ -92,30 +98,29 @@ public class AgentRequestFilter implements Filter { boolean bad_port = false; // Compare the request and param "https" ports - if (!param_https_port.equals(request_port)) { + if( ! param_https_port.equals( request_port ) ) { String uri = ((HttpServletRequest) request).getRequestURI(); if (param_proxy_port != null) { if (!param_proxy_port.equals(request_port)) { msg = "Use HTTPS port '" + param_https_port - + "' or proxy port '" + param_proxy_port - + "' instead of '" + request_port - + "' when performing " + HTTPS_ROLE + " tasks!"; + + "' or proxy port '" + param_proxy_port + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; bad_port = true; } } else { msg = "Use HTTPS port '" + param_https_port - + "' instead of '" + request_port - + "' when performing " + HTTPS_ROLE + " tasks!"; + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; bad_port = true; } if (bad_port) { - CMS.debug(filterName + ": " + msg); - CMS.debug(filterName + ": uri is " + uri); - if ((param_active != null) - && (param_active.equals("false"))) { + CMS.debug( filterName + ": " + msg ); + CMS.debug( filterName + ": uri is " + uri); + if ((param_active != null) &&(param_active.equals("false"))) { CMS.debug("Filter is disabled .. continuing"); } else { - resp.sendError(HttpServletResponse.SC_NOT_FOUND, msg); + resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg ); return; } } @@ -123,9 +128,11 @@ public class AgentRequestFilter implements Filter { } // CMS.debug("Exiting the Agent filter"); - chain.doFilter(request, response); + chain.doFilter( request, response ); } - - public void destroy() { + + public void destroy() + { } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/filter/EEClientAuthRequestFilter.java b/pki/base/common/src/com/netscape/cms/servlet/filter/EEClientAuthRequestFilter.java index 023d20dd..8b53c6c6 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/filter/EEClientAuthRequestFilter.java +++ b/pki/base/common/src/com/netscape/cms/servlet/filter/EEClientAuthRequestFilter.java @@ -28,24 +28,30 @@ import javax.servlet.http.HttpServletResponse; import com.netscape.certsrv.apps.CMS; -public class EEClientAuthRequestFilter implements Filter { +public class EEClientAuthRequestFilter implements Filter +{ private static final String HTTPS_SCHEME = "https"; private static final String HTTPS_PORT = "https_port"; private static final String HTTPS_ROLE = "EE Client Auth"; private static final String PROXY_PORT = "proxy_port"; private FilterConfig config; - + /* Create a new EEClientAuthRequestFilter */ - public EEClientAuthRequestFilter() { - } - - public void init(FilterConfig filterConfig) throws ServletException { + public EEClientAuthRequestFilter() {} + + public void init( FilterConfig filterConfig ) + throws ServletException + { this.config = filterConfig; } - - public void doFilter(ServletRequest request, ServletResponse response, - FilterChain chain) throws java.io.IOException, ServletException { + + public void doFilter( ServletRequest request, + ServletResponse response, + FilterChain chain ) + throws java.io.IOException, + ServletException + { String filterName = getClass().getName(); String scheme = null; @@ -58,32 +64,32 @@ public class EEClientAuthRequestFilter implements Filter { String param_proxy_port = null; // CMS.debug("Entering the EECA filter"); - param_active = config.getInitParameter("active"); + param_active = config.getInitParameter( "active"); - if (request instanceof HttpServletRequest) { - HttpServletResponse resp = (HttpServletResponse) response; + if( request instanceof HttpServletRequest ) { + HttpServletResponse resp = ( HttpServletResponse ) response; - // RFC 1738: verify that scheme is "https" + // RFC 1738: verify that scheme is "https" scheme = request.getScheme(); - if (!scheme.equals(HTTPS_SCHEME)) { - msg = "The scheme MUST be '" + HTTPS_SCHEME + "', NOT '" - + scheme + "'!"; - CMS.debug(filterName + ": " + msg); - resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, msg); + if( ! scheme.equals( HTTPS_SCHEME ) ) { + msg = "The scheme MUST be '" + HTTPS_SCHEME + + "', NOT '" + scheme + "'!"; + CMS.debug( filterName + ": " + msg ); + resp.sendError( HttpServletResponse.SC_UNAUTHORIZED, msg ); return; } // Always obtain an "https" port from request port = request.getLocalPort(); - request_port = Integer.toString(port); + request_port = Integer.toString( port ); // Always obtain the "https" port passed in as a parameter - param_https_port = config.getInitParameter(HTTPS_PORT); - if (param_https_port == null) { - msg = "The <param-name> '" + HTTPS_PORT + "' </param-name> " - + "MUST be specified in 'web.xml'!"; - CMS.debug(filterName + ": " + msg); - resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg); + param_https_port = config.getInitParameter( HTTPS_PORT ); + if( param_https_port == null ) { + msg = "The <param-name> '" + HTTPS_PORT + + "' </param-name> " + "MUST be specified in 'web.xml'!"; + CMS.debug( filterName + ": " + msg ); + resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg ); return; } @@ -91,40 +97,41 @@ public class EEClientAuthRequestFilter implements Filter { boolean bad_port = false; // Compare the request and param "https" ports - if (!param_https_port.equals(request_port)) { + if( ! param_https_port.equals( request_port ) ) { String uri = ((HttpServletRequest) request).getRequestURI(); if (param_proxy_port != null) { if (!param_proxy_port.equals(request_port)) { msg = "Use HTTPS port '" + param_https_port - + "' or proxy port '" + param_proxy_port - + "' instead of '" + request_port - + "' when performing " + HTTPS_ROLE + " tasks!"; + + "' or proxy port '" + param_proxy_port + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; bad_port = true; } } else { msg = "Use HTTPS port '" + param_https_port - + "' instead of '" + request_port - + "' when performing " + HTTPS_ROLE + " tasks!"; + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; bad_port = true; } if (bad_port) { - CMS.debug(filterName + ": " + msg); - CMS.debug(filterName + ": uri is " + uri); - if ((param_active != null) - && (param_active.equals("false"))) { + CMS.debug( filterName + ": " + msg ); + CMS.debug( filterName + ": uri is " + uri); + if ((param_active != null) &&(param_active.equals("false"))) { CMS.debug("Filter is disabled .. continuing"); } else { - resp.sendError(HttpServletResponse.SC_NOT_FOUND, msg); + resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg ); return; } } } } - // CMS.debug("exiting the EECA filter"); + // CMS.debug("exiting the EECA filter"); - chain.doFilter(request, response); + chain.doFilter( request, response ); } - - public void destroy() { + + public void destroy() + { } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/filter/EERequestFilter.java b/pki/base/common/src/com/netscape/cms/servlet/filter/EERequestFilter.java index 2461f1a0..f66cf087 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/filter/EERequestFilter.java +++ b/pki/base/common/src/com/netscape/cms/servlet/filter/EERequestFilter.java @@ -28,7 +28,8 @@ import javax.servlet.http.HttpServletResponse; import com.netscape.certsrv.apps.CMS; -public class EERequestFilter implements Filter { +public class EERequestFilter implements Filter +{ private static final String HTTP_SCHEME = "http"; private static final String HTTP_PORT = "http_port"; private static final String HTTP_ROLE = "EE"; @@ -39,17 +40,22 @@ public class EERequestFilter implements Filter { private static final String PROXY_HTTP_PORT = "proxy_http_port"; private FilterConfig config; - + /* Create a new EERequestFilter */ - public EERequestFilter() { - } - - public void init(FilterConfig filterConfig) throws ServletException { + public EERequestFilter() {} + + public void init( FilterConfig filterConfig ) + throws ServletException + { this.config = filterConfig; } - - public void doFilter(ServletRequest request, ServletResponse response, - FilterChain chain) throws java.io.IOException, ServletException { + + public void doFilter( ServletRequest request, + ServletResponse response, + FilterChain chain ) + throws java.io.IOException, + ServletException + { String filterName = getClass().getName(); String scheme = null; @@ -64,43 +70,45 @@ public class EERequestFilter implements Filter { String param_active = null; // CMS.debug("Entering the EE filter"); - param_active = config.getInitParameter("active"); + param_active = config.getInitParameter( "active"); - if (request instanceof HttpServletRequest) { - HttpServletResponse resp = (HttpServletResponse) response; + if( request instanceof HttpServletRequest ) { + HttpServletResponse resp = ( HttpServletResponse ) response; - // RFC 1738: verify that scheme is either "http" or "https" + // RFC 1738: verify that scheme is either "http" or "https" scheme = request.getScheme(); - if ((!scheme.equals(HTTP_SCHEME)) && (!scheme.equals(HTTPS_SCHEME))) { - msg = "The scheme MUST be either '" + HTTP_SCHEME + "' or '" - + HTTPS_SCHEME + "', NOT '" + scheme + "'!"; - CMS.debug(filterName + ": " + msg); - resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, msg); - return; + if( ( ! scheme.equals( HTTP_SCHEME ) ) && + ( ! scheme.equals( HTTPS_SCHEME ) ) ) { + msg = "The scheme MUST be either '" + HTTP_SCHEME + + "' or '" + HTTPS_SCHEME + + "', NOT '" + scheme + "'!"; + CMS.debug( filterName + ": " + msg ); + resp.sendError( HttpServletResponse.SC_UNAUTHORIZED, msg ); + return; } // Always obtain either an "http" or an "https" port from request port = request.getLocalPort(); - request_port = Integer.toString(port); + request_port = Integer.toString( port ); // Always obtain the "http" port passed in as a parameter - param_http_port = config.getInitParameter(HTTP_PORT); - if (param_http_port == null) { - msg = "The <param-name> '" + HTTP_PORT + "' </param-name> " - + "MUST be specified in 'web.xml'!"; - CMS.debug(filterName + ": " + msg); - resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg); - return; + param_http_port = config.getInitParameter( HTTP_PORT ); + if( param_http_port == null ) { + msg = "The <param-name> '" + HTTP_PORT + + "' </param-name> " + "MUST be specified in 'web.xml'!"; + CMS.debug( filterName + ": " + msg ); + resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg ); + return; } // Always obtain the "https" port passed in as a parameter - param_https_port = config.getInitParameter(HTTPS_PORT); - if (param_https_port == null) { - msg = "The <param-name> '" + HTTPS_PORT + "' </param-name> " - + "MUST be specified in 'web.xml'!"; - CMS.debug(filterName + ": " + msg); - resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg); - return; + param_https_port = config.getInitParameter( HTTPS_PORT ); + if( param_https_port == null ) { + msg = "The <param-name> '" + HTTPS_PORT + + "' </param-name> " + "MUST be specified in 'web.xml'!"; + CMS.debug( filterName + ": " + msg ); + resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg ); + return; } param_proxy_http_port = config.getInitParameter(PROXY_HTTP_PORT); @@ -111,64 +119,58 @@ public class EERequestFilter implements Filter { // the request and param "http" ports; // otherwise, if the scheme is "https", compare // the request and param "https" ports - if (scheme.equals(HTTP_SCHEME)) { - if (!param_http_port.equals(request_port)) { + if( scheme.equals( HTTP_SCHEME ) ) { + if( ! param_http_port.equals( request_port ) ) { String uri = ((HttpServletRequest) request).getRequestURI(); - if (param_proxy_http_port != null) { + if (param_proxy_http_port != null) { if (!param_proxy_http_port.equals(request_port)) { msg = "Use HTTP port '" + param_http_port - + "' or proxy port '" - + param_proxy_http_port + "' instead of '" - + request_port + "' when performing " - + HTTP_ROLE + " tasks!"; + + "' or proxy port '" + param_proxy_http_port + + "' instead of '" + request_port + + "' when performing " + HTTP_ROLE + " tasks!"; bad_port = true; } } else { msg = "Use HTTP port '" + param_http_port - + "' instead of '" + request_port - + "' when performing " + HTTP_ROLE + " tasks!"; + + "' instead of '" + request_port + + "' when performing " + HTTP_ROLE + " tasks!"; bad_port = true; } if (bad_port) { - CMS.debug(filterName + ": " + msg); - CMS.debug(filterName + ": uri is " + uri); - if ((param_active != null) - && (param_active.equals("false"))) { + CMS.debug( filterName + ": " + msg ); + CMS.debug( filterName + ": uri is " + uri); + if ((param_active != null) &&(param_active.equals("false"))) { CMS.debug("Filter is disabled .. continuing"); } else { - resp.sendError(HttpServletResponse.SC_NOT_FOUND, - msg); + resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg ); return; } } } - } else if (scheme.equals(HTTPS_SCHEME)) { - if (!param_https_port.equals(request_port)) { + } else if( scheme.equals( HTTPS_SCHEME ) ) { + if( ! param_https_port.equals( request_port ) ) { String uri = ((HttpServletRequest) request).getRequestURI(); - if (param_proxy_port != null) { + if (param_proxy_port != null) { if (!param_proxy_port.equals(request_port)) { msg = "Use HTTPS port '" + param_https_port - + "' or proxy port '" + param_proxy_port - + "' instead of '" + request_port - + "' when performing " + HTTPS_ROLE - + " tasks!"; + + "' or proxy port '" + param_proxy_port + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; bad_port = true; } } else { msg = "Use HTTPS port '" + param_https_port - + "' instead of '" + request_port - + "' when performing " + HTTPS_ROLE + " tasks!"; + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; bad_port = true; } if (bad_port) { - CMS.debug(filterName + ": " + msg); - CMS.debug(filterName + ": uri is " + uri); - if ((param_active != null) - && (param_active.equals("false"))) { + CMS.debug( filterName + ": " + msg ); + CMS.debug( filterName + ": uri is " + uri); + if ((param_active != null) &&(param_active.equals("false"))) { CMS.debug("Filter is disabled .. continuing"); } else { - resp.sendError(HttpServletResponse.SC_NOT_FOUND, - msg); + resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg ); return; } } @@ -178,9 +180,11 @@ public class EERequestFilter implements Filter { } // CMS.debug("Exiting the EE filter"); - chain.doFilter(request, response); + chain.doFilter( request, response ); } - - public void destroy() { + + public void destroy() + { } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/ConfirmRecoverBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/key/ConfirmRecoverBySerial.java index 6281050f..166036a9 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/ConfirmRecoverBySerial.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/ConfirmRecoverBySerial.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; + import java.io.IOException; import java.math.BigInteger; import java.util.Locale; @@ -42,11 +43,13 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; + /** - * A class representing a recoverKey servlet. This servlet shows key information - * and presents a list of text boxes so that recovery agents can type in their - * identifiers and passwords. - * + * A class representing a recoverKey servlet. This servlet + * shows key information and presents a list of text boxes + * so that recovery agents can type in their identifiers + * and passwords. + * * @version $Revision$, $Date$ */ public class ConfirmRecoverBySerial extends CMSServlet { @@ -56,7 +59,8 @@ public class ConfirmRecoverBySerial extends CMSServlet { */ private static final long serialVersionUID = 2221819191344494389L; private final static String INFO = "recoverBySerial"; - private final static String TPL_FILE = "confirmRecoverBySerial.template"; + private final static String TPL_FILE = + "confirmRecoverBySerial.template"; private final static String IN_SERIALNO = "serialNumber"; private final static String OUT_SERIALNO = IN_SERIALNO; @@ -91,20 +95,22 @@ public class ConfirmRecoverBySerial extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** - * Serves HTTP request. The format of this request is as follows: - * confirmRecoverBySerial? [serialNumber=<serialno>] + * Serves HTTP request. The format of this request is + * as follows: + * confirmRecoverBySerial? + * [serialNumber=<serialno>] */ public void process(CMSRequest cmsReq) throws EBaseException { // Note that we should try to handle all the exceptions - // instead of passing it up back to the servlet + // instead of passing it up back to the servlet // framework. - + HttpServletRequest req = cmsReq.getHttpReq(); HttpServletResponse resp = cmsReq.getHttpResp(); @@ -117,10 +123,9 @@ public class ConfirmRecoverBySerial extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, - e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -131,7 +136,8 @@ public class ConfirmRecoverBySerial extends CMSServlet { try { if (req.getParameter(IN_SERIALNO) != null) { - seqNum = Integer.parseInt(req.getParameter(IN_SERIALNO)); + seqNum = Integer.parseInt( + req.getParameter(IN_SERIALNO)); } // make sure this page, which contains password @@ -141,10 +147,8 @@ public class ConfirmRecoverBySerial extends CMSServlet { process(argSet, header, seqNum, req, resp, locale[0]); } catch (NumberFormatException e) { - header.addStringValue( - OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", - e.toString())); + header.addStringValue(OUT_ERROR, + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); } try { @@ -153,10 +157,10 @@ public class ConfirmRecoverBySerial extends CMSServlet { resp.setContentType("text/html"); form.renderOutput(out, argSet); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); } @@ -164,17 +168,21 @@ public class ConfirmRecoverBySerial extends CMSServlet { /** * Requests for a list of agent passwords. */ - private void process(CMSTemplateParams argSet, IArgBlock header, int seq, - HttpServletRequest req, HttpServletResponse resp, Locale locale) { + private void process(CMSTemplateParams argSet, + IArgBlock header, int seq, + HttpServletRequest req, HttpServletResponse resp, + Locale locale) { try { header.addIntegerValue(OUT_SERIALNO, seq); header.addIntegerValue(OUT_M, - mRecoveryService.getNoOfRequiredAgents()); - header.addStringValue(OUT_OP, req.getParameter(OUT_OP)); - header.addStringValue(OUT_SERVICE_URL, req.getRequestURI()); + mRecoveryService.getNoOfRequiredAgents()); + header.addStringValue(OUT_OP, + req.getParameter(OUT_OP)); + header.addStringValue(OUT_SERVICE_URL, + req.getRequestURI()); IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new BigInteger( - Integer.toString(seq))); + Integer.toString(seq))); KeyRecordParser.fillRecordIntoArg(rec, header); } catch (EBaseException e) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerial.java index de298e90..510f1ac3 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerial.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerial.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; + import java.io.IOException; import java.math.BigInteger; import java.util.Locale; @@ -43,10 +44,11 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; + /** * Display a specific Key Archival Request * <P> - * + * * @version $Revision$, $Date$ */ public class DisplayBySerial extends CMSServlet { @@ -76,7 +78,7 @@ public class DisplayBySerial extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "displayBySerial.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -92,8 +94,8 @@ public class DisplayBySerial extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** @@ -101,7 +103,7 @@ public class DisplayBySerial extends CMSServlet { * <ul> * <li>http.param serialNumber serial number of the key archival request * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -113,14 +115,14 @@ public class DisplayBySerial extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "read"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -135,14 +137,13 @@ public class DisplayBySerial extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, - e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } // Note that we should try to handle all the exceptions - // instead of passing it up back to the servlet + // instead of passing it up back to the servlet // framework. IArgBlock header = CMS.createArgBlock(); @@ -152,14 +153,13 @@ public class DisplayBySerial extends CMSServlet { try { if (req.getParameter(IN_SERIALNO) != null) { - seqNum = Integer.parseInt(req.getParameter(IN_SERIALNO)); + seqNum = Integer.parseInt( + req.getParameter(IN_SERIALNO)); } process(argSet, header, seqNum, req, resp, locale[0]); } catch (NumberFormatException e) { - header.addStringValue( - OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", - e.toString())); + header.addStringValue(OUT_ERROR, + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); } try { @@ -168,23 +168,27 @@ public class DisplayBySerial extends CMSServlet { resp.setContentType("text/html"); form.renderOutput(out, argSet); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } /** * Display information about a particular key. */ - private void process(CMSTemplateParams argSet, IArgBlock header, int seq, - HttpServletRequest req, HttpServletResponse resp, Locale locale) { + private void process(CMSTemplateParams argSet, + IArgBlock header, int seq, + HttpServletRequest req, HttpServletResponse resp, + Locale locale) { try { - header.addStringValue(OUT_OP, req.getParameter(OUT_OP)); - header.addStringValue(OUT_SERVICE_URL, req.getRequestURI()); - IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new BigInteger( - Integer.toString(seq))); + header.addStringValue(OUT_OP, + req.getParameter(OUT_OP)); + header.addStringValue(OUT_SERVICE_URL, + req.getRequestURI()); + IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new + BigInteger(Integer.toString(seq))); KeyRecordParser.fillRecordIntoArg(rec, header); } catch (EBaseException e) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerialForRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerialForRecovery.java index f261d0d9..2ef78c64 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerialForRecovery.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerialForRecovery.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; + import java.io.IOException; import java.math.BigInteger; import java.util.Locale; @@ -44,9 +45,11 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; + /** - * Display a Specific Key Archival Request, and initiate key recovery process - * + * Display a Specific Key Archival Request, and initiate + * key recovery process + * * @version $Revision$, $Date$ */ public class DisplayBySerialForRecovery extends CMSServlet { @@ -77,7 +80,7 @@ public class DisplayBySerialForRecovery extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "displayBySerialForRecovery.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -92,17 +95,17 @@ public class DisplayBySerialForRecovery extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** * Process the HTTP request. * <ul> - * <li>http.param serialNumber request ID of key archival request - * <li>http.param publicKeyData + * <li>http.param serialNumber request ID of key archival request + * <li>http.param publicKeyData * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -114,14 +117,14 @@ public class DisplayBySerialForRecovery extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "read"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -136,14 +139,13 @@ public class DisplayBySerialForRecovery extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, - e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } // Note that we should try to handle all the exceptions - // instead of passing it up back to the servlet + // instead of passing it up back to the servlet // framework. IArgBlock header = CMS.createArgBlock(); @@ -154,15 +156,15 @@ public class DisplayBySerialForRecovery extends CMSServlet { try { if (req.getParameter(IN_SERIALNO) != null) { - seqNum = Integer.parseInt(req.getParameter(IN_SERIALNO)); + seqNum = Integer.parseInt( + req.getParameter(IN_SERIALNO)); } - process(argSet, header, req.getParameter("publicKeyData"), seqNum, - req, resp, locale[0]); + process(argSet, header, + req.getParameter("publicKeyData"), + seqNum, req, resp, locale[0]); } catch (NumberFormatException e) { - header.addStringValue( - OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", - e.toString())); + header.addStringValue(OUT_ERROR, + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); } catch (Exception e) { e.printStackTrace(); System.out.println(e.toString()); @@ -173,10 +175,10 @@ public class DisplayBySerialForRecovery extends CMSServlet { resp.setContentType("text/html"); form.renderOutput(out, argSet); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); } @@ -185,20 +187,24 @@ public class DisplayBySerialForRecovery extends CMSServlet { * Display information about a particular key. */ private synchronized void process(CMSTemplateParams argSet, - IArgBlock header, String publicKeyData, int seq, - HttpServletRequest req, HttpServletResponse resp, Locale locale) { + IArgBlock header, String publicKeyData, int seq, + HttpServletRequest req, HttpServletResponse resp, + Locale locale) { try { header.addIntegerValue("noOfRequiredAgents", - mService.getNoOfRequiredAgents()); - header.addStringValue(OUT_OP, req.getParameter(OUT_OP)); - header.addStringValue("keySplitting", CMS.getConfigStore() - .getString("kra.keySplitting")); - header.addStringValue(OUT_SERVICE_URL, req.getRequestURI()); + mService.getNoOfRequiredAgents()); + header.addStringValue(OUT_OP, + req.getParameter(OUT_OP)); + header.addStringValue("keySplitting", + CMS.getConfigStore().getString("kra.keySplitting")); + header.addStringValue(OUT_SERVICE_URL, + req.getRequestURI()); if (publicKeyData != null) { - header.addStringValue("publicKeyData", publicKeyData); + header.addStringValue("publicKeyData", + publicKeyData); } - IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new BigInteger( - Integer.toString(seq))); + IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new + BigInteger(Integer.toString(seq))); KeyRecordParser.fillRecordIntoArg(rec, header); diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayTransport.java b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayTransport.java index adcb6127..d4baf181 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayTransport.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayTransport.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; + import javax.servlet.ServletConfig; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; @@ -33,9 +34,11 @@ import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ECMSGWException; + /** - * Retrieve Transport Certificate used to wrap Private key Archival requests - * + * Retrieve Transport Certificate used to + * wrap Private key Archival requests + * * @version $Revision$, $Date$ */ public class DisplayTransport extends CMSServlet { @@ -64,13 +67,13 @@ public class DisplayTransport extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** * Process the HTTP request. - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -83,8 +86,8 @@ public class DisplayTransport extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "read"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "read"); } catch (Exception e) { // do nothing for now } @@ -95,29 +98,31 @@ public class DisplayTransport extends CMSServlet { } try { - IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) mAuthority; + IKeyRecoveryAuthority kra = + (IKeyRecoveryAuthority) mAuthority; ITransportKeyUnit tu = kra.getTransportKeyUnit(); - org.mozilla.jss.crypto.X509Certificate transportCert = tu - .getCertificate(); + org.mozilla.jss.crypto.X509Certificate transportCert = + tu.getCertificate(); resp.setStatus(HttpServletResponse.SC_OK); resp.setContentType("text/html"); - String content = ""; + String content = ""; content += "<HTML><PRE>"; - String mime64 = "-----BEGIN CERTIFICATE-----\n" - + CMS.BtoA(transportCert.getEncoded()) - + "-----END CERTIFICATE-----\n"; + String mime64 = + "-----BEGIN CERTIFICATE-----\n" + + CMS.BtoA(transportCert.getEncoded()) + + "-----END CERTIFICATE-----\n"; content += mime64; content += "</PRE></HTML>"; resp.setContentType("text/html"); resp.getOutputStream().write(content.getBytes()); } catch (Exception e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/ExamineRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/ExamineRecovery.java index 14cc265f..9fbad7a6 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/ExamineRecovery.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/ExamineRecovery.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; + import java.io.IOException; import java.math.BigInteger; import java.util.Hashtable; @@ -45,9 +46,10 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; + /** - * View the Key Recovery Request - * + * View the Key Recovery Request + * * @version $Revision$, $Date$ */ public class ExamineRecovery extends CMSServlet { @@ -98,8 +100,8 @@ public class ExamineRecovery extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** @@ -107,7 +109,7 @@ public class ExamineRecovery extends CMSServlet { * <ul> * <li>http.param recoveryID recovery request ID * </ul> - * + * * @param cmsReq the object holding the request and response information */ @@ -121,14 +123,14 @@ public class ExamineRecovery extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "read"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -143,10 +145,9 @@ public class ExamineRecovery extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, - e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -157,84 +158,96 @@ public class ExamineRecovery extends CMSServlet { EBaseException error = null; try { - process(argSet, header, req.getParameter("recoveryID"), req, resp, - locale[0]); + process(argSet, header, + req.getParameter("recoveryID"), + req, resp, locale[0]); } catch (EBaseException e) { error = e; } catch (Exception e) { - error = new EBaseException(CMS.getUserMessage( - "CMS_BASE_INTERNAL_ERROR", e.toString())); + error = new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); } /* - * catch (NumberFormatException e) { error = eBaseException( - * - * header.addStringValue(OUT_ERROR, MessageFormatter.getLocalizedString( - * locale[0], BaseResources.class.getName(), - * BaseResources.INTERNAL_ERROR_1, e.toString())); } + catch (NumberFormatException e) { + error = eBaseException( + + header.addStringValue(OUT_ERROR, + MessageFormatter.getLocalizedString( + locale[0], + BaseResources.class.getName(), + BaseResources.INTERNAL_ERROR_1, + e.toString())); + } */ try { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - ServletOutputStream out = resp.getOutputStream(); - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + ServletOutputStream out = resp.getOutputStream(); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } /** - * Recovers a key. The p12 will be protected by the password provided by the - * administrator. + * Recovers a key. The p12 will be protected by the password + * provided by the administrator. */ - private void process(CMSTemplateParams argSet, IArgBlock header, - String recoveryID, HttpServletRequest req, - HttpServletResponse resp, Locale locale) throws EBaseException { + private void process(CMSTemplateParams argSet, + IArgBlock header, String recoveryID, + HttpServletRequest req, HttpServletResponse resp, + Locale locale) + throws EBaseException { try { - header.addStringValue(OUT_OP, req.getParameter(OUT_OP)); - header.addStringValue(OUT_SERVICE_URL, req.getRequestURI()); - header.addStringValue("keySplitting", CMS.getConfigStore() - .getString("kra.keySplitting")); - Hashtable params = mService.getRecoveryParams(recoveryID); + header.addStringValue(OUT_OP, + req.getParameter(OUT_OP)); + header.addStringValue(OUT_SERVICE_URL, + req.getRequestURI()); + header.addStringValue("keySplitting", + CMS.getConfigStore().getString("kra.keySplitting")); + Hashtable params = mService.getRecoveryParams( + recoveryID); if (params == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID)); - throw new ECMSGWException(CMS.getUserMessage( - "CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID)); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID)); } - String keyID = (String) params.get("keyID"); - header.addStringValue("serialNumber", keyID); + String keyID = (String)params.get("keyID"); + header.addStringValue("serialNumber", keyID); header.addStringValue("recoveryID", recoveryID); - IKeyRepository mKeyDB = ((IKeyRecoveryAuthority) mAuthority) - .getKeyRepository(); - IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new BigInteger( - keyID)); + IKeyRepository mKeyDB = + ((IKeyRecoveryAuthority) mAuthority).getKeyRepository(); + IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new + BigInteger(keyID)); KeyRecordParser.fillRecordIntoArg(rec, header); + } catch (EBaseException e) { log(ILogger.LL_FAILURE, "Error e " + e); throw e; - } + } /* - * catch (Exception e) { header.addStringValue(OUT_ERROR, e.toString()); - * } + catch (Exception e) { + header.addStringValue(OUT_ERROR, e.toString()); + } */ } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GetApprovalStatus.java b/pki/base/common/src/com/netscape/cms/servlet/key/GetApprovalStatus.java index e1bb0c1a..4bd4d45b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/GetApprovalStatus.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/GetApprovalStatus.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; + import java.io.IOException; import java.util.Enumeration; import java.util.Hashtable; @@ -44,9 +45,10 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; + /** * Check to see if a Key Recovery Request has been approved - * + * * @version $Revision$, $Date$ */ public class GetApprovalStatus extends CMSServlet { @@ -77,9 +79,9 @@ public class GetApprovalStatus extends CMSServlet { /** * initialize the servlet. This servlet uses the template files - * "getApprovalStatus.template" and "finishRecovery.template" to process the - * response. - * + * "getApprovalStatus.template" and "finishRecovery.template" + * to process the response. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -93,8 +95,8 @@ public class GetApprovalStatus extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** @@ -102,7 +104,7 @@ public class GetApprovalStatus extends CMSServlet { * <ul> * <li>http.param recoveryID request ID to check * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -115,8 +117,8 @@ public class GetApprovalStatus extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "read"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "read"); } catch (Exception e) { // do nothing for now } @@ -145,52 +147,54 @@ public class GetApprovalStatus extends CMSServlet { Hashtable params = mService.getRecoveryParams(recoveryID); if (params == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID)); - throw new ECMSGWException(CMS.getUserMessage( - "CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID)); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID)); } - header.addStringValue("serialNumber", (String) params.get("keyID")); + header.addStringValue("serialNumber", + (String) params.get("keyID")); int requiredNumber = mService.getNoOfRequiredAgents(); header.addIntegerValue("noOfRequiredAgents", requiredNumber); - Vector dc = ((IKeyRecoveryAuthority) mService) - .getAppAgents(recoveryID); + Vector dc = ((IKeyRecoveryAuthority) mService).getAppAgents(recoveryID); Enumeration agents = dc.elements(); while (agents.hasMoreElements()) { IArgBlock rarg = CMS.createArgBlock(); - rarg.addStringValue("agentName", - ((Credential) agents.nextElement()).getIdentifier()); + rarg.addStringValue("agentName", ((Credential) agents.nextElement()).getIdentifier()); argSet.addRepeatRecord(rarg); } if (dc.size() >= requiredNumber) { // got all approval, return pk12 - byte pkcs12[] = ((IKeyRecoveryAuthority) mService) - .getPk12(recoveryID); + byte pkcs12[] = ((IKeyRecoveryAuthority) mService).getPk12(recoveryID); if (pkcs12 != null) { rComplete = 1; - header.addStringValue(OUT_STATUS, "complete"); + header.addStringValue(OUT_STATUS, "complete"); /* - * mService.destroyRecoveryParams(recoveryID); try { - * resp.setContentType("application/x-pkcs12"); - * resp.getOutputStream().write(pkcs12); return; } catch - * (IOException e) { header.addStringValue(OUT_ERROR, - * MessageFormatter.getLocalizedString( locale[0], - * BaseResources.class.getName(), - * BaseResources.INTERNAL_ERROR_1, e.toString())); } + mService.destroyRecoveryParams(recoveryID); + try { + resp.setContentType("application/x-pkcs12"); + resp.getOutputStream().write(pkcs12); + return; + } catch (IOException e) { + header.addStringValue(OUT_ERROR, + MessageFormatter.getLocalizedString( + locale[0], + BaseResources.class.getName(), + BaseResources.INTERNAL_ERROR_1, + e.toString())); + } */ - } else if (((IKeyRecoveryAuthority) mService) - .getError(recoveryID) != null) { - // error in recovery process - header.addStringValue(OUT_ERROR, - ((IKeyRecoveryAuthority) mService) - .getError(recoveryID)); + } else if (((IKeyRecoveryAuthority) mService).getError(recoveryID) != null) { + // error in recovery process + header.addStringValue(OUT_ERROR, + ((IKeyRecoveryAuthority) mService).getError(recoveryID)); rComplete = 1; } else { // pk12 hasn't been created yet. @@ -203,21 +207,19 @@ public class GetApprovalStatus extends CMSServlet { try { if (rComplete == 1) { - mFormPath = "/" + ((IAuthority) mService).getId() + "/" - + TPL_FINISH; + mFormPath = "/" + ((IAuthority) mService).getId() + "/" + TPL_FINISH; } else { - mFormPath = "/" + ((IAuthority) mService).getId() + "/" - + TPL_FILE; - } + mFormPath = "/" + ((IAuthority) mService).getId() + "/" + TPL_FILE; + } if (mOutputTemplatePath != null) mFormPath = mOutputTemplatePath; try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } ServletOutputStream out = resp.getOutputStream(); @@ -225,10 +227,10 @@ public class GetApprovalStatus extends CMSServlet { resp.setContentType("text/html"); form.renderOutput(out, argSet); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java b/pki/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java index f9c4d588..cea08af3 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; + import java.io.IOException; import java.util.Locale; @@ -41,9 +42,11 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; + /** - * Get the recovered key in PKCS#12 format - for asynchronous key recovery only - * + * Get the recovered key in PKCS#12 format + * - for asynchronous key recovery only + * */ public class GetAsyncPk12 extends CMSServlet { @@ -64,9 +67,13 @@ public class GetAsyncPk12 extends CMSServlet { private com.netscape.certsrv.kra.IKeyService mService = null; private final static String OUT_STATUS = "status"; - private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS = "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS_4"; + private final static String + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS = + "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS_4"; - private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE = "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE_4"; + private final static String + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE = + "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE_4"; private String mFormPath = null; @@ -80,7 +87,7 @@ public class GetAsyncPk12 extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "finishAsyncRecovery.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -96,8 +103,8 @@ public class GetAsyncPk12 extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** @@ -105,7 +112,7 @@ public class GetAsyncPk12 extends CMSServlet { * <ul> * <li>http.param reqID request id for recovery * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -121,14 +128,14 @@ public class GetAsyncPk12 extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "download"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "download"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -143,10 +150,9 @@ public class GetAsyncPk12 extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, - e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); @@ -167,26 +173,28 @@ public class GetAsyncPk12 extends CMSServlet { agent = (String) sContext.get(SessionContext.USER_ID); } - if (agent == null) { - CMS.debug("GetAsyncPk12::process() - agent is null!"); - throw new EBaseException("agent is null"); + if (agent == null ) { + CMS.debug( "GetAsyncPk12::process() - agent is null!" ); + throw new EBaseException( "agent is null" ); } String initAgent = "undefined"; initAgent = mService.getInitAgentAsyncKeyRecovery(reqID); if ((initAgent.equals("undefined")) || !agent.equals(initAgent)) { - log(ILogger.LL_SECURITY, CMS.getLogMessage( - "CMSGW_INVALID_AGENT_ASYNC_3", reqID, initAgent)); - throw new ECMSGWException(CMS.getUserMessage( - "CMS_GW_INVALID_AGENT_ASYNC", reqID, initAgent)); + log(ILogger.LL_SECURITY, + CMS.getLogMessage("CMSGW_INVALID_AGENT_ASYNC_3", + reqID, initAgent)); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_INVALID_AGENT_ASYNC", + reqID, initAgent)); } // The async recovery request must be in "approved" state - // i.e. all required # of recovery agents approved + // i.e. all required # of recovery agents approved if (mService.isApprovedAsyncKeyRecovery(reqID) != true) { CMS.debug("GetAsyncPk12::process() - # required recovery agents not met"); - throw new EBaseException("# required recovery agents not met"); + throw new EBaseException( "# required recovery agents not met" ); } String password = req.getParameter(IN_PASSWORD); @@ -194,11 +202,11 @@ public class GetAsyncPk12 extends CMSServlet { if (password == null || password.equals("")) { header.addStringValue(OUT_ERROR, "PKCS12 password not found"); - throw new EBaseException("PKCS12 password not found"); + throw new EBaseException( "PKCS12 password not found" ); } if (passwordAgain == null || !passwordAgain.equals(password)) { header.addStringValue(OUT_ERROR, "PKCS12 password not matched"); - throw new EBaseException("PKCS12 password not matched"); + throw new EBaseException( "PKCS12 password not matched" ); } // got all approval, return pk12 @@ -210,22 +218,24 @@ public class GetAsyncPk12 extends CMSServlet { resp.getOutputStream().write(pkcs12); mRenderResult = false; - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS, - agent, ILogger.SUCCESS, reqID, ""); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS, + agent, + ILogger.SUCCESS, + reqID, + ""); - audit(auditMessage); + audit(auditMessage); return; } catch (IOException e) { - header.addStringValue(OUT_ERROR, CMS.getUserMessage( - locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); + header.addStringValue(OUT_ERROR, + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); } } else if (((IKeyRecoveryAuthority) mService).getError(reqID) != null) { - // error in recovery process - header.addStringValue(OUT_ERROR, - ((IKeyRecoveryAuthority) mService).getError(reqID)); + // error in recovery process + header.addStringValue(OUT_ERROR, + ((IKeyRecoveryAuthority) mService).getError(reqID)); } else { // pk12 hasn't been created yet. Shouldn't get here } @@ -234,10 +244,12 @@ public class GetAsyncPk12 extends CMSServlet { } if ((agent != null) && (reqID != null)) { - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE, - agent, ILogger.FAILURE, reqID, ""); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE, + agent, + ILogger.FAILURE, + reqID, + ""); audit(auditMessage); } @@ -248,10 +260,10 @@ public class GetAsyncPk12 extends CMSServlet { resp.setContentType("text/html"); form.renderOutput(out, argSet); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GetPk12.java b/pki/base/common/src/com/netscape/cms/servlet/key/GetPk12.java index 284ef7bb..b3651774 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/GetPk12.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/GetPk12.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; + import java.io.IOException; import java.util.Hashtable; import java.util.Locale; @@ -42,9 +43,10 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; + /** * Get the recovered key in PKCS#12 format - * + * * @version $Revision$, $Date$ */ public class GetPk12 extends CMSServlet { @@ -64,9 +66,13 @@ public class GetPk12 extends CMSServlet { private com.netscape.certsrv.kra.IKeyService mService = null; private final static String OUT_STATUS = "status"; - private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS = "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS_4"; + private final static String + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS = + "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS_4"; - private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE = "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE_4"; + private final static String + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE = + "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE_4"; private String mFormPath = null; @@ -80,7 +86,7 @@ public class GetPk12 extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "finishRecovery.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -96,8 +102,8 @@ public class GetPk12 extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** @@ -105,7 +111,7 @@ public class GetPk12 extends CMSServlet { * <ul> * <li>http.param recoveryID ID of request to recover * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -121,14 +127,14 @@ public class GetPk12 extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "download"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "download"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -143,10 +149,9 @@ public class GetPk12 extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, - e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); @@ -164,10 +169,10 @@ public class GetPk12 extends CMSServlet { Hashtable params = mService.getRecoveryParams(recoveryID); if (params == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID)); - throw new ECMSGWException(CMS.getUserMessage( - "CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID)); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID)); } // only the init DRM agent can get the pkcs12 @@ -176,27 +181,29 @@ public class GetPk12 extends CMSServlet { agent = (String) sContext.get(SessionContext.USER_ID); } - if (agent == null) { - CMS.debug("GetPk12::process() - agent is null!"); - throw new EBaseException("agent is null"); + if (agent == null ) { + CMS.debug( "GetPk12::process() - agent is null!" ); + throw new EBaseException( "agent is null" ); } - String initAgent = (String) params.get("agent"); + String initAgent = (String) params.get("agent"); if (!agent.equals(initAgent)) { log(ILogger.LL_SECURITY, - - CMS.getLogMessage("CMSGW_INVALID_AGENT_3", recoveryID, + + CMS.getLogMessage("CMSGW_INVALID_AGENT_3", + recoveryID, initAgent)); - throw new ECMSGWException(CMS.getUserMessage( - "CMS_GW_INVALID_AGENT", agent, initAgent, recoveryID)); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_INVALID_AGENT", + agent, initAgent, recoveryID)); } - header.addStringValue("serialNumber", (String) params.get("keyID")); + header.addStringValue("serialNumber", + (String) params.get("keyID")); // got all approval, return pk12 - byte pkcs12[] = ((IKeyRecoveryAuthority) mService) - .getPk12(recoveryID); + byte pkcs12[] = ((IKeyRecoveryAuthority) mService).getPk12(recoveryID); if (pkcs12 != null) { mService.destroyRecoveryParams(recoveryID); @@ -205,22 +212,24 @@ public class GetPk12 extends CMSServlet { resp.getOutputStream().write(pkcs12); mRenderResult = false; - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS, - agent, ILogger.SUCCESS, recoveryID, ""); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS, + agent, + ILogger.SUCCESS, + recoveryID, + ""); audit(auditMessage); return; } catch (IOException e) { - header.addStringValue(OUT_ERROR, CMS.getUserMessage( - locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); + header.addStringValue(OUT_ERROR, + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); } } else if (((IKeyRecoveryAuthority) mService).getError(recoveryID) != null) { // error in recovery process - header.addStringValue(OUT_ERROR, - ((IKeyRecoveryAuthority) mService).getError(recoveryID)); + header.addStringValue(OUT_ERROR, + ((IKeyRecoveryAuthority) mService).getError(recoveryID)); } else { // pk12 hasn't been created yet. Shouldn't get here } @@ -229,10 +238,12 @@ public class GetPk12 extends CMSServlet { } if ((agent != null) && (recoveryID != null)) { - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE, - agent, ILogger.FAILURE, recoveryID, ""); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE, + agent, + ILogger.FAILURE, + recoveryID, + ""); audit(auditMessage); } @@ -243,10 +254,10 @@ public class GetPk12 extends CMSServlet { resp.setContentType("text/html"); form.renderOutput(out, argSet); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java index 0acfd2ff..a868f47c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java @@ -40,9 +40,10 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; + /** * Approve an asynchronous key recovery request - * + * */ public class GrantAsyncRecovery extends CMSServlet { @@ -67,7 +68,8 @@ public class GrantAsyncRecovery extends CMSServlet { private IKeyService mService = null; private String mFormPath = null; - private final static String LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN = "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN_4"; + private final static String LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN = + "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN_4"; /** * Constructs EA servlet. @@ -79,7 +81,7 @@ public class GrantAsyncRecovery extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * 'grantAsyncRecovery.template' to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -96,8 +98,8 @@ public class GrantAsyncRecovery extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** @@ -105,9 +107,9 @@ public class GrantAsyncRecovery extends CMSServlet { * <ul> * <li>http.param reqID request ID of the request to approve * <li>http.param agentID User ID of the agent approving the request - * + * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -122,14 +124,14 @@ public class GrantAsyncRecovery extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "recover"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "recover"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -144,10 +146,9 @@ public class GrantAsyncRecovery extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, - e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -158,16 +159,15 @@ public class GrantAsyncRecovery extends CMSServlet { String agentID = authToken.getInString("uid"); CMS.debug("GrantAsyncRecovery: process() agent uid=" + agentID); - CMS.debug("GrantAsyncRecovery: process() request id=" - + req.getParameter("reqID")); + CMS.debug("GrantAsyncRecovery: process() request id=" + req.getParameter("reqID")); try { - process(argSet, header, req.getParameter("reqID"), agentID, req, - resp, locale[0]); + process(argSet, header, + req.getParameter("reqID"), + agentID, + req, resp, locale[0]); } catch (NumberFormatException e) { - header.addStringValue( - OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", - e.toString())); + header.addStringValue(OUT_ERROR, + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); } try { ServletOutputStream out = resp.getOutputStream(); @@ -175,10 +175,10 @@ public class GrantAsyncRecovery extends CMSServlet { resp.setContentType("text/html"); form.renderOutput(out, argSet); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); } @@ -186,13 +186,12 @@ public class GrantAsyncRecovery extends CMSServlet { /** * Update agent approval list * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN used * whenever DRM agents login as recovery agents to approve key recovery * requests * </ul> - * * @param argSet CMS template parameters * @param header argument block * @param reqID string containing the recovery request ID @@ -201,9 +200,11 @@ public class GrantAsyncRecovery extends CMSServlet { * @param resp HTTP servlet response * @param locale the system locale */ - private void process(CMSTemplateParams argSet, IArgBlock header, - String reqID, String agentID, HttpServletRequest req, - HttpServletResponse resp, Locale locale) { + private void process(CMSTemplateParams argSet, + IArgBlock header, String reqID, + String agentID, + HttpServletRequest req, HttpServletResponse resp, + Locale locale) { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRequestID = reqID; @@ -232,8 +233,10 @@ public class GrantAsyncRecovery extends CMSServlet { } try { - header.addStringValue(OUT_OP, req.getParameter(OUT_OP)); - header.addStringValue(OUT_SERVICE_URL, req.getRequestURI()); + header.addStringValue(OUT_OP, + req.getParameter(OUT_OP)); + header.addStringValue(OUT_SERVICE_URL, + req.getRequestURI()); // update approving agent list mService.addAgentAsyncKeyRecovery(reqID, agentID); @@ -243,9 +246,11 @@ public class GrantAsyncRecovery extends CMSServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, - auditSubjectID, ILogger.SUCCESS, auditRequestID, - auditAgentID); + LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, + auditSubjectID, + ILogger.SUCCESS, + auditRequestID, + auditAgentID); audit(auditMessage); @@ -254,9 +259,11 @@ public class GrantAsyncRecovery extends CMSServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, - auditSubjectID, ILogger.FAILURE, auditRequestID, - auditAgentID); + LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, + auditSubjectID, + ILogger.FAILURE, + auditRequestID, + auditAgentID); audit(auditMessage); } catch (Exception e) { @@ -264,11 +271,14 @@ public class GrantAsyncRecovery extends CMSServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, - auditSubjectID, ILogger.FAILURE, auditRequestID, - auditAgentID); + LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, + auditSubjectID, + ILogger.FAILURE, + auditRequestID, + auditAgentID); audit(auditMessage); } } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GrantRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/GrantRecovery.java index 51d2a02d..9a7238be 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/GrantRecovery.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/GrantRecovery.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; + import java.io.IOException; import java.util.Hashtable; import java.util.Locale; @@ -41,9 +42,10 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; + /** * Approve a key recovery request - * + * * @version $Revision$, $Date$ */ public class GrantRecovery extends CMSServlet { @@ -71,7 +73,8 @@ public class GrantRecovery extends CMSServlet { private IKeyService mService = null; private String mFormPath = null; - private final static String LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN = "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN_4"; + private final static String LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN = + "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN_4"; /** * Constructs EA servlet. @@ -83,7 +86,7 @@ public class GrantRecovery extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * 'grantRecovery.template' to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -100,19 +103,19 @@ public class GrantRecovery extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** * Process the HTTP request. * <ul> * <li>http.param recoveryID ID of the request to approve - * <li>http.param agentID User ID of the agent approving the request - * <li>http.param agentPWD Password of the agent approving the request - * + * <li>http.param agentID User ID of the agent approving the request + * <li>http.param agentPWD Password of the agent approving the request + * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -125,14 +128,14 @@ public class GrantRecovery extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "recover"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "recover"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -147,10 +150,9 @@ public class GrantRecovery extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, - e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -164,13 +166,14 @@ public class GrantRecovery extends CMSServlet { agentID = req.getParameter("agentID"); } try { - process(argSet, header, req.getParameter("recoveryID"), agentID, - req.getParameter("agentPWD"), req, resp, locale[0]); + process(argSet, header, + req.getParameter("recoveryID"), + agentID, + req.getParameter("agentPWD"), + req, resp, locale[0]); } catch (NumberFormatException e) { - header.addStringValue( - OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", - e.toString())); + header.addStringValue(OUT_ERROR, + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); } try { ServletOutputStream out = resp.getOutputStream(); @@ -178,25 +181,24 @@ public class GrantRecovery extends CMSServlet { resp.setContentType("text/html"); form.renderOutput(out, argSet); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); } /** - * Recovers a key. The p12 will be protected by the password provided by the - * administrator. + * Recovers a key. The p12 will be protected by the password + * provided by the administrator. * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN used * whenever DRM agents login as recovery agents to approve key recovery * requests * </ul> - * * @param argSet CMS template parameters * @param header argument block * @param recoveryID string containing the recovery ID @@ -206,9 +208,11 @@ public class GrantRecovery extends CMSServlet { * @param resp HTTP servlet response * @param locale the system locale */ - private void process(CMSTemplateParams argSet, IArgBlock header, - String recoveryID, String agentID, String agentPWD, - HttpServletRequest req, HttpServletResponse resp, Locale locale) { + private void process(CMSTemplateParams argSet, + IArgBlock header, String recoveryID, + String agentID, String agentPWD, + HttpServletRequest req, HttpServletResponse resp, + Locale locale) { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRecoveryID = recoveryID; @@ -237,35 +241,45 @@ public class GrantRecovery extends CMSServlet { } try { - header.addStringValue(OUT_OP, req.getParameter(OUT_OP)); - header.addStringValue(OUT_SERVICE_URL, req.getRequestURI()); + header.addStringValue(OUT_OP, + req.getParameter(OUT_OP)); + header.addStringValue(OUT_SERVICE_URL, + req.getRequestURI()); Hashtable h = mService.getRecoveryParams(recoveryID); if (h == null) { - header.addStringValue(OUT_ERROR, "No such token found"); + header.addStringValue(OUT_ERROR, + "No such token found"); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, - auditSubjectID, ILogger.FAILURE, auditRecoveryID, - auditAgentID); + LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, + auditSubjectID, + ILogger.FAILURE, + auditRecoveryID, + auditAgentID); audit(auditMessage); return; } - header.addStringValue("serialNumber", (String) h.get("keyID")); + header.addStringValue("serialNumber", + (String) h.get("keyID")); mService.addDistributedCredential(recoveryID, agentID, agentPWD); - header.addStringValue("agentID", agentID); - header.addStringValue("recoveryID", recoveryID); + header.addStringValue("agentID", + agentID); + header.addStringValue("recoveryID", + recoveryID); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, - auditSubjectID, ILogger.SUCCESS, auditRecoveryID, - auditAgentID); + LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, + auditSubjectID, + ILogger.SUCCESS, + auditRecoveryID, + auditAgentID); audit(auditMessage); @@ -274,9 +288,11 @@ public class GrantRecovery extends CMSServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, - auditSubjectID, ILogger.FAILURE, auditRecoveryID, - auditAgentID); + LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, + auditSubjectID, + ILogger.FAILURE, + auditRecoveryID, + auditAgentID); audit(auditMessage); } catch (Exception e) { @@ -284,11 +300,14 @@ public class GrantRecovery extends CMSServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, - auditSubjectID, ILogger.FAILURE, auditRecoveryID, - auditAgentID); + LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, + auditSubjectID, + ILogger.FAILURE, + auditRecoveryID, + auditAgentID); audit(auditMessage); } } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/KeyRecordParser.java b/pki/base/common/src/com/netscape/cms/servlet/key/KeyRecordParser.java index 5fa88e5e..9ce8585f 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/KeyRecordParser.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/KeyRecordParser.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; + import java.util.Date; import com.netscape.certsrv.apps.CMS; @@ -27,7 +28,7 @@ import com.netscape.certsrv.dbs.keydb.IKeyRecord; /** * Output a 'pretty print' of a Key Archival record - * + * * @version $Revision$, $Date$ */ public class KeyRecordParser { @@ -43,23 +44,28 @@ public class KeyRecordParser { public final static String OUT_RECOVERED_BY = "recoveredBy"; public final static String OUT_RECOVERED_ON = "recoveredOn"; + /** * Fills key record into argument block. */ - public static void fillRecordIntoArg(IKeyRecord rec, IArgBlock rarg) - throws EBaseException { + public static void fillRecordIntoArg(IKeyRecord rec, IArgBlock rarg) + throws EBaseException { if (rec == null) return; - rarg.addStringValue(OUT_STATE, rec.getState().toString()); - rarg.addStringValue(OUT_OWNER_NAME, rec.getOwnerName()); - rarg.addIntegerValue(OUT_SERIALNO, rec.getSerialNumber().intValue()); - rarg.addStringValue(OUT_KEY_ALGORITHM, rec.getAlgorithm()); - // Possible Enhancement: sun's BASE64Encode is not + rarg.addStringValue(OUT_STATE, + rec.getState().toString()); + rarg.addStringValue(OUT_OWNER_NAME, + rec.getOwnerName()); + rarg.addIntegerValue(OUT_SERIALNO, + rec.getSerialNumber().intValue()); + rarg.addStringValue(OUT_KEY_ALGORITHM, + rec.getAlgorithm()); + // Possible Enhancement: sun's BASE64Encode is not // fast. We may may to have our native implmenetation. IPrettyPrintFormat pp = CMS.getPrettyPrintFormat(":"); rarg.addStringValue(OUT_PUBLIC_KEY, - pp.toHexString(rec.getPublicKeyData(), 0, 20)); + pp.toHexString(rec.getPublicKeyData(), 0, 20)); Integer keySize = rec.getKeySize(); if (keySize == null) { @@ -67,13 +73,17 @@ public class KeyRecordParser { } else { rarg.addIntegerValue(OUT_KEY_LEN, keySize.intValue()); } - rarg.addStringValue(OUT_ARCHIVED_BY, rec.getArchivedBy()); - rarg.addLongValue(OUT_ARCHIVED_ON, rec.getCreateTime().getTime() / 1000); + rarg.addStringValue(OUT_ARCHIVED_BY, + rec.getArchivedBy()); + rarg.addLongValue(OUT_ARCHIVED_ON, + rec.getCreateTime().getTime() / 1000); Date dateOfRevocation[] = rec.getDateOfRevocation(); if (dateOfRevocation != null) { - rarg.addStringValue(OUT_RECOVERED_BY, "null"); - rarg.addStringValue(OUT_RECOVERED_ON, "null"); + rarg.addStringValue(OUT_RECOVERED_BY, + "null"); + rarg.addStringValue(OUT_RECOVERED_ON, + "null"); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java index 484bebc5..edcd2bdf 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; + import java.io.IOException; import java.math.BigInteger; import java.util.Hashtable; @@ -50,7 +51,7 @@ import com.netscape.cmsutil.util.Cert; /** * A class representing a recoverBySerial servlet. - * + * * @version $Revision$, $Date$ */ public class RecoverBySerial extends CMSServlet { @@ -107,17 +108,22 @@ public class RecoverBySerial extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** * Serves HTTP request. The format of this request is as follows: - * recoverBySerial? [serialNumber=<number>] [uid#=<uid>] [pwd#=<password>] - * [localAgents=yes|null] [recoveryID=recoveryID] [pkcs12Password=<password - * of pkcs12>] [pkcs12PasswordAgain=<password of pkcs12>] - * [pkcs12Delivery=<delivery mechanism for pkcs12>] [cert=<encryption - * certificate>] + * recoverBySerial? + * [serialNumber=<number>] + * [uid#=<uid>] + * [pwd#=<password>] + * [localAgents=yes|null] + * [recoveryID=recoveryID] + * [pkcs12Password=<password of pkcs12>] + * [pkcs12PasswordAgain=<password of pkcs12>] + * [pkcs12Delivery=<delivery mechanism for pkcs12>] + * [cert=<encryption certificate>] */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -128,14 +134,14 @@ public class RecoverBySerial extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "recover"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "recover"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -150,10 +156,9 @@ public class RecoverBySerial extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, - e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); @@ -184,53 +189,54 @@ public class RecoverBySerial extends CMSServlet { ctx = SessionContext.getContext(); /* - * When Recovery is first initiated, if it is in asynch mode, no - * pkcs#12 password is needed. The initiating agent uid will be - * recorded in the recovery request. Later, as approving agents - * submit their approvals, they will also be listed in the request. + When Recovery is first initiated, if it is in asynch mode, + no pkcs#12 password is needed. + The initiating agent uid will be recorded in the recovery + request. + Later, as approving agents submit their approvals, they will + also be listed in the request. */ - if ((initAsyncRecovery != null) - && initAsyncRecovery.equalsIgnoreCase("ON")) { - process(form, argSet, header, req.getParameter(IN_SERIALNO), - req.getParameter(IN_CERT), req, resp, locale[0]); - - int requiredNumber = mService.getNoOfRequiredAgents(); - header.addIntegerValue("noOfRequiredAgents", requiredNumber); + if ((initAsyncRecovery != null) && + initAsyncRecovery.equalsIgnoreCase("ON")) { + process(form, argSet, header, + req.getParameter(IN_SERIALNO), + req.getParameter(IN_CERT), + req, resp, locale[0]); + + int requiredNumber = mService.getNoOfRequiredAgents(); + header.addIntegerValue("noOfRequiredAgents", requiredNumber); } else { String recoveryID = req.getParameter("recoveryID"); if (recoveryID != null && !recoveryID.equals("")) { - ctx.put(SessionContext.RECOVERY_ID, - req.getParameter("recoveryID")); - } - byte pkcs12[] = process(form, argSet, header, - req.getParameter(IN_SERIALNO), - req.getParameter("localAgents"), - req.getParameter(IN_PASSWORD), - req.getParameter(IN_PASSWORD_AGAIN), - req.getParameter(IN_CERT), - req.getParameter(IN_DELIVERY), - req.getParameter(IN_NICKNAME), req, resp, locale[0]); - - if (pkcs12 != null) { - // resp.setStatus(HttpServletResponse.SC_OK); - resp.setContentType("application/x-pkcs12"); - // resp.setContentLength(pkcs12.length); - resp.getOutputStream().write(pkcs12); - mRenderResult = false; - return; + ctx.put(SessionContext.RECOVERY_ID, + req.getParameter("recoveryID")); } + byte pkcs12[] = process(form, argSet, header, + req.getParameter(IN_SERIALNO), + req.getParameter("localAgents"), + req.getParameter(IN_PASSWORD), + req.getParameter(IN_PASSWORD_AGAIN), + req.getParameter(IN_CERT), + req.getParameter(IN_DELIVERY), + req.getParameter(IN_NICKNAME), + req, resp, locale[0]); + + if (pkcs12 != null) { + //resp.setStatus(HttpServletResponse.SC_OK); + resp.setContentType("application/x-pkcs12"); + //resp.setContentLength(pkcs12.length); + resp.getOutputStream().write(pkcs12); + mRenderResult = false; + return; + } } } catch (NumberFormatException e) { - header.addStringValue( - OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", - e.toString())); + header.addStringValue(OUT_ERROR, + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); } catch (IOException e) { - header.addStringValue( - OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", - e.toString())); + header.addStringValue(OUT_ERROR, + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); } finally { SessionContext.releaseContext(); } @@ -242,10 +248,10 @@ public class RecoverBySerial extends CMSServlet { resp.setContentType("text/html"); form.renderOutput(out, argSet); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); @@ -254,9 +260,10 @@ public class RecoverBySerial extends CMSServlet { /** * Async Key Recovery - request initiation */ - private void process(CMSTemplate form, CMSTemplateParams argSet, - IArgBlock header, String seq, String cert, HttpServletRequest req, - HttpServletResponse resp, Locale locale) { + private void process(CMSTemplate form, CMSTemplateParams argSet, + IArgBlock header, String seq, String cert, + HttpServletRequest req, HttpServletResponse resp, + Locale locale) { // seq is the key id if (seq == null) { @@ -283,35 +290,38 @@ public class RecoverBySerial extends CMSServlet { SessionContext sContext = SessionContext.getContext(); try { - String reqID = mService.initAsyncKeyRecovery(new BigInteger(seq), - x509cert, (String) sContext.get(SessionContext.USER_ID)); + String reqID = mService.initAsyncKeyRecovery( + new BigInteger(seq), x509cert, + (String) sContext.get(SessionContext.USER_ID)); header.addStringValue(OUT_SERIALNO, req.getParameter(IN_SERIALNO)); header.addStringValue("requestID", reqID); } catch (EBaseException e) { - String error = "Failed to recover key for key id " + seq - + ".\nException: " + e.toString(); + String error = + "Failed to recover key for key id " + + seq + ".\nException: " + e.toString(); - CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_KRA, - ILogger.LL_FAILURE, error); + CMS.getLogger().log(ILogger.EV_SYSTEM, + ILogger.S_KRA, ILogger.LL_FAILURE, error); try { ((IKeyRecoveryAuthority) mService).createError(seq, error); } catch (EBaseException eb) { - CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_KRA, - ILogger.LL_FAILURE, eb.toString()); + CMS.getLogger().log(ILogger.EV_SYSTEM, + ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString()); } } return; } /** - * Recovers a key. The p12 will be protected by the password provided by the - * administrator. + * Recovers a key. The p12 will be protected by the password + * provided by the administrator. */ private byte[] process(CMSTemplate form, CMSTemplateParams argSet, - IArgBlock header, String seq, String localAgents, String password, - String passwordAgain, String cert, String delivery, - String nickname, HttpServletRequest req, HttpServletResponse resp, - Locale locale) { + IArgBlock header, String seq, String localAgents, + String password, String passwordAgain, + String cert, String delivery, String nickname, + HttpServletRequest req, HttpServletResponse resp, + Locale locale) { if (seq == null) { header.addStringValue(OUT_ERROR, "sequence number not found"); return null; @@ -350,64 +360,65 @@ public class RecoverBySerial extends CMSServlet { if (sContext != null) { agent = (String) sContext.get(SessionContext.USER_ID); } - if (CMS.getConfigStore().getBoolean("kra.keySplitting")) { - if (localAgents == null) { - String recoveryID = req.getParameter("recoveryID"); + if (CMS.getConfigStore().getBoolean("kra.keySplitting")) { + if (localAgents == null) { + String recoveryID = req.getParameter("recoveryID"); - if (recoveryID == null || recoveryID.equals("")) { - header.addStringValue(OUT_ERROR, - "No recovery ID specified"); - return null; - } - Hashtable params = mService - .createRecoveryParams(recoveryID); + if (recoveryID == null || recoveryID.equals("")) { + header.addStringValue(OUT_ERROR, "No recovery ID specified"); + return null; + } + Hashtable params = mService.createRecoveryParams(recoveryID); - params.put("keyID", req.getParameter(IN_SERIALNO)); + params.put("keyID", req.getParameter(IN_SERIALNO)); - header.addStringValue("recoveryID", recoveryID); + header.addStringValue("recoveryID", recoveryID); - params.put("agent", agent); + params.put("agent", agent); - // new thread to wait for pk12 - Thread waitThread = new WaitApprovalThread(recoveryID, seq, - password, x509cert, delivery, nickname, - SessionContext.getContext()); + // new thread to wait for pk12 + Thread waitThread = new WaitApprovalThread(recoveryID, + seq, password, x509cert, delivery, nickname, + SessionContext.getContext()); - waitThread.start(); - return null; - } else { - Vector v = new Vector(); - - for (int i = 0; i < mService.getNoOfRequiredAgents(); i++) { - String uid = req.getParameter(IN_UID + i); - String pwd = req.getParameter(IN_PWD + i); - - if (uid != null && pwd != null && !uid.equals("") - && !pwd.equals("")) { - v.addElement(new Credential(uid, pwd)); - } else { - header.addStringValue(OUT_ERROR, - "Uid(s) or password(s) are not provided"); - return null; - } - } - if (v.size() != mService.getNoOfRequiredAgents()) { - header.addStringValue(OUT_ERROR, - "Uid(s) or password(s) are not provided"); + waitThread.start(); + return null; + } else { + Vector v = new Vector(); + + for (int i = 0; i < mService.getNoOfRequiredAgents(); i++) { + String uid = req.getParameter(IN_UID + i); + String pwd = req.getParameter(IN_PWD + i); + + if (uid != null && pwd != null && !uid.equals("") && + !pwd.equals("")) { + v.addElement(new Credential(uid, pwd)); + } else { + header.addStringValue(OUT_ERROR, "Uid(s) or password(s) are not provided"); return null; } - creds = new Credential[v.size()]; - v.copyInto(creds); } + if (v.size() != mService.getNoOfRequiredAgents()) { + header.addStringValue(OUT_ERROR, "Uid(s) or password(s) are not provided"); + return null; + } + creds = new Credential[v.size()]; + v.copyInto(creds); + } - header.addStringValue(OUT_OP, req.getParameter(OUT_OP)); - header.addIntegerValue(OUT_SERIALNO, Integer.parseInt(seq)); - header.addStringValue(OUT_SERVICE_URL, req.getRequestURI()); - byte pkcs12[] = mService.doKeyRecovery(new BigInteger(seq), - creds, password, x509cert, delivery, nickname, agent); - - return pkcs12; - } else { + header.addStringValue(OUT_OP, + req.getParameter(OUT_OP)); + header.addIntegerValue(OUT_SERIALNO, + Integer.parseInt(seq)); + header.addStringValue(OUT_SERVICE_URL, + req.getRequestURI()); + byte pkcs12[] = mService.doKeyRecovery( + new BigInteger(seq), + creds, password, x509cert, + delivery, nickname, agent); + + return pkcs12; + } else { String recoveryID = req.getParameter("recoveryID"); if (recoveryID == null || recoveryID.equals("")) { @@ -423,13 +434,13 @@ public class RecoverBySerial extends CMSServlet { params.put("agent", agent); // new thread to wait for pk12 - Thread waitThread = new WaitApprovalThread(recoveryID, seq, - password, x509cert, delivery, nickname, + Thread waitThread = new WaitApprovalThread(recoveryID, + seq, password, x509cert, delivery, nickname, SessionContext.getContext()); waitThread.start(); return null; - } + } } catch (EBaseException e) { header.addStringValue(OUT_ERROR, e.toString(locale)); } catch (Exception e) { @@ -439,8 +450,8 @@ public class RecoverBySerial extends CMSServlet { } /** - * Wait approval thread. Wait for recovery agents' approval exit when - * required number of approval received + * Wait approval thread. Wait for recovery agents' approval + * exit when required number of approval received */ final class WaitApprovalThread extends Thread { String theRecoveryID = null; @@ -451,24 +462,24 @@ public class RecoverBySerial extends CMSServlet { String theNickname = null; SessionContext theSc = null; - /** + /** * Wait approval thread constructor including thread name */ public WaitApprovalThread(String recoveryID, String seq, - String password, X509CertImpl cert, String delivery, - String nickname, SessionContext sc) { + String password, X509CertImpl cert, + String delivery, String nickname, SessionContext sc) { super(); - super.setName("waitApproval." + recoveryID + "-" - + (Thread.activeCount() + 1)); + super.setName("waitApproval." + recoveryID + "-" + + (Thread.activeCount() + 1)); theRecoveryID = recoveryID; theSeq = seq; thePassword = password; theCert = cert; theDelivery = delivery; theNickname = nickname; - theSc = sc; + theSc = sc; } - + public void run() { SessionContext.setContext(theSc); Credential creds[] = null; @@ -476,17 +487,17 @@ public class RecoverBySerial extends CMSServlet { try { creds = mService.getDistributedCredentials(theRecoveryID); } catch (EBaseException e) { - String error = "Failed to get required approvals for recovery id " - + theRecoveryID + ".\nException: " + e.toString(); + String error = + "Failed to get required approvals for recovery id " + + theRecoveryID + ".\nException: " + e.toString(); - CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_KRA, - ILogger.LL_FAILURE, error); + CMS.getLogger().log(ILogger.EV_SYSTEM, + ILogger.S_KRA, ILogger.LL_FAILURE, error); try { - ((IKeyRecoveryAuthority) mService).createError( - theRecoveryID, error); + ((IKeyRecoveryAuthority) mService).createError(theRecoveryID, error); } catch (EBaseException eb) { - CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_KRA, - ILogger.LL_FAILURE, eb.toString()); + CMS.getLogger().log(ILogger.EV_SYSTEM, + ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString()); } return; } @@ -494,24 +505,25 @@ public class RecoverBySerial extends CMSServlet { SessionContext sContext = SessionContext.getContext(); try { - byte pkcs12[] = mService.doKeyRecovery(new BigInteger(theSeq), - creds, thePassword, theCert, theDelivery, theNickname, + byte pkcs12[] = mService.doKeyRecovery( + new BigInteger(theSeq), + creds, thePassword, theCert, + theDelivery, theNickname, (String) sContext.get(SessionContext.USER_ID)); - ((IKeyRecoveryAuthority) mService).createPk12(theRecoveryID, - pkcs12); + ((IKeyRecoveryAuthority) mService).createPk12(theRecoveryID, pkcs12); } catch (EBaseException e) { - String error = "Failed to recover key for recovery id " - + theRecoveryID + ".\nException: " + e.toString(); + String error = + "Failed to recover key for recovery id " + + theRecoveryID + ".\nException: " + e.toString(); - CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_KRA, - ILogger.LL_FAILURE, error); + CMS.getLogger().log(ILogger.EV_SYSTEM, + ILogger.S_KRA, ILogger.LL_FAILURE, error); try { - ((IKeyRecoveryAuthority) mService).createError( - theRecoveryID, error); + ((IKeyRecoveryAuthority) mService).createError(theRecoveryID, error); } catch (EBaseException eb) { - CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_KRA, - ILogger.LL_FAILURE, eb.toString()); + CMS.getLogger().log(ILogger.EV_SYSTEM, + ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString()); } } return; @@ -519,3 +531,4 @@ public class RecoverBySerial extends CMSServlet { } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/SrchKey.java b/pki/base/common/src/com/netscape/cms/servlet/key/SrchKey.java index 923ef031..c0fdd02e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/SrchKey.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/SrchKey.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; + import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -47,7 +48,7 @@ import com.netscape.cms.servlet.common.ECMSGWException; /** * Retrieve archived keys matching search criteria - * + * * @version $Revision$, $Date$ */ public class SrchKey extends CMSServlet { @@ -73,7 +74,7 @@ public class SrchKey extends CMSServlet { private final static String OUT_ERROR = "errorDetails"; private final static String OUT_ARCHIVER = "archiverName"; private final static String OUT_SERVICE_URL = "serviceURL"; - private final static String OUT_TOTAL_COUNT = "totalRecordCount"; + private final static String OUT_TOTAL_COUNT = "totalRecordCount"; private final static String OUT_TEMPLATE = "templateName"; private IKeyRepository mKeyDB = null; @@ -92,20 +93,20 @@ public class SrchKey extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "srchKey.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { super.init(sc); mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; - /* - * maxReturns doesn't seem to do anything useful in this servlet!!! - */ + /* maxReturns doesn't seem to do anything useful in this + servlet!!! */ try { - String tmp = sc.getInitParameter(PROP_MAX_SEARCH_RETURNS); + String tmp = + sc.getInitParameter(PROP_MAX_SEARCH_RETURNS); - if (tmp == null) + if (tmp == null) mMaxReturns = 100; else mMaxReturns = Integer.parseInt(tmp); @@ -131,20 +132,20 @@ public class SrchKey extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** * Process the HTTP request. * <ul> - * <li>http.param maxCount maximum number of matches to show in result - * <li>http.param maxResults maximum number of matches to run in ldapsearch - * <li>http.param queryFilter ldap-style filter to search with + * <li>http.param maxCount maximum number of matches to show in result + * <li>http.param maxResults maximum number of matches to run in ldapsearch + * <li>http.param queryFilter ldap-style filter to search with * <li>http.param querySentinel ID of first request to show - * <li>http.param timeLimit number of seconds to limit ldap search to + * <li>http.param timeLimit number of seconds to limit ldap search to * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -157,14 +158,14 @@ public class SrchKey extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "list"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "list"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -179,10 +180,9 @@ public class SrchKey extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, - e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } // process query if authentication is successful @@ -197,10 +197,12 @@ public class SrchKey extends CMSServlet { try { if (req.getParameter(IN_MAXCOUNT) != null) { - maxCount = Integer.parseInt(req.getParameter(IN_MAXCOUNT)); + maxCount = Integer.parseInt( + req.getParameter(IN_MAXCOUNT)); } if (req.getParameter(IN_SENTINEL) != null) { - sentinel = Integer.parseInt(req.getParameter(IN_SENTINEL)); + sentinel = Integer.parseInt( + req.getParameter(IN_SENTINEL)); } String maxResultsStr = req.getParameter("maxResults"); @@ -210,13 +212,12 @@ public class SrchKey extends CMSServlet { if (timeLimitStr != null && timeLimitStr.length() > 0) timeLimit = Integer.parseInt(timeLimitStr); - process(argSet, header, ctx, maxCount, maxResults, timeLimit, - sentinel, req.getParameter(IN_FILTER), req, resp, locale[0]); + process(argSet, header, ctx, maxCount, maxResults, + timeLimit, sentinel, + req.getParameter(IN_FILTER), req, resp, locale[0]); } catch (NumberFormatException e) { - header.addStringValue( - OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", - e.toString())); + header.addStringValue(OUT_ERROR, + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); } try { @@ -225,10 +226,10 @@ public class SrchKey extends CMSServlet { resp.setContentType("text/html"); form.renderOutput(out, argSet); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); } @@ -236,47 +237,54 @@ public class SrchKey extends CMSServlet { /** * Process the key search. */ - private void process(CMSTemplateParams argSet, IArgBlock header, - IArgBlock ctx, int maxCount, int maxResults, int timeLimit, - int sentinel, String filter, HttpServletRequest req, - HttpServletResponse resp, Locale locale) { + private void process(CMSTemplateParams argSet, + IArgBlock header, IArgBlock ctx, + int maxCount, int maxResults, int timeLimit, int sentinel, String filter, + HttpServletRequest req, HttpServletResponse resp, Locale locale) { try { // Fill header - header.addStringValue(OUT_OP, req.getParameter(OUT_OP)); - header.addStringValue(OUT_ARCHIVER, mAuthName.toString()); + header.addStringValue(OUT_OP, + req.getParameter(OUT_OP)); + header.addStringValue(OUT_ARCHIVER, + mAuthName.toString()); // STRANGE: IE does not like the following: - // header.addStringValue(OUT_SERVICE_URL, - // req.getRequestURI()); + // header.addStringValue(OUT_SERVICE_URL, + // req.getRequestURI()); // XXX - header.addStringValue(OUT_SERVICE_URL, "/kra?"); - header.addStringValue(OUT_TEMPLATE, TPL_FILE); - header.addStringValue(OUT_FILTER, filter); + header.addStringValue(OUT_SERVICE_URL, + "/kra?"); + header.addStringValue(OUT_TEMPLATE, + TPL_FILE); + header.addStringValue(OUT_FILTER, + filter); if (timeLimit == -1 || timeLimit > mTimeLimits) { - CMS.debug("Resetting timelimit from " + timeLimit + " to " - + mTimeLimits); + CMS.debug("Resetting timelimit from " + timeLimit + " to " + mTimeLimits); timeLimit = mTimeLimits; } CMS.debug("Start searching ... timelimit=" + timeLimit); - Enumeration e = mKeyDB.searchKeys(filter, maxResults, timeLimit); + Enumeration e = mKeyDB.searchKeys(filter, + maxResults, timeLimit); int count = 0; if (e == null) { - header.addStringValue(OUT_SENTINEL, null); + header.addStringValue(OUT_SENTINEL, + null); } else { while (e.hasMoreElements()) { - IKeyRecord rec = (IKeyRecord) e.nextElement(); + IKeyRecord rec = (IKeyRecord) + e.nextElement(); // rec is null when we specify maxResults // DS will return an err=4, which triggers // a LDAPException.SIZE_LIMIT_ExCEEDED // in DSSearchResults.java if (rec != null) { - IArgBlock rarg = CMS.createArgBlock(); + IArgBlock rarg = CMS.createArgBlock(); - KeyRecordParser.fillRecordIntoArg(rec, rarg); - argSet.addRepeatRecord(rarg); - count++; + KeyRecordParser.fillRecordIntoArg(rec, rarg); + argSet.addRepeatRecord(rarg); + count++; } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/SrchKeyForRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/SrchKeyForRecovery.java index c8ccfadf..56a1817e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/SrchKeyForRecovery.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/SrchKeyForRecovery.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; + import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -47,8 +48,8 @@ import com.netscape.cms.servlet.common.ECMSGWException; /** * Retrieve archived keys matching given public key material - * - * + * + * * @version $Revision$, $Date$ */ public class SrchKeyForRecovery extends CMSServlet { @@ -74,7 +75,7 @@ public class SrchKeyForRecovery extends CMSServlet { private final static String OUT_ERROR = "errorDetails"; private final static String OUT_ARCHIVER = "archiverName"; private final static String OUT_SERVICE_URL = "serviceURL"; - private final static String OUT_TOTAL_COUNT = "totalRecordCount"; + private final static String OUT_TOTAL_COUNT = "totalRecordCount"; private final static String OUT_TEMPLATE = "templateName"; private IKeyRepository mKeyDB = null; @@ -93,7 +94,7 @@ public class SrchKeyForRecovery extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "srchKeyForRecovery.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -101,9 +102,10 @@ public class SrchKeyForRecovery extends CMSServlet { mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; try { - String tmp = sc.getInitParameter(PROP_MAX_SEARCH_RETURNS); + String tmp = + sc.getInitParameter(PROP_MAX_SEARCH_RETURNS); - if (tmp == null) + if (tmp == null) mMaxReturns = 100; else mMaxReturns = Integer.parseInt(tmp); @@ -129,20 +131,20 @@ public class SrchKeyForRecovery extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** * Process the HTTP request. * <ul> - * <li>http.param maxCount maximum number of matches to show in result - * <li>http.param maxResults maximum number of matches to run in ldapsearch + * <li>http.param maxCount maximum number of matches to show in result + * <li>http.param maxResults maximum number of matches to run in ldapsearch * <li>http.param publicKeyData public key data to search on * <li>http.param querySentinel ID of first request to show - * <li>http.param timeLimit number of seconds to limit ldap search to + * <li>http.param timeLimit number of seconds to limit ldap search to * </ul> - * + * * @param cmsReq the object holding the request and response information */ @@ -155,14 +157,14 @@ public class SrchKeyForRecovery extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "list"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "list"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -177,12 +179,11 @@ public class SrchKeyForRecovery extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, - e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } - + // process query if authentication is successful IArgBlock header = CMS.createArgBlock(); IArgBlock ctx = CMS.createArgBlock(); @@ -196,10 +197,12 @@ public class SrchKeyForRecovery extends CMSServlet { try { if (req.getParameter(IN_MAXCOUNT) != null) { - maxCount = Integer.parseInt(req.getParameter(IN_MAXCOUNT)); + maxCount = Integer.parseInt( + req.getParameter(IN_MAXCOUNT)); } if (req.getParameter(IN_SENTINEL) != null) { - sentinel = Integer.parseInt(req.getParameter(IN_SENTINEL)); + sentinel = Integer.parseInt( + req.getParameter(IN_SENTINEL)); } String maxResultsStr = req.getParameter("maxResults"); @@ -209,71 +212,76 @@ public class SrchKeyForRecovery extends CMSServlet { if (timeLimitStr != null && timeLimitStr.length() > 0) timeLimit = Integer.parseInt(timeLimitStr); - process(argSet, header, ctx, maxCount, maxResults, timeLimit, - sentinel, req.getParameter("publicKeyData"), - req.getParameter(IN_FILTER), req, resp, locale[0]); + process(argSet, header, ctx, maxCount, maxResults, timeLimit, sentinel, + req.getParameter("publicKeyData"), req.getParameter(IN_FILTER), req, resp, locale[0]); } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); - error = new EBaseException(CMS.getUserMessage(getLocale(req), - "CMS_BASE_INVALID_NUMBER_FORMAT")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); + error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT")); } /* - * catch (Exception e) { error = new - * EBaseException(BaseResources.INTERNAL_ERROR_1, e); } + catch (Exception e) { + error = new EBaseException(BaseResources.INTERNAL_ERROR_1, e); + } */ try { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - ServletOutputStream out = resp.getOutputStream(); - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + ServletOutputStream out = resp.getOutputStream(); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } /** * Process the key search. */ - private void process(CMSTemplateParams argSet, IArgBlock header, - IArgBlock ctx, int maxCount, int maxResults, int timeLimit, - int sentinel, String publicKeyData, String filter, - HttpServletRequest req, HttpServletResponse resp, Locale locale) - throws EBaseException { + private void process(CMSTemplateParams argSet, + IArgBlock header, IArgBlock ctx, + int maxCount, int maxResults, int timeLimit, int sentinel, String publicKeyData, + String filter, + HttpServletRequest req, HttpServletResponse resp, Locale locale) + throws EBaseException { try { // Fill header - header.addStringValue(OUT_OP, req.getParameter(OUT_OP)); - header.addStringValue(OUT_ARCHIVER, mAuthName.toString()); + header.addStringValue(OUT_OP, + req.getParameter(OUT_OP)); + header.addStringValue(OUT_ARCHIVER, + mAuthName.toString()); // STRANGE: IE does not like the following: - // header.addStringValue(OUT_SERVICE_URL, - // req.getRequestURI()); + // header.addStringValue(OUT_SERVICE_URL, + // req.getRequestURI()); // XXX - header.addStringValue(OUT_SERVICE_URL, "/kra?"); - header.addStringValue(OUT_TEMPLATE, TPL_FILE); - header.addStringValue(OUT_FILTER, filter); + header.addStringValue(OUT_SERVICE_URL, + "/kra?"); + header.addStringValue(OUT_TEMPLATE, + TPL_FILE); + header.addStringValue(OUT_FILTER, + filter); if (publicKeyData != null) { - header.addStringValue("publicKeyData", publicKeyData); + header.addStringValue("publicKeyData", + publicKeyData); } if (timeLimit == -1 || timeLimit > mTimeLimits) { - CMS.debug("Resetting timelimit from " + timeLimit + " to " - + mTimeLimits); + CMS.debug("Resetting timelimit from " + timeLimit + " to " + mTimeLimits); timeLimit = mTimeLimits; } CMS.debug("Start searching ... timelimit=" + timeLimit); @@ -281,20 +289,22 @@ public class SrchKeyForRecovery extends CMSServlet { int count = 0; if (e == null) { - header.addStringValue(OUT_SENTINEL, null); + header.addStringValue(OUT_SENTINEL, + null); } else { while (e.hasMoreElements()) { - IKeyRecord rec = (IKeyRecord) e.nextElement(); + IKeyRecord rec = (IKeyRecord) + e.nextElement(); // rec is null when we specify maxResults // DS will return an err=4, which triggers - // a LDAPException.SIZE_LIMIT_ExCEEDED + // a LDAPException.SIZE_LIMIT_ExCEEDED // in DSSearchResults.java if (rec != null) { - IArgBlock rarg = CMS.createArgBlock(); + IArgBlock rarg = CMS.createArgBlock(); - KeyRecordParser.fillRecordIntoArg(rec, rarg); - argSet.addRepeatRecord(rarg); - count++; + KeyRecordParser.fillRecordIntoArg(rec, rarg); + argSet.addRepeatRecord(rarg); + count++; } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCAServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCAServlet.java index f228b2da..c365d0f8 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCAServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCAServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.ocsp; + import java.io.IOException; import java.math.BigInteger; import java.security.cert.X509Certificate; @@ -45,19 +46,22 @@ import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; import com.netscape.cmsutil.util.Cert; + /** * Configure the CA to respond to OCSP requests for a CA - * + * * @version $Revision$ $Date$ */ public class AddCAServlet extends CMSServlet { - + /** * */ private static final long serialVersionUID = 1065151608542115340L; - public static final String BEGIN_HEADER = "-----BEGIN CERTIFICATE-----"; - public static final String END_HEADER = "-----END CERTIFICATE-----"; + public static final String BEGIN_HEADER = + "-----BEGIN CERTIFICATE-----"; + public static final String END_HEADER = + "-----END CERTIFICATE-----"; public static final BigInteger BIG_ZERO = new BigInteger("0"); public static final Long MINUS_ONE = Long.valueOf(-1); @@ -66,8 +70,10 @@ public class AddCAServlet extends CMSServlet { private String mFormPath = null; private IOCSPAuthority mOCSPAuthority = null; - private final static String LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST = "LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_3"; - private final static String LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED = "LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED_3"; + private final static String LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST = + "LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_3"; + private final static String LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED = + "LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED_3"; public AddCAServlet() { super(); @@ -76,7 +82,7 @@ public class AddCAServlet extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "addCA.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -94,18 +100,19 @@ public class AddCAServlet extends CMSServlet { /** * Process the HTTP request. * <ul> - * <li>http.param cert ca certificate. The format is base-64, DER encoded, - * wrapped with -----BEGIN CERTIFICATE-----, -----END CERTIFICATE----- - * strings - * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST used when a CA - * is attempted to be added to the OCSP responder - * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED used - * when an add CA request to the OCSP Responder is processed + * <li>http.param cert ca certificate. The format is base-64, DER + * encoded, wrapped with -----BEGIN CERTIFICATE-----, + * -----END CERTIFICATE----- strings + * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST used when + * a CA is attempted to be added to the OCSP responder + * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED + * used when an add CA request to the OCSP Responder is processed * </ul> - * + * * @param cmsReq the object holding the request and response information */ - protected void process(CMSRequest cmsReq) throws EBaseException { + protected void process(CMSRequest cmsReq) + throws EBaseException { HttpServletRequest req = cmsReq.getHttpReq(); HttpServletResponse resp = cmsReq.getHttpResp(); String auditMessage = null; @@ -118,8 +125,8 @@ public class AddCAServlet extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "add"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "add"); } catch (Exception e) { // do nothing for now } @@ -136,21 +143,20 @@ public class AddCAServlet extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, - e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams argSet = new CMSTemplateParams(header, fixed); - if (auditSubjectID.equals(ILogger.NONROLEUSER) - || auditSubjectID.equals(ILogger.UNIDENTIFIED)) { + if (auditSubjectID.equals(ILogger.NONROLEUSER) || + auditSubjectID.equals(ILogger.UNIDENTIFIED)) { String uid = authToken.getInString(IAuthToken.USER_ID); if (uid != null) { - CMS.debug("AddCAServlet: auditSubjectID set to " + uid); + CMS.debug("AddCAServlet: auditSubjectID set to "+uid); auditSubjectID = uid; } } @@ -158,42 +164,47 @@ public class AddCAServlet extends CMSServlet { if (b64 == null) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST, auditSubjectID, - ILogger.FAILURE, ILogger.SIGNED_AUDIT_EMPTY_VALUE); + LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST, + auditSubjectID, + ILogger.FAILURE, + ILogger.SIGNED_AUDIT_EMPTY_VALUE); - audit(auditMessage); + audit( auditMessage ); - throw new ECMSGWException(CMS.getUserMessage(getLocale(req), - "CMS_GW_MISSING_CA_CERT")); + throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CA_CERT")); } auditCA = Cert.normalizeCertStr(Cert.stripCertBrackets(b64.trim())); // record the fact that a request to add CA is made auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST, auditSubjectID, - ILogger.SUCCESS, auditCA); + LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST, + auditSubjectID, + ILogger.SUCCESS, + auditCA); - audit(auditMessage); + audit( auditMessage ); if (b64.indexOf(BEGIN_HEADER) == -1) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, auditCASubjectDN); + LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditCASubjectDN); - audit(auditMessage); + audit( auditMessage ); - throw new ECMSGWException(CMS.getUserMessage(getLocale(req), - "CMS_GW_MISSING_CERT_HEADER")); + throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CERT_HEADER")); } if (b64.indexOf(END_HEADER) == -1) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, auditCASubjectDN); + LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditCASubjectDN); - audit(auditMessage); + audit( auditMessage ); - throw new ECMSGWException(CMS.getUserMessage(getLocale(req), - "CMS_GW_MISSING_CERT_FOOTER")); + throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CERT_FOOTER")); } IDefStore defStore = mOCSPAuthority.getDefaultStore(); @@ -204,15 +215,17 @@ public class AddCAServlet extends CMSServlet { try { X509Certificate cert = Cert.mapCert(b64); - if (cert == null) { - CMS.debug("AddCAServlet::process() - cert is null!"); + if( cert == null ) { + CMS.debug( "AddCAServlet::process() - cert is null!" ); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, auditCASubjectDN); + LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditCASubjectDN); - audit(auditMessage); + audit( auditMessage ); - throw new EBaseException("cert is null"); + throw new EBaseException( "cert is null" ); } else { certs = new X509Certificate[1]; } @@ -226,8 +239,7 @@ public class AddCAServlet extends CMSServlet { try { // this could be a chain certs = Cert.mapCertFromPKCS7(b64); - if (certs[0].getSubjectDN().getName() - .equals(certs[0].getIssuerDN().getName())) { + if (certs[0].getSubjectDN().getName().equals(certs[0].getIssuerDN().getName())) { leafCert = certs[certs.length - 1]; } else { leafCert = certs[0]; @@ -235,13 +247,15 @@ public class AddCAServlet extends CMSServlet { auditCASubjectDN = leafCert.getSubjectDN().getName(); } catch (Exception e) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, auditCASubjectDN); + LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditCASubjectDN); - audit(auditMessage); + audit( auditMessage ); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR")); + CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR")); } } if (certs != null && certs.length > 0) { @@ -250,29 +264,32 @@ public class AddCAServlet extends CMSServlet { // (2) store certificate (and certificate chain) into // database ICRLIssuingPointRecord rec = defStore.createCRLIssuingPointRecord( - leafCert.getSubjectDN().getName(), BIG_ZERO, MINUS_ONE, - null, null); + leafCert.getSubjectDN().getName(), + BIG_ZERO, + MINUS_ONE, null, null); try { - rec.set(ICRLIssuingPointRecord.ATTR_CA_CERT, - leafCert.getEncoded()); + rec.set(ICRLIssuingPointRecord.ATTR_CA_CERT, leafCert.getEncoded()); } catch (Exception e) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, auditCASubjectDN); + LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditCASubjectDN); - audit(auditMessage); + audit( auditMessage ); // error } defStore.addCRLIssuingPoint(leafCert.getSubjectDN().getName(), rec); - log(ILogger.EV_AUDIT, AuditFormat.LEVEL, "Added CA certificate " - + leafCert.getSubjectDN().getName()); + log(ILogger.EV_AUDIT, AuditFormat.LEVEL, "Added CA certificate " + leafCert.getSubjectDN().getName()); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, - auditSubjectID, ILogger.SUCCESS, auditCASubjectDN); + LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, + auditSubjectID, + ILogger.SUCCESS, + auditCASubjectDN); - audit(auditMessage); + audit( auditMessage ); } try { @@ -280,18 +297,18 @@ public class AddCAServlet extends CMSServlet { String error = null; String xmlOutput = req.getParameter("xml"); - if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); - } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); - } + if (xmlOutput != null && xmlOutput.equals("true")) { + outputXML(resp, argSet); + } else { + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); + } } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java index 0f8ad1b4..029d396b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.ocsp; + import java.io.IOException; import java.math.BigInteger; import java.security.cert.CRLException; @@ -54,9 +55,10 @@ import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; import com.netscape.cmsutil.util.Cert; + /** * Update the OCSP responder with a new CRL - * + * * @version $Revision$ $Date$ */ public class AddCRLServlet extends CMSServlet { @@ -65,15 +67,19 @@ public class AddCRLServlet extends CMSServlet { * */ private static final long serialVersionUID = 1476080474638590902L; - public static final String BEGIN_HEADER = "-----BEGIN CERTIFICATE REVOCATION LIST-----"; - public static final String END_HEADER = "-----END CERTIFICATE REVOCATION LIST-----"; + public static final String BEGIN_HEADER = + "-----BEGIN CERTIFICATE REVOCATION LIST-----"; + public static final String END_HEADER = + "-----END CERTIFICATE REVOCATION LIST-----"; private final static String TPL_FILE = "addCRL.template"; private String mFormPath = null; private IOCSPAuthority mOCSPAuthority = null; - private final static String LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL = "LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL_3"; - private final static String LOGGING_SIGNED_AUDIT_CRL_VALIDATION = "LOGGING_SIGNED_AUDIT_CRL_VALIDATION_2"; + private final static String LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL = + "LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL_3"; + private final static String LOGGING_SIGNED_AUDIT_CRL_VALIDATION = + "LOGGING_SIGNED_AUDIT_CRL_VALIDATION_2"; public AddCRLServlet() { super(); @@ -82,7 +88,7 @@ public class AddCRLServlet extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "addCRL.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -99,32 +105,31 @@ public class AddCRLServlet extends CMSServlet { /** * Process the HTTP request. * <P> - * + * * <ul> * <li>http.param crl certificate revocation list, base-64, DER encoded - * wrapped in -----BEGIN CERTIFICATE REVOCATION LIST-----, -----END - * CERTIFICATE REVOCATION LIST----- strings + * wrapped in -----BEGIN CERTIFICATE REVOCATION LIST-----, + * -----END CERTIFICATE REVOCATION LIST----- strings * <li>http.param noui if true, use minimal hardcoded text response * <li>signed.audit LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL used when CRLs are * retrieved by the OCSP Responder ("agent" or "EE") * <li>signed.audit LOGGING_SIGNED_AUDIT_CRL_VALIDATION used when CRL is * retrieved and validation process occurs ("agent" or "EE") * </ul> - * * @param cmsReq the object holding the request and response information * @exception EBaseException an error has occurred */ protected synchronized void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { boolean CRLFetched = false; boolean CRLValidated = false; String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditCRLNum = ILogger.SIGNED_AUDIT_EMPTY_VALUE; - IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats"); + IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats"); if (statsSub != null) { - statsSub.startTiming("add_crl", true /* main action */); + statsSub.startTiming("add_crl", true /* main action */); } try { @@ -137,7 +142,7 @@ public class AddCRLServlet extends CMSServlet { try { authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "add"); + mAuthzResourceName, "add"); } catch (Exception e) { // do nothing for now } @@ -147,39 +152,42 @@ public class AddCRLServlet extends CMSServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, auditSubjectID, - ILogger.FAILURE, auditCRLNum); + LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, + auditSubjectID, + ILogger.FAILURE, + auditCRLNum ); - audit(auditMessage); + audit( auditMessage ); return; } - if (auditSubjectID.equals(ILogger.NONROLEUSER) - || auditSubjectID.equals(ILogger.UNIDENTIFIED)) { + if (auditSubjectID.equals(ILogger.NONROLEUSER) || + auditSubjectID.equals(ILogger.UNIDENTIFIED)) { if (authToken != null) { String uid = authToken.getInString(IAuthToken.USER_ID); if (uid != null) { - CMS.debug("AddCAServlet: auditSubjectID set to " + uid); + CMS.debug("AddCAServlet: auditSubjectID set to "+uid); auditSubjectID = uid; } - } + } } log(ILogger.LL_INFO, "AddCRLServlet"); String b64 = cmsReq.getHttpReq().getParameter("crl"); - if (CMS.debugOn()) - CMS.debug("AddCRLServlet: b64=" + b64); + if (CMS.debugOn()) CMS.debug("AddCRLServlet: b64=" + b64); if (b64 == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, auditSubjectID, - ILogger.FAILURE, auditCRLNum); + LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, + auditSubjectID, + ILogger.FAILURE, + auditCRLNum ); - audit(auditMessage); + audit( auditMessage ); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_CRL")); + CMS.getUserMessage("CMS_GW_MISSING_CRL")); } String nouiParm = cmsReq.getHttpReq().getParameter("noui"); @@ -200,18 +208,21 @@ public class AddCRLServlet extends CMSServlet { form = getTemplate(mFormPath, req, locale); } } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, + e.toString())); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, auditSubjectID, - ILogger.FAILURE, auditCRLNum); + LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, + auditSubjectID, + ILogger.FAILURE, + auditCRLNum ); - audit(auditMessage); + audit( auditMessage ); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -220,31 +231,35 @@ public class AddCRLServlet extends CMSServlet { if (b64.indexOf(BEGIN_HEADER) == -1) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CRL_HEADER")); + CMS.getLogMessage("CMSGW_MISSING_CRL_HEADER")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, auditSubjectID, - ILogger.FAILURE, auditCRLNum); + LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, + auditSubjectID, + ILogger.FAILURE, + auditCRLNum ); - audit(auditMessage); + audit( auditMessage ); throw new ECMSGWException(CMS.getUserMessage(getLocale(req), - "CMS_GW_MISSING_CRL_HEADER")); + "CMS_GW_MISSING_CRL_HEADER")); } if (b64.indexOf(END_HEADER) == -1) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CRL_FOOTER")); + CMS.getLogMessage("CMSGW_MISSING_CRL_FOOTER")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, auditSubjectID, - ILogger.FAILURE, auditCRLNum); + LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, + auditSubjectID, + ILogger.FAILURE, + auditCRLNum ); - audit(auditMessage); + audit( auditMessage ); throw new ECMSGWException(CMS.getUserMessage(getLocale(req), - "CMS_GW_MISSING_CRL_FOOTER")); + "CMS_GW_MISSING_CRL_FOOTER")); } IDefStore defStore = mOCSPAuthority.getDefaultStore(); @@ -255,28 +270,30 @@ public class AddCRLServlet extends CMSServlet { long startTime = CMS.getCurrentDate().getTime(); CMS.debug("AddCRLServlet: mapCRL start startTime=" + startTime); if (statsSub != null) { - statsSub.startTiming("decode_crl"); + statsSub.startTiming("decode_crl"); } - crl = mapCRL1(b64); + crl = mapCRL1( b64 ); if (statsSub != null) { - statsSub.endTiming("decode_crl"); + statsSub.endTiming("decode_crl"); } long endTime = CMS.getCurrentDate().getTime(); - CMS.debug("AddCRLServlet: mapCRL done endTime=" + endTime - + " diff=" + (endTime - startTime)); + CMS.debug("AddCRLServlet: mapCRL done endTime=" + endTime + + " diff=" + (endTime - startTime)); // Retrieve the actual CRL number BigInteger crlNum = crl.getCRLNumber(); - if (crlNum != null) { + if( crlNum != null ) { auditCRLNum = crlNum.toString(); } // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, auditSubjectID, - ILogger.SUCCESS, auditCRLNum); + LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, + auditSubjectID, + ILogger.SUCCESS, + auditCRLNum ); - audit(auditMessage); + audit( auditMessage ); // acknowledge that the CRL has been retrieved CRLFetched = true; @@ -285,117 +302,121 @@ public class AddCRLServlet extends CMSServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, auditSubjectID, - ILogger.FAILURE, auditCRLNum); + LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, + auditSubjectID, + ILogger.FAILURE, + auditCRLNum ); - audit(auditMessage); + audit( auditMessage ); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR")); + CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR")); } - log(ILogger.LL_INFO, "AddCRLServlet: CRL Issuer DN " - + crl.getIssuerDN().getName()); + log(ILogger.LL_INFO, "AddCRLServlet: CRL Issuer DN " + + crl.getIssuerDN().getName()); ICRLIssuingPointRecord pt = null; try { - pt = defStore.readCRLIssuingPoint(crl.getIssuerDN().getName()); + pt = defStore.readCRLIssuingPoint( + crl.getIssuerDN().getName()); } catch (Exception e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_NO_CRL_ISSUING_POINT_FOUND", crl.getIssuerDN() - .getName())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT_FOUND", + crl.getIssuerDN().getName())); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_VALIDATION, auditSubjectID, - ILogger.FAILURE); + LOGGING_SIGNED_AUDIT_CRL_VALIDATION, + auditSubjectID, + ILogger.FAILURE ); - audit(auditMessage); + audit( auditMessage ); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR")); + CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR")); } - log(ILogger.LL_INFO, - "AddCRLServlet: IssuingPoint " + pt.getThisUpdate()); + log(ILogger.LL_INFO, "AddCRLServlet: IssuingPoint " + + pt.getThisUpdate()); // verify CRL byte caCertData[] = pt.getCACert(); if (caCertData != null) { - try { - X509CertImpl caCert = new X509CertImpl(caCertData); - CMS.debug("AddCRLServlet: start verify"); + try { + X509CertImpl caCert = new X509CertImpl(caCertData); + CMS.debug("AddCRLServlet: start verify"); - CryptoManager cmanager = CryptoManager.getInstance(); - org.mozilla.jss.crypto.X509Certificate jssCert = null; - try { - jssCert = cmanager.importCACertPackage(caCert - .getEncoded()); - } catch (Exception e2) { - CMS.debug("AddCRLServlet: importCACertPackage " - + e2.toString()); - throw new EBaseException(e2.toString()); - } + CryptoManager cmanager = CryptoManager.getInstance(); + org.mozilla.jss.crypto.X509Certificate jssCert = null; + try { + jssCert = cmanager.importCACertPackage( + caCert.getEncoded()); + } catch (Exception e2) { + CMS.debug("AddCRLServlet: importCACertPackage " + + e2.toString()); + throw new EBaseException( e2.toString() ); + } - if (statsSub != null) { - statsSub.startTiming("verify_crl"); - } - crl.verify(jssCert.getPublicKey(), "Mozilla-JSS"); - if (statsSub != null) { - statsSub.endTiming("verify_crl"); - } - CMS.debug("AddCRLServlet: done verify"); + if (statsSub != null) { + statsSub.startTiming("verify_crl"); + } + crl.verify(jssCert.getPublicKey(), "Mozilla-JSS"); + if (statsSub != null) { + statsSub.endTiming("verify_crl"); + } + CMS.debug("AddCRLServlet: done verify"); - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_VALIDATION, - auditSubjectID, ILogger.SUCCESS); + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CRL_VALIDATION, + auditSubjectID, + ILogger.SUCCESS ); - audit(auditMessage); + audit( auditMessage ); - // acknowledge that the CRL has been validated - CRLValidated = true; - } catch (Exception e) { - CMS.debug("AddCRLServlet: failed to verify CRL " - + e.toString()); - CMS.debug(e); - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_NO_CRL_ISSUING_POINT_FOUND", crl - .getIssuerDN().getName())); + // acknowledge that the CRL has been validated + CRLValidated = true; + } catch (Exception e) { + CMS.debug("AddCRLServlet: failed to verify CRL " + e.toString()); + CMS.debug(e); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT_FOUND", + crl.getIssuerDN().getName())); - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_VALIDATION, - auditSubjectID, ILogger.FAILURE); + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CRL_VALIDATION, + auditSubjectID, + ILogger.FAILURE ); - audit(auditMessage); + audit( auditMessage ); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR")); - } + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR")); + } } - if ((pt.getThisUpdate() != null) - && (pt.getThisUpdate().getTime() >= crl.getThisUpdate() - .getTime())) { + if ((pt.getThisUpdate() != null) && + (pt.getThisUpdate().getTime() >= + crl.getThisUpdate().getTime())) { // error, the uploaded CRL is older than the current CMS.debug("AddCRLServlet: no update, CRL is older"); log(ILogger.LL_INFO, - "AddCRLServlet: no update, received CRL is older " - + "than current CRL"); + "AddCRLServlet: no update, received CRL is older " + + "than current CRL"); if (noUI) { try { resp.setContentType("application/text"); - resp.getOutputStream().write("status=1\n".getBytes()); + resp.getOutputStream().write("status=1\n".getBytes()); resp.getOutputStream().write( - "error=Sent CRL is older than the current CRL\n" - .getBytes()); + "error=Sent CRL is older than the current CRL\n".getBytes()); resp.getOutputStream().flush(); cmsReq.setStatus(CMSRequest.SUCCESS); - // NOTE: The signed audit events - // LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL and - // LOGGING_SIGNED_AUDIT_CRL_VALIDATION have - // already been logged at this point! + // NOTE: The signed audit events + // LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL and + // LOGGING_SIGNED_AUDIT_CRL_VALIDATION have + // already been logged at this point! return; } catch (Exception e) { @@ -403,28 +424,26 @@ public class AddCRLServlet extends CMSServlet { } else { CMS.debug("AddCRLServlet: CRL is older"); - // NOTE: The signed audit events - // LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL and - // LOGGING_SIGNED_AUDIT_CRL_VALIDATION have - // already been logged at this point! + // NOTE: The signed audit events + // LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL and + // LOGGING_SIGNED_AUDIT_CRL_VALIDATION have + // already been logged at this point! - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_OLD_CRL_ERROR")); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_OLD_CRL_ERROR")); } } if (crl.isDeltaCRL()) { CMS.debug("AddCRLServlet: no update, Delta CRLs are not supported."); - log(ILogger.LL_INFO, - "AddCRLServlet: no update, " - + CMS.getUserMessage("CMS_GW_DELTA_CRL_NOT_SUPPORTED")); + log(ILogger.LL_INFO, "AddCRLServlet: no update, "+ + CMS.getUserMessage("CMS_GW_DELTA_CRL_NOT_SUPPORTED")); if (noUI) { try { resp.setContentType("application/text"); - resp.getOutputStream().write("status=1\n".getBytes()); + resp.getOutputStream().write("status=1\n".getBytes()); resp.getOutputStream().write( - "error=Delta CRLs are not supported.\n" - .getBytes()); + "error=Delta CRLs are not supported.\n".getBytes()); resp.getOutputStream().flush(); cmsReq.setStatus(CMSRequest.SUCCESS); @@ -432,8 +451,7 @@ public class AddCRLServlet extends CMSServlet { } catch (Exception e) { } } else { - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DELTA_CRL_NOT_SUPPORTED")); + throw new ECMSGWException(CMS.getUserMessage("CMS_GW_DELTA_CRL_NOT_SUPPORTED")); } } @@ -447,25 +465,26 @@ public class AddCRLServlet extends CMSServlet { IRepositoryRecord repRec = defStore.createRepositoryRecord(); - repRec.set( - IRepositoryRecord.ATTR_SERIALNO, - new BigInteger(Long.toString(crl.getThisUpdate().getTime()))); + repRec.set(IRepositoryRecord.ATTR_SERIALNO, + new BigInteger(Long.toString(crl.getThisUpdate().getTime()))); try { - defStore.addRepository(crl.getIssuerDN().getName(), - Long.toString(crl.getThisUpdate().getTime()), repRec); - log(ILogger.EV_AUDIT, AuditFormat.LEVEL, "Added CRL Updated " - + Long.toString(crl.getThisUpdate().getTime())); + defStore.addRepository( + crl.getIssuerDN().getName(), + Long.toString(crl.getThisUpdate().getTime()), + repRec); + log(ILogger.EV_AUDIT, AuditFormat.LEVEL, "Added CRL Updated " + + Long.toString(crl.getThisUpdate().getTime())); } catch (Exception e) { - CMS.debug("AddCRLServlet: add repository e=" + e.toString()); + CMS.debug("AddCRLServlet: add repository e=" + e.toString()); } - log(ILogger.LL_INFO, "AddCRLServlet: Created CRL Repository " - + Long.toString(crl.getThisUpdate().getTime())); + log(ILogger.LL_INFO, "AddCRLServlet: Created CRL Repository " + + Long.toString(crl.getThisUpdate().getTime())); if (defStore.waitOnCRLUpdate()) { defStore.updateCRL(crl); } else { - // when the CRL large, the thread is terminiated by the - // servlet framework before it can finish its work + // when the CRL large, the thread is terminiated by the + // servlet framework before it can finish its work UpdateCRLThread uct = new UpdateCRLThread(defStore, crl); uct.start(); @@ -477,61 +496,64 @@ public class AddCRLServlet extends CMSServlet { if (noUI) { CMS.debug("AddCRLServlet: return result noUI=true"); resp.setContentType("application/text"); - resp.getOutputStream().write("status=0".getBytes()); + resp.getOutputStream().write("status=0".getBytes()); resp.getOutputStream().flush(); cmsReq.setStatus(CMSRequest.SUCCESS); } else { CMS.debug("AddCRLServlet: return result noUI=false"); String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } } catch (IOException e) { CMS.debug("AddCRLServlet: return result error=" + e.toString()); - mOCSPAuthority.log( - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", - e.toString())); + mOCSPAuthority.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", + e.toString())); - // NOTE: The signed audit events - // LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL and - // LOGGING_SIGNED_AUDIT_CRL_VALIDATION have - // already been logged at this point! + // NOTE: The signed audit events + // LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL and + // LOGGING_SIGNED_AUDIT_CRL_VALIDATION have + // already been logged at this point! throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } - } catch (EBaseException eAudit1) { - if (!CRLFetched) { + } catch( EBaseException eAudit1 ) { + if( !CRLFetched ) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, auditSubjectID, - ILogger.FAILURE, auditCRLNum); + LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, + auditSubjectID, + ILogger.FAILURE, + auditCRLNum ); - audit(auditMessage); + audit( auditMessage ); } else { - if (!CRLValidated) { + if( !CRLValidated ) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_VALIDATION, - auditSubjectID, ILogger.FAILURE); + LOGGING_SIGNED_AUDIT_CRL_VALIDATION, + auditSubjectID, + ILogger.FAILURE ); - audit(auditMessage); + audit( auditMessage ); } } throw eAudit1; } if (statsSub != null) { - statsSub.endTiming("add_crl"); + statsSub.endTiming("add_crl"); } } - public X509CRLImpl mapCRL1(String mime64) throws IOException { + public X509CRLImpl mapCRL1(String mime64) + throws IOException { mime64 = Cert.stripCRLBrackets(mime64.trim()); byte rawPub[] = CMS.AtoB(mime64); @@ -546,19 +568,21 @@ public class AddCRLServlet extends CMSServlet { } } + class UpdateCRLThread extends Thread { private IDefStore mDefStore = null; private X509CRL mCRL = null; - public UpdateCRLThread(IDefStore defStore, X509CRL crl) { + public UpdateCRLThread( + IDefStore defStore, X509CRL crl) { mDefStore = defStore; mCRL = crl; } public void run() { try { - if (!((X509CRLImpl) mCRL).areEntriesIncluded()) - mCRL = new X509CRLImpl(((X509CRLImpl) mCRL).getEncoded()); + if (!((X509CRLImpl)mCRL).areEntriesIncluded()) + mCRL = new X509CRLImpl(((X509CRLImpl)mCRL).getEncoded()); mDefStore.updateCRL(mCRL); } catch (CRLException e) { } catch (X509ExtensionException e) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/CheckCertServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/CheckCertServlet.java index 47236045..3e5d1f49 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/CheckCertServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/CheckCertServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.ocsp; + import java.io.IOException; import java.security.cert.X509CRLEntry; import java.security.cert.X509Certificate; @@ -47,9 +48,10 @@ import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; import com.netscape.cmsutil.util.Cert; + /** - * Check the status of a specific certificate - * + * Check the status of a specific certificate + * * @version $Revision$ $Date$ */ public class CheckCertServlet extends CMSServlet { @@ -58,8 +60,10 @@ public class CheckCertServlet extends CMSServlet { * */ private static final long serialVersionUID = 7782198059640825050L; - public static final String BEGIN_HEADER = "-----BEGIN CERTIFICATE-----"; - public static final String END_HEADER = "-----END CERTIFICATE-----"; + public static final String BEGIN_HEADER = + "-----BEGIN CERTIFICATE-----"; + public static final String END_HEADER = + "-----END CERTIFICATE-----"; public static final String ATTR_STATUS = "status"; public static final String ATTR_ISSUERDN = "issuerDN"; @@ -81,7 +85,7 @@ public class CheckCertServlet extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "checkCert.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -98,13 +102,14 @@ public class CheckCertServlet extends CMSServlet { /** * Process the HTTP request. * <ul> - * <li>http.param cert certificate to check. Base64, DER encoded, wrapped in - * -----BEGIN CERTIFICATE-----, -----END CERTIFICATE----- strings + * <li>http.param cert certificate to check. Base64, DER encoded, wrapped + * in -----BEGIN CERTIFICATE-----, -----END CERTIFICATE----- strings * </ul> - * + * * @param cmsReq the object holding the request and response information */ - protected void process(CMSRequest cmsReq) throws EBaseException { + protected void process(CMSRequest cmsReq) + throws EBaseException { HttpServletRequest req = cmsReq.getHttpReq(); HttpServletResponse resp = cmsReq.getHttpResp(); @@ -113,8 +118,8 @@ public class CheckCertServlet extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "validate"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "validate"); } catch (Exception e) { // do nothing for now } @@ -131,10 +136,9 @@ public class CheckCertServlet extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, - e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -147,14 +151,12 @@ public class CheckCertServlet extends CMSServlet { if (b64.indexOf(BEGIN_HEADER) == -1) { // error - throw new ECMSGWException(CMS.getUserMessage(getLocale(req), - "CMS_GW_MISSING_CERT_HEADER")); + throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CERT_HEADER")); } if (b64.indexOf(END_HEADER) == -1) { // error - throw new ECMSGWException(CMS.getUserMessage(getLocale(req), - "CMS_GW_MISSING_CERT_FOOTER")); + throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CERT_FOOTER")); } X509Certificate cert = null; @@ -162,27 +164,23 @@ public class CheckCertServlet extends CMSServlet { try { cert = Cert.mapCert(b64); } catch (Exception e) { - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DECODING_CERT_ERROR")); + throw new ECMSGWException(CMS.getUserMessage("CMS_GW_DECODING_CERT_ERROR")); } if (cert == null) { - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DECODING_CERT_ERROR")); + throw new ECMSGWException(CMS.getUserMessage("CMS_GW_DECODING_CERT_ERROR")); } - ICRLIssuingPointRecord pt = defStore.readCRLIssuingPoint(cert - .getIssuerDN().getName()); + ICRLIssuingPointRecord pt = defStore.readCRLIssuingPoint( + cert.getIssuerDN().getName()); header.addStringValue(ATTR_ISSUERDN, cert.getIssuerDN().getName()); header.addStringValue(ATTR_SUBJECTDN, cert.getSubjectDN().getName()); - header.addStringValue(ATTR_SERIALNO, "0x" - + cert.getSerialNumber().toString(16)); + header.addStringValue(ATTR_SERIALNO, "0x" + cert.getSerialNumber().toString(16)); try { - X509CRLImpl crl = null; + X509CRLImpl crl = null; - crl = new X509CRLImpl(pt.getCRL()); - X509CRLEntry crlentry = crl.getRevokedCertificate(cert - .getSerialNumber()); + crl = new X509CRLImpl(pt.getCRL()); + X509CRLEntry crlentry = crl.getRevokedCertificate(cert.getSerialNumber()); if (crlentry == null) { if (defStore.isNotFoundGood()) { @@ -196,27 +194,25 @@ public class CheckCertServlet extends CMSServlet { } catch (Exception e) { header.addStringValue(ATTR_STATUS, STATUS_UNKNOWN); } - log(ILogger.EV_AUDIT, AuditFormat.LEVEL, "Checked Certificate Status " - + cert.getIssuerDN().getName() + " " - + cert.getSerialNumber().toString()); + log(ILogger.EV_AUDIT, AuditFormat.LEVEL, "Checked Certificate Status " + cert.getIssuerDN().getName() + " " + cert.getSerialNumber().toString()); try { ServletOutputStream out = resp.getOutputStream(); String error = null; String xmlOutput = req.getParameter("xml"); - if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); - } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); - } + if (xmlOutput != null && xmlOutput.equals("true")) { + outputXML(resp, argSet); + } else { + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); + } } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/GetOCSPInfo.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/GetOCSPInfo.java index e9530c74..704c759c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/GetOCSPInfo.java +++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/GetOCSPInfo.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.ocsp; + import java.io.IOException; import java.util.Locale; @@ -40,9 +41,11 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; + /** - * Retrieve information about the number of OCSP requests the OCSP has serviced - * + * Retrieve information about the number of OCSP requests the OCSP + * has serviced + * * @version $Revision$, $Date$ */ public class GetOCSPInfo extends CMSServlet { @@ -58,9 +61,9 @@ public class GetOCSPInfo extends CMSServlet { } /** - * initialize the servlet. This servlet uses the template file - * "getOCSPInfo.template" to render the result page. - * + * initialize the servlet. This servlet uses the template + * file "getOCSPInfo.template" to render the result page. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -76,12 +79,14 @@ public class GetOCSPInfo extends CMSServlet { } + /** - * Process the HTTP request. - * + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information */ - protected void process(CMSRequest cmsReq) throws EBaseException { + protected void process(CMSRequest cmsReq) + throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -89,14 +94,14 @@ public class GetOCSPInfo extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "read"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -108,10 +113,9 @@ public class GetOCSPInfo extends CMSServlet { IArgBlock args = cmsReq.getHttpParams(); if (!(mAuthority instanceof IOCSPService)) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP")); - cmsReq.setError(new ECMSGWException(CMS - .getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED"))); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP")); + cmsReq.setError(new ECMSGWException( + CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -122,11 +126,10 @@ public class GetOCSPInfo extends CMSServlet { try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, - e.toString())); - cmsReq.setError(new ECMSGWException(CMS - .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + cmsReq.setError(new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -144,9 +147,8 @@ public class GetOCSPInfo extends CMSServlet { header.addLongValue("totalData", ca.getOCSPTotalData()); long secs = 0; if (ca.getOCSPRequestTotalTime() != 0) { - secs = (ca.getNumOCSPRequest() * 1000) - / ca.getOCSPRequestTotalTime(); - } + secs = (ca.getNumOCSPRequest() * 1000) / ca.getOCSPRequestTotalTime(); + } header.addLongValue("ReqSec", secs); try { ServletOutputStream out = httpResp.getOutputStream(); @@ -155,10 +157,10 @@ public class GetOCSPInfo extends CMSServlet { form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); - cmsReq.setError(new ECMSGWException(CMS - .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + cmsReq.setError(new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); } cmsReq.setStatus(CMSRequest.SUCCESS); diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/ListCAServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/ListCAServlet.java index d74938b8..063d8513 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/ListCAServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/ListCAServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.ocsp; + import java.io.IOException; import java.math.BigInteger; import java.util.Date; @@ -44,9 +45,10 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; + /** * Show the list of CA's that the OCSP responder can service - * + * * @version $Revision$ $Date$ */ public class ListCAServlet extends CMSServlet { @@ -55,8 +57,10 @@ public class ListCAServlet extends CMSServlet { * */ private static final long serialVersionUID = 3764395161795483452L; - public static final String BEGIN_HEADER = "-----BEGIN CERTIFICATE-----"; - public static final String END_HEADER = "-----END CERTIFICATE-----"; + public static final String BEGIN_HEADER = + "-----BEGIN CERTIFICATE-----"; + public static final String END_HEADER = + "-----END CERTIFICATE-----"; private final static String TPL_FILE = "listCAs.template"; private String mFormPath = null; @@ -69,7 +73,7 @@ public class ListCAServlet extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "listCAs.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -85,10 +89,11 @@ public class ListCAServlet extends CMSServlet { /** * Process the HTTP request. - * + * * @param cmsReq the object holding the request and response information */ - protected void process(CMSRequest cmsReq) throws EBaseException { + protected void process(CMSRequest cmsReq) + throws EBaseException { HttpServletRequest req = cmsReq.getHttpReq(); HttpServletResponse resp = cmsReq.getHttpResp(); @@ -97,8 +102,8 @@ public class ListCAServlet extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "list"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "list"); } catch (Exception e) { // do nothing for now } @@ -115,10 +120,9 @@ public class ListCAServlet extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, - e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -129,12 +133,12 @@ public class ListCAServlet extends CMSServlet { Enumeration recs = defStore.searchAllCRLIssuingPointRecord(100); // show the current CRL number if present - header.addStringValue("stateCount", - Integer.toString(defStore.getStateCount())); + header.addStringValue("stateCount", + Integer.toString(defStore.getStateCount())); while (recs.hasMoreElements()) { - ICRLIssuingPointRecord rec = (ICRLIssuingPointRecord) recs - .nextElement(); + ICRLIssuingPointRecord rec = + (ICRLIssuingPointRecord) recs.nextElement(); IArgBlock rarg = CMS.createArgBlock(); String thisId = rec.getId(); @@ -159,17 +163,17 @@ public class ListCAServlet extends CMSServlet { rarg.addLongValue("NumRevoked", 0); } else { if (rc.longValue() == -1) { - rarg.addStringValue("NumRevoked", "UNKNOWN"); - } else { - rarg.addLongValue("NumRevoked", rc.longValue()); + rarg.addStringValue("NumRevoked", "UNKNOWN"); + } else { + rarg.addLongValue("NumRevoked", rc.longValue()); } } BigInteger crlNumber = rec.getCRLNumber(); if (crlNumber == null || crlNumber.equals(new BigInteger("-1"))) { - rarg.addStringValue("CRLNumber", "UNKNOWN"); + rarg.addStringValue("CRLNumber", "UNKNOWN"); } else { - rarg.addStringValue("CRLNumber", crlNumber.toString()); + rarg.addStringValue("CRLNumber", crlNumber.toString()); } rarg.addLongValue("ReqCount", defStore.getReqCount(thisId)); @@ -181,18 +185,18 @@ public class ListCAServlet extends CMSServlet { String error = null; String xmlOutput = req.getParameter("xml"); - if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); - } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); - } + if (xmlOutput != null && xmlOutput.equals("true")) { + outputXML(resp, argSet); + } else { + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); + } } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/OCSPServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/OCSPServlet.java index c1f8b3d0..cfc91975 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/OCSPServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/OCSPServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.ocsp; + import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.InputStream; @@ -46,10 +47,11 @@ import com.netscape.cmsutil.ocsp.ResponseData; import com.netscape.cmsutil.ocsp.SingleResponse; import com.netscape.cmsutil.ocsp.TBSRequest; + /** - * Process OCSP messages, According to RFC 2560 See - * http://www.ietf.org/rfc/rfc2560.txt - * + * Process OCSP messages, According to RFC 2560 + * See http://www.ietf.org/rfc/rfc2560.txt + * * @version $Revision$ $Date$ */ public class OCSPServlet extends CMSServlet { @@ -63,7 +65,7 @@ public class OCSPServlet extends CMSServlet { public final static String PROP_MAX_REQUEST_SIZE = "MaxRequestSize"; public final static String PROP_ID = "ID"; - private int m_maxRequestSize = 5000; + private int m_maxRequestSize=5000; public OCSPServlet() { super(); @@ -72,43 +74,43 @@ public class OCSPServlet extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "ImportCert.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { super.init(sc); String s = sc.getInitParameter(PROP_MAX_REQUEST_SIZE); if (s != null) { - try { - m_maxRequestSize = Integer.parseInt(s); - } catch (Exception e) { - } - } + try { + m_maxRequestSize = Integer.parseInt(s); + } catch (Exception e) {} + } } /** - * Process the HTTP request. This method is invoked when the OCSP service - * receives a OCSP request. Based on RFC 2560, the request should have the - * OCSP request in the HTTP body as binary blob. - * + * Process the HTTP request. + * This method is invoked when the OCSP service receives a OCSP + * request. Based on RFC 2560, the request should have the OCSP + * request in the HTTP body as binary blob. + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); - IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats"); + IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats"); if (statsSub != null) { - statsSub.startTiming("ocsp", true /* main action */); + statsSub.startTiming("ocsp", true /* main action */); } IAuthToken authToken = authenticate(cmsReq); AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "submit"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "submit"); } catch (Exception e) { // do nothing for now } @@ -117,12 +119,12 @@ public class OCSPServlet extends CMSServlet { cmsReq.setStatus(CMSRequest.UNAUTHORIZED); return; } - + CMS.debug("Servlet Path=" + httpReq.getServletPath()); CMS.debug("RequestURI=" + httpReq.getRequestURI()); - String pathInfo = httpReq.getPathInfo(); + String pathInfo = httpReq.getPathInfo(); if (pathInfo != null && pathInfo.indexOf('%') != -1) { - pathInfo = URLDecoder.decode(pathInfo); + pathInfo = URLDecoder.decode(pathInfo); } CMS.debug("PathInfo=" + pathInfo); @@ -134,50 +136,46 @@ public class OCSPServlet extends CMSServlet { String method = httpReq.getMethod(); CMS.debug("Method=" + method); if (method != null && method.equals("POST")) { - int reqlen = httpReq.getContentLength(); - - if (reqlen == -1) { - throw new Exception( - "OCSPServlet: Content-Length not supplied"); - } - if (reqlen == 0) { - throw new Exception("OCSPServlet: Invalid Content-Length"); - } - if (reqlen > m_maxRequestSize) { - throw new Exception( - "OCSPServlet: Client sending too much OCSP request data (" - + reqlen + ")"); + int reqlen = httpReq.getContentLength(); + + if (reqlen == -1) { + throw new Exception("OCSPServlet: Content-Length not supplied"); + } + if (reqlen == 0) { + throw new Exception("OCSPServlet: Invalid Content-Length"); + } + if (reqlen > m_maxRequestSize) { + throw new Exception("OCSPServlet: Client sending too much OCSP request data ("+reqlen+")"); + } + + // for debugging + reqbuf = new byte[reqlen]; + int bytesread = 0; + boolean partial = false; + + while (bytesread < reqlen) { + int r = is.read(reqbuf, bytesread, reqlen - bytesread); + if (r == -1) { + throw new Exception("OCSPServlet: Client did not supply enough OCSP data"); } - - // for debugging - reqbuf = new byte[reqlen]; - int bytesread = 0; - boolean partial = false; - - while (bytesread < reqlen) { - int r = is.read(reqbuf, bytesread, reqlen - bytesread); - if (r == -1) { - throw new Exception( - "OCSPServlet: Client did not supply enough OCSP data"); - } - bytesread += r; - if (partial == false) { - if (bytesread < reqlen) { - partial = true; - } + bytesread += r; + if (partial == false) { + if (bytesread < reqlen) { + partial = true; } } - is = new ByteArrayInputStream(reqbuf); + } + is = new ByteArrayInputStream(reqbuf); } else { - // GET method - if ((pathInfo == null) || (pathInfo.equals("")) - || (pathInfo.substring(1) == null) - || (pathInfo.substring(1).equals(""))) { - throw new Exception( - "OCSPServlet: OCSP request not provided in GET method"); - } - is = new ByteArrayInputStream( - com.netscape.osutil.OSUtil.AtoB(pathInfo.substring(1))); + // GET method + if ( (pathInfo == null) || + (pathInfo.equals( "" ) ) || + (pathInfo.substring(1) == null) || + (pathInfo.substring(1).equals( "" ) ) ) { + throw new Exception("OCSPServlet: OCSP request not provided in GET method"); + } + is = new ByteArrayInputStream( + com.netscape.osutil.OSUtil.AtoB(pathInfo.substring(1))); } // (1) retrieve OCSP request @@ -185,20 +183,22 @@ public class OCSPServlet extends CMSServlet { OCSPResponse response = null; try { - OCSPRequest.Template reqTemplate = new OCSPRequest.Template(); + OCSPRequest.Template reqTemplate = + new OCSPRequest.Template(); - if ((is == null) || (is.toString().equals(""))) { - throw new Exception("OCSPServlet: OCSP request is " - + "empty or malformed"); + if ( (is == null) || + (is.toString().equals( "" ) ) ) { + throw new Exception( "OCSPServlet: OCSP request is " + + "empty or malformed"); } ocspReq = (OCSPRequest) reqTemplate.decode(is); - if ((ocspReq == null) || (ocspReq.toString().equals(""))) { - throw new Exception("OCSPServlet: Decoded OCSP request " - + "is empty or malformed"); + if ( (ocspReq == null) || + (ocspReq.toString().equals( "" ) ) ) { + throw new Exception( "OCSPServlet: Decoded OCSP request " + + "is empty or malformed"); } response = ((IOCSPService) mAuthority).validate(ocspReq); - } catch (Exception e) { - ; + } catch (Exception e) {; CMS.debug("OCSPServlet: " + e.toString()); } @@ -216,54 +216,48 @@ public class OCSPServlet extends CMSServlet { // we can validate the response if (CMS.debugOn()) { CMS.debug("OCSPServlet: OCSP Request:"); - CMS.debug("OCSPServlet: " - + CMS.BtoA(ASN1Util.encode(ocspReq))); + CMS.debug("OCSPServlet: " + CMS.BtoA(ASN1Util.encode(ocspReq))); TBSRequest tbsReq = ocspReq.getTBSRequest(); for (int i = 0; i < tbsReq.getRequestCount(); i++) { - com.netscape.cmsutil.ocsp.Request req = tbsReq - .getRequestAt(i); - CMS.debug("Serial Number: " - + req.getCertID().getSerialNumber()); + com.netscape.cmsutil.ocsp.Request req = tbsReq.getRequestAt(i); + CMS.debug("Serial Number: " + req.getCertID().getSerialNumber()); } CMS.debug("OCSPServlet: OCSP Response Size:"); - CMS.debug("OCSPServlet: " - + Integer.toString(respbytes.length)); + CMS.debug("OCSPServlet: " + Integer.toString(respbytes.length)); CMS.debug("OCSPServlet: OCSP Response Data:"); CMS.debug("OCSPServlet: " + CMS.BtoA(respbytes)); ResponseBytes rbytes = response.getResponseBytes(); if (rbytes == null) { CMS.debug("Response bytes is null"); } else if (rbytes.getObjectIdentifier().equals( - ResponseBytes.OCSP_BASIC)) { - BasicOCSPResponse basicRes = (BasicOCSPResponse) BasicOCSPResponse - .getTemplate().decode( - new ByteArrayInputStream(rbytes - .getResponse().toByteArray())); + ResponseBytes.OCSP_BASIC)) { + BasicOCSPResponse basicRes = (BasicOCSPResponse) + BasicOCSPResponse.getTemplate().decode( + new ByteArrayInputStream(rbytes.getResponse().toByteArray())); if (basicRes == null) { CMS.debug("Basic Res is null"); } else { ResponseData data = basicRes.getResponseData(); for (int i = 0; i < data.getResponseCount(); i++) { SingleResponse res = data.getResponseAt(i); - CMS.debug("Serial Number: " - + res.getCertID().getSerialNumber() - + " Status: " - + res.getCertStatus().getClass() - .getName()); + CMS.debug("Serial Number: " + + res.getCertID().getSerialNumber() + + " Status: " + + res.getCertStatus().getClass().getName()); } } } } httpResp.setContentType("application/ocsp-response"); - + httpResp.setContentLength(respbytes.length); OutputStream ooss = httpResp.getOutputStream(); ooss.write(respbytes); ooss.flush(); if (statsSub != null) { - statsSub.endTiming("ocsp"); + statsSub.endTiming("ocsp"); } mRenderResult = false; diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/RemoveCAServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/RemoveCAServlet.java index 6a639e2f..3ec72bb8 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/RemoveCAServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/RemoveCAServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.ocsp; + import java.io.IOException; import java.util.Locale; @@ -40,11 +41,11 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; + /** * Configure the CA to no longer respond to OCSP requests for a CA - * - * @version $Revision: 1274 $ $Date: 2010-09-07 22:14:41 -0700 (Tue, 07 Sep - * 2010) $ + * + * @version $Revision: 1274 $ $Date: 2010-09-07 22:14:41 -0700 (Tue, 07 Sep 2010) $ */ public class RemoveCAServlet extends CMSServlet { @@ -56,10 +57,13 @@ public class RemoveCAServlet extends CMSServlet { private String mFormPath = null; private IOCSPAuthority mOCSPAuthority = null; - private final static String LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST = "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_3"; - private final static String LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS = "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS_3"; + private final static String LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST = + "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_3"; + private final static String LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS = + "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS_3"; - private final static String LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE = "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE_3"; + private final static String LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE = + "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE_3"; public RemoveCAServlet() { super(); @@ -68,7 +72,7 @@ public class RemoveCAServlet extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "addCA.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -86,19 +90,18 @@ public class RemoveCAServlet extends CMSServlet { /** * Process the HTTP request. * <ul> - * <li>http.param ca id. The format is string. - * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST used when a - * CA is attempted to be removed from the OCSP responder - * <li>signed.audit - * LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS and - * LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE are used - * when a remove CA request to the OCSP Responder is processed successfully - * or not. + * <li>http.param ca id. The format is string. + * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST used when + * a CA is attempted to be removed from the OCSP responder + * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS + * and LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE are used when + * a remove CA request to the OCSP Responder is processed successfully or not. * </ul> - * + * * @param cmsReq the object holding the request and response information */ - protected void process(CMSRequest cmsReq) throws EBaseException { + protected void process(CMSRequest cmsReq) + throws EBaseException { HttpServletRequest req = cmsReq.getHttpReq(); HttpServletResponse resp = cmsReq.getHttpResp(); String auditMessage = null; @@ -111,8 +114,8 @@ public class RemoveCAServlet extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "add"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "add"); } catch (Exception e) { // do nothing for now } @@ -129,87 +132,89 @@ public class RemoveCAServlet extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, - e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams argSet = new CMSTemplateParams(header, fixed); - if (auditSubjectID.equals(ILogger.NONROLEUSER) - || auditSubjectID.equals(ILogger.UNIDENTIFIED)) { + if (auditSubjectID.equals(ILogger.NONROLEUSER) || + auditSubjectID.equals(ILogger.UNIDENTIFIED)) { String uid = authToken.getInString(IAuthToken.USER_ID); if (uid != null) { - CMS.debug("RemoveCAServlet: auditSubjectID set to " + uid); + CMS.debug("RemoveCAServlet: auditSubjectID set to "+uid); auditSubjectID = uid; } } - String caID = cmsReq.getHttpReq().getParameter("caID"); + String caID = cmsReq.getHttpReq().getParameter("caID"); - if (caID == null) { - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE, - auditSubjectID, ILogger.FAILURE, - ILogger.SIGNED_AUDIT_EMPTY_VALUE); - throw new ECMSGWException(CMS.getUserMessage(getLocale(req), - "CMS_GW_MISSING_CA_ID")); - } + if (caID == null) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE, + auditSubjectID, + ILogger.FAILURE, + ILogger.SIGNED_AUDIT_EMPTY_VALUE); - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST, auditSubjectID, - ILogger.SUCCESS, caID); + throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CA_ID")); + } - audit(auditMessage); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST, + auditSubjectID, + ILogger.SUCCESS, + caID); - IDefStore defStore = mOCSPAuthority.getDefaultStore(); + audit( auditMessage ); - try { - defStore.deleteCRLIssuingPointRecord(caID); + IDefStore defStore = mOCSPAuthority.getDefaultStore(); + + try { + defStore.deleteCRLIssuingPointRecord(caID); - } catch (EBaseException e) { + } catch (EBaseException e) { - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE, - auditSubjectID, ILogger.FAILURE, caID); - audit(auditMessage); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE, + auditSubjectID, + ILogger.FAILURE, + caID); + audit( auditMessage ); - CMS.debug("RemoveCAServlet::process: Error deleting CRL IssuingPoint: " - + caID); - throw new EBaseException(e.toString()); + CMS.debug("RemoveCAServlet::process: Error deleting CRL IssuingPoint: " + caID); + throw new EBaseException(e.toString()); } - CMS.debug("RemoveCAServlet::process: CRL IssuingPoint for CA successfully removed: " - + caID); + CMS.debug("RemoveCAServlet::process: CRL IssuingPoint for CA successfully removed: " + caID); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS, - auditSubjectID, ILogger.SUCCESS, caID); - audit(auditMessage); + LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS, + auditSubjectID, + ILogger.SUCCESS, + caID); + audit( auditMessage ); try { ServletOutputStream out = resp.getOutputStream(); String error = null; String xmlOutput = req.getParameter("xml"); - if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); - } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); - } + if (xmlOutput != null && xmlOutput.equals("true")) { + outputXML(resp, argSet); + } else { + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); + } } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java index 2d3f1874..1e44dad1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java +++ b/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.processors; + import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -71,10 +72,11 @@ import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ECMSGWException; + /** - * Process CMC messages according to RFC 2797 See - * http://www.ietf.org/rfc/rfc2797.txt - * + * Process CMC messages according to RFC 2797 + * See http://www.ietf.org/rfc/rfc2797.txt + * * @version $Revision$, $Date$ */ public class CMCProcessor extends PKIProcessor { @@ -85,56 +87,56 @@ public class CMCProcessor extends PKIProcessor { super(); } - public CMCProcessor(CMSRequest cmsReq, CMSServlet servlet, - boolean doEnforcePop) { + public CMCProcessor(CMSRequest cmsReq, CMSServlet servlet, boolean doEnforcePop) { super(cmsReq, servlet); enforcePop = doEnforcePop; } - public void process(CMSRequest cmsReq) throws EBaseException { + public void process(CMSRequest cmsReq) + throws EBaseException { } - public void fillCertInfo(String protocolString, X509CertInfo certInfo, - IAuthToken authToken, IArgBlock httpParams) throws EBaseException { + public void fillCertInfo( + String protocolString, X509CertInfo certInfo, + IAuthToken authToken, IArgBlock httpParams) + throws EBaseException { } - public X509CertInfo[] fillCertInfoArray(String protocolString, - IAuthToken authToken, IArgBlock httpParams, IRequest req) - throws EBaseException { + public X509CertInfo[] fillCertInfoArray( + String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req) + throws EBaseException { CMS.debug("CMCProcessor: In CMCProcessor.fillCertInfoArray!"); String cmc = protocolString; try { byte[] cmcBlob = CMS.AtoB(cmc); - ByteArrayInputStream cmcBlobIn = new ByteArrayInputStream(cmcBlob); + ByteArrayInputStream cmcBlobIn = + new ByteArrayInputStream(cmcBlob); - org.mozilla.jss.pkix.cms.ContentInfo cmcReq = (org.mozilla.jss.pkix.cms.ContentInfo) org.mozilla.jss.pkix.cms.ContentInfo - .getTemplate().decode(cmcBlobIn); + org.mozilla.jss.pkix.cms.ContentInfo cmcReq = (org.mozilla.jss.pkix.cms.ContentInfo) + org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn); - if (!cmcReq.getContentType().equals( - org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA) - || !cmcReq.hasContent()) - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_NO_CMC_CONTENT")); + if + (!cmcReq.getContentType().equals(org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA) || !cmcReq.hasContent()) + throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_CMC_CONTENT")); - SignedData cmcFullReq = (SignedData) cmcReq.getInterpretedContent(); + SignedData cmcFullReq = (SignedData) + cmcReq.getInterpretedContent(); EncapsulatedContentInfo ci = cmcFullReq.getContentInfo(); OBJECT_IDENTIFIER id = ci.getContentType(); - if (!id.equals(OBJECT_IDENTIFIER.id_cct_PKIData) - || !ci.hasContent()) { + if (!id.equals(OBJECT_IDENTIFIER.id_cct_PKIData) || !ci.hasContent()) { throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_NO_PKIDATA")); + CMS.getUserMessage("CMS_GW_NO_PKIDATA")); } OCTET_STRING content = ci.getContent(); - ByteArrayInputStream s = new ByteArrayInputStream( - content.toByteArray()); + ByteArrayInputStream s = new ByteArrayInputStream(content.toByteArray()); PKIData pkiData = (PKIData) (new PKIData.Template()).decode(s); SEQUENCE reqSequence = pkiData.getReqSequence(); @@ -142,11 +144,10 @@ public class CMCProcessor extends PKIProcessor { int numReqs = reqSequence.size(); X509CertInfo[] certInfoArray = new X509CertInfo[numReqs]; String[] reqIdArray = new String[numReqs]; - + for (int i = 0; i < numReqs; i++) { // decode message. - TaggedRequest taggedRequest = (TaggedRequest) reqSequence - .elementAt(i); + TaggedRequest taggedRequest = (TaggedRequest) reqSequence.elementAt(i); TaggedRequest.Type type = taggedRequest.getType(); @@ -156,37 +157,35 @@ public class CMCProcessor extends PKIProcessor { reqIdArray[i] = String.valueOf(p10Id); - CertificationRequest p10 = tcr.getCertificationRequest(); + CertificationRequest p10 = + tcr.getCertificationRequest(); // transfer to sun class ByteArrayOutputStream ostream = new ByteArrayOutputStream(); p10.encode(ostream); - PKCS10Processor pkcs10Processor = new PKCS10Processor( - mRequest, mServlet); + PKCS10Processor pkcs10Processor = new PKCS10Processor(mRequest, mServlet); try { PKCS10 pkcs10 = new PKCS10(ostream.toByteArray()); - // xxx do we need to do anything else? + //xxx do we need to do anything else? X509CertInfo certInfo = CMS.getDefaultX509CertInfo(); - pkcs10Processor.fillCertInfo(pkcs10, certInfo, - authToken, httpParams); + pkcs10Processor.fillCertInfo(pkcs10, certInfo, authToken, httpParams); - /* - * fillPKCS10(pkcs10,certInfo, authToken, httpParams); + /* fillPKCS10(pkcs10,certInfo, + authToken, httpParams); */ certInfoArray[i] = certInfo; } catch (Exception e) { - throw new ECMSGWException(CMS.getUserMessage( - "CMS_GW_PKCS10_ERROR", e.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_PKCS10_ERROR", e.toString())); } } else if (type.equals(TaggedRequest.CRMF)) { - CRMFProcessor crmfProc = new CRMFProcessor(mRequest, - mServlet, enforcePop); + CRMFProcessor crmfProc = new CRMFProcessor(mRequest, mServlet, enforcePop); CertReqMsg crm = taggedRequest.getCrm(); CertRequest certReq = crm.getCertReq(); @@ -196,12 +195,10 @@ public class CMCProcessor extends PKIProcessor { reqIdArray[i] = String.valueOf(srcId); - certInfoArray[i] = crmfProc.processIndividualRequest(crm, - authToken, httpParams); + certInfoArray[i] = crmfProc.processIndividualRequest(crm, authToken, httpParams); } else { - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_NO_CMC_CONTENT")); + throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_CMC_CONTENT")); } } @@ -211,11 +208,13 @@ public class CMCProcessor extends PKIProcessor { Hashtable digs = new Hashtable(); for (int i = 0; i < numDig; i++) { - AlgorithmIdentifier dai = (AlgorithmIdentifier) dais - .elementAt(i); - String name = DigestAlgorithm.fromOID(dai.getOID()).toString(); + AlgorithmIdentifier dai = + (AlgorithmIdentifier) dais.elementAt(i); + String name = + DigestAlgorithm.fromOID(dai.getOID()).toString(); - MessageDigest md = MessageDigest.getInstance(name); + MessageDigest md = + MessageDigest.getInstance(name); byte[] digest = md.digest(content.toByteArray()); @@ -226,8 +225,9 @@ public class CMCProcessor extends PKIProcessor { int numSis = sis.size(); for (int i = 0; i < numSis; i++) { - org.mozilla.jss.pkix.cms.SignerInfo si = (org.mozilla.jss.pkix.cms.SignerInfo) sis - .elementAt(i); + org.mozilla.jss.pkix.cms.SignerInfo si = + (org.mozilla.jss.pkix.cms.SignerInfo) + sis.elementAt(i); String name = si.getDigestAlgorithm().toString(); byte[] digest = (byte[]) digs.get(name); @@ -243,10 +243,9 @@ public class CMCProcessor extends PKIProcessor { SignerIdentifier sid = si.getSignerIdentifier(); - if (sid.getType().equals( - SignerIdentifier.ISSUER_AND_SERIALNUMBER)) { - IssuerAndSerialNumber issuerAndSerialNumber = sid - .getIssuerAndSerialNumber(); + if + (sid.getType().equals(SignerIdentifier.ISSUER_AND_SERIALNUMBER)) { + IssuerAndSerialNumber issuerAndSerialNumber = sid.getIssuerAndSerialNumber(); // find from the certs in the signedData X509Certificate cert = null; @@ -255,23 +254,21 @@ public class CMCProcessor extends PKIProcessor { int numCerts = certs.size(); for (int j = 0; j < numCerts; j++) { - Certificate certJss = (Certificate) certs - .elementAt(j); - CertificateInfo certI = certJss.getInfo(); + Certificate certJss = + (Certificate) certs.elementAt(j); + CertificateInfo certI = + certJss.getInfo(); Name issuer = certI.getIssuer(); byte[] issuerB = ASN1Util.encode(issuer); INTEGER sn = certI.getSerialNumber(); - if (new String(issuerB) - .equals(new String(ASN1Util - .encode(issuerAndSerialNumber - .getIssuer()))) - && sn.toString().equals( - issuerAndSerialNumber - .getSerialNumber() - .toString())) { - ByteArrayOutputStream os = new ByteArrayOutputStream(); + if ( + new String(issuerB).equals(new + String(ASN1Util.encode(issuerAndSerialNumber.getIssuer()))) + && sn.toString().equals(issuerAndSerialNumber.getSerialNumber().toString())) { + ByteArrayOutputStream os = new + ByteArrayOutputStream(); certJss.encode(os); cert = new X509CertImpl(os.toByteArray()); @@ -298,7 +295,8 @@ public class CMCProcessor extends PKIProcessor { keyType = PrivateKey.DSA; } else { } - PK11PubKey pubK = PK11PubKey.fromRaw(keyType, + PK11PubKey pubK = + PK11PubKey.fromRaw(keyType, ((X509Key) signKey).getKey()); si.verify(digest, id, pubK); @@ -311,25 +309,21 @@ public class CMCProcessor extends PKIProcessor { PublicKey signKey = null; while (signKey == null && j < numReqs) { - X509Key subjectKeyInfo = (X509Key) ((CertificateX509Key) certInfoArray[j] - .get(X509CertInfo.KEY)) - .get(CertificateX509Key.KEY); + X509Key subjectKeyInfo = (X509Key) ((CertificateX509Key) certInfoArray[j].get(X509CertInfo.KEY)).get(CertificateX509Key.KEY); MessageDigest md = MessageDigest.getInstance("SHA-1"); md.update(subjectKeyInfo.getEncoded()); byte[] skib = md.digest(); - if (new String(skib).equals(new String(ski - .toByteArray()))) { + if (new String(skib).equals(new String(ski.toByteArray()))) { signKey = subjectKeyInfo; } j++; } if (signKey == null) { - throw new ECMSGWException( - CMS.getUserMessage( - "CMS_GW_CMC_ERROR", - "SubjectKeyIdentifier in SignerInfo does not match any publicKey in the request.")); + throw new + ECMSGWException(CMS.getUserMessage("CMS_GW_CMC_ERROR", + "SubjectKeyIdentifier in SignerInfo does not match any publicKey in the request.")); } else { PrivateKey.Type keyType = null; String alg = signKey.getAlgorithm(); @@ -340,7 +334,8 @@ public class CMCProcessor extends PKIProcessor { keyType = PrivateKey.DSA; } else { } - PK11PubKey pubK = PK11PubKey.fromRaw(keyType, + PK11PubKey pubK = PK11PubKey.fromRaw( + keyType, ((X509Key) signKey).getKey()); si.verify(digest, id, pubK); @@ -356,8 +351,8 @@ public class CMCProcessor extends PKIProcessor { int numControls = controls.size(); for (int i = 0; i < numControls; i++) { - TaggedAttribute control = (TaggedAttribute) controls - .elementAt(i); + TaggedAttribute control = + (TaggedAttribute) controls.elementAt(i); OBJECT_IDENTIFIER type = control.getType(); SET values = control.getValues(); int numVals = values.size(); @@ -368,9 +363,10 @@ public class CMCProcessor extends PKIProcessor { if (numVals > 0) vals = new String[numVals]; for (int j = 0; j < numVals; j++) { - ANY val = (ANY) values.elementAt(j); - INTEGER transId = (INTEGER) ((ANY) val) - .decodeWith(INTEGER.getTemplate()); + ANY val = (ANY) + values.elementAt(j); + INTEGER transId = (INTEGER) ((ANY) val).decodeWith( + INTEGER.getTemplate()); if (transId != null) { vals[j] = transId.toString(); @@ -378,15 +374,17 @@ public class CMCProcessor extends PKIProcessor { } if (vals != null) req.setExtData(IRequest.CMC_TRANSID, vals); - } else if (type.equals(OBJECT_IDENTIFIER.id_cmc_senderNonce)) { + } else if + (type.equals(OBJECT_IDENTIFIER.id_cmc_senderNonce)) { String[] vals = null; if (numVals > 0) vals = new String[numVals]; for (int j = 0; j < numVals; j++) { - ANY val = (ANY) values.elementAt(j); - OCTET_STRING nonce = (OCTET_STRING) ((ANY) val) - .decodeWith(OCTET_STRING.getTemplate()); + ANY val = (ANY) + values.elementAt(j); + OCTET_STRING nonce = (OCTET_STRING) + ((ANY) val).decodeWith(OCTET_STRING.getTemplate()); if (nonce != null) { vals[j] = new String(nonce.toByteArray()); @@ -411,31 +409,27 @@ public class CMCProcessor extends PKIProcessor { return certInfoArray; } catch (CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", - e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", - e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); } catch (InvalidBERException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", - e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); } catch (InvalidKeyException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", - e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); + }catch (Exception e) { throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); - } catch (Exception e) { - throw new ECMSGWException(CMS.getUserMessage("CMS_GW_CMC_ERROR", - e.toString())); + CMS.getUserMessage("CMS_GW_CMC_ERROR", e.toString())); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java index 99b4c2b3..27648758 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java +++ b/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.processors; + import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -55,10 +56,11 @@ import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ECMSGWException; + /** - * Process CRMF requests, according to RFC 2511 See - * http://www.ietf.org/rfc/rfc2511.txt - * + * Process CRMF requests, according to RFC 2511 + * See http://www.ietf.org/rfc/rfc2511.txt + * * @version $Revision$, $Date$ */ public class CRMFProcessor extends PKIProcessor { @@ -67,36 +69,37 @@ public class CRMFProcessor extends PKIProcessor { private boolean enforcePop = false; - private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION = "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2"; + private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION = + "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2"; public CRMFProcessor() { super(); } - public CRMFProcessor(CMSRequest cmsReq, CMSServlet servlet, - boolean doEnforcePop) { + public CRMFProcessor(CMSRequest cmsReq, CMSServlet servlet, boolean doEnforcePop) { super(cmsReq, servlet); enforcePop = doEnforcePop; mRequest = cmsReq; } - public void process(CMSRequest cmsReq) throws EBaseException { + public void process(CMSRequest cmsReq) + throws EBaseException { } /** * Verify Proof of Possession (POP) * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION used when proof * of possession is checked during certificate enrollment * </ul> - * * @param certReqMsg the certificate request message * @exception EBaseException an error has occurred */ - private void verifyPOP(CertReqMsg certReqMsg) throws EBaseException { + private void verifyPOP(CertReqMsg certReqMsg) + throws EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -115,55 +118,59 @@ public class CRMFProcessor extends PKIProcessor { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, - auditSubjectID, ILogger.SUCCESS); + LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + auditSubjectID, + ILogger.SUCCESS ); - audit(auditMessage); + audit( auditMessage ); } catch (Exception e) { CMS.debug("CRMFProcessor: Failed POP verify!"); log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_POP_VERIFY")); + CMS.getLogMessage("CMSGW_ERROR_POP_VERIFY")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, - auditSubjectID, ILogger.FAILURE); + LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + auditSubjectID, + ILogger.FAILURE ); - audit(auditMessage); + audit( auditMessage ); throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_POP_VERIFY")); + CMS.getLogMessage("CMSGW_ERROR_POP_VERIFY")); } } } else { if (enforcePop == true) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_NO_POP")); + CMS.getLogMessage("CMSGW_ERROR_NO_POP")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, - auditSubjectID, ILogger.FAILURE); + LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + auditSubjectID, + ILogger.FAILURE ); - audit(auditMessage); + audit( auditMessage ); throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_NO_POP")); + CMS.getLogMessage("CMSGW_ERROR_NO_POP")); } } - } catch (EBaseException eAudit1) { + } catch( EBaseException eAudit1 ) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, auditSubjectID, - ILogger.FAILURE); + LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + auditSubjectID, + ILogger.FAILURE ); - audit(auditMessage); + audit( auditMessage ); } } - public X509CertInfo processIndividualRequest(CertReqMsg certReqMsg, - IAuthToken authToken, IArgBlock httpParams) throws EBaseException { + public X509CertInfo processIndividualRequest(CertReqMsg certReqMsg, IAuthToken authToken, IArgBlock httpParams) + throws EBaseException { CMS.debug("CRMFProcessor::processIndividualRequest!"); try { @@ -189,39 +196,38 @@ public class CRMFProcessor extends PKIProcessor { // field suggested notBefore and notAfter in CRMF // Tech Support #383184 - if (certTemplate.getNotBefore() != null - || certTemplate.getNotAfter() != null) { - CertificateValidity certValidity = new CertificateValidity( - certTemplate.getNotBefore(), certTemplate.getNotAfter()); + if (certTemplate.getNotBefore() != null || certTemplate.getNotAfter() != null) { + CertificateValidity certValidity = new CertificateValidity(certTemplate.getNotBefore(), certTemplate.getNotAfter()); certInfo.set(X509CertInfo.VALIDITY, certValidity); } if (certTemplate.hasSubject()) { Name subjectdn = certTemplate.getSubject(); - ByteArrayOutputStream subjectEncStream = new ByteArrayOutputStream(); + ByteArrayOutputStream subjectEncStream = + new ByteArrayOutputStream(); subjectdn.encode(subjectEncStream); byte[] subjectEnc = subjectEncStream.toByteArray(); X500Name subject = new X500Name(subjectEnc); - certInfo.set(X509CertInfo.SUBJECT, new CertificateSubjectName( - subject)); - } else if (authToken == null - || authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) { + certInfo.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(subject)); + } else if (authToken == null || + authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) { // No subject name - error! log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); + CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); + CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); } // get extensions CertificateExtensions extensions = null; try { - extensions = (CertificateExtensions) certInfo - .get(X509CertInfo.EXTENSIONS); + extensions = (CertificateExtensions) + certInfo.get(X509CertInfo.EXTENSIONS); } catch (CertificateException e) { extensions = null; } catch (IOException e) { @@ -236,32 +242,35 @@ public class CRMFProcessor extends PKIProcessor { int numexts = certTemplate.numExtensions(); for (int j = 0; j < numexts; j++) { - org.mozilla.jss.pkix.cert.Extension jssext = certTemplate - .extensionAt(j); + org.mozilla.jss.pkix.cert.Extension jssext = + certTemplate.extensionAt(j); boolean isCritical = jssext.getCritical(); - org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid = jssext - .getExtnId(); + org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid = + jssext.getExtnId(); long[] numbers = jssoid.getNumbers(); int[] oidNumbers = new int[numbers.length]; for (int k = numbers.length - 1; k >= 0; k--) { oidNumbers[k] = (int) numbers[k]; } - ObjectIdentifier oid = new ObjectIdentifier(oidNumbers); - org.mozilla.jss.asn1.OCTET_STRING jssvalue = jssext - .getExtnValue(); - ByteArrayOutputStream jssvalueout = new ByteArrayOutputStream(); + ObjectIdentifier oid = + new ObjectIdentifier(oidNumbers); + org.mozilla.jss.asn1.OCTET_STRING jssvalue = + jssext.getExtnValue(); + ByteArrayOutputStream jssvalueout = + new ByteArrayOutputStream(); jssvalue.encode(jssvalueout); byte[] extValue = jssvalueout.toByteArray(); - Extension ext = new Extension(oid, isCritical, extValue); + Extension ext = + new Extension(oid, isCritical, extValue); extensions.parseExtension(ext); } - certInfo.set(X509CertInfo.VERSION, new CertificateVersion( - CertificateVersion.V3)); + certInfo.set(X509CertInfo.VERSION, + new CertificateVersion(CertificateVersion.V3)); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } @@ -273,8 +282,8 @@ public class CRMFProcessor extends PKIProcessor { // to have the control of the subject name // formulation. // -- CRMFfillCert - if (authToken != null - && authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null) { + if (authToken != null && + authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null) { // if authenticated override subect name, validity and // extensions if any from authtoken. fillCertInfoFromAuthToken(certInfo, authToken); @@ -291,34 +300,31 @@ public class CRMFProcessor extends PKIProcessor { } catch (CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", - e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", - e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); - } /* - * catch (InvalidBERException e) { log(ILogger.LL_FAILURE, - * CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",e.toString())); - * throw new ECMSGWException( CMSGWResources.ERROR_CRMF_TO_CERTINFO); - * } - */catch (InvalidKeyException e) { + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + } /* catch (InvalidBERException e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",e.toString())); + throw new ECMSGWException( + CMSGWResources.ERROR_CRMF_TO_CERTINFO); + } */ catch (InvalidKeyException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", - e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } } - public X509CertInfo[] fillCertInfoArray(String protocolString, - IAuthToken authToken, IArgBlock httpParams, IRequest req) - throws EBaseException { + public X509CertInfo[] fillCertInfoArray( + String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req) + throws EBaseException { CMS.debug("CRMFProcessor.fillCertInfoArray!"); @@ -326,10 +332,11 @@ public class CRMFProcessor extends PKIProcessor { try { byte[] crmfBlob = CMS.AtoB(crmf); - ByteArrayInputStream crmfBlobIn = new ByteArrayInputStream(crmfBlob); + ByteArrayInputStream crmfBlobIn = + new ByteArrayInputStream(crmfBlob); - SEQUENCE crmfMsgs = (SEQUENCE) new SEQUENCE.OF_Template( - new CertReqMsg.Template()).decode(crmfBlobIn); + SEQUENCE crmfMsgs = (SEQUENCE) + new SEQUENCE.OF_Template(new CertReqMsg.Template()).decode(crmfBlobIn); int nummsgs = crmfMsgs.size(); X509CertInfo[] certInfoArray = new X509CertInfo[nummsgs]; @@ -337,33 +344,31 @@ public class CRMFProcessor extends PKIProcessor { for (int i = 0; i < nummsgs; i++) { // decode message. CertReqMsg certReqMsg = (CertReqMsg) crmfMsgs.elementAt(i); - + CertRequest certReq = certReqMsg.getCertReq(); INTEGER certReqId = certReq.getCertReqId(); int srcId = certReqId.intValue(); req.setExtData(IRequest.CRMF_REQID, String.valueOf(srcId)); - certInfoArray[i] = processIndividualRequest(certReqMsg, - authToken, httpParams); + certInfoArray[i] = processIndividualRequest(certReqMsg, authToken, httpParams); } - // do_testbed_hack(nummsgs, certInfoArray, httpParams); + //do_testbed_hack(nummsgs, certInfoArray, httpParams); return certInfoArray; } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", - e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } catch (InvalidBERException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", - e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/IPKIProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/IPKIProcessor.java index 6ecb87c8..d021f653 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/processors/IPKIProcessor.java +++ b/pki/base/common/src/com/netscape/cms/servlet/processors/IPKIProcessor.java @@ -17,16 +17,19 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.processors; + import com.netscape.certsrv.base.EBaseException; import com.netscape.cms.servlet.common.CMSRequest; + /** * This represents the request parser. - * + * * @version $Revision$, $Date$ */ public interface IPKIProcessor { - public void process(CMSRequest cmsReq) throws EBaseException; + public void process(CMSRequest cmsReq) + throws EBaseException; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/KeyGenProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/KeyGenProcessor.java index c78e0b7b..cc035033 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/processors/KeyGenProcessor.java +++ b/pki/base/common/src/com/netscape/cms/servlet/processors/KeyGenProcessor.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.processors; + import java.io.IOException; import java.security.cert.CertificateException; @@ -36,10 +37,11 @@ import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ECMSGWException; + /** - * KeyGenProcess parses Certificate request matching the KEYGEN tag format used - * by Netscape Communicator 4.x - * + * KeyGenProcess parses Certificate request matching the + * KEYGEN tag format used by Netscape Communicator 4.x + * * @version $Revision$, $Date$ */ public class KeyGenProcessor extends PKIProcessor { @@ -53,11 +55,14 @@ public class KeyGenProcessor extends PKIProcessor { } - public void process(CMSRequest cmsReq) throws EBaseException { + public void process(CMSRequest cmsReq) + throws EBaseException { } - public void fillCertInfo(String protocolString, X509CertInfo certInfo, - IAuthToken authToken, IArgBlock httpParams) throws EBaseException { + public void fillCertInfo( + String protocolString, X509CertInfo certInfo, + IAuthToken authToken, IArgBlock httpParams) + throws EBaseException { CMS.debug("KeyGenProcessor: fillCertInfo"); @@ -67,30 +72,28 @@ public class KeyGenProcessor extends PKIProcessor { KeyGenInfo keyGenInfo = httpParams.getValueAsKeyGenInfo( PKIProcessor.SUBJECT_KEYGEN_INFO, null); - + // fill key X509Key key = null; key = keyGenInfo.getSPKI(); if (key == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_KEY_IN_KEYGENINFO")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_MISSING_KEY_IN_KEYGENINFO")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_KEY_IN_KEYGENINFO")); + CMS.getUserMessage("CMS_GW_MISSING_KEY_IN_KEYGENINFO")); } try { certInfo.set(X509CertInfo.KEY, new CertificateX509Key(key)); } catch (CertificateException e) { log(ILogger.LL_FAILURE, - "Could not set key into certInfo from keygen. Error " + e); - throw new ECMSGWException(CMS.getUserMessage( - "CMS_GW_SET_KEY_FROM_KEYGEN_FAILED", e.toString())); + "Could not set key into certInfo from keygen. Error " + e); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_SET_KEY_FROM_KEYGEN_FAILED", e.toString())); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_KEYGEN_1", - e.toString())); - throw new ECMSGWException(CMS.getUserMessage( - "CMS_GW_SET_KEY_FROM_KEYGEN_FAILED", e.toString())); + CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_KEYGEN_1", e.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_SET_KEY_FROM_KEYGEN_FAILED", e.toString())); } String authMgr = mServlet.getAuthMgr(); @@ -103,13 +106,12 @@ public class KeyGenProcessor extends PKIProcessor { if (authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) { // allow special case for agent gateway in admin enroll // and bulk issuance. - if (!authMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID) - && !authMgr - .equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID)) { + if (!authMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID) && + !authMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID)) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); + CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); + CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); } fillCertInfoFromForm(certInfo, httpParams); } else { diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java index 19e343e6..53d38455 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java +++ b/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.processors; + import java.io.IOException; import java.security.cert.CertificateException; @@ -45,10 +46,12 @@ import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ECMSGWException; + /** - * PKCS10Processor process Certificate Requests in PKCS10 format, as defined - * here: http://www.rsasecurity.com/rsalabs/pkcs/pkcs-10/index.html - * + * PKCS10Processor process Certificate Requests in + * PKCS10 format, as defined here: + * http://www.rsasecurity.com/rsalabs/pkcs/pkcs-10/index.html + * * @version $Revision$, $Date$ */ public class PKCS10Processor extends PKIProcessor { @@ -58,7 +61,7 @@ public class PKCS10Processor extends PKIProcessor { private final String USE_INTERNAL_PKCS10 = "internal"; public PKCS10Processor() { - + super(); } @@ -67,20 +70,25 @@ public class PKCS10Processor extends PKIProcessor { } - public void process(CMSRequest cmsReq) throws EBaseException { + public void process(CMSRequest cmsReq) + throws EBaseException { } - public void fillCertInfo(PKCS10 pkcs10, X509CertInfo certInfo, - IAuthToken authToken, IArgBlock httpParams) throws EBaseException { + public void fillCertInfo( + PKCS10 pkcs10, X509CertInfo certInfo, + IAuthToken authToken, IArgBlock httpParams) + throws EBaseException { mPkcs10 = pkcs10; - - fillCertInfo(USE_INTERNAL_PKCS10, certInfo, authToken, httpParams); + + fillCertInfo(USE_INTERNAL_PKCS10, certInfo, authToken, httpParams); } - public void fillCertInfo(String protocolString, X509CertInfo certInfo, - IAuthToken authToken, IArgBlock httpParams) throws EBaseException { + public void fillCertInfo( + String protocolString, X509CertInfo certInfo, + IAuthToken authToken, IArgBlock httpParams) + throws EBaseException { PKCS10 p10 = null; @@ -91,13 +99,12 @@ public class PKCS10Processor extends PKIProcessor { } else if (protocolString.equals(USE_INTERNAL_PKCS10)) { p10 = mPkcs10; } else { - CMS.debug("PKCS10Processor::fillCertInfo() - p10 is null!"); - throw new EBaseException("p10 is null"); + CMS.debug( "PKCS10Processor::fillCertInfo() - p10 is null!" ); + throw new EBaseException( "p10 is null" ); } if (mServlet == null) { - EBaseException ex = new ECMSGWException( - "Servlet property of PKCS10Processor is null."); + EBaseException ex = new ECMSGWException("Servlet property of PKCS10Processor is null."); throw ex; @@ -107,24 +114,22 @@ public class PKCS10Processor extends PKIProcessor { X509Key key = p10.getSubjectPublicKeyInfo(); if (key == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_KEY_IN_P10")); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_KEY_IN_P10")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_MISSING_KEY_IN_P10")); + throw new ECMSGWException(CMS.getUserMessage("CMS_GW_MISSING_KEY_IN_P10")); } CertificateX509Key certKey = new CertificateX509Key(key); try { certInfo.set(X509CertInfo.KEY, certKey); } catch (CertificateException e) { - EBaseException ex = new ECMSGWException(CMS.getUserMessage( - "CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString())); + EBaseException ex = new ECMSGWException( + CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString())); log(ILogger.LL_FAILURE, ex.toString()); throw ex; } catch (IOException e) { - EBaseException ex = new ECMSGWException(CMS.getUserMessage( - "CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString())); + EBaseException ex = new ECMSGWException( + CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString())); log(ILogger.LL_FAILURE, ex.toString()); throw ex; @@ -134,34 +139,33 @@ public class PKCS10Processor extends PKIProcessor { if (subject != null) { try { - certInfo.set(X509CertInfo.SUBJECT, new CertificateSubjectName( - subject)); - log(ILogger.LL_INFO, "Setting subject name " + subject - + " from p10."); + certInfo.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(subject)); + log(ILogger.LL_INFO, + "Setting subject name " + subject + " from p10."); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString())); - throw new ECMSGWException(CMS.getUserMessage( - "CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString())); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString())); - throw new ECMSGWException(CMS.getUserMessage( - "CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString())); } catch (Exception e) { // if anything bad happens in X500 name parsing, // this will catch it. - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString())); - throw new ECMSGWException(CMS.getUserMessage( - "CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString())); } - } else if (authToken == null - || authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) { + } else if (authToken == null || + authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_SUBJECT_IN_P10")); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_IN_P10")); + CMS.getLogMessage("CMSGW_MISSING_SUBJECT_IN_P10")); + throw new ECMSGWException(CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_IN_P10")); } // fill extensions from pkcs 10 attributes if any. @@ -172,49 +176,45 @@ public class PKCS10Processor extends PKIProcessor { PKCS10Attributes p10Attrs = p10.getAttributes(); if (p10Attrs != null) { - PKCS10Attribute p10Attr = (PKCS10Attribute) (p10Attrs - .getAttribute(CertificateExtensions.NAME)); - - if (p10Attr != null - && p10Attr.getAttributeId().equals( - PKCS9Attribute.EXTENSION_REQUEST_OID)) { - Extensions exts0 = (Extensions) (p10Attr - .getAttributeValue()); + PKCS10Attribute p10Attr = (PKCS10Attribute) + (p10Attrs.getAttribute(CertificateExtensions.NAME)); + + if (p10Attr != null && p10Attr.getAttributeId().equals( + PKCS9Attribute.EXTENSION_REQUEST_OID)) { + Extensions exts0 = (Extensions) + (p10Attr.getAttributeValue()); DerOutputStream extOut = new DerOutputStream(); exts0.encode(extOut); byte[] extB = extOut.toByteArray(); DerInputStream extIn = new DerInputStream(extB); - CertificateExtensions exts = new CertificateExtensions( - extIn); + CertificateExtensions exts = new CertificateExtensions(extIn); if (exts != null) { certInfo.set(X509CertInfo.EXTENSIONS, exts); } } } - CMS.debug("PKCS10Processor: Seted cert extensions from pkcs10. "); + CMS.debug( + "PKCS10Processor: Seted cert extensions from pkcs10. "); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", - e.toString())); - throw new ECMSGWException(CMS.getUserMessage( - "CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString())); + CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString())); } catch (CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", - e.toString())); - throw new ECMSGWException(CMS.getUserMessage( - "CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString())); + CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString())); } catch (Exception e) { // if anything bad happens in extensions parsing, // this will catch it. log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", - e.toString())); - throw new ECMSGWException(CMS.getUserMessage( - "CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString())); + CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString())); } // override pkcs10 attributes with authtoken attributes @@ -222,9 +222,9 @@ public class PKCS10Processor extends PKIProcessor { // adminEnroll is an exception String authMgr = mServlet.getAuthMgr(); - if (authToken != null - && authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null - && !(authMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID))) { + if (authToken != null && + authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null && + !(authMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID))) { fillCertInfoFromAuthToken(certInfo, authToken); } @@ -233,11 +233,12 @@ public class PKCS10Processor extends PKIProcessor { // from the http parameters. if (mServletId.equals(PKIProcessor.ADMIN_ENROLL_SERVLET_ID)) { fillValidityFromForm(certInfo, httpParams); - } - + } + } - private PKCS10 getPKCS10(IArgBlock httpParams) throws EBaseException { + private PKCS10 getPKCS10(IArgBlock httpParams) + throws EBaseException { PKCS10 pkcs10 = null; @@ -245,20 +246,17 @@ public class PKCS10Processor extends PKIProcessor { // support Enterprise 3.5.1 server where CERT_TYPE=csrCertType // instead of certType - certType = httpParams - .getValueAsString(PKIProcessor.OLD_CERT_TYPE, null); + certType = httpParams.getValueAsString(PKIProcessor.OLD_CERT_TYPE, null); if (certType == null) { - certType = httpParams.getValueAsString(PKIProcessor.CERT_TYPE, - "client"); + certType = httpParams.getValueAsString(PKIProcessor.CERT_TYPE, "client"); } else { // some policies may rely on the fact that // CERT_TYPE is set. So for 3.5.1 or eariler - // we need to set CERT_TYPE but not here. + // we need to set CERT_TYPE but not here. } if (certType.equals("client")) { // coming from MSIE - String p10b64 = httpParams.getValueAsString( - PKIProcessor.PKCS10_REQUEST, null); + String p10b64 = httpParams.getValueAsString(PKIProcessor.PKCS10_REQUEST, null); if (p10b64 != null) { try { @@ -268,20 +266,18 @@ public class PKCS10Processor extends PKIProcessor { } catch (Exception e) { // ok, if the above fails, it could // be a PKCS10 with header - pkcs10 = httpParams.getValueAsPKCS10( - PKIProcessor.PKCS10_REQUEST, false, null); + pkcs10 = httpParams.getValueAsPKCS10(PKIProcessor.PKCS10_REQUEST, false, null); // e.printStackTrace(); } } - // pkcs10 = httpParams.getValuePKCS10(PKCS10_REQUEST, null); + //pkcs10 = httpParams.getValuePKCS10(PKCS10_REQUEST, null); } else { try { // coming from server cut & paste blob. - pkcs10 = httpParams.getValueAsPKCS10( - PKIProcessor.PKCS10_REQUEST, false, null); - } catch (Exception ex) { + pkcs10 = httpParams.getValueAsPKCS10(PKIProcessor.PKCS10_REQUEST, false, null); + }catch (Exception ex) { ex.printStackTrace(); } } @@ -290,4 +286,4 @@ public class PKCS10Processor extends PKIProcessor { } -} +} diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java index b81b6831..625808d7 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java +++ b/pki/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.processors; + import java.io.IOException; import java.security.cert.CertificateException; import java.util.Date; @@ -41,9 +42,10 @@ import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ECMSGWException; + /** * Process Certificate Requests - * + * * @version $Revision$, $Date$ */ public class PKIProcessor implements IPKIProcessor { @@ -55,7 +57,7 @@ public class PKIProcessor implements IPKIProcessor { public static final String PKCS10_REQUEST = "pkcs10Request"; public static final String SUBJECT_KEYGEN_INFO = "subjectKeyGenInfo"; - protected CMSRequest mRequest = null; + protected CMSRequest mRequest = null; protected HttpServletRequest httpReq = null; protected String mServletId = null; @@ -81,27 +83,31 @@ public class PKIProcessor implements IPKIProcessor { } - public void process(CMSRequest cmsReq) throws EBaseException { + public void process(CMSRequest cmsReq) + throws EBaseException { } - protected void fillCertInfo(String protocolString, X509CertInfo certInfo, - IAuthToken authToken, IArgBlock httpParams) throws EBaseException { + protected void fillCertInfo( + String protocolString, X509CertInfo certInfo, + IAuthToken authToken, IArgBlock httpParams) + throws EBaseException { } - protected X509CertInfo[] fillCertInfoArray(String protocolString, - IAuthToken authToken, IArgBlock httpParams, IRequest req) - throws EBaseException { + protected X509CertInfo[] fillCertInfoArray( + String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req) + throws EBaseException { return null; } /** - * fill subject name, validity, extensions from authoken if any, overriding - * what was in pkcs10. fill subject name, extensions from http input if not - * authenticated. requests not authenticated will need to be approved by an - * agent. + * fill subject name, validity, extensions from authoken if any, + * overriding what was in pkcs10. + * fill subject name, extensions from http input if not authenticated. + * requests not authenticated will need to be approved by an agent. */ - public static void fillCertInfoFromAuthToken(X509CertInfo certInfo, - IAuthToken authToken) throws EBaseException { + public static void fillCertInfoFromAuthToken( + X509CertInfo certInfo, IAuthToken authToken) + throws EBaseException { // override subject, validity and extensions from auth token // CA determines algorithm, version and issuer. // take key from keygen, cmc, pkcs10 or crmf. @@ -109,62 +115,61 @@ public class PKIProcessor implements IPKIProcessor { CMS.debug("PKIProcessor: fillCertInfoFromAuthToken"); // subject name. try { - String subjectname = authToken - .getInString(AuthToken.TOKEN_CERT_SUBJECT); + String subjectname = + authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT); if (subjectname != null) { - CertificateSubjectName certSubject = (CertificateSubjectName) new CertificateSubjectName( - new X500Name(subjectname)); + CertificateSubjectName certSubject = (CertificateSubjectName) + new CertificateSubjectName(new X500Name(subjectname)); certInfo.set(X509CertInfo.SUBJECT, certSubject); - log(ILogger.LL_INFO, "cert subject set to " + certSubject - + " from authtoken"); + log(ILogger.LL_INFO, + "cert subject set to " + certSubject + " from authtoken"); } } catch (CertificateException e) { log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", - e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); } catch (IOException e) { log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME", - e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); } // validity try { CertificateValidity validity = null; - Date notBefore = authToken - .getInDate(AuthToken.TOKEN_CERT_NOTBEFORE); - Date notAfter = authToken.getInDate(AuthToken.TOKEN_CERT_NOTAFTER); + Date notBefore = + authToken.getInDate(AuthToken.TOKEN_CERT_NOTBEFORE); + Date notAfter = + authToken.getInDate(AuthToken.TOKEN_CERT_NOTAFTER); if (notBefore != null && notAfter != null) { validity = new CertificateValidity(notBefore, notAfter); certInfo.set(X509CertInfo.VALIDITY, validity); - log(ILogger.LL_INFO, "cert validity set to " + validity - + " from authtoken"); + log(ILogger.LL_INFO, + "cert validity set to " + validity + " from authtoken"); } } catch (CertificateException e) { log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", - e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR")); + CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR")); } catch (IOException e) { log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", - e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR")); + CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR")); } // extensions try { - CertificateExtensions extensions = authToken - .getInCertExts(X509CertInfo.EXTENSIONS); + CertificateExtensions extensions = + authToken.getInCertExts(X509CertInfo.EXTENSIONS); if (extensions != null) { certInfo.set(X509CertInfo.EXTENSIONS, extensions); @@ -172,78 +177,73 @@ public class PKIProcessor implements IPKIProcessor { } } catch (CertificateException e) { log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", - e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR")); + CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR")); } catch (IOException e) { log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", - e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR")); + CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR")); } } /** - * fill subject name, extension from form. this is done for unauthenticated - * requests. unauthenticated requests must be approved by agents so these - * will all be seen by and agent. + * fill subject name, extension from form. + * this is done for unauthenticated requests. + * unauthenticated requests must be approved by agents so these will + * all be seen by and agent. */ - public static void fillCertInfoFromForm(X509CertInfo certInfo, - IArgBlock httpParams) throws EBaseException { + public static void fillCertInfoFromForm( + X509CertInfo certInfo, IArgBlock httpParams) + throws EBaseException { CMS.debug("PKIProcessor: fillCertInfoFromForm"); // subject name. try { - String subject = httpParams.getValueAsString( - PKIProcessor.SUBJECT_NAME, null); + String subject = httpParams.getValueAsString(PKIProcessor.SUBJECT_NAME, null); if (subject == null) { throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_FROM_FORM")); + CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_FROM_FORM")); } X500Name x500name = new X500Name(subject); - certInfo.set(X509CertInfo.SUBJECT, new CertificateSubjectName( - x500name)); + certInfo.set( + X509CertInfo.SUBJECT, new CertificateSubjectName(x500name)); fillValidityFromForm(certInfo, httpParams); } catch (CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", - e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", - e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); } catch (IllegalArgumentException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", - e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString())); log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_REQ_ILLEGAL_CHARACTERS")); + CMS.getLogMessage("CMSGW_REQ_ILLEGAL_CHARACTERS")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CONVERT_DN_TO_X500NAME_ERROR")); + CMS.getUserMessage("CMS_GW_CONVERT_DN_TO_X500NAME_ERROR")); } // requested extensions. // let polcies form extensions from http input. } - public static void fillValidityFromForm(X509CertInfo certInfo, - IArgBlock httpParams) throws EBaseException { + public static void fillValidityFromForm( + X509CertInfo certInfo, IArgBlock httpParams) + throws EBaseException { CMS.debug("PKIProcessor: fillValidityFromForm!"); try { - String notValidBeforeStr = httpParams.getValueAsString( - "notValidBefore", null); - String notValidAfterStr = httpParams.getValueAsString( - "notValidAfter", null); + String notValidBeforeStr = httpParams.getValueAsString("notValidBefore", null); + String notValidAfterStr = httpParams.getValueAsString("notValidAfter", null); if (notValidBeforeStr != null && notValidAfterStr != null) { long notValidBefore = 0; @@ -266,46 +266,44 @@ public class PKIProcessor implements IPKIProcessor { if (notBefore != null && notAfter != null) { validity = new CertificateValidity(notBefore, notAfter); certInfo.set(X509CertInfo.VALIDITY, validity); - log(ILogger.LL_INFO, "cert validity set to " + validity - + " from authtoken"); + log(ILogger.LL_INFO, + "cert validity set to " + validity + " from authtoken"); } } } } catch (CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", - e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", - e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); } } /** * log according to authority category. */ - public static void log(int event, int level, String msg) { + public static void log(int event, int level, String msg) { CMS.getLogger().log(event, ILogger.S_OTHER, level, - "PKIProcessor " + ": " + msg); + "PKIProcessor " + ": " + msg); } public static void log(int level, String msg) { CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, - "PKIProcessor " + ": " + msg); + "PKIProcessor " + ": " + msg); } /** * Signed Audit Log - * - * This method is inherited by all extended "CMSServlet"s, and is called to - * store messages to the signed audit log. + * + * This method is inherited by all extended "CMSServlet"s, + * and is called to store messages to the signed audit log. * <P> - * + * * @param msg signed audit log message */ protected void audit(String msg) { @@ -316,17 +314,21 @@ public class PKIProcessor implements IPKIProcessor { return; } - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, null, - ILogger.S_SIGNED_AUDIT, ILogger.LL_SECURITY, msg); + mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, + null, + ILogger.S_SIGNED_AUDIT, + ILogger.LL_SECURITY, + msg); } /** * Signed Audit Log Subject ID - * - * This method is inherited by all extended "CMSServlet"s, and is called to - * obtain the "SubjectID" for a signed audit log message. + * + * This method is inherited by all extended "CMSServlet"s, + * and is called to obtain the "SubjectID" for + * a signed audit log message. * <P> - * + * * @return id string containing the signed audit log message SubjectID */ protected String auditSubjectID() { @@ -341,7 +343,8 @@ public class PKIProcessor implements IPKIProcessor { SessionContext auditContext = SessionContext.getExistingContext(); if (auditContext != null) { - subjectID = (String) auditContext.get(SessionContext.USER_ID); + subjectID = (String) + auditContext.get(SessionContext.USER_ID); if (subjectID != null) { subjectID = subjectID.trim(); @@ -355,3 +358,4 @@ public class PKIProcessor implements IPKIProcessor { return subjectID; } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java index 4ac119dc..da24d2c2 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.profile; + import java.util.Enumeration; import java.util.Locale; @@ -45,9 +46,10 @@ import com.netscape.certsrv.template.ArgList; import com.netscape.certsrv.template.ArgSet; import com.netscape.cms.servlet.common.CMSRequest; + /** * Toggle the approval state of a profile - * + * * @version $Revision$, $Date$ */ public class ProfileApproveServlet extends ProfileServlet { @@ -57,9 +59,10 @@ public class ProfileApproveServlet extends ProfileServlet { */ private static final long serialVersionUID = 3956879326742839550L; private static final String PROP_AUTHORITY_ID = "authorityId"; - private String mAuthorityId = null; + private String mAuthorityId = null; - private final static String LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL = "LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL_4"; + private final static String LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL = + "LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL_4"; private final static String OP_APPROVE = "approve"; private final static String OP_DISAPPROVE = "disapprove"; @@ -70,7 +73,7 @@ public class ProfileApproveServlet extends ProfileServlet { /** * initialize the servlet. This servlet uses the template file * "ImportCert.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -81,14 +84,13 @@ public class ProfileApproveServlet extends ProfileServlet { /** * Process the HTTP request. * <P> - * + * * <ul> * <li>http.param profileId the id of the profile to change * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL used when an * agent approves/disapproves a cert profile set by the administrator for * automatic approval * </ul> - * * @param cmsReq the object holding the request and response information * @exception EBaseException an error has occurred */ @@ -124,18 +126,20 @@ public class ProfileApproveServlet extends ProfileServlet { auditSubjectID = auditSubjectID(); CMS.debug(e.toString()); log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_AUTHENTICATION_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_AUTHENTICATION_ERROR")); outputTemplate(request, response, args); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, - auditSubjectID, ILogger.FAILURE, auditProfileID, - auditProfileOp); + LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, + auditSubjectID, + ILogger.FAILURE, + auditProfileID, + auditProfileOp); audit(auditMessage); @@ -146,28 +150,30 @@ public class ProfileApproveServlet extends ProfileServlet { try { authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "approve"); + mAuthzResourceName, "approve"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); } if (authzToken == null) { args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_AUTHORIZATION_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_AUTHORIZATION_ERROR")); outputTemplate(request, response, args); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, - auditSubjectID, ILogger.FAILURE, auditProfileID, - auditProfileOp); + LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, + auditSubjectID, + ILogger.FAILURE, + auditProfileID, + auditProfileOp); audit(auditMessage); @@ -187,15 +193,17 @@ public class ProfileApproveServlet extends ProfileServlet { if (ps == null) { CMS.debug("ProfileApproveServlet: ProfileSubsystem not found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, - auditSubjectID, ILogger.FAILURE, auditProfileID, - auditProfileOp); + LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, + auditSubjectID, + ILogger.FAILURE, + auditProfileID, + auditProfileOp); audit(auditMessage); @@ -206,18 +214,20 @@ public class ProfileApproveServlet extends ProfileServlet { IAuthority authority = (IAuthority) CMS.getSubsystem(mAuthorityId); if (authority == null) { - CMS.debug("ProfileApproveServlet: Authority " + mAuthorityId - + " not found"); + CMS.debug("ProfileApproveServlet: Authority " + mAuthorityId + + " not found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, - auditSubjectID, ILogger.FAILURE, auditProfileID, - auditProfileOp); + LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, + auditSubjectID, + ILogger.FAILURE, + auditProfileID, + auditProfileOp); audit(auditMessage); @@ -226,18 +236,20 @@ public class ProfileApproveServlet extends ProfileServlet { IRequestQueue queue = authority.getRequestQueue(); if (queue == null) { - CMS.debug("ProfileApproveServlet: Request Queue of " - + mAuthorityId + " not found"); + CMS.debug("ProfileApproveServlet: Request Queue of " + + mAuthorityId + " not found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, - auditSubjectID, ILogger.FAILURE, auditProfileID, - auditProfileOp); + LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, + auditSubjectID, + ILogger.FAILURE, + auditProfileID, + auditProfileOp); audit(auditMessage); @@ -253,54 +265,60 @@ public class ProfileApproveServlet extends ProfileServlet { try { if (ps.isProfileEnable(profileId)) { - if (ps.checkOwner()) { - if (ps.getProfileEnableBy(profileId).equals(userid)) { - ps.disableProfile(profileId); - } else { - // only enableBy can disable profile - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage( - locale, "CMS_PROFILE_NOT_OWNER")); - outputTemplate(request, response, args); - - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( + if (ps.checkOwner()) { + if (ps.getProfileEnableBy(profileId).equals(userid)) { + ps.disableProfile(profileId); + } else { + // only enableBy can disable profile + args.set(ARG_ERROR_CODE, "1"); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_PROFILE_NOT_OWNER")); + outputTemplate(request, response, args); + + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, - auditSubjectID, ILogger.FAILURE, - auditProfileID, auditProfileOp); + auditSubjectID, + ILogger.FAILURE, + auditProfileID, + auditProfileOp); - audit(auditMessage); + audit(auditMessage); - return; - } - } else { - ps.disableProfile(profileId); + return; } + } else { + ps.disableProfile(profileId); + } } else { ps.enableProfile(profileId, userid); } // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, - auditSubjectID, ILogger.SUCCESS, auditProfileID, - auditProfileOp); + LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, + auditSubjectID, + ILogger.SUCCESS, + auditProfileID, + auditProfileOp); audit(auditMessage); } catch (EProfileException e) { // profile not enabled - CMS.debug("ProfileApproveServlet: profile not error " - + e.toString()); + CMS.debug("ProfileApproveServlet: profile not error " + + e.toString()); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, - auditSubjectID, ILogger.FAILURE, auditProfileID, - auditProfileOp); + LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, + auditSubjectID, + ILogger.FAILURE, + auditProfileID, + auditProfileOp); audit(auditMessage); @@ -309,34 +327,37 @@ public class ProfileApproveServlet extends ProfileServlet { } catch (EBaseException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, auditSubjectID, - ILogger.FAILURE, auditProfileID, auditProfileOp); + LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, + auditSubjectID, + ILogger.FAILURE, + auditProfileID, + auditProfileOp); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, - // auditSubjectID, - // ILogger.FAILURE, - // auditProfileID, - // auditProfileOp ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, + // auditSubjectID, + // ILogger.FAILURE, + // auditProfileID, + // auditProfileOp ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } try { profile = ps.getProfile(profileId); } catch (EProfileException e) { // profile not found - CMS.debug("ProfileApproveServlet: profile not found " - + e.toString()); + CMS.debug("ProfileApproveServlet: profile not found " + + e.toString()); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, e.toString()); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, @@ -364,13 +385,14 @@ public class ProfileApproveServlet extends ProfileServlet { while (policyIds.hasMoreElements()) { String id = (String) policyIds.nextElement(); - IProfilePolicy policy = (IProfilePolicy) profile - .getProfilePolicy(setId, id); + IProfilePolicy policy = (IProfilePolicy) + profile.getProfilePolicy(setId, id); // (3) query all the profile policies // (4) default plugins convert request parameters - // into string http parameters - handlePolicy(list, response, locale, id, policy); + // into string http parameters + handlePolicy(list, response, locale, + id, policy); } ArgSet setArg = new ArgSet(); @@ -381,8 +403,8 @@ public class ProfileApproveServlet extends ProfileServlet { args.set(ARG_POLICY_SET_LIST, setlist); args.set(ARG_PROFILE_ID, profileId); - args.set(ARG_PROFILE_IS_ENABLED, - Boolean.toString(ps.isProfileEnable(profileId))); + args.set(ARG_PROFILE_IS_ENABLED, + Boolean.toString(ps.isProfileEnable(profileId))); args.set(ARG_PROFILE_ENABLED_BY, ps.getProfileEnableBy(profileId)); args.set(ARG_PROFILE_NAME, profile.getName(locale)); args.set(ARG_PROFILE_DESC, profile.getDescription(locale)); @@ -391,8 +413,8 @@ public class ProfileApproveServlet extends ProfileServlet { outputTemplate(request, response, args); } - private void handlePolicy(ArgList list, ServletResponse response, - Locale locale, String id, IProfilePolicy policy) { + private void handlePolicy(ArgList list, ServletResponse response, + Locale locale, String id, IProfilePolicy policy) { ArgSet set = new ArgSet(); set.set(ARG_POLICY_ID, id); @@ -412,19 +434,19 @@ public class ProfileApproveServlet extends ProfileServlet { String defName = (String) defNames.nextElement(); IDescriptor defDesc = def.getValueDescriptor(locale, defName); if (defDesc == null) { - CMS.debug("defName=" + defName); + CMS.debug("defName=" + defName); } else { - String defSyntax = defDesc.getSyntax(); - String defConstraint = defDesc.getConstraint(); - String defValueName = defDesc.getDescription(locale); - String defValue = null; - - defset.set(ARG_DEF_ID, defName); - defset.set(ARG_DEF_SYNTAX, defSyntax); - defset.set(ARG_DEF_CONSTRAINT, defConstraint); - defset.set(ARG_DEF_NAME, defValueName); - defset.set(ARG_DEF_VAL, defValue); - deflist.add(defset); + String defSyntax = defDesc.getSyntax(); + String defConstraint = defDesc.getConstraint(); + String defValueName = defDesc.getDescription(locale); + String defValue = null; + + defset.set(ARG_DEF_ID, defName); + defset.set(ARG_DEF_SYNTAX, defSyntax); + defset.set(ARG_DEF_CONSTRAINT, defConstraint); + defset.set(ARG_DEF_NAME, defValueName); + defset.set(ARG_DEF_VAL, defValue); + deflist.add(defset); } } } @@ -441,11 +463,11 @@ public class ProfileApproveServlet extends ProfileServlet { /** * Signed Audit Log Profile ID - * - * This method is called to obtain the "ProfileID" for a signed audit log - * message. + * + * This method is called to obtain the "ProfileID" for + * a signed audit log message. * <P> - * + * * @param req HTTP request * @return id string containing the signed audit log message ProfileID */ @@ -471,14 +493,14 @@ public class ProfileApproveServlet extends ProfileServlet { /** * Signed Audit Log Profile Operation - * - * This method is called to obtain the "Profile Operation" for a signed - * audit log message. + * + * This method is called to obtain the "Profile Operation" for + * a signed audit log message. * <P> - * + * * @param req HTTP request - * @return operation string containing either OP_APPROVE, OP_DISAPPROVE, or - * SIGNED_AUDIT_EMPTY_VALUE + * @return operation string containing either OP_APPROVE, OP_DISAPPROVE, + * or SIGNED_AUDIT_EMPTY_VALUE */ private String auditProfileOp(HttpServletRequest req) { // if no signed audit object exists, bail @@ -486,12 +508,13 @@ public class ProfileApproveServlet extends ProfileServlet { return null; } - if (mProfileSubId == null || mProfileSubId.equals("")) { + if (mProfileSubId == null || + mProfileSubId.equals("")) { mProfileSubId = IProfileSubsystem.ID; } - IProfileSubsystem ps = (IProfileSubsystem) CMS - .getSubsystem(mProfileSubId); + IProfileSubsystem ps = (IProfileSubsystem) + CMS.getSubsystem(mProfileSubId); if (ps == null) { return ILogger.SIGNED_AUDIT_EMPTY_VALUE; @@ -510,3 +533,4 @@ public class ProfileApproveServlet extends ProfileServlet { } } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileListServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileListServlet.java index ded3dff8..4da41f7a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileListServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileListServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.profile; + import java.util.Enumeration; import java.util.Locale; @@ -37,9 +38,10 @@ import com.netscape.certsrv.template.ArgList; import com.netscape.certsrv.template.ArgSet; import com.netscape.cms.servlet.common.CMSRequest; + /** * List all enabled profiles. - * + * * @version $Revision$, $Date$ */ public class ProfileListServlet extends ProfileServlet { @@ -51,7 +53,7 @@ public class ProfileListServlet extends ProfileServlet { private static final String PROP_AUTHORITY_ID = "authorityId"; - private String mAuthorityId = null; + private String mAuthorityId = null; public ProfileListServlet() { super(); @@ -60,7 +62,7 @@ public class ProfileListServlet extends ProfileServlet { /** * initialize the servlet. This servlet uses the template file * "ImportCert.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -70,7 +72,7 @@ public class ProfileListServlet extends ProfileServlet { /** * Process the HTTP request. - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -87,20 +89,20 @@ public class ProfileListServlet extends ProfileServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "list"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "list"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_AUTHORIZATION_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_AUTHORIZATION_ERROR")); outputTemplate(request, response, args); return; } @@ -112,18 +114,18 @@ public class ProfileListServlet extends ProfileServlet { mProfileSubId = IProfileSubsystem.ID; } CMS.debug("ProfileListServlet: SubId=" + mProfileSubId); - IProfileSubsystem ps = (IProfileSubsystem) CMS - .getSubsystem(mProfileSubId); + IProfileSubsystem ps = (IProfileSubsystem) + CMS.getSubsystem(mProfileSubId); if (ps == null) { - CMS.debug("ProfileListServlet: ProfileSubsystem " + mProfileSubId - + " not found"); + CMS.debug("ProfileListServlet: ProfileSubsystem " + + mProfileSubId + " not found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; - } + } ArgList list = new ArgList(); Enumeration e = ps.getProfileIds(); @@ -137,13 +139,13 @@ public class ProfileListServlet extends ProfileServlet { profile = ps.getProfile(id); } catch (EBaseException e1) { // skip bad profile - CMS.debug("ProfileListServlet: profile " + id - + " not found (skipped) " + e1.toString()); + CMS.debug("ProfileListServlet: profile " + id + + " not found (skipped) " + e1.toString()); continue; } if (profile == null) { - CMS.debug("ProfileListServlet: profile " + id - + " not found (skipped)"); + CMS.debug("ProfileListServlet: profile " + id + + " not found (skipped)"); continue; } @@ -153,16 +155,16 @@ public class ProfileListServlet extends ProfileServlet { ArgSet profileArgs = new ArgSet(); profileArgs.set(ARG_PROFILE_IS_ENABLED, - Boolean.toString(ps.isProfileEnable(id))); + Boolean.toString(ps.isProfileEnable(id))); profileArgs.set(ARG_PROFILE_ENABLED_BY, - ps.getProfileEnableBy(id)); + ps.getProfileEnableBy(id)); profileArgs.set(ARG_PROFILE_ID, id); - profileArgs.set(ARG_PROFILE_IS_VISIBLE, - Boolean.toString(profile.isVisible())); + profileArgs.set(ARG_PROFILE_IS_VISIBLE, + Boolean.toString(profile.isVisible())); profileArgs.set(ARG_PROFILE_NAME, name); profileArgs.set(ARG_PROFILE_DESC, desc); list.add(profileArgs); - + } } args.set(ARG_RECORD, list); diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java index 073d2cfb..a159c0f2 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.profile; + import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; import java.util.Date; @@ -62,9 +63,10 @@ import com.netscape.certsrv.template.ArgSet; import com.netscape.certsrv.util.IStatsSubsystem; import com.netscape.cms.servlet.common.CMSRequest; + /** * This servlet approves profile-based request. - * + * * @version $Revision$, $Date$ */ public class ProfileProcessServlet extends ProfileServlet { @@ -76,8 +78,10 @@ public class ProfileProcessServlet extends ProfileServlet { private String mAuthorityId = null; private Nonces mNonces = null; - private final static String SIGNED_AUDIT_CERT_REQUEST_REASON = "requestNotes"; - private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; + private final static String SIGNED_AUDIT_CERT_REQUEST_REASON = + "requestNotes"; + private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = + "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; public ProfileProcessServlet() { } @@ -99,9 +103,9 @@ public class ProfileProcessServlet extends ProfileServlet { HttpServletRequest request = cmsReq.getHttpReq(); HttpServletResponse response = cmsReq.getHttpResp(); - IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats"); + IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats"); if (statsSub != null) { - statsSub.startTiming("approval", true /* main action */); + statsSub.startTiming("approval", true /* main action */); } IAuthToken authToken = null; @@ -115,14 +119,13 @@ public class ProfileProcessServlet extends ProfileServlet { } catch (EBaseException e) { CMS.debug("ProfileProcessServlet: " + e.toString()); log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_AUTHENTICATION_ERROR")); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + args.set(ARG_ERROR_CODE, "1"); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_AUTHENTICATION_ERROR")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -131,23 +134,23 @@ public class ProfileProcessServlet extends ProfileServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "approve"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "approve"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_AUTHORIZATION_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_AUTHORIZATION_ERROR")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -161,19 +164,18 @@ public class ProfileProcessServlet extends ProfileServlet { X509Certificate cert2 = getSSLClientCertificate(request); if (cert1 == null) { CMS.debug("ProfileProcessServlet: Unknown nonce"); - } else if (cert1 != null && cert2 != null - && cert1.equals(cert2)) { + } else if (cert1 != null && cert2 != null && cert1.equals(cert2)) { nonceVerified = true; mNonces.removeNonce(nonce); } } else { CMS.debug("ProfileProcessServlet: Missing nonce"); } - CMS.debug("ProfileProcessServlet: nonceVerified=" + nonceVerified); + CMS.debug("ProfileProcessServlet: nonceVerified="+nonceVerified); if (!nonceVerified) { args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_AUTHORIZATION_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_AUTHORIZATION_ERROR")); outputTemplate(request, response, args); if (statsSub != null) { statsSub.endTiming("approval"); @@ -191,17 +193,17 @@ public class ProfileProcessServlet extends ProfileServlet { mProfileSubId = IProfileSubsystem.ID; } CMS.debug("ProfileProcessServlet: SubId=" + mProfileSubId); - IProfileSubsystem ps = (IProfileSubsystem) CMS - .getSubsystem(mProfileSubId); + IProfileSubsystem ps = (IProfileSubsystem) + CMS.getSubsystem(mProfileSubId); if (ps == null) { CMS.debug("ProfileProcessServlet: ProfileSubsystem not found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -210,28 +212,28 @@ public class ProfileProcessServlet extends ProfileServlet { IAuthority authority = (IAuthority) CMS.getSubsystem(mAuthorityId); if (authority == null) { - CMS.debug("ProfileProcessServlet: Authority " + mAuthorityId - + " not found"); + CMS.debug("ProfileProcessServlet: Authority " + mAuthorityId + + " not found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } IRequestQueue queue = authority.getRequestQueue(); if (queue == null) { - CMS.debug("ProfileProcessServlet: Request Queue of " + mAuthorityId - + " not found"); + CMS.debug("ProfileProcessServlet: Request Queue of " + + mAuthorityId + " not found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -241,11 +243,11 @@ public class ProfileProcessServlet extends ProfileServlet { if (requestId == null || requestId.equals("")) { CMS.debug("ProfileProcessServlet: Request Id not found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_REQUEST_ID_NOT_FOUND")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_REQUEST_ID_NOT_FOUND")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -257,8 +259,8 @@ public class ProfileProcessServlet extends ProfileServlet { req = queue.findRequest(new RequestId(requestId)); } catch (EBaseException e) { // request not found - CMS.debug("ProfileProcessServlet: request not found requestId=" - + requestId + " " + e.toString()); + CMS.debug("ProfileProcessServlet: request not found requestId=" + + requestId + " " + e.toString()); } if (req == null) { args.set(ARG_ERROR_CODE, "1"); @@ -266,12 +268,12 @@ public class ProfileProcessServlet extends ProfileServlet { "CMS_REQUEST_NOT_FOUND", requestId)); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } - // check if the request is in one of the terminal states + // check if the request is in one of the terminal states if (!req.getRequestStatus().equals(RequestStatus.PENDING)) { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, @@ -279,7 +281,7 @@ public class ProfileProcessServlet extends ProfileServlet { args.set(ARG_REQUEST_ID, requestId); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -290,11 +292,11 @@ public class ProfileProcessServlet extends ProfileServlet { if (profileId == null || profileId.equals("")) { CMS.debug("ProfileProcessServlet: Profile Id not found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_PROFILE_ID_NOT_FOUND")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_PROFILE_ID_NOT_FOUND")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -303,23 +305,24 @@ public class ProfileProcessServlet extends ProfileServlet { if (op == null) { CMS.debug("ProfileProcessServlet: No op found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_OP_NOT_FOUND")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_OP_NOT_FOUND")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } + IProfile profile = null; try { profile = ps.getProfile(profileId); } catch (EProfileException e) { // profile not found - CMS.debug("ProfileProcessServlet: profile not found " + " " - + " profileId=" + profileId + " " + e.toString()); + CMS.debug("ProfileProcessServlet: profile not found " + + " " + " profileId=" + profileId + " " + e.toString()); } if (profile == null) { args.set(ARG_ERROR_CODE, "1"); @@ -327,7 +330,7 @@ public class ProfileProcessServlet extends ProfileServlet { "CMS_PROFILE_NOT_FOUND", profileId)); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -341,15 +344,16 @@ public class ProfileProcessServlet extends ProfileServlet { args.set(ARG_REQUEST_TYPE, req.getRequestType()); args.set(ARG_PROFILE_ID, profileId); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_PROFILE_ID_NOT_ENABLED")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_PROFILE_ID_NOT_ENABLED")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } + args.set(ARG_ERROR_CODE, "0"); args.set(ARG_ERROR_REASON, ""); @@ -357,23 +361,21 @@ public class ProfileProcessServlet extends ProfileServlet { if (op.equals("assign")) { String owner = req.getRequestOwner(); - // assigned owner + // assigned owner if (owner != null && owner.length() > 0) { if (!grantPermission(req, authToken)) { CMS.debug("ProfileProcessServlet: Permission not granted to assign request."); args.set(ARG_OP, op); args.set(ARG_REQUEST_ID, req.getRequestId().toString()); - args.set(ARG_REQUEST_STATUS, req.getRequestStatus() - .toString()); + args.set(ARG_REQUEST_STATUS, req.getRequestStatus().toString()); args.set(ARG_REQUEST_TYPE, req.getRequestType()); args.set(ARG_PROFILE_ID, profileId); args.set(ARG_PROFILE_ID, profileId); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_PROFILE_DENY_OPERATION")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_PROFILE_DENY_OPERATION")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -385,16 +387,13 @@ public class ProfileProcessServlet extends ProfileServlet { checkProfileVersion(profile, req, locale); updateValues(request, req, queue, profile, locale); updateNotes(request, req); - approveRequest(request, args, req, queue, profile, - locale); + approveRequest(request, args, req, queue, profile, locale); } else if (op.equals("reject")) { updateNotes(request, req); - rejectRequest(request, args, req, queue, profile, - locale); + rejectRequest(request, args, req, queue, profile, locale); } else if (op.equals("cancel")) { updateNotes(request, req); - cancelRequest(request, args, req, queue, profile, - locale); + cancelRequest(request, args, req, queue, profile, locale); } else if (op.equals("update")) { checkProfileVersion(profile, req, locale); updateValues(request, req, queue, profile, locale); @@ -402,30 +401,27 @@ public class ProfileProcessServlet extends ProfileServlet { } else if (op.equals("validate")) { updateValues(request, req, queue, profile, locale); } else if (op.equals("unassign")) { - unassignRequest(request, args, req, queue, profile, - locale); + unassignRequest(request, args, req, queue, profile, locale); } } else { CMS.debug("ProfileProcessServlet: Permission not granted to approve/reject/cancel/update/validate/unassign request."); args.set(ARG_OP, op); args.set(ARG_REQUEST_ID, req.getRequestId().toString()); - args.set(ARG_REQUEST_STATUS, req.getRequestStatus() - .toString()); + args.set(ARG_REQUEST_STATUS, req.getRequestStatus().toString()); args.set(ARG_REQUEST_TYPE, req.getRequestType()); args.set(ARG_PROFILE_ID, profileId); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_PROFILE_DENY_OPERATION")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_PROFILE_DENY_OPERATION")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } } // commit request to the storage - if (!op.equals("validate")) { + if (!op.equals("validate")) { try { if (op.equals("approve")) { queue.markAsServiced(req); @@ -433,47 +429,43 @@ public class ProfileProcessServlet extends ProfileServlet { queue.updateRequest(req); } } catch (EBaseException e) { - CMS.debug("ProfileProcessServlet: Request commit error " - + e.toString()); + CMS.debug("ProfileProcessServlet: Request commit error " + + e.toString()); // save request to disk args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } } } catch (ERejectException e) { - CMS.debug("ProfileProcessServlet: execution rejected " - + e.toString()); + CMS.debug("ProfileProcessServlet: execution rejected " + + e.toString()); args.set(ARG_ERROR_CODE, "1"); - args.set( - ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_PROFILE_REJECTED", - e.toString())); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_PROFILE_REJECTED", e.toString())); } catch (EDeferException e) { - CMS.debug("ProfileProcessServlet: execution defered " - + e.toString()); + CMS.debug("ProfileProcessServlet: execution defered " + + e.toString()); args.set(ARG_ERROR_CODE, "1"); - args.set( - ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_PROFILE_DEFERRED", - e.toString())); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_PROFILE_DEFERRED", e.toString())); } catch (EPropertyException e) { - CMS.debug("ProfileProcessServlet: execution error " + e.toString()); + CMS.debug("ProfileProcessServlet: execution error " + + e.toString()); args.set(ARG_ERROR_CODE, "1"); - args.set( - ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_PROFILE_PROPERTY_ERROR", - e.toString())); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_PROFILE_PROPERTY_ERROR", e.toString())); } catch (EProfileException e) { - CMS.debug("ProfileProcessServlet: execution error " + e.toString()); + CMS.debug("ProfileProcessServlet: execution error " + + e.toString()); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); } args.set(ARG_OP, op); @@ -483,15 +475,15 @@ public class ProfileProcessServlet extends ProfileServlet { args.set(ARG_PROFILE_ID, profileId); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } } - + public boolean grantPermission(IRequest req, IAuthToken token) { try { - boolean enable = CMS.getConfigStore().getBoolean( - "request.assignee.enable", false); + boolean enable = CMS.getConfigStore().getBoolean("request.assignee.enable", + false); if (!enable) return true; String owner = req.getRequestOwner(); @@ -504,32 +496,32 @@ public class ProfileProcessServlet extends ProfileServlet { return true; } catch (Exception e) { } - + return false; } /** - * Check if the request creation time is older than the profile lastModified - * attribute. + * Check if the request creation time is older than the profile + * lastModified attribute. */ - protected void checkProfileVersion(IProfile profile, IRequest req, - Locale locale) throws EProfileException { + protected void checkProfileVersion(IProfile profile, IRequest req, + Locale locale) throws EProfileException { IConfigStore profileConfig = profile.getConfigStore(); if (profileConfig != null) { String lastModified = null; try { - lastModified = profileConfig.getString("lastModified", ""); + lastModified = profileConfig.getString("lastModified",""); } catch (EBaseException e) { - CMS.debug(e.toString()); - throw new EProfileException(e.toString()); + CMS.debug(e.toString()); + throw new EProfileException( e.toString() ); } if (!lastModified.equals("")) { Date profileModifiedAt = new Date(Long.parseLong(lastModified)); - CMS.debug("ProfileProcessServlet: Profile Last Modified=" - + profileModifiedAt); + CMS.debug("ProfileProcessServlet: Profile Last Modified=" + + profileModifiedAt); Date reqCreatedAt = req.getCreationTime(); - CMS.debug("ProfileProcessServlet: Request Created At=" - + reqCreatedAt); + CMS.debug("ProfileProcessServlet: Request Created At=" + + reqCreatedAt); if (profileModifiedAt.after(reqCreatedAt)) { CMS.debug("Profile Newer Than Request"); throw new ERejectException("Profile Newer Than Request"); @@ -539,16 +531,18 @@ public class ProfileProcessServlet extends ProfileServlet { } protected void assignRequest(ServletRequest request, ArgSet args, - IRequest req, IRequestQueue queue, IProfile profile, Locale locale) - throws EProfileException { + IRequest req, + IRequestQueue queue, IProfile profile, Locale locale) + throws EProfileException { String id = auditSubjectID(); req.setRequestOwner(id); } protected void unassignRequest(ServletRequest request, ArgSet args, - IRequest req, IRequestQueue queue, IProfile profile, Locale locale) - throws EProfileException { + IRequest req, + IRequestQueue queue, IProfile profile, Locale locale) + throws EProfileException { req.setRequestOwner(""); } @@ -558,14 +552,13 @@ public class ProfileProcessServlet extends ProfileServlet { * <P> * * (Certificate Request Processed - a manual "agent" profile based cert - * cancellation) + * cancellation) * <P> * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a * certificate request has just been through the approval process * </ul> - * * @param request the servlet request * @param args argument set * @param req the certificate request @@ -573,11 +566,12 @@ public class ProfileProcessServlet extends ProfileServlet { * @param profile this profile * @param locale the system locale * @exception EProfileException an error related to this profile has - * occurred + * occurred */ protected void cancelRequest(ServletRequest request, ArgSet args, - IRequest req, IRequestQueue queue, IProfile profile, Locale locale) - throws EProfileException { + IRequest req, + IRequestQueue queue, IProfile profile, Locale locale) + throws EProfileException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRequesterID = auditRequesterID(req); @@ -588,22 +582,25 @@ public class ProfileProcessServlet extends ProfileServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, auditSubjectID, - ILogger.SUCCESS, auditRequesterID, - ILogger.SIGNED_AUDIT_CANCELLATION, auditInfoValue); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + ILogger.SIGNED_AUDIT_CANCELLATION, + auditInfoValue); audit(auditMessage); // } catch( EProfileException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - // auditSubjectID, - // ILogger.FAILURE, - // auditRequesterID, - // ILogger.SIGNED_AUDIT_CANCELLATION, - // auditInfoValue ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + // auditSubjectID, + // ILogger.FAILURE, + // auditRequesterID, + // ILogger.SIGNED_AUDIT_CANCELLATION, + // auditInfoValue ); // - // audit( auditMessage ); + // audit( auditMessage ); // } } @@ -612,14 +609,13 @@ public class ProfileProcessServlet extends ProfileServlet { * <P> * * (Certificate Request Processed - a manual "agent" profile based cert - * rejection) + * rejection) * <P> * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a * certificate request has just been through the approval process * </ul> - * * @param request the servlet request * @param args argument set * @param req the certificate request @@ -627,11 +623,12 @@ public class ProfileProcessServlet extends ProfileServlet { * @param profile this profile * @param locale the system locale * @exception EProfileException an error related to this profile has - * occurred + * occurred */ protected void rejectRequest(ServletRequest request, ArgSet args, - IRequest req, IRequestQueue queue, IProfile profile, Locale locale) - throws EProfileException { + IRequest req, + IRequestQueue queue, IProfile profile, Locale locale) + throws EProfileException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRequesterID = auditRequesterID(req); @@ -642,22 +639,25 @@ public class ProfileProcessServlet extends ProfileServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, auditSubjectID, - ILogger.SUCCESS, auditRequesterID, - ILogger.SIGNED_AUDIT_REJECTION, auditInfoValue); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + ILogger.SIGNED_AUDIT_REJECTION, + auditInfoValue); audit(auditMessage); // } catch( EProfileException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - // auditSubjectID, - // ILogger.FAILURE, - // auditRequesterID, - // ILogger.SIGNED_AUDIT_REJECTION, - // auditInfoValue ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + // auditSubjectID, + // ILogger.FAILURE, + // auditRequesterID, + // ILogger.SIGNED_AUDIT_REJECTION, + // auditInfoValue ); // - // audit( auditMessage ); + // audit( auditMessage ); // } } @@ -666,14 +666,13 @@ public class ProfileProcessServlet extends ProfileServlet { * <P> * * (Certificate Request Processed - a manual "agent" profile based cert - * acceptance) + * acceptance) * <P> * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a * certificate request has just been through the approval process * </ul> - * * @param request the servlet request * @param args argument set * @param req the certificate request @@ -681,11 +680,12 @@ public class ProfileProcessServlet extends ProfileServlet { * @param profile this profile * @param locale the system locale * @exception EProfileException an error related to this profile has - * occurred + * occurred */ - protected void approveRequest(ServletRequest request, ArgSet args, - IRequest req, IRequestQueue queue, IProfile profile, Locale locale) - throws EProfileException { + protected void approveRequest(ServletRequest request, ArgSet args, + IRequest req, + IRequestQueue queue, IProfile profile, Locale locale) + throws EProfileException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRequesterID = auditRequesterID(req); @@ -700,40 +700,42 @@ public class ProfileProcessServlet extends ProfileServlet { if (outputIds != null) { while (outputIds.hasMoreElements()) { String outputId = (String) outputIds.nextElement(); - IProfileOutput profileOutput = profile - .getProfileOutput(outputId); + IProfileOutput profileOutput = profile.getProfileOutput( + outputId); Enumeration outputNames = profileOutput.getValueNames(); if (outputNames != null) { while (outputNames.hasMoreElements()) { ArgSet outputset = new ArgSet(); - String outputName = (String) outputNames - .nextElement(); - IDescriptor outputDesc = profileOutput - .getValueDescriptor(locale, outputName); + String outputName = (String) + outputNames.nextElement(); + IDescriptor outputDesc = + profileOutput.getValueDescriptor(locale, + outputName); if (outputDesc == null) continue; String outputSyntax = outputDesc.getSyntax(); - String outputConstraint = outputDesc - .getConstraint(); - String outputValueName = outputDesc - .getDescription(locale); + String outputConstraint = + outputDesc.getConstraint(); + String outputValueName = + outputDesc.getDescription(locale); String outputValue = null; try { outputValue = profileOutput.getValue( - outputName, locale, req); + outputName, + locale, req); } catch (EProfileException e) { - CMS.debug("ProfileSubmitServlet: " - + e.toString()); + CMS.debug("ProfileSubmitServlet: " + + e.toString()); } outputset.set(ARG_OUTPUT_ID, outputName); outputset.set(ARG_OUTPUT_SYNTAX, outputSyntax); outputset.set(ARG_OUTPUT_CONSTRAINT, - outputConstraint); + outputConstraint); outputset.set(ARG_OUTPUT_NAME, outputValueName); outputset.set(ARG_OUTPUT_VAL, outputValue); outputlist.add(outputset); @@ -744,37 +746,42 @@ public class ProfileProcessServlet extends ProfileServlet { args.set(ARG_OUTPUT_LIST, outputlist); // retrieve the certificate - X509CertImpl theCert = req - .getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT); + X509CertImpl theCert = req.getExtDataInCert( + IEnrollProfile.REQUEST_ISSUED_CERT); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, ILogger.SUCCESS, auditRequesterID, - ILogger.SIGNED_AUDIT_ACCEPTANCE, - auditInfoCertValue(theCert)); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + ILogger.SIGNED_AUDIT_ACCEPTANCE, + auditInfoCertValue(theCert)); audit(auditMessage); } catch (EProfileException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, auditRequesterID, - ILogger.SIGNED_AUDIT_ACCEPTANCE, - ILogger.SIGNED_AUDIT_EMPTY_VALUE); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + ILogger.SIGNED_AUDIT_ACCEPTANCE, + ILogger.SIGNED_AUDIT_EMPTY_VALUE); audit(auditMessage); CMS.debug("ProfileProcessServlet: about to throw EProfileException because of bad profile execute."); throw new EProfileException(eAudit1.toString()); + } } - protected void updateValues(ServletRequest request, IRequest req, - IRequestQueue queue, IProfile profile, Locale locale) - throws ERejectException, EDeferException, EPropertyException { + protected void updateValues(ServletRequest request, IRequest req, + IRequestQueue queue, IProfile profile, Locale locale) + throws ERejectException, EDeferException, EPropertyException { String profileSetId = req.getExtDataInString("profileSetId"); Enumeration policies = profile.getProfilePolicies(profileSetId); @@ -806,16 +813,17 @@ public class ProfileProcessServlet extends ProfileServlet { } } - protected void validate(Locale locale, int count, IProfilePolicy policy, - IRequest req, ServletRequest request) throws ERejectException, - EDeferException { + protected void validate(Locale locale, int count, + IProfilePolicy policy, IRequest req, ServletRequest request) + throws ERejectException, EDeferException { IPolicyConstraint con = policy.getConstraint(); con.validate(req); } - protected void setValue(Locale locale, int count, IProfilePolicy policy, - IRequest req, ServletRequest request) throws EPropertyException { + protected void setValue(Locale locale, int count, + IProfilePolicy policy, IRequest req, ServletRequest request) + throws EPropertyException { // handle default policy IPolicyDefault def = policy.getDefault(); Enumeration defNames = def.getValueNames(); @@ -830,11 +838,11 @@ public class ProfileProcessServlet extends ProfileServlet { /** * Signed Audit Log Requester ID - * - * This method is called to obtain the "RequesterID" for a signed audit log - * message. + * + * This method is called to obtain the "RequesterID" for + * a signed audit log message. * <P> - * + * * @param request the actual request * @return id string containing the signed audit log message RequesterID */ @@ -860,11 +868,11 @@ public class ProfileProcessServlet extends ProfileServlet { /** * Signed Audit Log Info Value - * - * This method is called to obtain the "reason" for a signed audit log - * message. + * + * This method is called to obtain the "reason" for + * a signed audit log message. * <P> - * + * * @param request the actual request * @return reason string containing the signed audit log message reason */ @@ -878,8 +886,8 @@ public class ProfileProcessServlet extends ProfileServlet { if (request != null) { // overwrite "reason" if and only if "info" != null - String info = request - .getExtDataInString(SIGNED_AUDIT_CERT_REQUEST_REASON); + String info = + request.getExtDataInString(SIGNED_AUDIT_CERT_REQUEST_REASON); if (info != null) { reason = info.trim(); @@ -896,11 +904,11 @@ public class ProfileProcessServlet extends ProfileServlet { /** * Signed Audit Log Info Certificate Value - * + * * This method is called to obtain the certificate from the passed in * "X509CertImpl" for a signed audit log message. * <P> - * + * * @param x509cert an X509CertImpl * @return cert string containing the certificate */ @@ -933,7 +941,7 @@ public class ProfileProcessServlet extends ProfileServlet { // extract all line separators from the "base64Data" StringBuffer sb = new StringBuffer(); for (int i = 0; i < base64Data.length(); i++) { - if (!Character.isWhitespace(base64Data.charAt(i))) { + if (!Character.isWhitespace(base64Data.charAt(i))) { sb.append(base64Data.charAt(i)); } } @@ -953,3 +961,4 @@ public class ProfileProcessServlet extends ProfileServlet { } } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java index 433dfdd7..00840dd8 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.profile; + import java.util.Enumeration; import java.util.Locale; import java.util.Random; @@ -53,9 +54,10 @@ import com.netscape.certsrv.template.ArgList; import com.netscape.certsrv.template.ArgSet; import com.netscape.cms.servlet.common.CMSRequest; + /** * This servlet allows reviewing of profile-based request. - * + * * @version $Revision$, $Date$ */ public class ProfileReviewServlet extends ProfileServlet { @@ -67,7 +69,7 @@ public class ProfileReviewServlet extends ProfileServlet { private static final String PROP_AUTHORITY_ID = "authorityId"; - private String mAuthorityId = null; + private String mAuthorityId = null; private Random mRandom = null; private Nonces mNonces = null; @@ -77,7 +79,7 @@ public class ProfileReviewServlet extends ProfileServlet { /** * initialize the servlet. This servlet uses the template file * "ImportCert.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -99,7 +101,7 @@ public class ProfileReviewServlet extends ProfileServlet { * <ul> * <li>http.param requestId the ID of the profile to review * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -118,33 +120,32 @@ public class ProfileReviewServlet extends ProfileServlet { } catch (EBaseException e) { CMS.debug("ReviewReqServlet: " + e.toString()); log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_AUTHENTICATION_ERROR")); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + args.set(ARG_ERROR_CODE, "1"); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_AUTHENTICATION_ERROR")); outputTemplate(request, response, args); return; - } + } } AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "read"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_AUTHORIZATION_ERROR")); + args.set(ARG_ERROR_CODE, "1"); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_AUTHORIZATION_ERROR")); outputTemplate(request, response, args); return; } @@ -156,14 +157,14 @@ public class ProfileReviewServlet extends ProfileServlet { mProfileSubId = IProfileSubsystem.ID; } CMS.debug("ProfileReviewServlet: SubId=" + mProfileSubId); - IProfileSubsystem ps = (IProfileSubsystem) CMS - .getSubsystem(mProfileSubId); + IProfileSubsystem ps = (IProfileSubsystem) + CMS.getSubsystem(mProfileSubId); if (ps == null) { CMS.debug("ProfileReviewServlet: ProfileSubsystem not found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } @@ -172,22 +173,22 @@ public class ProfileReviewServlet extends ProfileServlet { IAuthority authority = (IAuthority) CMS.getSubsystem(mAuthorityId); if (authority == null) { - CMS.debug("ProfileReviewServlet: Authority " + mAuthorityId - + " not found"); + CMS.debug("ProfileReviewServlet: Authority " + mAuthorityId + + " not found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } IRequestQueue queue = authority.getRequestQueue(); if (queue == null) { - CMS.debug("ProfileReviewServlet: Request Queue of " + mAuthorityId - + " not found"); + CMS.debug("ProfileReviewServlet: Request Queue of " + + mAuthorityId + " not found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } @@ -200,8 +201,8 @@ public class ProfileReviewServlet extends ProfileServlet { req = queue.findRequest(new RequestId(requestId)); } catch (EBaseException e) { // request not found - CMS.debug("ProfileReviewServlet: request not found requestId=" - + requestId + " " + e.toString()); + CMS.debug("ProfileReviewServlet: request not found requestId=" + + requestId + " " + e.toString()); } if (req == null) { args.set(ARG_ERROR_CODE, "1"); @@ -213,17 +214,16 @@ public class ProfileReviewServlet extends ProfileServlet { String profileId = req.getExtDataInString("profileId"); - CMS.debug("ProfileReviewServlet: requestId=" + requestId - + " profileId=" + profileId); + CMS.debug("ProfileReviewServlet: requestId=" + + requestId + " profileId=" + profileId); IProfile profile = null; try { profile = ps.getProfile(profileId); } catch (EProfileException e) { // profile not found - CMS.debug("ProfileReviewServlet: profile not found requestId=" - + requestId + " profileId=" + profileId + " " - + e.toString()); + CMS.debug("ProfileReviewServlet: profile not found requestId=" + + requestId + " profileId=" + profileId + " " + e.toString()); } if (profile == null) { args.set(ARG_ERROR_CODE, "1"); @@ -232,26 +232,27 @@ public class ProfileReviewServlet extends ProfileServlet { outputTemplate(request, response, args); return; } - + String profileSetId = req.getExtDataInString("profileSetId"); CMS.debug("ProfileReviewServlet: profileSetId=" + profileSetId); - Enumeration policyIds = (profileSetId != null && profileSetId.length() > 0) ? profile - .getProfilePolicyIds(profileSetId) : null; + Enumeration policyIds = (profileSetId != null && profileSetId.length() > 0)? + profile.getProfilePolicyIds(profileSetId): null; int count = 0; ArgList list = new ArgList(); if (policyIds != null) { - while (policyIds.hasMoreElements()) { + while (policyIds.hasMoreElements()) { String id = (String) policyIds.nextElement(); - IProfilePolicy policy = (IProfilePolicy) profile - .getProfilePolicy( - req.getExtDataInString("profileSetId"), id); + IProfilePolicy policy = (IProfilePolicy) + profile.getProfilePolicy(req.getExtDataInString("profileSetId"), + id); // (3) query all the profile policies // (4) default plugins convert request parameters into string - // http parameters - handlePolicy(list, response, locale, id, policy, req); + // http parameters + handlePolicy(list, response, locale, + id, policy, req); count++; } } @@ -268,33 +269,34 @@ public class ProfileReviewServlet extends ProfileServlet { args.set(ARG_REQUEST_TYPE, req.getRequestType()); args.set(ARG_REQUEST_STATUS, req.getRequestStatus().toString()); if (req.getRequestOwner() == null) { - args.set(ARG_REQUEST_OWNER, ""); + args.set(ARG_REQUEST_OWNER, ""); } else { - args.set(ARG_REQUEST_OWNER, req.getRequestOwner()); + args.set(ARG_REQUEST_OWNER, req.getRequestOwner()); } args.set(ARG_REQUEST_CREATION_TIME, req.getCreationTime().toString()); - args.set(ARG_REQUEST_MODIFICATION_TIME, req.getModificationTime() - .toString()); + args.set(ARG_REQUEST_MODIFICATION_TIME, + req.getModificationTime().toString()); args.set(ARG_PROFILE_ID, profileId); - args.set(ARG_PROFILE_APPROVED_BY, - req.getExtDataInString("profileApprovedBy")); + args.set(ARG_PROFILE_APPROVED_BY, + req.getExtDataInString("profileApprovedBy")); args.set(ARG_PROFILE_SET_ID, req.getExtDataInString("profileSetId")); if (profile.isVisible()) { - args.set(ARG_PROFILE_IS_VISIBLE, "true"); + args.set(ARG_PROFILE_IS_VISIBLE, "true"); } else { - args.set(ARG_PROFILE_IS_VISIBLE, "false"); + args.set(ARG_PROFILE_IS_VISIBLE, "false"); } args.set(ARG_PROFILE_NAME, profile.getName(locale)); args.set(ARG_PROFILE_DESC, profile.getDescription(locale)); - args.set(ARG_PROFILE_REMOTE_HOST, - req.getExtDataInString("profileRemoteHost")); - args.set(ARG_PROFILE_REMOTE_ADDR, - req.getExtDataInString("profileRemoteAddr")); + args.set(ARG_PROFILE_REMOTE_HOST, + req.getExtDataInString("profileRemoteHost")); + args.set(ARG_PROFILE_REMOTE_ADDR, + req.getExtDataInString("profileRemoteAddr")); if (req.getExtDataInString("requestNotes") == null) { args.set(ARG_REQUEST_NOTES, ""); } else { - args.set(ARG_REQUEST_NOTES, req.getExtDataInString("requestNotes")); + args.set(ARG_REQUEST_NOTES, + req.getExtDataInString("requestNotes")); } args.set(ARG_RECORD, list); @@ -320,20 +322,17 @@ public class ProfileReviewServlet extends ProfileServlet { ArgSet inputset = new ArgSet(); String inputName = (String) inputNames.nextElement(); - IDescriptor inputDesc = profileInput - .getValueDescriptor(locale, inputName); + IDescriptor inputDesc = profileInput.getValueDescriptor(locale, inputName); if (inputDesc == null) continue; String inputSyntax = inputDesc.getSyntax(); String inputConstraint = inputDesc.getConstraint(); - String inputValueName = inputDesc - .getDescription(locale); + String inputValueName = inputDesc.getDescription(locale); String inputValue = null; try { - inputValue = profileInput.getValue(inputName, - locale, req); + inputValue = profileInput.getValue(inputName, locale, req); } catch (EBaseException e) { CMS.debug("ProfileReviewServlet: " + e.toString()); } @@ -358,31 +357,32 @@ public class ProfileReviewServlet extends ProfileServlet { if (outputIds != null) { while (outputIds.hasMoreElements()) { String outputId = (String) outputIds.nextElement(); - IProfileOutput profileOutput = profile - .getProfileOutput(outputId); + IProfileOutput profileOutput = profile.getProfileOutput(outputId + ); Enumeration outputNames = profileOutput.getValueNames(); if (outputNames != null) { while (outputNames.hasMoreElements()) { ArgSet outputset = new ArgSet(); - String outputName = (String) outputNames.nextElement(); - IDescriptor outputDesc = profileOutput - .getValueDescriptor(locale, outputName); + String outputName = (String) outputNames.nextElement + (); + IDescriptor outputDesc = + profileOutput.getValueDescriptor(locale, outputName); if (outputDesc == null) continue; String outputSyntax = outputDesc.getSyntax(); String outputConstraint = outputDesc.getConstraint(); - String outputValueName = outputDesc - .getDescription(locale); + String outputValueName = outputDesc.getDescription(locale); String outputValue = null; try { outputValue = profileOutput.getValue(outputName, - locale, req); + locale, req); } catch (EProfileException e) { - CMS.debug("ProfileSubmitServlet: " + e.toString()); + CMS.debug("ProfileSubmitServlet: " + e.toString( + )); } outputset.set(ARG_OUTPUT_ID, outputName); @@ -401,8 +401,9 @@ public class ProfileReviewServlet extends ProfileServlet { outputTemplate(request, response, args); } - private void handlePolicy(ArgList list, ServletResponse response, - Locale locale, String id, IProfilePolicy policy, IRequest req) { + private void handlePolicy(ArgList list, ServletResponse response, + Locale locale, String id, IProfilePolicy policy, + IRequest req) { ArgSet set = new ArgSet(); set.set(ARG_POLICY_ID, id); diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSelectServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSelectServlet.java index 92aedb85..813af8f6 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSelectServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSelectServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.profile; + import java.util.Enumeration; import java.util.Locale; @@ -47,9 +48,10 @@ import com.netscape.certsrv.template.ArgList; import com.netscape.certsrv.template.ArgSet; import com.netscape.cms.servlet.common.CMSRequest; + /** * Retrieve detailed information of a particular profile. - * + * * @version $Revision$, $Date$ */ public class ProfileSelectServlet extends ProfileServlet { @@ -59,7 +61,7 @@ public class ProfileSelectServlet extends ProfileServlet { */ private static final long serialVersionUID = -3765390650830903602L; private static final String PROP_AUTHORITY_ID = "authorityId"; - private String mAuthorityId = null; + private String mAuthorityId = null; public ProfileSelectServlet() { } @@ -74,7 +76,7 @@ public class ProfileSelectServlet extends ProfileServlet { * <ul> * <li>http.param profileId the id of the profile to select * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -94,11 +96,10 @@ public class ProfileSelectServlet extends ProfileServlet { } catch (EBaseException e) { CMS.debug("ProcessReqServlet: " + e.toString()); log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_AUTHENTICATION_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_AUTHENTICATION_ERROR")); outputTemplate(request, response, args); return; } @@ -107,20 +108,20 @@ public class ProfileSelectServlet extends ProfileServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "read"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_AUTHORIZATION_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_AUTHORIZATION_ERROR")); outputTemplate(request, response, args); return; } @@ -132,14 +133,14 @@ public class ProfileSelectServlet extends ProfileServlet { mProfileSubId = IProfileSubsystem.ID; } CMS.debug("ProfileSelectServlet: SubId=" + mProfileSubId); - IProfileSubsystem ps = (IProfileSubsystem) CMS - .getSubsystem(mProfileSubId); + IProfileSubsystem ps = (IProfileSubsystem) + CMS.getSubsystem(mProfileSubId); if (ps == null) { CMS.debug("ProfileSelectServlet: ProfileSubsystem not found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } @@ -148,22 +149,22 @@ public class ProfileSelectServlet extends ProfileServlet { IAuthority authority = (IAuthority) CMS.getSubsystem(mAuthorityId); if (authority == null) { - CMS.debug("ProfileSelectServlet: Authority " + mAuthorityId - + " not found"); + CMS.debug("ProfileSelectServlet: Authority " + mAuthorityId + + " not found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } IRequestQueue queue = authority.getRequestQueue(); if (queue == null) { - CMS.debug("ProfileSelectServlet: Request Queue of " + mAuthorityId - + " not found"); + CMS.debug("ProfileSelectServlet: Request Queue of " + + mAuthorityId + " not found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } @@ -178,8 +179,8 @@ public class ProfileSelectServlet extends ProfileServlet { profile = ps.getProfile(profileId); } catch (EProfileException e) { // profile not found - CMS.debug("ProfileSelectServlet: profile not found profileId=" - + profileId + " " + e.toString()); + CMS.debug("ProfileSelectServlet: profile not found profileId=" + + profileId + " " + e.toString()); } if (profile == null) { args.set(ARG_ERROR_CODE, "1"); @@ -188,7 +189,7 @@ public class ProfileSelectServlet extends ProfileServlet { outputTemplate(request, response, args); return; } - + ArgList setlist = new ArgList(); Enumeration policySetIds = profile.getProfilePolicySetIds(); @@ -202,14 +203,14 @@ public class ProfileSelectServlet extends ProfileServlet { if (policyIds != null) { while (policyIds.hasMoreElements()) { String id = (String) policyIds.nextElement(); - IProfilePolicy policy = (IProfilePolicy) profile - .getProfilePolicy(setId, id); + IProfilePolicy policy = (IProfilePolicy) + profile.getProfilePolicy(setId, id); // (3) query all the profile policies - // (4) default plugins convert request parameters into - // string - // http parameters - handlePolicy(list, response, locale, id, policy); + // (4) default plugins convert request parameters into string + // http parameters + handlePolicy(list, response, locale, + id, policy); } } ArgSet setArg = new ArgSet(); @@ -223,31 +224,29 @@ public class ProfileSelectServlet extends ProfileServlet { args.set(ARG_PROFILE_ID, profileId); args.set(ARG_PROFILE_IS_ENABLED, - Boolean.toString(ps.isProfileEnable(profileId))); + Boolean.toString(ps.isProfileEnable(profileId))); args.set(ARG_PROFILE_ENABLED_BY, ps.getProfileEnableBy(profileId)); args.set(ARG_PROFILE_NAME, profile.getName(locale)); - args.set(ARG_PROFILE_DESC, profile.getDescription(locale)); - args.set(ARG_PROFILE_IS_VISIBLE, Boolean.toString(profile.isVisible())); + args.set(ARG_PROFILE_DESC, profile.getDescription(locale)); + args.set(ARG_PROFILE_IS_VISIBLE, + Boolean.toString(profile.isVisible())); args.set(ARG_ERROR_CODE, "0"); args.set(ARG_ERROR_REASON, ""); try { - boolean keyArchivalEnabled = CMS.getConfigStore().getBoolean( - "ca.connector.KRA.enable", false); - if (keyArchivalEnabled == true) { - CMS.debug("ProfileSelectServlet: keyArchivalEnabled is true"); - - // output transport certificate if present - args.set( - "transportCert", - CMS.getConfigStore().getString( - "ca.connector.KRA.transportCert", "")); - } else { - CMS.debug("ProfileSelectServlet: keyArchivalEnabled is false"); - args.set("transportCert", ""); - } + boolean keyArchivalEnabled = CMS.getConfigStore().getBoolean("ca.connector.KRA.enable", false); + if (keyArchivalEnabled == true) { + CMS.debug("ProfileSelectServlet: keyArchivalEnabled is true"); + + // output transport certificate if present + args.set("transportCert", + CMS.getConfigStore().getString("ca.connector.KRA.transportCert", "")); + } else { + CMS.debug("ProfileSelectServlet: keyArchivalEnabled is false"); + args.set("transportCert", ""); + } } catch (EBaseException e) { - CMS.debug("ProfileSelectServlet: exception caught:" + e.toString()); + CMS.debug("ProfileSelectServlet: exception caught:"+e.toString()); } // build authentication @@ -260,7 +259,7 @@ public class ProfileSelectServlet extends ProfileServlet { // authenticator not installed correctly args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_AUTHENTICATION_MANAGER_NOT_FOUND", + "CMS_AUTHENTICATION_MANAGER_NOT_FOUND", profile.getAuthenticatorId())); outputTemplate(request, response, args); return; @@ -273,8 +272,8 @@ public class ProfileSelectServlet extends ProfileServlet { while (authNames.hasMoreElements()) { ArgSet authset = new ArgSet(); String authName = (String) authNames.nextElement(); - IDescriptor authDesc = authenticator.getValueDescriptor( - locale, authName); + IDescriptor authDesc = + authenticator.getValueDescriptor(locale, authName); if (authDesc == null) continue; @@ -292,8 +291,8 @@ public class ProfileSelectServlet extends ProfileServlet { args.set(ARG_AUTH_LIST, authlist); args.set(ARG_AUTH_NAME, authenticator.getName(locale)); args.set(ARG_AUTH_DESC, authenticator.getText(locale)); - args.set(ARG_AUTH_IS_SSL, - Boolean.toString(authenticator.isSSLClientRequired())); + args.set(ARG_AUTH_IS_SSL, + Boolean.toString(authenticator.isSSLClientRequired())); } // build input list @@ -310,10 +309,10 @@ public class ProfileSelectServlet extends ProfileServlet { ArgSet inputpluginset = new ArgSet(); inputpluginset.set(ARG_INPUT_PLUGIN_ID, inputId); - inputpluginset.set(ARG_INPUT_PLUGIN_NAME, - profileInput.getName(locale)); - inputpluginset.set(ARG_INPUT_PLUGIN_DESC, - profileInput.getText(locale)); + inputpluginset.set(ARG_INPUT_PLUGIN_NAME, + profileInput.getName(locale)); + inputpluginset.set(ARG_INPUT_PLUGIN_DESC, + profileInput.getText(locale)); inputPluginlist.add(inputpluginset); Enumeration inputNames = profileInput.getValueNames(); @@ -321,17 +320,15 @@ public class ProfileSelectServlet extends ProfileServlet { if (inputNames != null) { while (inputNames.hasMoreElements()) { ArgSet inputset = new ArgSet(); - String inputName = (String) inputNames - .nextElement(); - IDescriptor inputDesc = profileInput - .getValueDescriptor(locale, inputName); + String inputName = (String) inputNames.nextElement(); + IDescriptor inputDesc = profileInput.getValueDescriptor( + locale, inputName); if (inputDesc == null) continue; String inputSyntax = inputDesc.getSyntax(); String inputConstraint = inputDesc.getConstraint(); - String inputValueName = inputDesc - .getDescription(locale); + String inputValueName = inputDesc.getDescription(locale); String inputValue = null; inputset.set(ARG_INPUT_PLUGIN_ID, inputId); @@ -355,8 +352,8 @@ public class ProfileSelectServlet extends ProfileServlet { outputTemplate(request, response, args); } - private void handlePolicy(ArgList list, ServletResponse response, - Locale locale, String id, IProfilePolicy policy) { + private void handlePolicy(ArgList list, ServletResponse response, + Locale locale, String id, IProfilePolicy policy) { ArgSet set = new ArgSet(); set.set(ARG_POLICY_ID, id); diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java index a5f1c6c7..46f3797d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.profile; + import java.io.BufferedReader; import java.io.ByteArrayOutputStream; import java.io.FileReader; @@ -45,9 +46,10 @@ import com.netscape.cms.servlet.base.UserInfo; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.Utils; + /** * This servlet is the base class of all profile servlets. - * + * * @version $Revision$, $Date$ */ public class ProfileServlet extends CMSServlet { @@ -65,9 +67,12 @@ public class ProfileServlet extends CMSServlet { public final static String ARG_REQUEST_ID = "requestId"; public final static String ARG_REQUEST_TYPE = "requestType"; public final static String ARG_REQUEST_STATUS = "requestStatus"; - public final static String ARG_REQUEST_OWNER = "requestOwner"; - public final static String ARG_REQUEST_CREATION_TIME = "requestCreationTime"; - public final static String ARG_REQUEST_MODIFICATION_TIME = "requestModificationTime"; + public final static String ARG_REQUEST_OWNER = + "requestOwner"; + public final static String ARG_REQUEST_CREATION_TIME = + "requestCreationTime"; + public final static String ARG_REQUEST_MODIFICATION_TIME = + "requestModificationTime"; public final static String ARG_REQUEST_NONCE = "nonce"; public final static String ARG_AUTH_ID = "authId"; @@ -161,18 +166,18 @@ public class ProfileServlet extends CMSServlet { super(); } - /** - * initialize the servlet. Servlets implementing this method must specify - * the template to use as a parameter called "templatePath" in the - * servletConfig - * + /** + * initialize the servlet. Servlets implementing this method + * must specify the template to use as a parameter called + * "templatePath" in the servletConfig + * * @param sc servlet configuration, read from the web.xml file */ - public void init(ServletConfig sc) throws ServletException { + public void init(ServletConfig sc) throws ServletException { super.init(sc); mTemplate = sc.getServletContext().getRealPath( - sc.getInitParameter(PROP_TEMPLATE)); + sc.getInitParameter(PROP_TEMPLATE)); mGetClientCert = sc.getInitParameter(PROP_CLIENTAUTH); mAuthMgr = sc.getInitParameter(PROP_AUTHMGR); mAuthz = (IAuthzSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTHZ); @@ -188,44 +193,47 @@ public class ProfileServlet extends CMSServlet { } } - protected String escapeXML(String v) { - if (v == null) { - return ""; - } - v = v.replaceAll("&", "&"); - return v; + protected String escapeXML(String v) + { + if (v == null) { + return ""; + } + v = v.replaceAll("&", "&"); + return v; } - protected void outputArgValueAsXML(PrintStream ps, String name, IArgValue v) { - ps.println("<" + name + ">"); - if (v != null) { - if (v instanceof ArgList) { - ArgList list = (ArgList) v; - ps.println("<list>"); - for (int i = 0; i < list.size(); i++) { - outputArgValueAsXML(ps, name, list.get(i)); - } - ps.println("</list>"); - } else if (v instanceof ArgString) { - ArgString str = (ArgString) v; - ps.println(escapeXML(str.getValue())); - } else if (v instanceof ArgSet) { - ArgSet set = (ArgSet) v; - ps.println("<set>"); - Enumeration names = set.getNames(); - while (names.hasMoreElements()) { - String n = (String) names.nextElement(); + protected void outputArgValueAsXML(PrintStream ps, String name, IArgValue v) + { + ps.println("<" + name + ">"); + if (v != null) { + if (v instanceof ArgList) { + ArgList list = (ArgList)v; + ps.println("<list>"); + for (int i = 0; i < list.size(); i++) { + outputArgValueAsXML(ps, name, list.get(i)); + } + ps.println("</list>"); + } else if (v instanceof ArgString) { + ArgString str = (ArgString)v; + ps.println(escapeXML(str.getValue())); + } else if (v instanceof ArgSet) { + ArgSet set = (ArgSet)v; + ps.println("<set>"); + Enumeration names = set.getNames(); + while (names.hasMoreElements()) { + String n = (String)names.nextElement(); outputArgValueAsXML(ps, n, set.get(n)); - } - ps.println("</set>"); - } else { - ps.println(v); + } + ps.println("</set>"); + } else { + ps.println(v); + } } - } - ps.println("</" + name + ">"); + ps.println("</" + name + ">"); } - protected void outputThisAsXML(ByteArrayOutputStream bos, ArgSet args) { + protected void outputThisAsXML(ByteArrayOutputStream bos, ArgSet args) + { PrintStream ps = new PrintStream(bos); ps.println("<xml>"); outputArgValueAsXML(ps, "output", args); @@ -233,8 +241,9 @@ public class ProfileServlet extends CMSServlet { ps.flush(); } - public void outputTemplate(HttpServletRequest request, - HttpServletResponse response, ArgSet args) throws EBaseException { + public void outputTemplate(HttpServletRequest request, + HttpServletResponse response, ArgSet args) + throws EBaseException { String xmlOutput = request.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { @@ -242,30 +251,32 @@ public class ProfileServlet extends CMSServlet { ByteArrayOutputStream bos = new ByteArrayOutputStream(); outputThisAsXML(bos, args); try { - response.setContentLength(bos.size()); - bos.writeTo(response.getOutputStream()); + response.setContentLength(bos.size()); + bos.writeTo(response.getOutputStream()); } catch (Exception e) { CMS.debug("outputTemplate error " + e); } return; } - IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats"); + IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats"); if (statsSub != null) { - statsSub.startTiming("output_template"); + statsSub.startTiming("output_template"); } BufferedReader reader = null; try { - reader = new BufferedReader(new FileReader(mTemplate)); + reader = new BufferedReader( + new FileReader(mTemplate)); response.setContentType("text/html; charset=UTF-8"); PrintWriter writer = response.getWriter(); + // output template String line = null; do { - line = reader.readLine(); + line = reader.readLine(); if (line != null) { if (line.indexOf("<CMS_TEMPLATE>") == -1) { writer.println(line); @@ -276,20 +287,21 @@ public class ProfileServlet extends CMSServlet { writer.println("</script>"); } } - } while (line != null); + } + while (line != null); reader.close(); } catch (IOException e) { - CMS.debug(e); - throw new EBaseException(e.toString()); + CMS.debug(e); + throw new EBaseException(e.toString()); } finally { - if (statsSub != null) { - statsSub.endTiming("output_template"); - } + if (statsSub != null) { + statsSub.endTiming("output_template"); + } } } protected void outputArgList(PrintWriter writer, String name, ArgList list) - throws IOException { + throws IOException { String h_name = null; @@ -299,7 +311,7 @@ public class ProfileServlet extends CMSServlet { h_name = name.substring(name.indexOf('.') + 1); } writer.println(name + "Set = new Array;"); - // writer.println(h_name + "Count = 0;"); + // writer.println(h_name + "Count = 0;"); for (int i = 0; i < list.size(); i++) { writer.println(h_name + " = new Object;"); @@ -330,29 +342,27 @@ public class ProfileServlet extends CMSServlet { char c = in[i]; /* presumably this gives better performance */ - if ((c > 0x23) && (c != 0x5c) && (c != 0x3c) && (c != 0x3e)) { + if ((c > 0x23) && (c!= 0x5c) && (c!= 0x3c) && (c!= 0x3e)) { out[j++] = c; continue; } /* some inputs are coming in as '\' and 'n' */ /* see BZ 500736 for details */ - if ((c == 0x5c) - && ((i + 1) < l) - && (in[i + 1] == 'n' || in[i + 1] == 'r' - || in[i + 1] == 'f' || in[i + 1] == 't' - || in[i + 1] == '<' || in[i + 1] == '>' - || in[i + 1] == '\"' || in[i + 1] == '\'' || in[i + 1] == '\\')) { - if (in[i + 1] == 'x' && ((i + 3) < l) && in[i + 2] == '3' - && (in[i + 3] == 'c' || in[i + 3] == 'e')) { + if ((c == 0x5c) && ((i+1)<l) && (in[i+1] == 'n' || + in[i+1] == 'r' || in[i+1] == 'f' || in[i+1] == 't' || + in[i+1] == '<' || in[i+1] == '>' || + in[i+1] == '\"' || in[i+1] == '\'' || in[i+1] == '\\')) { + if (in[i+1] == 'x' && ((i+3)<l) && in[i+2] == '3' && + (in[i+3] == 'c' || in[i+3] == 'e')) { out[j++] = '\\'; - out[j++] = in[i + 1]; - out[j++] = in[i + 2]; - out[j++] = in[i + 3]; + out[j++] = in[i+1]; + out[j++] = in[i+2]; + out[j++] = in[i+3]; i += 3; - } else { + } else { out[j++] = '\\'; - out[j++] = in[i + 1]; + out[j++] = in[i+1]; i++; } continue; @@ -410,19 +420,19 @@ public class ProfileServlet extends CMSServlet { return new String(out, 0, j); } - protected void outputArgString(PrintWriter writer, String name, - ArgString str) throws IOException { + protected void outputArgString(PrintWriter writer, String name, ArgString str) + throws IOException { String s = str.getValue(); // sub \n with "\n" if (s != null) { - s = escapeJavaScriptString(s); + s = escapeJavaScriptString(s); } writer.println(name + "=\"" + s + "\";"); } protected void outputArgSet(PrintWriter writer, String name, ArgSet set) - throws IOException { + throws IOException { Enumeration e = set.getNames(); while (e.hasMoreElements()) { @@ -446,7 +456,7 @@ public class ProfileServlet extends CMSServlet { } protected void outputData(PrintWriter writer, ArgSet set) - throws IOException { + throws IOException { if (set == null) return; Enumeration e = set.getNames(); @@ -475,12 +485,13 @@ public class ProfileServlet extends CMSServlet { * log according to authority category. */ protected void log(int event, int level, String msg) { - mLogger.log(event, mLogCategory, level, "Servlet " + mId + ": " + msg); + mLogger.log(event, mLogCategory, level, + "Servlet " + mId + ": " + msg); } protected void log(int level, String msg) { - mLogger.log(ILogger.EV_SYSTEM, mLogCategory, level, "Servlet " + mId - + ": " + msg); + mLogger.log(ILogger.EV_SYSTEM, mLogCategory, level, + "Servlet " + mId + ": " + msg); } /** @@ -495,12 +506,14 @@ public class ProfileServlet extends CMSServlet { locale = Locale.getDefault(); } else { locale = new Locale(UserInfo.getUserLanguage(lang), - UserInfo.getUserCountry(lang)); + UserInfo.getUserCountry(lang)); } return locale; } - protected void renderResult(CMSRequest cmsReq) throws IOException { + protected void renderResult(CMSRequest cmsReq) + throws IOException { // do nothing } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java index d24f7332..b00b13a9 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.profile; + import java.io.InputStream; import java.io.OutputStream; import java.security.cert.CertificateEncodingException; @@ -64,9 +65,10 @@ import com.netscape.cms.servlet.common.AuthCredentials; import com.netscape.cms.servlet.common.CMCOutputTemplate; import com.netscape.cms.servlet.common.CMSRequest; + /** * This servlet submits end-user request into the profile framework. - * + * * @version $Revision$, $Date$ */ public class ProfileSubmitCMCServlet extends ProfileServlet { @@ -87,24 +89,27 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { private String requestBinary = null; private String requestB64 = null; - private final static String[] SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] { - - /* 0 */"automated profile cert request rejection: " + private final static String[] + SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] { + + /* 0 */ "automated profile cert request rejection: " + "indeterminate reason for inability to process " - + "cert request due to an EBaseException" }; - private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; + + "cert request due to an EBaseException" + }; + private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = + "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; public ProfileSubmitCMCServlet() { } /** - * initialize the servlet. And instance of this servlet can be set up to - * always issue certificates against a certain profile by setting the - * 'profileId' configuration in the servletConfig If not, the user must - * specify the profileID when submitting the request + * initialize the servlet. And instance of this servlet can + * be set up to always issue certificates against a certain profile + * by setting the 'profileId' configuration in the servletConfig + * If not, the user must specify the profileID when submitting the request * * "ImportCert.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -115,8 +120,7 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { mRenderResult = false; } - private void setInputsIntoContext(HttpServletRequest request, - IProfile profile, IProfileContext ctx) { + private void setInputsIntoContext(HttpServletRequest request, IProfile profile, IProfileContext ctx) { // passing inputs into context Enumeration inputIds = profile.getProfileInputIds(); @@ -139,8 +143,7 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { } - private void setCredentialsIntoContext(HttpServletRequest request, - IProfileAuthenticator authenticator, IProfileContext ctx) { + private void setCredentialsIntoContext(HttpServletRequest request, IProfileAuthenticator authenticator, IProfileContext ctx) { Enumeration authIds = authenticator.getValueNames(); if (authIds != null) { @@ -155,7 +158,7 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { } public IAuthToken authenticate(IProfileAuthenticator authenticator, - HttpServletRequest request) throws EBaseException { + HttpServletRequest request) throws EBaseException { AuthCredentials credentials = new AuthCredentials(); // build credential @@ -174,19 +177,19 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { IAuthToken authToken = authenticator.authenticate(credentials); SessionContext sc = SessionContext.getContext(); - if (sc != null) { - sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName()); - String userid = authToken.getInString(IAuthToken.USER_ID); - if (userid != null) { - sc.put(SessionContext.USER_ID, userid); - } + if (sc != null) { + sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName()); + String userid = authToken.getInString(IAuthToken.USER_ID); + if (userid != null) { + sc.put(SessionContext.USER_ID, userid); + } } return authToken; } - private void setInputsIntoRequest(HttpServletRequest request, - IProfile profile, IRequest req) { + private void setInputsIntoRequest(HttpServletRequest request, IProfile +profile, IRequest req) { Enumeration inputIds = profile.getProfileInputIds(); if (inputIds != null) { @@ -200,8 +203,7 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { String inputName = (String) inputNames.nextElement(); if (request.getParameter(inputName) != null) { - req.setExtData(inputName, - request.getParameter(inputName)); + req.setExtData(inputName, request.getParameter(inputName)); } } } @@ -214,7 +216,7 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { * <P> * * (Certificate Request Processed - either an automated "EE" profile based - * cert acceptance, or an automated "EE" profile based cert rejection) + * cert acceptance, or an automated "EE" profile based cert rejection) * <P> * * <ul> @@ -222,7 +224,6 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a * certificate request has just been through the approval process * </ul> - * * @param cmsReq the object holding the request and response information * @exception EBaseException an error has occurred */ @@ -232,8 +233,8 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { Locale locale = getLocale(request); ArgSet args = new ArgSet(); - String cert_request_type = mServletConfig - .getInitParameter("cert_request_type"); + String cert_request_type = + mServletConfig.getInitParameter("cert_request_type"); String outputFormat = mServletConfig.getInitParameter("outputFormat"); int reqlen = request.getContentLength(); @@ -267,30 +268,30 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { while (paramNames.hasMoreElements()) { String paramName = (String) paramNames.nextElement(); // added this facility so that password can be hidden, - // all sensitive parameters should be prefixed with + // all sensitive parameters should be prefixed with // __ (double underscores); however, in the event that // a security parameter slips through, we perform multiple // additional checks to insure that it is NOT displayed - if (paramName.startsWith("__") - || paramName.endsWith("password") - || paramName.endsWith("passwd") - || paramName.endsWith("pwd") - || paramName.equalsIgnoreCase("admin_password_again") - || paramName.equalsIgnoreCase("directoryManagerPwd") - || paramName.equalsIgnoreCase("bindpassword") - || paramName.equalsIgnoreCase("bindpwd") - || paramName.equalsIgnoreCase("passwd") - || paramName.equalsIgnoreCase("password") - || paramName.equalsIgnoreCase("pin") - || paramName.equalsIgnoreCase("pwd") - || paramName.equalsIgnoreCase("pwdagain") - || paramName.equalsIgnoreCase("uPasswd")) { - CMS.debug("ProfileSubmitCMCServlet Input Parameter " - + paramName + "='(sensitive)'"); + if( paramName.startsWith("__") || + paramName.endsWith("password") || + paramName.endsWith("passwd") || + paramName.endsWith("pwd") || + paramName.equalsIgnoreCase("admin_password_again") || + paramName.equalsIgnoreCase("directoryManagerPwd") || + paramName.equalsIgnoreCase("bindpassword") || + paramName.equalsIgnoreCase("bindpwd") || + paramName.equalsIgnoreCase("passwd") || + paramName.equalsIgnoreCase("password") || + paramName.equalsIgnoreCase("pin") || + paramName.equalsIgnoreCase("pwd") || + paramName.equalsIgnoreCase("pwdagain") || + paramName.equalsIgnoreCase("uPasswd") ) { + CMS.debug("ProfileSubmitCMCServlet Input Parameter " + + paramName + "='(sensitive)'"); } else { - CMS.debug("ProfileSubmitCMCServlet Input Parameter " - + paramName + "='" - + request.getParameter(paramName) + "'"); + CMS.debug("ProfileSubmitCMCServlet Input Parameter " + + paramName + "='" + + request.getParameter(paramName) + "'"); } } CMS.debug("End of ProfileSubmitCMCServlet Input Parameters"); @@ -302,8 +303,8 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { mProfileSubId = IProfileSubsystem.ID; } CMS.debug("ProfileSubmitCMCServlet: SubId=" + mProfileSubId); - IProfileSubsystem ps = (IProfileSubsystem) CMS - .getSubsystem(mProfileSubId); + IProfileSubsystem ps = (IProfileSubsystem) + CMS.getSubsystem(mProfileSubId); if (ps == null) { CMS.debug("ProfileSubmitCMCServlet: ProfileSubsystem not found"); @@ -312,12 +313,11 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { seq.addElement(new INTEGER(0)); UTF8String s = null; try { - s = new UTF8String(CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + s = new UTF8String(CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); } catch (Exception ee) { } template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.INTERNAL_CA_ERROR, s); + OtherInfo.INTERNAL_CA_ERROR, s); return; } @@ -331,14 +331,14 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { profileId = mProfileId; } - IProfile profile = null; + IProfile profile = null; - try { + try { CMS.debug("ProfileSubmitCMCServlet: profileId " + profileId); - profile = ps.getProfile(profileId); - } catch (EProfileException e) { - CMS.debug("ProfileSubmitCMCServlet: profile not found profileId " - + profileId + " " + e.toString()); + profile = ps.getProfile(profileId); + } catch (EProfileException e) { + CMS.debug("ProfileSubmitCMCServlet: profile not found profileId " + + profileId + " " + e.toString()); } if (profile == null) { CMCOutputTemplate template = new CMCOutputTemplate(); @@ -346,29 +346,27 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { seq.addElement(new INTEGER(0)); UTF8String s = null; try { - s = new UTF8String(CMS.getUserMessage(locale, - "CMS_PROFILE_NOT_FOUND", profileId)); + s = new UTF8String(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId)); } catch (Exception ee) { } template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.INTERNAL_CA_ERROR, s); + OtherInfo.INTERNAL_CA_ERROR, s); return; } if (!ps.isProfileEnable(profileId)) { - CMS.debug("ProfileSubmitCMCServlet: Profile " + profileId - + " not enabled"); + CMS.debug("ProfileSubmitCMCServlet: Profile " + profileId + + " not enabled"); CMCOutputTemplate template = new CMCOutputTemplate(); SEQUENCE seq = new SEQUENCE(); seq.addElement(new INTEGER(0)); UTF8String s = null; try { - s = new UTF8String(CMS.getUserMessage(locale, - "CMS_PROFILE_NOT_FOUND", profileId)); + s = new UTF8String(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId)); } catch (Exception ee) { } template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.INTERNAL_CA_ERROR, s); + OtherInfo.INTERNAL_CA_ERROR, s); return; } @@ -388,8 +386,8 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { if (authenticator == null) { CMS.debug("ProfileSubmitCMCServlet: authenticator not found"); } else { - CMS.debug("ProfileSubmitCMCServlet: authenticator " - + authenticator.getName() + " found"); + CMS.debug("ProfileSubmitCMCServlet: authenticator " + + authenticator.getName() + " found"); setCredentialsIntoContext(request, authenticator, ctx); } @@ -405,39 +403,39 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { SessionContext context = SessionContext.getContext(); // insert profile context so that input parameter can be retrieved - context.put("profileContext", ctx); - context.put("sslClientCertProvider", new SSLClientCertProvider(request)); + context.put("profileContext", ctx); + context.put("sslClientCertProvider", + new SSLClientCertProvider(request)); CMS.debug("ProfileSubmitCMCServlet: set sslClientCertProvider"); - if (authenticator != null) { + if (authenticator != null) { try { authToken = authenticate(authenticator, request); // authentication success } catch (EBaseException e) { CMCOutputTemplate template = new CMCOutputTemplate(); SEQUENCE seq = new SEQUENCE(); - seq.addElement(new INTEGER(0)); + seq.addElement(new INTEGER(0)); UTF8String s = null; try { - s = new UTF8String(e.toString()); + s = new UTF8String(e.toString()); } catch (Exception ee) { } - template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.BAD_REQUEST, s); - CMS.debug("ProfileSubmitCMCServlet: authentication error " - + e.toString()); + template.createFullResponseWithFailedStatus(response, seq, + OtherInfo.BAD_REQUEST, s); + CMS.debug("ProfileSubmitCMCServlet: authentication error " + + e.toString()); return; } - // authorization only makes sense when request is authenticated + //authorization only makes sense when request is authenticated AuthzToken authzToken = null; if (authToken != null) { CMS.debug("ProfileSubmitCMCServlet authToken not null"); try { authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "submit"); + mAuthzResourceName, "submit"); } catch (Exception e) { - CMS.debug("ProfileSubmitCMCServlet authorization failure: " - + e.toString()); + CMS.debug("ProfileSubmitCMCServlet authorization failure: "+e.toString()); } } @@ -448,21 +446,20 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { seq.addElement(new INTEGER(0)); UTF8String s = null; try { - s = new UTF8String( - "ProfileSubmitCMCServlet authorization failure"); + s = new UTF8String("ProfileSubmitCMCServlet authorization failure"); } catch (Exception ee) { } template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.BAD_REQUEST, s); + OtherInfo.BAD_REQUEST, s); return; } } IRequest reqs[] = null; - // ///////////////////////////////////////////// + /////////////////////////////////////////////// // create request - // ///////////////////////////////////////////// + /////////////////////////////////////////////// try { reqs = profile.createRequests(ctx, locale); } catch (EProfileException e) { @@ -476,7 +473,7 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { } catch (Exception ee) { } template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.INTERNAL_CA_ERROR, s); + OtherInfo.INTERNAL_CA_ERROR, s); return; } catch (Throwable e) { CMS.debug("ProfileSubmitCMCServlet: createRequests " + e.toString()); @@ -485,22 +482,21 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { seq.addElement(new INTEGER(0)); UTF8String s = null; try { - s = new UTF8String(CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + s = new UTF8String(CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); } catch (Exception ee) { } template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.INTERNAL_CA_ERROR, s); + OtherInfo.INTERNAL_CA_ERROR, s); return; } - TaggedAttribute attr = (TaggedAttribute) (context - .get(OBJECT_IDENTIFIER.id_cmc_lraPOPWitness)); + TaggedAttribute attr = + (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_lraPOPWitness)); if (attr != null) { boolean verifyAllow = true; try { verifyAllow = CMS.getConfigStore().getBoolean( - "cmc.lraPopWitness.verify.allow", true); + "cmc.lraPopWitness.verify.allow", true); } catch (EBaseException ee) { } @@ -509,19 +505,18 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { SET vals = attr.getValues(); if (vals.size() > 0) { try { - lraPop = (LraPopWitness) (ASN1Util.decode( - LraPopWitness.getTemplate(), - ASN1Util.encode(vals.elementAt(0)))); + lraPop = (LraPopWitness)(ASN1Util.decode(LraPopWitness.getTemplate(), + ASN1Util.encode(vals.elementAt(0)))); } catch (InvalidBERException e) { - CMS.debug(CMS.getUserMessage(locale, - "CMS_PROFILE_ENCODING_ERROR")); + CMS.debug( + CMS.getUserMessage(locale, "CMS_PROFILE_ENCODING_ERROR")); } SEQUENCE bodyIds = lraPop.getBodyIds(); CMCOutputTemplate template = new CMCOutputTemplate(); - template.createFullResponseWithFailedStatus(response, - bodyIds, OtherInfo.POP_FAILED, null); + template.createFullResponseWithFailedStatus(response, bodyIds, + OtherInfo.POP_FAILED, null); return; } } @@ -529,54 +524,53 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { // for CMC, requests may be zero. Then check if controls exist. if (reqs == null) { - Integer nums = (Integer) (context.get("numOfControls")); + Integer nums = (Integer)(context.get("numOfControls")); CMCOutputTemplate template = new CMCOutputTemplate(); // if there is only one control GetCert, then simple response - // must be returned. + // must be returned. if (nums != null && nums.intValue() == 1) { - TaggedAttribute attr1 = (TaggedAttribute) (context - .get(OBJECT_IDENTIFIER.id_cmc_getCert)); + TaggedAttribute attr1 = (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_getCert)); if (attr1 != null) { template.createSimpleResponse(response, reqs); } else - template.createFullResponse(response, reqs, - cert_request_type, null); + template.createFullResponse(response, reqs, + cert_request_type, null); } else - template.createFullResponse(response, reqs, cert_request_type, - null); + template.createFullResponse(response, reqs, + cert_request_type, null); return; } String errorCode = null; - String errorReason = null; + String errorReason = null; - // ///////////////////////////////////////////// + /////////////////////////////////////////////// // populate request - // ///////////////////////////////////////////// + /////////////////////////////////////////////// for (int k = 0; k < reqs.length; k++) { // adding parameters to request setInputsIntoRequest(request, profile, reqs[k]); // serial auth token into request if (authToken != null) { - Enumeration tokenNames = authToken.getElements(); - while (tokenNames.hasMoreElements()) { - String tokenName = (String) tokenNames.nextElement(); - String[] vals = authToken.getInStringArray(tokenName); - if (vals != null) { - for (int i = 0; i < vals.length; i++) { - reqs[k].setExtData(ARG_AUTH_TOKEN + "." + tokenName - + "[" + i + "]", vals[i]); - } - } else { - String val = authToken.getInString(tokenName); - if (val != null) { - reqs[k].setExtData( - ARG_AUTH_TOKEN + "." + tokenName, val); - } - } - } - } + Enumeration tokenNames = authToken.getElements(); + while (tokenNames.hasMoreElements()) { + String tokenName = (String)tokenNames.nextElement(); + String[] vals = authToken.getInStringArray(tokenName); + if (vals != null) { + for (int i = 0; i < vals.length; i++) { + reqs[k].setExtData(ARG_AUTH_TOKEN + "." + + tokenName + "[" + i + "]", vals[i]); + } + } else { + String val = authToken.getInString(tokenName); + if (val != null) { + reqs[k].setExtData(ARG_AUTH_TOKEN + "." + tokenName, + val); + } + } + } + } // put profile framework parameters into the request reqs[k].setExtData(ARG_PROFILE, "true"); @@ -591,12 +585,11 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { seq.addElement(new INTEGER(0)); UTF8String s = null; try { - s = new UTF8String( - CMS.getUserMessage("CMS_PROFILE_NO_POLICY_SET_FOUND")); + s = new UTF8String(CMS.getUserMessage("CMS_PROFILE_NO_POLICY_SET_FOUND")); } catch (Exception ee) { } template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.INTERNAL_CA_ERROR, s); + OtherInfo.INTERNAL_CA_ERROR, s); return; } @@ -605,13 +598,13 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { reqs[k].setExtData(ARG_PROFILE_REMOTE_HOST, request.getRemoteHost()); reqs[k].setExtData(ARG_PROFILE_REMOTE_ADDR, request.getRemoteAddr()); - CMS.debug("ProfileSubmitCMCServlet: request " - + reqs[k].getRequestId().toString()); + CMS.debug("ProfileSubmitCMCServlet: request " + + reqs[k].getRequestId().toString()); try { CMS.debug("ProfileSubmitCMCServlet: populating request inputs"); // give authenticator a chance to populate the request - if (authenticator != null) { + if (authenticator != null) { authenticator.populate(authToken, reqs[k]); } profile.populateInput(ctx, reqs[k]); @@ -627,12 +620,12 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { } catch (Exception ee) { } template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.BAD_REQUEST, s); + OtherInfo.BAD_REQUEST, s); return; } catch (Throwable e) { CMS.debug("ProfileSubmitCMCServlet: populate " + e.toString()); - // throw new IOException("Profile " + profileId + - // " cannot populate"); + // throw new IOException("Profile " + profileId + + // " cannot populate"); CMCOutputTemplate template = new CMCOutputTemplate(); SEQUENCE seq = new SEQUENCE(); seq.addElement(new INTEGER(0)); @@ -642,7 +635,7 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { } catch (Exception ee) { } template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.INTERNAL_CA_ERROR, s); + OtherInfo.INTERNAL_CA_ERROR, s); return; } } @@ -654,28 +647,28 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { int responseType = 0; try { - // ///////////////////////////////////////////// + /////////////////////////////////////////////// // submit request - // ///////////////////////////////////////////// + /////////////////////////////////////////////// int error_codes[] = null; if (reqs != null && reqs.length > 0) - error_codes = new int[reqs.length]; + error_codes = new int[reqs.length]; for (int k = 0; k < reqs.length; k++) { try { // reset the "auditRequesterID" auditRequesterID = auditRequesterID(reqs[k]); + // print request debug if (reqs[k] != null) { - Enumeration reqKeys = reqs[k].getExtDataKeys(); - while (reqKeys.hasMoreElements()) { - String reqKey = (String) reqKeys.nextElement(); - String reqVal = reqs[k].getExtDataInString(reqKey); - if (reqVal != null) { - CMS.debug("ProfileSubmitCMCServlet: key=$request." - + reqKey + "$ value=" + reqVal); - } + Enumeration reqKeys = reqs[k].getExtDataKeys(); + while (reqKeys.hasMoreElements()) { + String reqKey = (String)reqKeys.nextElement(); + String reqVal = reqs[k].getExtDataInString(reqKey); + if (reqVal != null) { + CMS.debug("ProfileSubmitCMCServlet: key=$request." + reqKey + "$ value=" + reqVal); } + } } profile.submit(authToken, reqs[k]); @@ -685,16 +678,16 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { auditInfoCertValue = auditInfoCertValue(reqs[k]); if (auditInfoCertValue != null) { - if (!(auditInfoCertValue - .equals(ILogger.SIGNED_AUDIT_EMPTY_VALUE))) { + if (!(auditInfoCertValue.equals( + ILogger.SIGNED_AUDIT_EMPTY_VALUE))) { // store a message in the signed audit log file - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, ILogger.SUCCESS, - auditRequesterID, - ILogger.SIGNED_AUDIT_ACCEPTANCE, - auditInfoCertValue); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + ILogger.SIGNED_AUDIT_ACCEPTANCE, + auditInfoCertValue); audit(auditMessage); } @@ -703,50 +696,53 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { // return defer message to the user reqs[k].setRequestStatus(RequestStatus.PENDING); // need to notify - INotify notify = profile.getRequestQueue() - .getPendingNotify(); + INotify notify = profile.getRequestQueue().getPendingNotify(); if (notify != null) { - notify.notify(reqs[k]); + notify.notify(reqs[k]); } - + CMS.debug("ProfileSubmitCMCServlet: submit " + e.toString()); errorCode = "2"; errorReason = CMS.getUserMessage(locale, - "CMS_PROFILE_DEFERRED", e.toString()); + "CMS_PROFILE_DEFERRED", + e.toString()); } catch (ERejectException e) { - // return error to the user + // return error to the user reqs[k].setRequestStatus(RequestStatus.REJECTED); CMS.debug("ProfileSubmitCMCServlet: submit " + e.toString()); errorCode = "3"; errorReason = CMS.getUserMessage(locale, - "CMS_PROFILE_REJECTED", e.toString()); + "CMS_PROFILE_REJECTED", + e.toString()); } catch (Throwable e) { // return error to the user CMS.debug("ProfileSubmitCMCServlet: submit " + e.toString()); errorCode = "1"; errorReason = CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR"); + "CMS_INTERNAL_ERROR"); } - try { + try { if (errorCode == null) { profile.getRequestQueue().markAsServiced(reqs[k]); } else { profile.getRequestQueue().updateRequest(reqs[k]); } } catch (EBaseException e) { - CMS.debug("ProfileSubmitCMCServlet: updateRequest " - + e.toString()); + CMS.debug("ProfileSubmitCMCServlet: updateRequest " + + e.toString()); } if (errorCode != null) { if (errorCode.equals("1")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, - auditRequesterID, - ILogger.SIGNED_AUDIT_REJECTION, errorReason); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + ILogger.SIGNED_AUDIT_REJECTION, + errorReason); audit(auditMessage); } else if (errorCode.equals("2")) { @@ -756,10 +752,12 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { } else if (errorCode.equals("3")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, - auditRequesterID, - ILogger.SIGNED_AUDIT_REJECTION, errorReason); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + ILogger.SIGNED_AUDIT_REJECTION, + errorReason); audit(auditMessage); } @@ -771,47 +769,45 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { if (errorCode != null) { // create the CMC full enrollment response CMCOutputTemplate template = new CMCOutputTemplate(); - template.createFullResponse(response, reqs, cert_request_type, - error_codes); + template.createFullResponse(response, reqs, cert_request_type, error_codes); return; } - // ///////////////////////////////////////////// - // output output list - // ///////////////////////////////////////////// - - CMS.debug("ProfileSubmitCMCServlet: done serving"); - CMCOutputTemplate template = new CMCOutputTemplate(); - if (cert_request_type.equals("pkcs10") - || cert_request_type.equals("crmf")) { - - if (outputFormat != null && outputFormat.equals("pkcs7")) { - byte[] pkcs7 = CMS.getPKCS7(locale, reqs[0]); - response.setContentType("application/pkcs7-mime"); - response.setContentLength(pkcs7.length); - try { - OutputStream os = response.getOutputStream(); - os.write(pkcs7); - os.flush(); - } catch (Exception ee) { - } - return; - } - template.createSimpleResponse(response, reqs); - } else if (cert_request_type.equals("cmc")) { - Integer nums = (Integer) (context.get("numOfControls")); - if (nums != null && nums.intValue() == 1) { - TaggedAttribute attr1 = (TaggedAttribute) (context - .get(OBJECT_IDENTIFIER.id_cmc_getCert)); - if (attr1 != null) { - template.createSimpleResponse(response, reqs); - return; - } - } - template.createFullResponse(response, reqs, cert_request_type, - error_codes); - } + /////////////////////////////////////////////// + // output output list + /////////////////////////////////////////////// + + CMS.debug("ProfileSubmitCMCServlet: done serving"); + CMCOutputTemplate template = new CMCOutputTemplate(); + if (cert_request_type.equals("pkcs10") || cert_request_type.equals("crmf")) { + + if (outputFormat != null &&outputFormat.equals("pkcs7")) { + byte[] pkcs7 = CMS.getPKCS7(locale, reqs[0]); + response.setContentType("application/pkcs7-mime"); + response.setContentLength(pkcs7.length); + try { + OutputStream os = response.getOutputStream(); + os.write(pkcs7); + os.flush(); + } catch (Exception ee) { + } + return; + } + template.createSimpleResponse(response, reqs); + } else if (cert_request_type.equals("cmc")) { + Integer nums = (Integer)(context.get("numOfControls")); + if (nums != null && nums.intValue() == 1) { + TaggedAttribute attr1 = + (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_getCert)); + if (attr1 != null) { + template.createSimpleResponse(response, reqs); + return; + } + } + template.createFullResponse(response, reqs, cert_request_type, + error_codes); + } } finally { SessionContext.releaseContext(); } @@ -819,11 +815,11 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { /** * Signed Audit Log Requester ID - * - * This method is called to obtain the "RequesterID" for a signed audit log - * message. + * + * This method is called to obtain the "RequesterID" for + * a signed audit log message. * <P> - * + * * @param request the actual request * @return id string containing the signed audit log message RequesterID */ @@ -849,11 +845,11 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { /** * Signed Audit Log Info Certificate Value - * + * * This method is called to obtain the certificate from the passed in * "X509CertImpl" for a signed audit log message. * <P> - * + * * @param request request containing an X509CertImpl * @return cert string containing the certificate */ @@ -863,8 +859,8 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { return null; } - X509CertImpl x509cert = request - .getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT); + X509CertImpl x509cert = request.getExtDataInCert( + IEnrollProfile.REQUEST_ISSUED_CERT); if (x509cert == null) { return ILogger.SIGNED_AUDIT_EMPTY_VALUE; diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java index 626b3578..184a82b2 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.profile; + import java.math.BigInteger; import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; @@ -71,9 +72,10 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cmsutil.util.Cert; import com.netscape.cmsutil.xml.XMLObject; + /** * This servlet submits end-user request into the profile framework. - * + * * @author Christina Fu (renewal support) * @version $Revision$, $Date$ */ @@ -95,27 +97,34 @@ public class ProfileSubmitServlet extends ProfileServlet { private String mReqType = null; private String mAuthorityId = null; - private final static String[] SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] { - - /* 0 */"automated profile cert request rejection: " + private final static String[] + SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] { + + /* 0 */ "automated profile cert request rejection: " + "indeterminate reason for inability to process " - + "cert request due to an EBaseException" }; - private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; + + "cert request due to an EBaseException" + }; + private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = + "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; + + + private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL = + "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4"; + private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS = + "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3"; - private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL = "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4"; - private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS = "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3"; public ProfileSubmitServlet() { } /** - * initialize the servlet. And instance of this servlet can be set up to - * always issue certificates against a certain profile by setting the - * 'profileId' configuration in the servletConfig If not, the user must - * specify the profileID when submitting the request + * initialize the servlet. And instance of this servlet can + * be set up to always issue certificates against a certain profile + * by setting the 'profileId' configuration in the servletConfig + * If not, the user must specify the profileID when submitting the request * * "ImportCert.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -124,8 +133,7 @@ public class ProfileSubmitServlet extends ProfileServlet { mProfileId = sc.getInitParameter(PROP_PROFILE_ID); } - private void setInputsIntoContext(HttpServletRequest request, - IProfile profile, IProfileContext ctx) { + private void setInputsIntoContext(HttpServletRequest request, IProfile profile, IProfileContext ctx) { // passing inputs into context Enumeration inputIds = profile.getProfileInputIds(); @@ -138,13 +146,9 @@ public class ProfileSubmitServlet extends ProfileServlet { while (inputNames.hasMoreElements()) { String inputName = (String) inputNames.nextElement(); if (request.getParameter(inputName) != null) { - // all subject name parameters start with sn_, no other - // input parameters do + // all subject name parameters start with sn_, no other input parameters do if (inputName.matches("^sn_.*")) { - ctx.set(inputName, - escapeValueRfc1779( - request.getParameter(inputName), - false).toString()); + ctx.set(inputName, escapeValueRfc1779(request.getParameter(inputName), false).toString()); } else { ctx.set(inputName, request.getParameter(inputName)); } @@ -155,12 +159,12 @@ public class ProfileSubmitServlet extends ProfileServlet { } - /* - * fill input info from "request" to context. This is expected to be used by - * renewal where the request is retrieved from request record + /* + * fill input info from "request" to context. + * This is expected to be used by renewal where the request + * is retrieved from request record */ - private void setInputsIntoContext(IRequest request, IProfile profile, - IProfileContext ctx, Locale locale) { + private void setInputsIntoContext(IRequest request, IProfile profile, IProfileContext ctx, Locale locale) { // passing inputs into context Enumeration inputIds = profile.getProfileInputIds(); @@ -173,19 +177,15 @@ public class ProfileSubmitServlet extends ProfileServlet { while (inputNames.hasMoreElements()) { String inputName = (String) inputNames.nextElement(); String inputValue = ""; - CMS.debug("ProfileSubmitServlet: setInputsIntoContext() getting input name= " - + inputName); + CMS.debug("ProfileSubmitServlet: setInputsIntoContext() getting input name= " + inputName); try { - inputValue = profileInput.getValue(inputName, locale, - request); + inputValue = profileInput.getValue(inputName, locale, request); } catch (Exception e) { - CMS.debug("ProfileSubmitServlet: setInputsIntoContext() getvalue() failed: " - + e.toString()); + CMS.debug("ProfileSubmitServlet: setInputsIntoContext() getvalue() failed: " + e.toString()); } if (inputValue != null) { - CMS.debug("ProfileSubmitServlet: setInputsIntoContext() setting value in ctx:" - + inputValue); + CMS.debug("ProfileSubmitServlet: setInputsIntoContext() setting value in ctx:"+ inputValue); ctx.set(inputName, inputValue); } else { CMS.debug("ProfileSubmitServlet: setInputsIntoContext() value null"); @@ -196,8 +196,9 @@ public class ProfileSubmitServlet extends ProfileServlet { } - private void setCredentialsIntoContext(HttpServletRequest request, - IProfileAuthenticator authenticator, IProfileContext ctx) { + + + private void setCredentialsIntoContext(HttpServletRequest request, IProfileAuthenticator authenticator, IProfileContext ctx) { Enumeration authIds = authenticator.getValueNames(); if (authIds != null) { @@ -205,8 +206,8 @@ public class ProfileSubmitServlet extends ProfileServlet { while (authIds.hasMoreElements()) { String authName = (String) authIds.nextElement(); - CMS.debug("ProfileSubmitServlet:setCredentialsIntoContext() authName:" - + authName); + CMS.debug("ProfileSubmitServlet:setCredentialsIntoContext() authName:"+ + authName); if (request.getParameter(authName) != null) { CMS.debug("ProfileSubmitServlet:setCredentialsIntoContext() authName found in request"); ctx.set(authName, request.getParameter(authName)); @@ -231,8 +232,7 @@ public class ProfileSubmitServlet extends ProfileServlet { String n = t.substring(0, i); if (n.equalsIgnoreCase("uid")) { String v = t.substring(i + 1); - CMS.debug("ProfileSubmitServlet:: getUidFromDN(): uid found:" - + v); + CMS.debug("ProfileSubmitServlet:: getUidFromDN(): uid found:"+v); return v; } else { continue; @@ -242,74 +242,70 @@ public class ProfileSubmitServlet extends ProfileServlet { } /* - * authenticate for renewal - more to add necessary params/values to the - * session context + * authenticate for renewal - more to add necessary params/values + * to the session context */ public IAuthToken authenticate(IProfileAuthenticator authenticator, - HttpServletRequest request, IRequest origReq, SessionContext context) - throws EBaseException { - IAuthToken authToken = authenticate(authenticator, request); - // For renewal, fill in necessary params - if (authToken != null) { - String ouid = origReq.getExtDataInString("auth_token.uid"); - // if the orig cert was manually approved, then there was - // no auth token uid. Try to get the uid from the cert dn - // itself, if possible - if (ouid == null) { - String sdn = (String) context.get("origSubjectDN"); - if (sdn != null) { - ouid = getUidFromDN(sdn); - if (ouid != null) - CMS.debug("ProfileSubmitServlet: renewal: authToken original uid not found"); - } - } else { - CMS.debug("ProfileSubmitServlet: renewal: authToken original uid found in orig request auth_token"); - } - String auid = authToken.getInString("uid"); - if (auid != null) { // not through ssl client auth - CMS.debug("ProfileSubmitServlet: renewal: authToken uid found:" - + auid); - // authenticated with uid - // put "orig_req.auth_token.uid" so that authz with - // UserOrigReqAccessEvaluator will work - if (ouid != null) { - context.put("orig_req.auth_token.uid", ouid); - CMS.debug("ProfileSubmitServlet: renewal: authToken original uid found:" - + ouid); - } else { - CMS.debug("ProfileSubmitServlet: renewal: authToken original uid not found"); - } - } else { // through ssl client auth? - CMS.debug("ProfileSubmitServlet: renewal: authToken uid not found:"); - // put in orig_req's uid - if (ouid != null) { - CMS.debug("ProfileSubmitServlet: renewal: origReq uid not null:" - + ouid + ". Setting authtoken"); - authToken.set("uid", ouid); - context.put(SessionContext.USER_ID, ouid); + HttpServletRequest request, IRequest origReq, SessionContext context) + throws EBaseException { + IAuthToken authToken = authenticate(authenticator, request); + // For renewal, fill in necessary params + if (authToken!= null) { + String ouid = origReq.getExtDataInString("auth_token.uid"); + // if the orig cert was manually approved, then there was + // no auth token uid. Try to get the uid from the cert dn + // itself, if possible + if (ouid == null) { + String sdn = (String) context.get("origSubjectDN"); + if (sdn != null) { + ouid = getUidFromDN(sdn); + if (ouid != null) + CMS.debug("ProfileSubmitServlet: renewal: authToken original uid not found"); + } + } else { + CMS.debug("ProfileSubmitServlet: renewal: authToken original uid found in orig request auth_token"); + } + String auid = authToken.getInString("uid"); + if (auid != null) { // not through ssl client auth + CMS.debug("ProfileSubmitServlet: renewal: authToken uid found:"+auid); + // authenticated with uid + // put "orig_req.auth_token.uid" so that authz with + // UserOrigReqAccessEvaluator will work + if (ouid != null) { + context.put("orig_req.auth_token.uid", ouid); + CMS.debug("ProfileSubmitServlet: renewal: authToken original uid found:"+ouid); + } else { + CMS.debug("ProfileSubmitServlet: renewal: authToken original uid not found"); + } + } else { // through ssl client auth? + CMS.debug("ProfileSubmitServlet: renewal: authToken uid not found:"); + // put in orig_req's uid + if (ouid != null) { + CMS.debug("ProfileSubmitServlet: renewal: origReq uid not null:" +ouid+". Setting authtoken"); + authToken.set("uid", ouid); + context.put(SessionContext.USER_ID, ouid); + } else { + CMS.debug("ProfileSubmitServlet: renewal: origReq uid not found"); +// throw new EBaseException("origReq uid not found"); + } + } + + String userdn = origReq.getExtDataInString("auth_token.userdn"); + if (userdn != null) { + CMS.debug("ProfileSubmitServlet: renewal: origReq userdn not null:"+userdn+". Setting authtoken"); + authToken.set("userdn", userdn); + } else { + CMS.debug("ProfileSubmitServlet: renewal: origReq userdn not found"); +// throw new EBaseException("origReq userdn not found"); + } } else { - CMS.debug("ProfileSubmitServlet: renewal: origReq uid not found"); - // throw new EBaseException("origReq uid not found"); + CMS.debug("ProfileSubmitServlet: renewal: authToken null"); } - } - - String userdn = origReq.getExtDataInString("auth_token.userdn"); - if (userdn != null) { - CMS.debug("ProfileSubmitServlet: renewal: origReq userdn not null:" - + userdn + ". Setting authtoken"); - authToken.set("userdn", userdn); - } else { - CMS.debug("ProfileSubmitServlet: renewal: origReq userdn not found"); - // throw new EBaseException("origReq userdn not found"); - } - } else { - CMS.debug("ProfileSubmitServlet: renewal: authToken null"); - } - return authToken; + return authToken; } public IAuthToken authenticate(IProfileAuthenticator authenticator, - HttpServletRequest request) throws EBaseException { + HttpServletRequest request) throws EBaseException { AuthCredentials credentials = new AuthCredentials(); // build credential @@ -327,19 +323,18 @@ public class ProfileSubmitServlet extends ProfileServlet { IAuthToken authToken = authenticator.authenticate(credentials); SessionContext sc = SessionContext.getContext(); - if (sc != null) { - sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName()); - String userid = authToken.getInString(IAuthToken.USER_ID); - if (userid != null) { - sc.put(SessionContext.USER_ID, userid); - } + if (sc != null) { + sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName()); + String userid = authToken.getInString(IAuthToken.USER_ID); + if (userid != null) { + sc.put(SessionContext.USER_ID, userid); + } } return authToken; } - private void setInputsIntoRequest(HttpServletRequest request, - IProfile profile, IRequest req) { + private void setInputsIntoRequest(HttpServletRequest request, IProfile profile, IRequest req) { Enumeration inputIds = profile.getProfileInputIds(); if (inputIds != null) { @@ -353,17 +348,11 @@ public class ProfileSubmitServlet extends ProfileServlet { String inputName = (String) inputNames.nextElement(); if (request.getParameter(inputName) != null) { - // special characters in subject names parameters - // must be escaped + // special characters in subject names parameters must be escaped if (inputName.matches("^sn_.*")) { - req.setExtData( - inputName, - escapeValueRfc1779( - request.getParameter(inputName), - false).toString()); + req.setExtData(inputName, escapeValueRfc1779(request.getParameter(inputName), false).toString()); } else { - req.setExtData(inputName, - request.getParameter(inputName)); + req.setExtData(inputName, request.getParameter(inputName)); } } } @@ -372,12 +361,12 @@ public class ProfileSubmitServlet extends ProfileServlet { } } - /* - * fill input info from orig request to the renew request. This is expected - * to be used by renewal where the request is retrieved from request record + /* + * fill input info from orig request to the renew request. + * This is expected to be used by renewal where the request + * is retrieved from request record */ - private void setInputsIntoRequest(IRequest request, IProfile profile, - IRequest req, Locale locale) { + private void setInputsIntoRequest(IRequest request, IProfile profile, IRequest req, Locale locale) { // passing inputs into request Enumeration inputIds = profile.getProfileInputIds(); @@ -390,19 +379,15 @@ public class ProfileSubmitServlet extends ProfileServlet { while (inputNames.hasMoreElements()) { String inputName = (String) inputNames.nextElement(); String inputValue = ""; - CMS.debug("ProfileSubmitServlet: setInputsIntoRequest() getting input name= " - + inputName); + CMS.debug("ProfileSubmitServlet: setInputsIntoRequest() getting input name= " + inputName); try { - inputValue = profileInput.getValue(inputName, locale, - request); + inputValue = profileInput.getValue(inputName, locale, request); } catch (Exception e) { - CMS.debug("ProfileSubmitServlet: setInputsIntoRequest() getvalue() failed: " - + e.toString()); + CMS.debug("ProfileSubmitServlet: setInputsIntoRequest() getvalue() failed: " + e.toString()); } if (inputValue != null) { - CMS.debug("ProfileSubmitServlet: setInputsIntoRequest() setting value in ctx:" - + inputValue); + CMS.debug("ProfileSubmitServlet: setInputsIntoRequest() setting value in ctx:"+ inputValue); req.setExtData(inputName, inputValue); } else { CMS.debug("ProfileSubmitServlet: setInputsIntoRequest() value null"); @@ -413,15 +398,13 @@ public class ProfileSubmitServlet extends ProfileServlet { } - private void setOutputIntoArgs(IProfile profile, ArgList outputlist, - Locale locale, IRequest req) { + private void setOutputIntoArgs(IProfile profile, ArgList outputlist, Locale locale, IRequest req) { Enumeration outputIds = profile.getProfileOutputIds(); if (outputIds != null) { while (outputIds.hasMoreElements()) { String outputId = (String) outputIds.nextElement(); - IProfileOutput profileOutput = profile - .getProfileOutput(outputId); + IProfileOutput profileOutput = profile.getProfileOutput(outputId); Enumeration outputNames = profileOutput.getValueNames(); @@ -429,20 +412,19 @@ public class ProfileSubmitServlet extends ProfileServlet { while (outputNames.hasMoreElements()) { ArgSet outputset = new ArgSet(); String outputName = (String) outputNames.nextElement(); - IDescriptor outputDesc = profileOutput - .getValueDescriptor(locale, outputName); + IDescriptor outputDesc = + profileOutput.getValueDescriptor(locale, outputName); if (outputDesc == null) continue; String outputSyntax = outputDesc.getSyntax(); String outputConstraint = outputDesc.getConstraint(); - String outputValueName = outputDesc - .getDescription(locale); + String outputValueName = outputDesc.getDescription(locale); String outputValue = null; try { - outputValue = profileOutput.getValue(outputName, - locale, req); + outputValue = profileOutput.getValue(outputName, + locale, req); } catch (EProfileException e) { CMS.debug("ProfileSubmitServlet: " + e.toString()); } @@ -464,7 +446,7 @@ public class ProfileSubmitServlet extends ProfileServlet { * <P> * * (Certificate Request Processed - either an automated "EE" profile based - * cert acceptance, or an automated "EE" profile based cert rejection) + * cert acceptance, or an automated "EE" profile based cert rejection) * <P> * * <ul> @@ -472,7 +454,6 @@ public class ProfileSubmitServlet extends ProfileServlet { * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a * certificate request has just been through the approval process * </ul> - * * @param cmsReq the object holding the request and response information * @exception EBaseException an error has occurred */ @@ -495,9 +476,9 @@ public class ProfileSubmitServlet extends ProfileServlet { CMS.debug("xmlOutput false"); } - IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats"); + IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats"); if (statsSub != null) { - statsSub.startTiming("enrollment", true /* main action */); + statsSub.startTiming("enrollment", true /* main action */); } long startTime = CMS.getCurrentDate().getTime(); @@ -511,30 +492,30 @@ public class ProfileSubmitServlet extends ProfileServlet { while (paramNames.hasMoreElements()) { String paramName = (String) paramNames.nextElement(); // added this facility so that password can be hidden, - // all sensitive parameters should be prefixed with + // all sensitive parameters should be prefixed with // __ (double underscores); however, in the event that // a security parameter slips through, we perform multiple // additional checks to insure that it is NOT displayed - if (paramName.startsWith("__") - || paramName.endsWith("password") - || paramName.endsWith("passwd") - || paramName.endsWith("pwd") - || paramName.equalsIgnoreCase("admin_password_again") - || paramName.equalsIgnoreCase("directoryManagerPwd") - || paramName.equalsIgnoreCase("bindpassword") - || paramName.equalsIgnoreCase("bindpwd") - || paramName.equalsIgnoreCase("passwd") - || paramName.equalsIgnoreCase("password") - || paramName.equalsIgnoreCase("pin") - || paramName.equalsIgnoreCase("pwd") - || paramName.equalsIgnoreCase("pwdagain") - || paramName.equalsIgnoreCase("uPasswd")) { - CMS.debug("ProfileSubmitServlet Input Parameter " - + paramName + "='(sensitive)'"); + if( paramName.startsWith("__") || + paramName.endsWith("password") || + paramName.endsWith("passwd") || + paramName.endsWith("pwd") || + paramName.equalsIgnoreCase("admin_password_again") || + paramName.equalsIgnoreCase("directoryManagerPwd") || + paramName.equalsIgnoreCase("bindpassword") || + paramName.equalsIgnoreCase("bindpwd") || + paramName.equalsIgnoreCase("passwd") || + paramName.equalsIgnoreCase("password") || + paramName.equalsIgnoreCase("pin") || + paramName.equalsIgnoreCase("pwd") || + paramName.equalsIgnoreCase("pwdagain") || + paramName.equalsIgnoreCase("uPasswd") ) { + CMS.debug("ProfileSubmitServlet Input Parameter " + + paramName + "='(sensitive)'"); } else { - CMS.debug("ProfileSubmitServlet Input Parameter " - + paramName + "='" - + request.getParameter(paramName) + "'"); + CMS.debug("ProfileSubmitServlet Input Parameter " + + paramName + "='" + + request.getParameter(paramName) + "'"); } } CMS.debug("End of ProfileSubmitServlet Input Parameters"); @@ -546,42 +527,44 @@ public class ProfileSubmitServlet extends ProfileServlet { mProfileSubId = IProfileSubsystem.ID; } CMS.debug("ProfileSubmitServlet: SubId=" + mProfileSubId); - IProfileSubsystem ps = (IProfileSubsystem) CMS - .getSubsystem(mProfileSubId); + IProfileSubsystem ps = (IProfileSubsystem) + CMS.getSubsystem(mProfileSubId); if (ps == null) { CMS.debug("ProfileSubmitServlet: ProfileSubsystem not found"); if (xmlOutput) { - outputError(response, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + outputError(response, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); } else { args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); } if (statsSub != null) { - statsSub.endTiming("enrollment"); + statsSub.endTiming("enrollment"); } return; } /* * Renewal - Renewal is retrofitted into the Profile Enrollment - * Framework. The authentication and authorization are taken from the - * renewal profile, while the input (with requests) and grace period - * constraint are taken from the original cert's request record. + * Framework. The authentication and authorization are taken from + * the renewal profile, while the input (with requests) and grace + * period constraint are taken from the original cert's request record. * - * Things to note: * the renew request will contain the original profile - * instead of the new * there is no request for system and admin certs - * generated at time of installation configuration. + * Things to note: + * * the renew request will contain the original profile instead + * of the new + * * there is no request for system and admin certs generated at + * time of installation configuration. */ String renewal = request.getParameter("renewal"); boolean isRenewal = false; - if ((renewal != null) && (renewal.equalsIgnoreCase("true"))) { + if ((renewal!= null) && (renewal.equalsIgnoreCase("true"))) { CMS.debug("ProfileSubmitServlet: isRenewal true"); isRenewal = true; - request.setAttribute("reqType", (Object) "renewal"); + request.setAttribute("reqType", (Object)"renewal"); } else { CMS.debug("ProfileSubmitServlet: isRenewal false"); } @@ -609,25 +592,25 @@ public class ProfileSubmitServlet extends ProfileServlet { if (isRenewal) { // dig up the original request to "clone" renewProfileId = profileId; - CMS.debug("ProfileSubmitServlet: renewProfileId =" + renewProfileId); + CMS.debug("ProfileSubmitServlet: renewProfileId ="+renewProfileId); IAuthority authority = (IAuthority) CMS.getSubsystem(mAuthorityId); if (authority == null) { - CMS.debug("ProfileSubmitServlet: renewal: Authority " - + mAuthorityId + " not found"); + CMS.debug("ProfileSubmitServlet: renewal: Authority " + mAuthorityId + + " not found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } IRequestQueue queue = authority.getRequestQueue(); if (queue == null) { - CMS.debug("ProfileSubmitServlet: renewal: Request Queue of " - + mAuthorityId + " not found"); + CMS.debug("ProfileSubmitServlet: renewal: Request Queue of " + + mAuthorityId + " not found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } @@ -635,7 +618,7 @@ public class ProfileSubmitServlet extends ProfileServlet { String serial = request.getParameter("serial_num"); BigInteger certSerial = null; // if serial number is sent with request, then the authentication - // method is not ssl client auth. In this case, an alternative + // method is not ssl client auth. In this case, an alternative // authentication method is used (default: ldap based) if (serial != null) { CMS.debug("ProfileSubmitServlet: renewal: found serial_num"); @@ -647,15 +630,14 @@ public class ProfileSubmitServlet extends ProfileServlet { // ssl client auth is to be used // this is not authentication. Just use the cert to search // for orig request and find the right profile - SSLClientCertProvider sslCCP = new SSLClientCertProvider( - request); + SSLClientCertProvider sslCCP = new SSLClientCertProvider(request); X509Certificate[] certs = sslCCP.getClientCertificateChain(); certSerial = null; if (certs == null || certs.length == 0) { CMS.debug("ProfileSubmitServlet: renewal: no ssl client cert chain"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } else { // has ssl client cert @@ -663,46 +645,45 @@ public class ProfileSubmitServlet extends ProfileServlet { // shouldn't expect leaf cert to be always at the // same location X509Certificate clientCert = null; - for (int i = 0; i < certs.length; i++) { + for (int i = 0; i< certs.length; i++) { clientCert = certs[i]; - byte[] extBytes = clientCert - .getExtensionValue("2.5.29.19"); + byte [] extBytes = clientCert.getExtensionValue("2.5.29.19"); // try to see if this is a leaf cert // look for BasicConstraint extension if (extBytes == null) { // found leaf cert - CMS.debug("ProfileSubmitServlet: renewal: found leaf cert"); + CMS.debug("ProfileSubmitServlet: renewal: found leaf cert"); break; } else { - CMS.debug("ProfileSubmitServlet: renewal: found cert having BasicConstraints ext"); - // it's got BasicConstraints extension - // so it's not likely to be a leaf cert, - // however, check the isCA field regardless - try { - BasicConstraintsExtension bce = new BasicConstraintsExtension( - true, extBytes); - if (bce != null) { - if (!(Boolean) bce.get("is_ca")) { - CMS.debug("ProfileSubmitServlet: renewal: found CA cert in chain"); - break; - } // else found a ca cert, continue - } - } catch (Exception e) { - CMS.debug("ProfileSubmitServlet: renewal: exception:" - + e.toString()); - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage( - locale, "CMS_INTERNAL_ERROR")); - outputTemplate(request, response, args); - return; + CMS.debug("ProfileSubmitServlet: renewal: found cert having BasicConstraints ext"); + // it's got BasicConstraints extension + // so it's not likely to be a leaf cert, + // however, check the isCA field regardless + try { + BasicConstraintsExtension bce = + new BasicConstraintsExtension(true, extBytes); + if (bce != null) { + if (!(Boolean)bce.get("is_ca")) { + CMS.debug("ProfileSubmitServlet: renewal: found CA cert in chain"); + break; + } // else found a ca cert, continue } + } catch (Exception e) { + CMS.debug("ProfileSubmitServlet: renewal: exception:"+ + e.toString()); + args.set(ARG_ERROR_CODE, "1"); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); + outputTemplate(request, response, args); + return; + } } } if (clientCert == null) { CMS.debug("ProfileSubmitServlet: renewal: no client cert in chain"); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } @@ -712,11 +693,10 @@ public class ProfileSubmitServlet extends ProfileServlet { clientCert = new X509CertImpl(certEncoded); } catch (Exception e) { - CMS.debug("ProfileSubmitServlet: renewal: exception:" - + e.toString()); + CMS.debug("ProfileSubmitServlet: renewal: exception:"+e.toString()); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } @@ -725,123 +705,96 @@ public class ProfileSubmitServlet extends ProfileServlet { } } - CMS.debug("ProfileSubmitServlet: renewal: serial number of cert to renew:" - + certSerial.toString()); + CMS.debug("ProfileSubmitServlet: renewal: serial number of cert to renew:"+ certSerial.toString()); try { ICertificateRepository certDB = null; if (authority instanceof ICertificateAuthority) { - certDB = ((ICertificateAuthority) authority) - .getCertificateRepository(); + certDB = ((ICertificateAuthority) authority).getCertificateRepository(); } if (certDB == null) { args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } - ICertRecord rec = (ICertRecord) certDB - .readCertificateRecord(certSerial); - if (rec == null) { - CMS.debug("ProfileSubmitServlet: renewal cert record not found for serial number " - + certSerial.toString()); + ICertRecord rec = (ICertRecord) certDB.readCertificateRecord(certSerial); + if (rec == null) { + CMS.debug("ProfileSubmitServlet: renewal cert record not found for serial number "+ certSerial.toString()); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } else { - CMS.debug("ProfileSubmitServlet: renewal cert record found for serial number:" - + certSerial.toString()); + CMS.debug("ProfileSubmitServlet: renewal cert record found for serial number:"+ certSerial.toString()); // check to see if the cert is revoked or revoked_expired - if ((rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) - || (rec.getStatus() - .equals(ICertRecord.STATUS_REVOKED_EXPIRED))) { - CMS.debug("ProfileSubmitServlet: renewal cert found to be revoked. Serial number = " - + certSerial.toString()); - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_CA_CANNOT_RENEW_REVOKED_CERT", - certSerial.toString())); - outputTemplate(request, response, args); - return; + if ((rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) || (rec.getStatus().equals(ICertRecord.STATUS_REVOKED_EXPIRED))) { + CMS.debug("ProfileSubmitServlet: renewal cert found to be revoked. Serial number = "+ certSerial.toString()); + args.set(ARG_ERROR_CODE, "1"); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_CA_CANNOT_RENEW_REVOKED_CERT", certSerial.toString())); + outputTemplate(request, response, args); + return; } - MetaInfo metaInfo = (MetaInfo) rec - .get(ICertRecord.ATTR_META_INFO); + MetaInfo metaInfo = (MetaInfo) rec.get(ICertRecord.ATTR_META_INFO); // note: CA's internal certs don't have request ids // so some other way needs to be done if (metaInfo != null) { - String rid = (String) metaInfo - .get(ICertRecord.META_REQUEST_ID); + String rid = (String) metaInfo.get(ICertRecord.META_REQUEST_ID); if (rid != null) { origReq = queue.findRequest(new RequestId(rid)); if (origReq != null) { - CMS.debug("ProfileSubmitServlet: renewal: found original enrollment request id:" - + rid); + CMS.debug("ProfileSubmitServlet: renewal: found original enrollment request id:"+ rid); // debug: print the extData keys Enumeration en = origReq.getExtDataKeys(); - /* - * CMS.debug( - * "ProfileSubmitServlet: renewal: origRequest extdata key print BEGINS" - * ); while (en.hasMoreElements()) { String next - * = (String) en.nextElement(); CMS.debug( - * "ProfileSubmitServlet: renewal: origRequest extdata key:" - * + next); } CMS.debug( - * "ProfileSubmitServlet: renewal: origRequest extdata key print ENDS" - * ); - */ - String requestorE = origReq - .getExtDataInString("requestor_email"); - CMS.debug("ProfileSubmitServlet: renewal original requestor email=" - + requestorE); - profileId = origReq - .getExtDataInString("profileId"); +/* + CMS.debug("ProfileSubmitServlet: renewal: origRequest extdata key print BEGINS"); + while (en.hasMoreElements()) { + String next = (String) en.nextElement(); + CMS.debug("ProfileSubmitServlet: renewal: origRequest extdata key:"+ next); + } + CMS.debug("ProfileSubmitServlet: renewal: origRequest extdata key print ENDS"); +*/ + String requestorE = origReq.getExtDataInString("requestor_email"); + CMS.debug("ProfileSubmitServlet: renewal original requestor email="+requestorE); + profileId = origReq.getExtDataInString("profileId"); if (profileId != null) - CMS.debug("ProfileSubmitServlet: renewal original profileId=" - + profileId); + CMS.debug("ProfileSubmitServlet: renewal original profileId="+profileId); else { - CMS.debug("ProfileSubmitServlet: renewal original profileId not found"); - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS - .getUserMessage(locale, - "CMS_INTERNAL_ERROR")); - outputTemplate(request, response, args); - return; + CMS.debug("ProfileSubmitServlet: renewal original profileId not found"); + args.set(ARG_ERROR_CODE, "1"); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); + outputTemplate(request, response, args); + return; } - origSeqNum = origReq - .getExtDataInInteger(IEnrollProfile.REQUEST_SEQ_NUM); - - } else { // if origReq - CMS.debug("ProfileSubmitServlet: renewal original request not found for request id " - + rid); + origSeqNum = origReq.getExtDataInInteger(IEnrollProfile.REQUEST_SEQ_NUM); + + } else { //if origReq + CMS.debug("ProfileSubmitServlet: renewal original request not found for request id "+ rid); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage( - locale, "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } } else { - CMS.debug("ProfileSubmitServlet: renewal: cert record locating request id in MetaInfo failed for serial number " - + certSerial.toString()); - CMS.debug("ProfileSubmitServlet: renewal: cert may be bootstrapped system cert during installation/configuration - no request record exists"); - args.set(ARG_ERROR_CODE, "1"); - args.set( - ARG_ERROR_REASON, - CMS.getUserMessage( - locale, - "CMS_INTERNAL_ERROR" - + ": original request not found")); - outputTemplate(request, response, args); - return; + CMS.debug("ProfileSubmitServlet: renewal: cert record locating request id in MetaInfo failed for serial number "+ certSerial.toString()); + CMS.debug("ProfileSubmitServlet: renewal: cert may be bootstrapped system cert during installation/configuration - no request record exists"); + args.set(ARG_ERROR_CODE, "1"); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR"+": original request not found")); + outputTemplate(request, response, args); + return; } } else { - CMS.debug("ProfileSubmitServlet: renewal: cert record locating MetaInfo failed for serial number " - + certSerial.toString()); + CMS.debug("ProfileSubmitServlet: renewal: cert record locating MetaInfo failed for serial number "+ certSerial.toString()); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } @@ -849,101 +802,96 @@ public class ProfileSubmitServlet extends ProfileServlet { CMS.debug("ProfileSubmitServlet: renewal: before getting origNotAfter"); X509CertImpl origCert = rec.getCertificate(); origNotAfter = origCert.getNotAfter(); - CMS.debug("ProfileSubmitServlet: renewal: origNotAfter =" - + origNotAfter.toString()); + CMS.debug("ProfileSubmitServlet: renewal: origNotAfter ="+ + origNotAfter.toString()); origSubjectDN = origCert.getSubjectDN().getName(); - CMS.debug("ProfileSubmitServlet: renewal: orig subj dn =" - + origSubjectDN); + CMS.debug("ProfileSubmitServlet: renewal: orig subj dn ="+ + origSubjectDN); } } catch (Exception e) { - CMS.debug("ProfileSubmitServlet: renewal: exception:" - + e.toString()); + CMS.debug("ProfileSubmitServlet: renewal: exception:"+e.toString()); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } } // end isRenewal - IProfile profile = null; + IProfile profile = null; IProfile renewProfile = null; - try { - profile = ps.getProfile(profileId); + try { + profile = ps.getProfile(profileId); if (isRenewal) { // in case of renew, "profile" is the orig profile // while "renewProfile" is the current profile used for renewal - renewProfile = ps.getProfile(renewProfileId); + renewProfile = ps.getProfile(renewProfileId); } - } catch (EProfileException e) { - if (profile == null) { - CMS.debug("ProfileSubmitServlet: profile not found profileId " - + profileId + " " + e.toString()); + } catch (EProfileException e) { + if(profile == null) { + CMS.debug("ProfileSubmitServlet: profile not found profileId " + + profileId + " " + e.toString()); } if (renewProfile == null) { - CMS.debug("ProfileSubmitServlet: profile not found renewProfileId " - + renewProfileId + " " + e.toString()); + CMS.debug("ProfileSubmitServlet: profile not found renewProfileId " + + renewProfileId + " " + e.toString()); } } if (profile == null) { if (xmlOutput) { - outputError(response, CMS.getUserMessage(locale, - "CMS_PROFILE_NOT_FOUND", profileId)); + outputError(response, CMS.getUserMessage(locale,"CMS_PROFILE_NOT_FOUND", profileId)); } else { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_PROFILE_NOT_FOUND", profileId)); + "CMS_PROFILE_NOT_FOUND", profileId)); outputTemplate(request, response, args); } return; } if (isRenewal && (renewProfile == null)) { if (xmlOutput) { - outputError(response, CMS.getUserMessage(locale, - "CMS_PROFILE_NOT_FOUND", renewProfileId)); + outputError(response, CMS.getUserMessage(locale,"CMS_PROFILE_NOT_FOUND", renewProfileId)); } else { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_PROFILE_NOT_FOUND", renewProfileId)); + "CMS_PROFILE_NOT_FOUND", renewProfileId)); outputTemplate(request, response, args); } return; } if (!ps.isProfileEnable(profileId)) { - CMS.debug("ProfileSubmitServlet: Profile " + profileId - + " not enabled"); + CMS.debug("ProfileSubmitServlet: Profile " + profileId + + " not enabled"); if (xmlOutput) { - outputError(response, CMS.getUserMessage(locale, - "CMS_PROFILE_NOT_FOUND", profileId)); + outputError(response, CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId)); } else { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_PROFILE_NOT_FOUND", profileId)); + "CMS_PROFILE_NOT_FOUND", profileId)); outputTemplate(request, response, args); } if (statsSub != null) { - statsSub.endTiming("enrollment"); + statsSub.endTiming("enrollment"); } return; } if (isRenewal) { - if (!ps.isProfileEnable(renewProfileId)) { - CMS.debug("ProfileSubmitServlet: renewal Profile " - + renewProfileId + " not enabled"); - if (xmlOutput) { - outputError(response, CMS.getUserMessage(locale, - "CMS_PROFILE_NOT_FOUND", renewProfileId)); - } else { - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_PROFILE_NOT_FOUND", renewProfileId)); - outputTemplate(request, response, args); - } - return; + if (!ps.isProfileEnable(renewProfileId)) { + CMS.debug("ProfileSubmitServlet: renewal Profile " + renewProfileId + + " not enabled"); + if (xmlOutput) { + outputError(response, CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", renewProfileId)); + } else { + args.set(ARG_ERROR_CODE, "1"); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_PROFILE_NOT_FOUND", renewProfileId)); + outputTemplate(request, response, args); } + return; + } } IProfileContext ctx = profile.createContext(); @@ -960,42 +908,40 @@ public class ProfileSubmitServlet extends ProfileServlet { } } catch (EProfileException e) { // authenticator not installed correctly - CMS.debug("ProfileSubmitServlet: renewal: exception:" - + e.toString()); + CMS.debug("ProfileSubmitServlet: renewal: exception:"+e.toString()); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } if (authenticator == null) { CMS.debug("ProfileSubmitServlet: authenticator not found"); } else { - CMS.debug("ProfileSubmitServlet: authenticator " - + authenticator.getName() + " found"); + CMS.debug("ProfileSubmitServlet: authenticator " + + authenticator.getName() + " found"); setCredentialsIntoContext(request, authenticator, ctx); } - // for renewal, this will override or add auth info to the profile - // context + // for renewal, this will override or add auth info to the profile context if (isRenewal) { - if (origAuthenticator != null) { - CMS.debug("ProfileSubmitServlet: for renewal, original authenticator " - + origAuthenticator.getName() + " found"); - setCredentialsIntoContext(request, origAuthenticator, ctx); - } else { - CMS.debug("ProfileSubmitServlet: for renewal, original authenticator not found"); - } + if (origAuthenticator!= null) { + CMS.debug("ProfileSubmitServlet: for renewal, original authenticator " + + origAuthenticator.getName() + " found"); + setCredentialsIntoContext(request, origAuthenticator, ctx); + } else { + CMS.debug("ProfileSubmitServlet: for renewal, original authenticator not found"); + } } CMS.debug("ProfileSubmistServlet: set Inputs into profile Context"); if (isRenewal) { - // for renewal, input needs to be retrieved from the orig req record + // for renewal, input needs to be retrieved from the orig req record CMS.debug("ProfileSubmitServlet: set original Inputs into profile Context"); setInputsIntoContext(origReq, profile, ctx, locale); ctx.set(IEnrollProfile.CTX_RENEWAL, "true"); ctx.set("renewProfileId", renewProfileId); - ctx.set(IEnrollProfile.CTX_RENEWAL_SEQ_NUM, origSeqNum.toString()); + ctx.set(IEnrollProfile.CTX_RENEWAL_SEQ_NUM, origSeqNum.toString()); } else { setInputsIntoContext(request, profile, ctx); } @@ -1009,13 +955,14 @@ public class ProfileSubmitServlet extends ProfileServlet { SessionContext context = SessionContext.getContext(); // insert profile context so that input parameter can be retrieved - context.put("profileContext", ctx); - context.put("sslClientCertProvider", new SSLClientCertProvider(request)); + context.put("profileContext", ctx); + context.put("sslClientCertProvider", + new SSLClientCertProvider(request)); CMS.debug("ProfileSubmitServlet: set sslClientCertProvider"); if ((isRenewal == true) && (origSubjectDN != null)) - context.put("origSubjectDN", origSubjectDN); + context.put("origSubjectDN", origSubjectDN); if (statsSub != null) { - statsSub.startTiming("profile_authentication"); + statsSub.startTiming("profile_authentication"); } if (authenticator != null) { @@ -1024,68 +971,67 @@ public class ProfileSubmitServlet extends ProfileServlet { String uid_cred = "Unidentified"; String uid_attempted_cred = "Unidentified"; Enumeration authIds = authenticator.getValueNames(); - // Attempt to possibly fetch attemped uid, may not always be - // available. + //Attempt to possibly fetch attemped uid, may not always be available. if (authIds != null) { while (authIds.hasMoreElements()) { String authName = (String) authIds.nextElement(); - String value = request.getParameter(authName); + String value = request.getParameter(authName); if (value != null) { - if (authName.equals("uid")) { - uid_attempted_cred = value; - } + if (authName.equals("uid")) { + uid_attempted_cred = value; + } } } } - String authSubjectID = auditSubjectID(); + String authSubjectID = auditSubjectID(); - String authMgrID = authenticator.getName(); - String auditMessage = null; + String authMgrID = authenticator.getName(); + String auditMessage = null; try { if (isRenewal) { CMS.debug("ProfileSubmitServlet: renewal authenticate begins"); - authToken = authenticate(authenticator, request, origReq, - context); + authToken = authenticate(authenticator, request, origReq, context); CMS.debug("ProfileSubmitServlet: renewal authenticate ends"); } else { authToken = authenticate(authenticator, request); } } catch (EBaseException e) { - CMS.debug("ProfileSubmitServlet: authentication error " - + e.toString()); + CMS.debug("ProfileSubmitServlet: authentication error " + + e.toString()); // authentication error if (xmlOutput) { - outputError(response, CMS.getUserMessage(locale, - "CMS_AUTHENTICATION_ERROR")); + outputError(response, CMS.getUserMessage(locale, "CMS_AUTHENTICATION_ERROR")); } else { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_AUTHENTICATION_ERROR")); + "CMS_AUTHENTICATION_ERROR")); outputTemplate(request, response, args); } if (statsSub != null) { - statsSub.endTiming("authentication"); + statsSub.endTiming("authentication"); } if (statsSub != null) { - statsSub.endTiming("enrollment"); + statsSub.endTiming("enrollment"); } - // audit log our authentication failure + //audit log our authentication failure authSubjectID += " : " + uid_cred; auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, authSubjectID, - ILogger.FAILURE, authMgrID, uid_attempted_cred); + LOGGING_SIGNED_AUDIT_AUTH_FAIL, + authSubjectID, + ILogger.FAILURE, + authMgrID, + uid_attempted_cred); audit(auditMessage); return; } - // Log successful authentication + //Log successful authentication - // Attempt to get uid from authToken, most tokens respond to the - // "uid" cred. + //Attempt to get uid from authToken, most tokens respond to the "uid" cred. uid_cred = authToken.getInString("uid"); if (uid_cred == null || uid_cred.length() == 0) { @@ -1093,16 +1039,19 @@ public class ProfileSubmitServlet extends ProfileServlet { } authSubjectID = authSubjectID + " : " + uid_cred; - + // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_AUTH_SUCCESS, - authSubjectID, ILogger.SUCCESS, authMgrID); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_AUTH_SUCCESS, + authSubjectID, + ILogger.SUCCESS, + authMgrID); audit(auditMessage); } if (statsSub != null) { - statsSub.endTiming("profile_authentication"); + statsSub.endTiming("profile_authentication"); } // authentication success @@ -1111,24 +1060,23 @@ public class ProfileSubmitServlet extends ProfileServlet { // do profile authorization String acl = null; if (isRenewal) - acl = renewProfile.getAuthzAcl(); + acl = renewProfile.getAuthzAcl(); else - acl = profile.getAuthzAcl(); - CMS.debug("ProfileSubmitServlet: authz using acl: " + acl); + acl = profile.getAuthzAcl(); + CMS.debug("ProfileSubmitServlet: authz using acl: "+acl); if (acl != null && acl.length() > 0) { try { String resource = profileId + ".authz.acl"; - AuthzToken authzToken = authorize(mAclMethod, resource, - authToken, acl); + AuthzToken authzToken = authorize(mAclMethod, resource, authToken, acl); } catch (Exception e) { - CMS.debug("ProfileSubmitServlet authorize: " + e.toString()); + CMS.debug("ProfileSubmitServlet authorize: "+e.toString()); if (xmlOutput) { - outputError(response, CMS.getUserMessage(locale, - "CMS_AUTHORIZATION_ERROR")); + outputError(response, CMS.getUserMessage(locale, + "CMS_AUTHORIZATION_ERROR")); } else { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_AUTHORIZATION_ERROR")); + "CMS_AUTHORIZATION_ERROR")); outputTemplate(request, response, args); } @@ -1140,11 +1088,11 @@ public class ProfileSubmitServlet extends ProfileServlet { IRequest reqs[] = null; if (statsSub != null) { - statsSub.startTiming("request_population"); + statsSub.startTiming("request_population"); } - // ///////////////////////////////////////////// + /////////////////////////////////////////////// // create request - // ///////////////////////////////////////////// + /////////////////////////////////////////////// try { reqs = profile.createRequests(ctx, locale); } catch (EProfileException e) { @@ -1158,52 +1106,50 @@ public class ProfileSubmitServlet extends ProfileServlet { outputTemplate(request, response, args); } if (statsSub != null) { - statsSub.endTiming("request_population"); - statsSub.endTiming("enrollment"); + statsSub.endTiming("request_population"); + statsSub.endTiming("enrollment"); } return; } catch (Throwable e) { CMS.debug(e); CMS.debug("ProfileSubmitServlet: createRequests " + e.toString()); if (xmlOutput) { - outputError(response, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + outputError(response, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); } else { args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); } if (statsSub != null) { - statsSub.endTiming("request_population"); - statsSub.endTiming("enrollment"); + statsSub.endTiming("request_population"); + statsSub.endTiming("enrollment"); } return; } String errorCode = null; - String errorReason = null; + String errorReason = null; - // ///////////////////////////////////////////// + /////////////////////////////////////////////// // populate request - // ///////////////////////////////////////////// + /////////////////////////////////////////////// for (int k = 0; k < reqs.length; k++) { boolean fromRA = false; String uid = ""; // adding parameters to request if (isRenewal) { - setInputsIntoRequest(origReq, profile, reqs[k], locale); - // set orig expiration date to be used in Validity constraint - reqs[k].setExtData("origNotAfter", - BigInteger.valueOf(origNotAfter.getTime())); - // set subjectDN to be used in subject name default - reqs[k].setExtData(IProfileAuthenticator.AUTHENTICATED_NAME, - origSubjectDN); - // set request type - reqs[k].setRequestType("renewal"); + setInputsIntoRequest(origReq, profile, reqs[k], locale); + // set orig expiration date to be used in Validity constraint + reqs[k].setExtData("origNotAfter", + BigInteger.valueOf(origNotAfter.getTime())); + // set subjectDN to be used in subject name default + reqs[k].setExtData(IProfileAuthenticator.AUTHENTICATED_NAME, origSubjectDN); + // set request type + reqs[k].setRequestType("renewal"); } else - setInputsIntoRequest(request, profile, reqs[k]); + setInputsIntoRequest(request, profile, reqs[k]); // serial auth token into request if (authToken != null) { @@ -1213,20 +1159,19 @@ public class ProfileSubmitServlet extends ProfileServlet { String[] tokenVals = authToken.getInStringArray(tokenName); if (tokenVals != null) { for (int i = 0; i < tokenVals.length; i++) { - reqs[k].setExtData(ARG_AUTH_TOKEN + "." + tokenName - + "[" + i + "]", tokenVals[i]); + reqs[k].setExtData(ARG_AUTH_TOKEN + "." + + tokenName + "[" + i + "]", tokenVals[i]); } } else { String tokenVal = authToken.getInString(tokenName); if (tokenVal != null) { - reqs[k].setExtData( - ARG_AUTH_TOKEN + "." + tokenName, tokenVal); + reqs[k].setExtData(ARG_AUTH_TOKEN + "." + tokenName, + tokenVal); // if RA agent, auto assign the request if (tokenName.equals("uid")) uid = tokenVal; - if (tokenName.equals("group") - && tokenVal - .equals("Registration Manager Agents")) { + if (tokenName.equals("group") && + tokenVal.equals("Registration Manager Agents")) { fromRA = true; } } @@ -1235,7 +1180,7 @@ public class ProfileSubmitServlet extends ProfileServlet { } if (fromRA) { - CMS.debug("ProfileSubmitServlet: request from RA: " + uid); + CMS.debug("ProfileSubmitServlet: request from RA: "+ uid); reqs[k].setExtData(ARG_REQUEST_OWNER, uid); } @@ -1243,8 +1188,7 @@ public class ProfileSubmitServlet extends ProfileServlet { reqs[k].setExtData(ARG_PROFILE, "true"); reqs[k].setExtData(ARG_PROFILE_ID, profileId); if (isRenewal) - reqs[k].setExtData(ARG_RENEWAL_PROFILE_ID, - request.getParameter("profileId")); + reqs[k].setExtData(ARG_RENEWAL_PROFILE_ID, request.getParameter("profileId")); reqs[k].setExtData(ARG_PROFILE_APPROVED_BY, profile.getApprovedBy()); String setId = profile.getPolicySetId(reqs[k]); @@ -1252,20 +1196,16 @@ public class ProfileSubmitServlet extends ProfileServlet { // no profile set found CMS.debug("ProfileSubmitServlet: no profile policy set found"); if (xmlOutput) { - outputError( - response, - FAILED, - CMS.getUserMessage("CMS_PROFILE_NO_POLICY_SET_FOUND"), - reqs[k].getRequestId().toString()); + outputError(response, FAILED, CMS.getUserMessage("CMS_PROFILE_NO_POLICY_SET_FOUND"), reqs[k].getRequestId().toString()); } else { args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS - .getUserMessage("CMS_PROFILE_NO_POLICY_SET_FOUND")); + args.set(ARG_ERROR_REASON, + CMS.getUserMessage("CMS_PROFILE_NO_POLICY_SET_FOUND")); outputTemplate(request, response, args); } if (statsSub != null) { - statsSub.endTiming("request_population"); - statsSub.endTiming("enrollment"); + statsSub.endTiming("request_population"); + statsSub.endTiming("enrollment"); } return; } @@ -1275,13 +1215,13 @@ public class ProfileSubmitServlet extends ProfileServlet { reqs[k].setExtData(ARG_PROFILE_REMOTE_HOST, request.getRemoteHost()); reqs[k].setExtData(ARG_PROFILE_REMOTE_ADDR, request.getRemoteAddr()); - CMS.debug("ProfileSubmitServlet: request " - + reqs[k].getRequestId().toString()); + CMS.debug("ProfileSubmitServlet: request " + + reqs[k].getRequestId().toString()); try { CMS.debug("ProfileSubmitServlet: populating request inputs"); // give authenticator a chance to populate the request - if (authenticator != null) { + if (authenticator != null) { authenticator.populate(authToken, reqs[k]); } profile.populateInput(ctx, reqs[k]); @@ -1289,41 +1229,38 @@ public class ProfileSubmitServlet extends ProfileServlet { } catch (EProfileException e) { CMS.debug("ProfileSubmitServlet: populate " + e.toString()); if (xmlOutput) { - outputError(response, FAILED, e.toString(), reqs[k] - .getRequestId().toString()); + outputError(response, FAILED, e.toString(), reqs[k].getRequestId().toString()); } else { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, e.toString()); outputTemplate(request, response, args); } if (statsSub != null) { - statsSub.endTiming("request_population"); - statsSub.endTiming("enrollment"); + statsSub.endTiming("request_population"); + statsSub.endTiming("enrollment"); } return; } catch (Throwable e) { CMS.debug("ProfileSubmitServlet: populate " + e.toString()); - // throw new IOException("Profile " + profileId + - // " cannot populate"); + // throw new IOException("Profile " + profileId + + // " cannot populate"); if (xmlOutput) { - outputError(response, FAILED, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"), - reqs[k].getRequestId().toString()); + outputError(response, FAILED, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"), reqs[k].getRequestId().toString()); } else { args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); } if (statsSub != null) { - statsSub.endTiming("request_population"); - statsSub.endTiming("enrollment"); + statsSub.endTiming("request_population"); + statsSub.endTiming("enrollment"); } return; } } if (statsSub != null) { - statsSub.endTiming("request_population"); + statsSub.endTiming("request_population"); } String auditMessage = null; @@ -1332,9 +1269,9 @@ public class ProfileSubmitServlet extends ProfileServlet { String auditInfoCertValue = ILogger.SIGNED_AUDIT_EMPTY_VALUE; try { - // ///////////////////////////////////////////// + /////////////////////////////////////////////// // submit request - // ///////////////////////////////////////////// + /////////////////////////////////////////////// String requestIds = ""; // deliminated with double space for (int k = 0; k < reqs.length; k++) { try { @@ -1343,16 +1280,15 @@ public class ProfileSubmitServlet extends ProfileServlet { // print request debug if (reqs[k] != null) { - requestIds += " " + reqs[k].getRequestId().toString(); - Enumeration reqKeys = reqs[k].getExtDataKeys(); - while (reqKeys.hasMoreElements()) { - String reqKey = (String) reqKeys.nextElement(); - String reqVal = reqs[k].getExtDataInString(reqKey); - if (reqVal != null) { - CMS.debug("ProfileSubmitServlet: key=$request." - + reqKey + "$ value=" + reqVal); - } + requestIds += " "+reqs[k].getRequestId().toString(); + Enumeration reqKeys = reqs[k].getExtDataKeys(); + while (reqKeys.hasMoreElements()) { + String reqKey = (String)reqKeys.nextElement(); + String reqVal = reqs[k].getExtDataInString(reqKey); + if (reqVal != null) { + CMS.debug("ProfileSubmitServlet: key=$request." + reqKey + "$ value=" + reqVal); } + } } profile.submit(authToken, reqs[k]); @@ -1362,16 +1298,16 @@ public class ProfileSubmitServlet extends ProfileServlet { auditInfoCertValue = auditInfoCertValue(reqs[k]); if (auditInfoCertValue != null) { - if (!(auditInfoCertValue - .equals(ILogger.SIGNED_AUDIT_EMPTY_VALUE))) { + if (!(auditInfoCertValue.equals( + ILogger.SIGNED_AUDIT_EMPTY_VALUE))) { // store a message in the signed audit log file - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, ILogger.SUCCESS, - auditRequesterID, - ILogger.SIGNED_AUDIT_ACCEPTANCE, - auditInfoCertValue); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + ILogger.SIGNED_AUDIT_ACCEPTANCE, + auditInfoCertValue); audit(auditMessage); } @@ -1380,50 +1316,53 @@ public class ProfileSubmitServlet extends ProfileServlet { // return defer message to the user reqs[k].setRequestStatus(RequestStatus.PENDING); // need to notify - INotify notify = profile.getRequestQueue() - .getPendingNotify(); + INotify notify = profile.getRequestQueue().getPendingNotify(); if (notify != null) { - notify.notify(reqs[k]); + notify.notify(reqs[k]); } - + CMS.debug("ProfileSubmitServlet: submit " + e.toString()); errorCode = "2"; errorReason = CMS.getUserMessage(locale, - "CMS_PROFILE_DEFERRED", e.toString()); + "CMS_PROFILE_DEFERRED", + e.toString()); } catch (ERejectException e) { - // return error to the user + // return error to the user reqs[k].setRequestStatus(RequestStatus.REJECTED); CMS.debug("ProfileSubmitServlet: submit " + e.toString()); errorCode = "3"; errorReason = CMS.getUserMessage(locale, - "CMS_PROFILE_REJECTED", e.toString()); + "CMS_PROFILE_REJECTED", + e.toString()); } catch (Throwable e) { // return error to the user CMS.debug("ProfileSubmitServlet: submit " + e.toString()); errorCode = "1"; errorReason = CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR"); + "CMS_INTERNAL_ERROR"); } - try { + try { if (errorCode == null) { profile.getRequestQueue().markAsServiced(reqs[k]); } else { profile.getRequestQueue().updateRequest(reqs[k]); } } catch (EBaseException e) { - CMS.debug("ProfileSubmitServlet: updateRequest " - + e.toString()); + CMS.debug("ProfileSubmitServlet: updateRequest " + + e.toString()); } if (errorCode != null) { if (errorCode.equals("1")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, - auditRequesterID, - ILogger.SIGNED_AUDIT_REJECTION, errorReason); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + ILogger.SIGNED_AUDIT_REJECTION, + errorReason); audit(auditMessage); } else if (errorCode.equals("2")) { @@ -1433,10 +1372,12 @@ public class ProfileSubmitServlet extends ProfileServlet { } else if (errorCode.equals("3")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, - auditRequesterID, - ILogger.SIGNED_AUDIT_REJECTION, errorReason); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + ILogger.SIGNED_AUDIT_REJECTION, + errorReason); audit(auditMessage); } @@ -1453,8 +1394,8 @@ public class ProfileSubmitServlet extends ProfileServlet { for (int k = 0; k < reqs.length; k++) { ArgSet requestset = new ArgSet(); - requestset.set(ARG_REQUEST_ID, reqs[k].getRequestId() - .toString()); + requestset.set(ARG_REQUEST_ID, + reqs[k].getRequestId().toString()); requestlist.add(requestset); } args.set(ARG_REQUEST_LIST, requestlist); @@ -1463,14 +1404,14 @@ public class ProfileSubmitServlet extends ProfileServlet { outputTemplate(request, response, args); } if (statsSub != null) { - statsSub.endTiming("enrollment"); + statsSub.endTiming("enrollment"); } return; } - // ///////////////////////////////////////////// - // output output list - // ///////////////////////////////////////////// + /////////////////////////////////////////////// + // output output list + /////////////////////////////////////////////// if (xmlOutput) { xmlOutput(response, profile, locale, reqs); } else { @@ -1488,8 +1429,8 @@ public class ProfileSubmitServlet extends ProfileServlet { for (int k = 0; k < reqs.length; k++) { ArgSet requestset = new ArgSet(); - requestset.set(ARG_REQUEST_ID, reqs[k].getRequestId() - .toString()); + requestset.set(ARG_REQUEST_ID, + reqs[k].getRequestId().toString()); requestlist.add(requestset); } args.set(ARG_REQUEST_LIST, requestlist); @@ -1502,27 +1443,28 @@ public class ProfileSubmitServlet extends ProfileServlet { // store a message in the signed audit log file // (automated cert request processed - "rejected") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, auditRequesterID, - ILogger.SIGNED_AUDIT_REJECTION, - SIGNED_AUDIT_AUTOMATED_REJECTION_REASON[0]); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + ILogger.SIGNED_AUDIT_REJECTION, + SIGNED_AUDIT_AUTOMATED_REJECTION_REASON[0]); audit(auditMessage); if (statsSub != null) { - statsSub.endTiming("enrollment"); + statsSub.endTiming("enrollment"); } throw eAudit1; } finally { SessionContext.releaseContext(); } if (statsSub != null) { - statsSub.endTiming("enrollment"); + statsSub.endTiming("enrollment"); } } - private void xmlOutput(HttpServletResponse httpResp, IProfile profile, - Locale locale, IRequest[] reqs) { + private void xmlOutput(HttpServletResponse httpResp, IProfile profile, Locale locale, IRequest[] reqs) { try { XMLObject xmlObj = null; xmlObj = new XMLObject(); @@ -1530,68 +1472,51 @@ public class ProfileSubmitServlet extends ProfileServlet { Node root = xmlObj.createRoot("XMLResponse"); xmlObj.addItemToContainer(root, "Status", SUCCESS); Node n = xmlObj.createContainer(root, "Requests"); - CMS.debug("ProfileSubmitServlet xmlOutput: req len = " - + reqs.length); + CMS.debug("ProfileSubmitServlet xmlOutput: req len = " +reqs.length); - for (int i = 0; i < reqs.length; i++) { + for (int i=0; i<reqs.length; i++) { Node subnode = xmlObj.createContainer(n, "Request"); - xmlObj.addItemToContainer(subnode, "Id", reqs[i].getRequestId() - .toString()); - X509CertInfo certInfo = reqs[i] - .getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); + xmlObj.addItemToContainer(subnode, "Id", reqs[i].getRequestId().toString()); + X509CertInfo certInfo = + reqs[i].getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); if (certInfo != null) { - String subject = ""; - subject = (String) certInfo.get(X509CertInfo.SUBJECT) - .toString(); - xmlObj.addItemToContainer(subnode, "SubjectDN", subject); + String subject = ""; + subject = (String) certInfo.get(X509CertInfo.SUBJECT).toString(); + xmlObj.addItemToContainer(subnode, "SubjectDN", subject); } else { - CMS.debug("ProfileSubmitServlet xmlOutput: no certInfo found in request"); + CMS.debug("ProfileSubmitServlet xmlOutput: no certInfo found in request"); } Enumeration outputIds = profile.getProfileOutputIds(); if (outputIds != null) { while (outputIds.hasMoreElements()) { String outputId = (String) outputIds.nextElement(); - IProfileOutput profileOutput = profile - .getProfileOutput(outputId); + IProfileOutput profileOutput = profile.getProfileOutput(outputId); Enumeration outputNames = profileOutput.getValueNames(); if (outputNames != null) { while (outputNames.hasMoreElements()) { - String outputName = (String) outputNames - .nextElement(); - if (!outputName.equals("b64_cert") - && !outputName.equals("pkcs7")) + String outputName = (String) outputNames.nextElement(); + if (!outputName.equals("b64_cert") && !outputName.equals("pkcs7")) continue; try { - String outputValue = profileOutput - .getValue(outputName, locale, - reqs[i]); + String outputValue = profileOutput.getValue(outputName, locale, reqs[i]); if (outputName.equals("b64_cert")) { - String ss = Cert - .normalizeCertStrAndReq(outputValue); - outputValue = Cert.stripBrackets(ss); - byte[] bcode = CMS.AtoB(outputValue); - X509CertImpl impl = new X509CertImpl( - bcode); - xmlObj.addItemToContainer(subnode, - "serialno", impl - .getSerialNumber() - .toString(16)); - xmlObj.addItemToContainer(subnode, - "b64", outputValue); + String ss = Cert.normalizeCertStrAndReq(outputValue); + outputValue = Cert.stripBrackets(ss); + byte[] bcode = CMS.AtoB(outputValue); + X509CertImpl impl = new X509CertImpl(bcode); + xmlObj.addItemToContainer(subnode, + "serialno", impl.getSerialNumber().toString(16)); + xmlObj.addItemToContainer(subnode, "b64", outputValue); }// if b64_cert else if (outputName.equals("pkcs7")) { - String ss = Cert - .normalizeCertStrAndReq(outputValue); - xmlObj.addItemToContainer(subnode, - "pkcs7", ss); + String ss = Cert.normalizeCertStrAndReq(outputValue); + xmlObj.addItemToContainer(subnode, "pkcs7", ss); } - + } catch (EProfileException e) { - CMS.debug("ProfileSubmitServlet xmlOutput: " - + e.toString()); + CMS.debug("ProfileSubmitServlet xmlOutput: "+e.toString()); } catch (Exception e) { - CMS.debug("ProfileSubmitServlet xmlOutput: " - + e.toString()); + CMS.debug("ProfileSubmitServlet xmlOutput: "+e.toString()); } } } @@ -1608,11 +1533,11 @@ public class ProfileSubmitServlet extends ProfileServlet { /** * Signed Audit Log Requester ID - * - * This method is called to obtain the "RequesterID" for a signed audit log - * message. + * + * This method is called to obtain the "RequesterID" for + * a signed audit log message. * <P> - * + * * @param request the actual request * @return id string containing the signed audit log message RequesterID */ @@ -1638,11 +1563,11 @@ public class ProfileSubmitServlet extends ProfileServlet { /** * Signed Audit Log Info Certificate Value - * + * * This method is called to obtain the certificate from the passed in * "X509CertImpl" for a signed audit log message. * <P> - * + * * @param request request containing an X509CertImpl * @return cert string containing the certificate */ @@ -1652,8 +1577,8 @@ public class ProfileSubmitServlet extends ProfileServlet { return null; } - X509CertImpl x509cert = request - .getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT); + X509CertImpl x509cert = request.getExtDataInCert( + IEnrollProfile.REQUEST_ISSUED_CERT); if (x509cert == null) { return ILogger.SIGNED_AUDIT_EMPTY_VALUE; diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/SSLClientCertProvider.java b/pki/base/common/src/com/netscape/cms/servlet/profile/SSLClientCertProvider.java index 4570fedd..989710e3 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/SSLClientCertProvider.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/SSLClientCertProvider.java @@ -31,9 +31,10 @@ public class SSLClientCertProvider implements ISSLClientCertProvider { } public X509Certificate[] getClientCertificateChain() { - X509Certificate[] allCerts = (X509Certificate[]) mRequest - .getAttribute("javax.servlet.request.X509Certificate"); + X509Certificate[] allCerts = (X509Certificate[]) + mRequest.getAttribute("javax.servlet.request.X509Certificate"); return allCerts; } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/CertReqParser.java b/pki/base/common/src/com/netscape/cms/servlet/request/CertReqParser.java index 9cbae1ad..60a8d16d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/CertReqParser.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/CertReqParser.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.request; + import java.io.ByteArrayInputStream; import java.io.IOException; import java.lang.reflect.Array; @@ -60,15 +61,18 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.RawJS; + /** * Output a 'pretty print' of a certificate request - * + * * @version $Revision$, $Date$ */ public class CertReqParser extends ReqParser { - - public static final CertReqParser DETAIL_PARSER = new CertReqParser(true); - public static final CertReqParser NODETAIL_PARSER = new CertReqParser(false); + + public static final CertReqParser + DETAIL_PARSER = new CertReqParser(true); + public static final CertReqParser + NODETAIL_PARSER = new CertReqParser(false); private boolean mDetails = true; private IPrettyPrintFormat pp = null; @@ -82,7 +86,7 @@ public class CertReqParser extends ReqParser { /** * Constructs a certificate request parser. - * + * * @param details return detailed information (this can be time consuming) */ public CertReqParser(boolean details) { @@ -97,34 +101,34 @@ public class CertReqParser extends ReqParser { private static final String RB = "]"; private static final String EQ = " = "; - private static final String HTTP_PARAMS_COUNTER = IRequest.HTTP_PARAMS + LB - + "httpParamsCount++" + RB; - private static final String HTTP_HEADERS_COUNTER = IRequest.HTTP_HEADERS - + LB + "httpHeadersCount++" + RB; - private static final String AUTH_TOKEN_COUNTER = IRequest.AUTH_TOKEN + LB - + "authTokenCount++" + RB; - private static final String SERVER_ATTRS_COUNTER = IRequest.SERVER_ATTRS - + LB + "serverAttrsCount++" + RB; + private static final String + HTTP_PARAMS_COUNTER = IRequest.HTTP_PARAMS + LB + "httpParamsCount++" + RB; + private static final String + HTTP_HEADERS_COUNTER = IRequest.HTTP_HEADERS + LB + "httpHeadersCount++" + RB; + private static final String + AUTH_TOKEN_COUNTER = IRequest.AUTH_TOKEN + LB + "authTokenCount++" + RB; + private static final String + SERVER_ATTRS_COUNTER = IRequest.SERVER_ATTRS + LB + "serverAttrsCount++" + RB; /** * Fills in certificate specific request attributes. */ - public void fillRequestIntoArg(Locale l, IRequest req, - CMSTemplateParams argSet, IArgBlock arg) throws EBaseException { + public void fillRequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg) + throws EBaseException { if (req.getExtDataInCertInfoArray(IRequest.CERT_INFO) != null) { - fillX509RequestIntoArg(l, req, argSet, arg); + fillX509RequestIntoArg(l, req, argSet, arg); } else if (req.getExtDataInRevokedCertArray(IRequest.CERT_INFO) != null) { - fillRevokeRequestIntoArg(l, req, argSet, arg); + fillRevokeRequestIntoArg(l, req, argSet, arg); } else { - // o = req.get(IRequest.OLD_CERTS); - // if (o != null) - fillRevokeRequestIntoArg(l, req, argSet, arg); + //o = req.get(IRequest.OLD_CERTS); + //if (o != null) + fillRevokeRequestIntoArg(l, req, argSet, arg); } } - - private void fillX509RequestIntoArg(Locale l, IRequest req, - CMSTemplateParams argSet, IArgBlock arg) throws EBaseException { - + + private void fillX509RequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg) + throws EBaseException { + // fill in the standard attributes super.fillRequestIntoArg(l, req, argSet, arg); @@ -134,7 +138,7 @@ public class CertReqParser extends ReqParser { Enumeration enum1 = req.getExtDataKeys(); // gross hack - String prefix = "record."; + String prefix = "record."; if (argSet.getHeader() == arg) prefix = "header."; @@ -146,41 +150,32 @@ public class CertReqParser extends ReqParser { // show all http parameters stored in request. if (name.equalsIgnoreCase(IRequest.HTTP_PARAMS)) { Hashtable http_params = req.getExtDataInHashtable(name); - // show certType specially - String certType = (String) http_params - .get(IRequest.CERT_TYPE); + // show certType specially + String certType = (String) http_params.get(IRequest.CERT_TYPE); if (certType != null) { arg.addStringValue(IRequest.CERT_TYPE, certType); } - String presenceServerExt = (String) http_params - .get("PresenceServerExtension"); + String presenceServerExt = (String) http_params.get("PresenceServerExtension"); if (presenceServerExt != null) { - arg.addStringValue("PresenceServerExtension", - presenceServerExt); + arg.addStringValue("PresenceServerExtension", presenceServerExt); } // show all http parameters in request int counter = 0; Enumeration elms = http_params.keys(); while (elms.hasMoreElements()) { - String parami = IRequest.HTTP_PARAMS + LB - + String.valueOf(counter++) + RB; + String parami = + IRequest.HTTP_PARAMS + LB + String.valueOf(counter++) + RB; // hack String n = (String) elms.nextElement(); - String rawJS = "new Object;\n\r" - + prefix - + parami - + ".name=\"" - + CMSTemplate.escapeJavaScriptString(n) - + "\";\n\r" - + prefix - + parami - + ".value=\"" - + CMSTemplate - .escapeJavaScriptStringHTML(http_params - .get(n).toString()) + "\""; + String rawJS = "new Object;\n\r" + + prefix + parami + ".name=\"" + + CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" + + prefix + parami + ".value=\"" + + CMSTemplate.escapeJavaScriptStringHTML( + http_params.get(n).toString()) + "\""; arg.set(parami, new RawJS(rawJS)); } @@ -191,22 +186,16 @@ public class CertReqParser extends ReqParser { int counter = 0; while (elms.hasMoreElements()) { - String parami = IRequest.HTTP_HEADERS + LB - + String.valueOf(counter++) + RB; + String parami = + IRequest.HTTP_HEADERS + LB + String.valueOf(counter++) + RB; // hack String n = (String) elms.nextElement(); - String rawJS = "new Object;\n\r" - + prefix - + parami - + ".name=\"" - + CMSTemplate.escapeJavaScriptString(n) - + "\";\n\r" - + prefix - + parami - + ".value=\"" - + CMSTemplate - .escapeJavaScriptStringHTML(http_hdrs - .get(n).toString()) + "\""; + String rawJS = "new Object;\n\r" + + prefix + parami + ".name=\"" + + CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" + + prefix + parami + ".value=\"" + + CMSTemplate.escapeJavaScriptStringHTML( + http_hdrs.get(n).toString()) + "\""; arg.set(parami, new RawJS(rawJS)); } @@ -217,8 +206,8 @@ public class CertReqParser extends ReqParser { int counter = 0; while (elms.hasMoreElements()) { - String parami = IRequest.AUTH_TOKEN + LB - + String.valueOf(counter++) + RB; + String parami = + IRequest.AUTH_TOKEN + LB + String.valueOf(counter++) + RB; // hack String n = (String) elms.nextElement(); Object authTokenValue = auth_token.getInStringArray(n); @@ -226,16 +215,14 @@ public class CertReqParser extends ReqParser { authTokenValue = auth_token.getInString(n); } String v = expandValue(prefix + parami + ".value", - authTokenValue); - String rawJS = "new Object;\n\r" + prefix + parami - + ".name=\"" - + CMSTemplate.escapeJavaScriptString(n) - + "\";\n" + v; + authTokenValue); + String rawJS = "new Object;\n\r" + + prefix + parami + ".name=\"" + + CMSTemplate.escapeJavaScriptString(n) + "\";\n" + v; arg.set(parami, new RawJS(rawJS)); } - } // all others are request attrs from policy or internal - // modules. + } // all others are request attrs from policy or internal modules. else { Object val; if (req.isSimpleExtDataValue(name)) { @@ -248,47 +235,41 @@ public class CertReqParser extends ReqParser { } String valstr = ""; // hack - String parami = IRequest.SERVER_ATTRS + LB - + String.valueOf(saCounter++) + RB; - - if (name.equalsIgnoreCase(IRequest.ISSUED_CERTS) - && mDetails - && (req.getRequestStatus().toString() - .equals(RequestStatus.COMPLETE_STRING) || req - .getRequestType().equals( - IRequest.GETREVOCATIONINFO_REQUEST))) { - X509CertImpl issuedCert[] = req - .getExtDataInCertArray(IRequest.ISSUED_CERTS); + String parami = + IRequest.SERVER_ATTRS + LB + String.valueOf(saCounter++) + RB; + + if (name.equalsIgnoreCase(IRequest.ISSUED_CERTS) && mDetails && + (req.getRequestStatus().toString().equals(RequestStatus.COMPLETE_STRING) || + req.getRequestType().equals(IRequest.GETREVOCATIONINFO_REQUEST))) { + X509CertImpl issuedCert[] = + req.getExtDataInCertArray(IRequest.ISSUED_CERTS); if (issuedCert != null && issuedCert[0] != null) { - val = "<pre>" - + CMS.getCertPrettyPrint(issuedCert[0]) - .toString(l) + "</pre>"; + val = "<pre>"+CMS.getCertPrettyPrint(issuedCert[0]).toString(l)+"</pre>"; } - } else if (name.equalsIgnoreCase(IRequest.CERT_INFO) - && mDetails) { - X509CertInfo[] certInfo = req - .getExtDataInCertInfoArray(IRequest.CERT_INFO); + } else if (name.equalsIgnoreCase(IRequest.CERT_INFO) && mDetails) { + X509CertInfo[] certInfo = + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); if (certInfo != null && certInfo[0] != null) { - val = "<pre>" + certInfo[0].toString() + "</pre>"; + val = "<pre>"+certInfo[0].toString()+"</pre>"; } } valstr = expandValue(prefix + parami + ".value", val); - String rawJS = "new Object;\n\r" + prefix + parami - + ".name=\"" - + CMSTemplate.escapeJavaScriptString(name) - + "\";\n" + valstr; // java string already escaped - // in expandValue. + String rawJS = "new Object;\n\r" + + prefix + parami + ".name=\"" + + CMSTemplate.escapeJavaScriptString(name) + "\";\n" + + valstr; // java string already escaped in expandValue. arg.set(parami, new RawJS(rawJS)); } } if (name.equalsIgnoreCase(IRequest.REQUESTOR_PHONE) - || name.equalsIgnoreCase(IRequest.REQUESTOR_EMAIL) - || name.equalsIgnoreCase(IRequest.REQUESTOR_COMMENTS) - || name.equalsIgnoreCase(IRequest.RESULT) - || name.equalsIgnoreCase(IRequest.REQUEST_TRUSTEDMGR_PRIVILEGE)) { + || name.equalsIgnoreCase(IRequest.REQUESTOR_EMAIL) + || name.equalsIgnoreCase(IRequest.REQUESTOR_COMMENTS) + || name.equalsIgnoreCase(IRequest.RESULT) + || name.equalsIgnoreCase(IRequest.REQUEST_TRUSTEDMGR_PRIVILEGE) + ) { arg.addStringValue(name, req.getExtDataInString(name)); } @@ -314,24 +295,22 @@ public class CertReqParser extends ReqParser { } } if (name.equalsIgnoreCase(IRequest.ERROR)) { - arg.addStringValue(IRequest.ERRORS, - req.getExtDataInString(name)); + arg.addStringValue(IRequest.ERRORS, req.getExtDataInString(name)); } if (name.equalsIgnoreCase(IRequest.CERT_INFO)) { - // Get the certificate info from the request - X509CertInfo[] certInfo = req - .getExtDataInCertInfoArray(IRequest.CERT_INFO); + // Get the certificate info from the request + X509CertInfo[] certInfo = + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); if (certInfo != null && certInfo[0] != null) { - // Get the subject name if any set. + // Get the subject name if any set. CertificateSubjectName subjectName = null; String signatureAlgorithm = null; String signatureAlgorithmName = null; try { - subjectName = (CertificateSubjectName) certInfo[0] - .get(X509CertInfo.SUBJECT); + subjectName = (CertificateSubjectName) certInfo[0].get(X509CertInfo.SUBJECT); } catch (IOException e) { // XXX raise exception } catch (CertificateException e) { @@ -352,10 +331,10 @@ public class CertReqParser extends ReqParser { if (mDetails) { try { - CertificateAlgorithmId certAlgId = (CertificateAlgorithmId) certInfo[0] - .get(X509CertInfo.ALGORITHM_ID); - AlgorithmId algId = (AlgorithmId) certAlgId - .get(CertificateAlgorithmId.ALGORITHM); + CertificateAlgorithmId certAlgId = (CertificateAlgorithmId) + certInfo[0].get(X509CertInfo.ALGORITHM_ID); + AlgorithmId algId = (AlgorithmId) + certAlgId.get(CertificateAlgorithmId.ALGORITHM); signatureAlgorithm = (algId.getOID()).toString(); signatureAlgorithmName = algId.getName(); @@ -363,19 +342,16 @@ public class CertReqParser extends ReqParser { // XXX raise exception } if (signatureAlgorithm != null) { - arg.addStringValue("signatureAlgorithm", - signatureAlgorithm); + arg.addStringValue("signatureAlgorithm", signatureAlgorithm); } if (signatureAlgorithmName != null) { - arg.addStringValue("signatureAlgorithmName", - signatureAlgorithmName); + arg.addStringValue("signatureAlgorithmName", signatureAlgorithmName); } CertificateExtensions extensions = null; try { - extensions = (CertificateExtensions) certInfo[0] - .get(X509CertInfo.EXTENSIONS); + extensions = (CertificateExtensions) certInfo[0].get(X509CertInfo.EXTENSIONS); } catch (Exception e) { } if (extensions != null) { @@ -386,88 +362,56 @@ public class CertReqParser extends ReqParser { // only know about ns cert type if (ext instanceof NSCertTypeExtension) { - NSCertTypeExtension nsExtensions = (NSCertTypeExtension) ext; + NSCertTypeExtension nsExtensions = + (NSCertTypeExtension) ext; try { - arg.addStringValue( - "ext_" - + NSCertTypeExtension.SSL_SERVER, - nsExtensions - .get(NSCertTypeExtension.SSL_SERVER) - .toString()); - - arg.addStringValue( - "ext_" - + NSCertTypeExtension.SSL_CLIENT, - nsExtensions - .get(NSCertTypeExtension.SSL_CLIENT) - .toString()); - - arg.addStringValue( - "ext_" - + NSCertTypeExtension.EMAIL, - nsExtensions - .get(NSCertTypeExtension.EMAIL) - .toString()); - - arg.addStringValue( - "ext_" - + NSCertTypeExtension.OBJECT_SIGNING, - nsExtensions - .get(NSCertTypeExtension.OBJECT_SIGNING) - .toString()); - - arg.addStringValue( - "ext_" - + NSCertTypeExtension.SSL_CA, - nsExtensions - .get(NSCertTypeExtension.SSL_CA) - .toString()); - - arg.addStringValue( - "ext_" - + NSCertTypeExtension.EMAIL_CA, - nsExtensions - .get(NSCertTypeExtension.EMAIL_CA) - .toString()); - - arg.addStringValue( - "ext_" - + NSCertTypeExtension.OBJECT_SIGNING_CA, - nsExtensions - .get(NSCertTypeExtension.OBJECT_SIGNING_CA) - .toString()); + arg.addStringValue("ext_" + NSCertTypeExtension.SSL_SERVER, + nsExtensions.get(NSCertTypeExtension.SSL_SERVER).toString()); + + arg.addStringValue("ext_" + NSCertTypeExtension.SSL_CLIENT, + nsExtensions.get(NSCertTypeExtension.SSL_CLIENT).toString()); + + arg.addStringValue("ext_" + NSCertTypeExtension.EMAIL, + nsExtensions.get(NSCertTypeExtension.EMAIL).toString()); + + arg.addStringValue("ext_" + NSCertTypeExtension.OBJECT_SIGNING, + nsExtensions.get(NSCertTypeExtension.OBJECT_SIGNING).toString()); + + arg.addStringValue("ext_" + NSCertTypeExtension.SSL_CA, + nsExtensions.get(NSCertTypeExtension.SSL_CA).toString()); + + arg.addStringValue("ext_" + NSCertTypeExtension.EMAIL_CA, + nsExtensions.get(NSCertTypeExtension.EMAIL_CA).toString()); + + arg.addStringValue("ext_" + NSCertTypeExtension.OBJECT_SIGNING_CA, + nsExtensions.get(NSCertTypeExtension.OBJECT_SIGNING_CA).toString()); } catch (Exception e) { } } else if (ext instanceof BasicConstraintsExtension) { - BasicConstraintsExtension bcExt = (BasicConstraintsExtension) ext; + BasicConstraintsExtension bcExt = + (BasicConstraintsExtension) ext; Integer pathLength = null; Boolean isCA = null; try { - pathLength = (Integer) bcExt - .get(BasicConstraintsExtension.PATH_LEN); - isCA = (Boolean) bcExt - .get(BasicConstraintsExtension.IS_CA); + pathLength = (Integer) bcExt.get(BasicConstraintsExtension.PATH_LEN); + isCA = (Boolean) bcExt.get(BasicConstraintsExtension.IS_CA); } catch (IOException e) { } if (pathLength != null) - arg.addIntegerValue( - "pathLenBasicConstraints", - pathLength.intValue()); + arg.addIntegerValue("pathLenBasicConstraints", pathLength.intValue()); if (isCA != null) - arg.addBooleanValue( - "isCABasicConstraints", - isCA.booleanValue()); + arg.addBooleanValue("isCABasicConstraints", isCA.booleanValue()); } // pretty print all others. else { if (argSet != null) { IArgBlock rr = CMS.createArgBlock(); - rr.addStringValue(EXT_PRETTYPRINT, CMS - .getExtPrettyPrint(ext, 0) - .toString()); + rr.addStringValue( + EXT_PRETTYPRINT, + CMS.getExtPrettyPrint(ext, 0).toString()); argSet.addRepeatRecord(rr); } } @@ -475,12 +419,11 @@ public class CertReqParser extends ReqParser { } - // Get the public key + // Get the public key CertificateX509Key certKey = null; try { - certKey = (CertificateX509Key) certInfo[0] - .get(X509CertInfo.KEY); + certKey = (CertificateX509Key) certInfo[0].get(X509CertInfo.KEY); } catch (IOException e) { // XXX raise exception } catch (CertificateException e) { @@ -497,29 +440,22 @@ public class CertReqParser extends ReqParser { if (key != null) { arg.addStringValue("subjectPublicKeyInfo", - key.getAlgorithm() - + " - " - + key.getAlgorithmId().getOID() - .toString()); + key.getAlgorithm() + " - " + key.getAlgorithmId().getOID().toString()); arg.addStringValue("subjectPublicKey", - pp.toHexString(key.getKey(), 0, 16)); + pp.toHexString(key.getKey(), 0, 16)); } - // Get the validity period + // Get the validity period CertificateValidity validity = null; try { - validity = (CertificateValidity) certInfo[0] - .get(X509CertInfo.VALIDITY); + validity = + (CertificateValidity) + certInfo[0].get(X509CertInfo.VALIDITY); if (validity != null) { - long validityLength = (((Date) validity - .get(CertificateValidity.NOT_AFTER)) - .getTime() - ((Date) validity - .get(CertificateValidity.NOT_BEFORE)) - .getTime()) / 1000; - - arg.addLongValue("validityLength", - validityLength); + long validityLength = (((Date) validity.get(CertificateValidity.NOT_AFTER)).getTime() - ((Date) validity.get(CertificateValidity.NOT_BEFORE)).getTime()) / 1000; + + arg.addLongValue("validityLength", validityLength); } } catch (IOException e) { // XXX raise exception @@ -531,8 +467,7 @@ public class CertReqParser extends ReqParser { } if (name.equalsIgnoreCase(IRequest.OLD_SERIALS) && mDetails) { - BigInteger oldSerialNo[] = req - .getExtDataInBigIntegerArray(IRequest.OLD_SERIALS); + BigInteger oldSerialNo[] = req.getExtDataInBigIntegerArray(IRequest.OLD_SERIALS); if (oldSerialNo != null) { if (argSet != null) { @@ -540,44 +475,37 @@ public class CertReqParser extends ReqParser { IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - oldSerialNo[i], 16); + oldSerialNo[i], 16); argSet.addRepeatRecord(rarg); } } } } - if (name.equalsIgnoreCase(IRequest.ISSUED_CERTS) - && mDetails - && (req.getRequestStatus().toString() - .equals(RequestStatus.COMPLETE_STRING) || req - .getRequestType().equals( - IRequest.GETREVOCATIONINFO_REQUEST))) { - X509CertImpl issuedCert[] = req - .getExtDataInCertArray(IRequest.ISSUED_CERTS); - - arg.addBigIntegerValue("serialNumber", - issuedCert[0].getSerialNumber(), 16); + if (name.equalsIgnoreCase(IRequest.ISSUED_CERTS) && mDetails && + (req.getRequestStatus().toString().equals(RequestStatus.COMPLETE_STRING) || + req.getRequestType().equals(IRequest.GETREVOCATIONINFO_REQUEST))) { + X509CertImpl issuedCert[] = + req.getExtDataInCertArray(IRequest.ISSUED_CERTS); + + arg.addBigIntegerValue("serialNumber", issuedCert[0].getSerialNumber(), 16); // Set Serial No for 2nd certificate if (issuedCert.length == 2) - arg.addBigIntegerValue("serialNumber2", - issuedCert[1].getSerialNumber(), 16); + arg.addBigIntegerValue("serialNumber2", issuedCert[1].getSerialNumber(), 16); } if (name.equalsIgnoreCase(IRequest.OLD_CERTS) && mDetails) { - X509CertImpl oldCert[] = req - .getExtDataInCertArray(IRequest.OLD_CERTS); + X509CertImpl oldCert[] = + req.getExtDataInCertArray(IRequest.OLD_CERTS); if (oldCert != null && oldCert.length > 0) { - arg.addBigIntegerValue("serialNumber", - oldCert[0].getSerialNumber(), 16); - arg.addStringValue("subject", oldCert[0].getSubjectDN() - .toString()); + arg.addBigIntegerValue("serialNumber", oldCert[0].getSerialNumber(), 16); + arg.addStringValue("subject", oldCert[0].getSubjectDN().toString()); if (req.getRequestType().equals(IRequest.GETCERTS_REQUEST)) { for (int i = 0; i < oldCert.length; i++) { IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - oldCert[i].getSerialNumber(), 16); + oldCert[i].getSerialNumber(), 16); argSet.addRepeatRecord(rarg); } } @@ -585,13 +513,12 @@ public class CertReqParser extends ReqParser { } if (name.equalsIgnoreCase(IRequest.CACERTCHAIN) && mDetails) { - byte[] certChainData = req - .getExtDataInByteArray(IRequest.CACERTCHAIN); + byte[] certChainData = req.getExtDataInByteArray( + IRequest.CACERTCHAIN); if (certChainData != null) { CertificateChain certChain = new CertificateChain(); try { - certChain - .decode(new ByteArrayInputStream(certChainData)); + certChain.decode(new ByteArrayInputStream(certChainData)); X509Certificate cert[] = certChain.getChain(); @@ -599,7 +526,7 @@ public class CertReqParser extends ReqParser { IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - cert[i].getSerialNumber(), 16); + cert[i].getSerialNumber(), 16); argSet.addRepeatRecord(rarg); } } catch (IOException e) { @@ -608,24 +535,22 @@ public class CertReqParser extends ReqParser { } } if (name.equalsIgnoreCase(IRequest.FINGERPRINTS) && mDetails) { - Hashtable fingerprints = req - .getExtDataInHashtable(IRequest.FINGERPRINTS); + Hashtable fingerprints = + req.getExtDataInHashtable(IRequest.FINGERPRINTS); if (fingerprints != null) { String namesAndHashes = null; Enumeration enumFingerprints = fingerprints.keys(); - while (enumFingerprints.hasMoreElements()) { - String hashname = (String) enumFingerprints - .nextElement(); + while (enumFingerprints.hasMoreElements()) { + String hashname = (String) enumFingerprints.nextElement(); String hashvalue = (String) fingerprints.get(hashname); byte[] fingerprint = CMS.AtoB(hashvalue); String ppFingerprint = pp.toHexString(fingerprint, 0); if (hashname != null && ppFingerprint != null) { if (namesAndHashes != null) { - namesAndHashes += "+" + hashname + "+" - + ppFingerprint; + namesAndHashes += "+" + hashname + "+" + ppFingerprint; } else { namesAndHashes = hashname + "+" + ppFingerprint; } @@ -652,8 +577,7 @@ public class CertReqParser extends ReqParser { int j = 0; StringBuffer sb = new StringBuffer(); - for (Enumeration n = ((Vector) v).elements(); n - .hasMoreElements(); j++) { + for (Enumeration n = ((Vector) v).elements(); n.hasMoreElements(); j++) { sb.append(";\n"); sb.append(valuename); sb.append(LB); @@ -661,9 +585,10 @@ public class CertReqParser extends ReqParser { sb.append(RB); sb.append(EQ); sb.append("\""); - sb.append(CMSTemplate.escapeJavaScriptStringHTML(n - .nextElement().toString())); - sb.append("\";\n"); + sb.append( + CMSTemplate.escapeJavaScriptStringHTML( + n.nextElement().toString())); + sb.append( "\";\n"); } sb.append("\n"); valstr = sb.toString(); @@ -673,7 +598,7 @@ public class CertReqParser extends ReqParser { // if an array. int len = -1; - try { + try { len = Array.getLength(v); } catch (IllegalArgumentException e) { } @@ -683,15 +608,9 @@ public class CertReqParser extends ReqParser { for (i = 0; i < len; i++) { if (Array.get(v, i) != null) - valstr += ";\n" - + valuename - + LB - + i - + RB - + EQ - + "\"" - + CMSTemplate.escapeJavaScriptStringHTML(Array - .get(v, i).toString()) + "\";\n"; + valstr += ";\n" + valuename + LB + i + RB + EQ + "\"" + + CMSTemplate.escapeJavaScriptStringHTML( + Array.get(v, i).toString()) + "\";\n"; } return valstr; } @@ -699,17 +618,17 @@ public class CertReqParser extends ReqParser { } // if string or unrecognized type, just call its toString method. - return valuename + "=\"" - + CMSTemplate.escapeJavaScriptStringHTML(v.toString()) + "\""; + return valuename + "=\"" + + CMSTemplate.escapeJavaScriptStringHTML(v.toString()) + "\""; } public String getRequestorDN(IRequest request) { try { - X509CertInfo info = (X509CertInfo) request - .getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); + X509CertInfo info = (X509CertInfo) + request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); // retrieve the subject name - CertificateSubjectName sn = (CertificateSubjectName) info - .get(X509CertInfo.SUBJECT); + CertificateSubjectName sn = (CertificateSubjectName) + info.get(X509CertInfo.SUBJECT); return sn.toString(); } catch (Exception e) { @@ -724,16 +643,15 @@ public class CertReqParser extends ReqParser { String cid = request.getExtDataInString(IRequest.NETKEY_ATTR_CUID); if (cid == null) { - cid = ""; + cid = ""; } - String uid = request - .getExtDataInString(IRequest.NETKEY_ATTR_USERID); + String uid = request.getExtDataInString(IRequest.NETKEY_ATTR_USERID); if (uid == null) { - uid = ""; + uid = ""; } - kid = cid + ":" + uid; + kid = cid+":"+uid; if (kid.equals(":")) { - kid = ""; + kid = ""; } return kid; @@ -743,15 +661,15 @@ public class CertReqParser extends ReqParser { return null; } - private void fillRevokeRequestIntoArg(Locale l, IRequest req, - CMSTemplateParams argSet, IArgBlock arg) throws EBaseException { + private void fillRevokeRequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg) + throws EBaseException { // fill in the standard attributes super.fillRequestIntoArg(l, req, argSet, arg); arg.addStringValue("certExtsEnabled", "yes"); String profile = req.getExtDataInString("profile"); - // CMS.debug("CertReqParser: profile=" + profile); + //CMS.debug("CertReqParser: profile=" + profile); if (profile != null) { arg.addStringValue("profile", profile); String requestorDN = getRequestorDN(req); @@ -772,7 +690,7 @@ public class CertReqParser extends ReqParser { Enumeration enum1 = req.getExtDataKeys(); // gross hack - String prefix = "record."; + String prefix = "record."; if (argSet.getHeader() == arg) prefix = "header."; @@ -784,9 +702,8 @@ public class CertReqParser extends ReqParser { // show all http parameters stored in request. if (name.equalsIgnoreCase(IRequest.HTTP_PARAMS)) { Hashtable http_params = req.getExtDataInHashtable(name); - // show certType specially - String certType = (String) http_params - .get(IRequest.CERT_TYPE); + // show certType specially + String certType = (String) http_params.get(IRequest.CERT_TYPE); if (certType != null) { arg.addStringValue(IRequest.CERT_TYPE, certType); @@ -796,22 +713,16 @@ public class CertReqParser extends ReqParser { Enumeration elms = http_params.keys(); while (elms.hasMoreElements()) { - String parami = IRequest.HTTP_PARAMS + LB - + String.valueOf(counter++) + RB; + String parami = + IRequest.HTTP_PARAMS + LB + String.valueOf(counter++) + RB; // hack String n = (String) elms.nextElement(); - String rawJS = "new Object;\n\r" - + prefix - + parami - + ".name=\"" - + CMSTemplate.escapeJavaScriptString(n) - + "\";\n\r" - + prefix - + parami - + ".value=\"" - + CMSTemplate - .escapeJavaScriptStringHTML(http_params - .get(n).toString()) + "\""; + String rawJS = "new Object;\n\r" + + prefix + parami + ".name=\"" + + CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" + + prefix + parami + ".value=\"" + + CMSTemplate.escapeJavaScriptStringHTML( + http_params.get(n).toString()) + "\""; arg.set(parami, new RawJS(rawJS)); } @@ -822,22 +733,16 @@ public class CertReqParser extends ReqParser { int counter = 0; while (elms.hasMoreElements()) { - String parami = IRequest.HTTP_HEADERS + LB - + String.valueOf(counter++) + RB; + String parami = + IRequest.HTTP_HEADERS + LB + String.valueOf(counter++) + RB; // hack String n = (String) elms.nextElement(); - String rawJS = "new Object;\n\r" - + prefix - + parami - + ".name=\"" - + CMSTemplate.escapeJavaScriptString(n) - + "\";\n\r" - + prefix - + parami - + ".value=\"" - + CMSTemplate - .escapeJavaScriptStringHTML(http_hdrs - .get(n).toString()) + "\""; + String rawJS = "new Object;\n\r" + + prefix + parami + ".name=\"" + + CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" + + prefix + parami + ".value=\"" + + CMSTemplate.escapeJavaScriptStringHTML( + http_hdrs.get(n).toString()) + "\""; arg.set(parami, new RawJS(rawJS)); } @@ -848,21 +753,20 @@ public class CertReqParser extends ReqParser { int counter = 0; while (elms.hasMoreElements()) { - String parami = IRequest.AUTH_TOKEN + LB - + String.valueOf(counter++) + RB; + String parami = + IRequest.AUTH_TOKEN + LB + String.valueOf(counter++) + RB; // hack String n = (String) elms.nextElement(); - String v = expandValue(prefix + parami + ".value", + String v = + expandValue(prefix + parami + ".value", auth_token.getInString(n)); - String rawJS = "new Object;\n\r" + prefix + parami - + ".name=\"" - + CMSTemplate.escapeJavaScriptString(n) - + "\";\n" + v; + String rawJS = "new Object;\n\r" + + prefix + parami + ".name=\"" + + CMSTemplate.escapeJavaScriptString(n) + "\";\n" + v; arg.set(parami, new RawJS(rawJS)); } - } // all others are request attrs from policy or internal - // modules. + } // all others are request attrs from policy or internal modules. else { Object val; if (req.isSimpleExtDataValue(name)) { @@ -875,25 +779,25 @@ public class CertReqParser extends ReqParser { } String valstr = ""; // hack - String parami = IRequest.SERVER_ATTRS + LB - + String.valueOf(saCounter++) + RB; + String parami = + IRequest.SERVER_ATTRS + LB + String.valueOf(saCounter++) + RB; valstr = expandValue(prefix + parami + ".value", val); - String rawJS = "new Object;\n\r" + prefix + parami - + ".name=\"" - + CMSTemplate.escapeJavaScriptString(name) - + "\";\n" + valstr; // java string already escaped - // in expandValue. + String rawJS = "new Object;\n\r" + + prefix + parami + ".name=\"" + + CMSTemplate.escapeJavaScriptString(name) + "\";\n" + + valstr; // java string already escaped in expandValue. arg.set(parami, new RawJS(rawJS)); } } if (name.equalsIgnoreCase(IRequest.REQUESTOR_PHONE) - || name.equalsIgnoreCase(IRequest.REQUESTOR_EMAIL) - || name.equalsIgnoreCase(IRequest.REQUESTOR_COMMENTS) - || name.equalsIgnoreCase(IRequest.RESULT) - || name.equalsIgnoreCase(IRequest.REQUEST_TRUSTEDMGR_PRIVILEGE)) { + || name.equalsIgnoreCase(IRequest.REQUESTOR_EMAIL) + || name.equalsIgnoreCase(IRequest.REQUESTOR_COMMENTS) + || name.equalsIgnoreCase(IRequest.RESULT) + || name.equalsIgnoreCase(IRequest.REQUEST_TRUSTEDMGR_PRIVILEGE) + ) { arg.addStringValue(name, req.getExtDataInString(name)); } @@ -919,14 +823,12 @@ public class CertReqParser extends ReqParser { } } if (name.equalsIgnoreCase(IRequest.ERROR)) { - arg.addStringValue(IRequest.ERRORS, - req.getExtDataInString(name)); + arg.addStringValue(IRequest.ERRORS, req.getExtDataInString(name)); } if (name.equalsIgnoreCase(IRequest.CERT_INFO)) { - // Get the certificate info from the request - RevokedCertImpl revokedCert[] = req - .getExtDataInRevokedCertArray(IRequest.CERT_INFO); + // Get the certificate info from the request + RevokedCertImpl revokedCert[] = req.getExtDataInRevokedCertArray(IRequest.CERT_INFO); if (mDetails && revokedCert != null) { if (argSet != null) { @@ -934,39 +836,35 @@ public class CertReqParser extends ReqParser { IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - revokedCert[i].getSerialNumber(), 16); + revokedCert[i].getSerialNumber(), 16); - CRLExtensions crlExtensions = revokedCert[i] - .getExtensions(); + CRLExtensions crlExtensions = revokedCert[i].getExtensions(); if (crlExtensions != null) { for (int k = 0; k < crlExtensions.size(); k++) { - Extension ext = (Extension) crlExtensions - .elementAt(k); + Extension ext = (Extension) crlExtensions.elementAt(k); if (ext instanceof CRLReasonExtension) { rarg.addStringValue("reason", - ((CRLReasonExtension) ext) - .getReason().toString()); + ((CRLReasonExtension) ext).getReason().toString()); } } } else { rarg.addStringValue("reason", - RevocationReason.UNSPECIFIED.toString()); + RevocationReason.UNSPECIFIED.toString()); } argSet.addRepeatRecord(rarg); } } else { arg.addBigIntegerValue("serialNumber", - revokedCert[0].getSerialNumber(), 16); + revokedCert[0].getSerialNumber(), 16); } } } if (name.equalsIgnoreCase(IRequest.OLD_SERIALS) && mDetails) { - BigInteger oldSerialNo[] = req - .getExtDataInBigIntegerArray(IRequest.OLD_SERIALS); + BigInteger oldSerialNo[] = req.getExtDataInBigIntegerArray(IRequest.OLD_SERIALS); if (oldSerialNo != null) { if (argSet != null) { @@ -974,7 +872,7 @@ public class CertReqParser extends ReqParser { IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - oldSerialNo[i], 16); + oldSerialNo[i], 16); argSet.addRepeatRecord(rarg); } } @@ -982,27 +880,24 @@ public class CertReqParser extends ReqParser { } if (name.equalsIgnoreCase(IRequest.OLD_CERTS) && mDetails) { - // X509CertImpl oldCert[] = - // (X509CertImpl[])req.get(IRequest.OLD_CERTS); - Certificate oldCert[] = (Certificate[]) req - .getExtDataInCertArray(IRequest.OLD_CERTS); - + //X509CertImpl oldCert[] = + // (X509CertImpl[])req.get(IRequest.OLD_CERTS); + Certificate oldCert[] = + (Certificate[]) req.getExtDataInCertArray(IRequest.OLD_CERTS); + if (oldCert != null && oldCert.length > 0) { if (oldCert[0] instanceof X509CertImpl) { X509CertImpl xcert = (X509CertImpl) oldCert[0]; - arg.addBigIntegerValue("serialNumber", - xcert.getSerialNumber(), 16); - arg.addStringValue("subject", xcert.getSubjectDN() - .toString()); - if (req.getRequestType().equals( - IRequest.GETCERTS_REQUEST)) { + arg.addBigIntegerValue("serialNumber", xcert.getSerialNumber(), 16); + arg.addStringValue("subject", xcert.getSubjectDN().toString()); + if (req.getRequestType().equals(IRequest.GETCERTS_REQUEST)) { for (int i = 0; i < oldCert.length; i++) { IArgBlock rarg = CMS.createArgBlock(); xcert = (X509CertImpl) oldCert[i]; rarg.addBigIntegerValue("serialNumber", - xcert.getSerialNumber(), 16); + xcert.getSerialNumber(), 16); argSet.addRepeatRecord(rarg); } } @@ -1010,23 +905,21 @@ public class CertReqParser extends ReqParser { } } - if (name.equalsIgnoreCase(IRequest.REVOKED_CERTS) && mDetails - && req.getRequestType().equals("getRevocationInfo")) { - RevokedCertImpl revokedCert[] = req - .getExtDataInRevokedCertArray(IRequest.REVOKED_CERTS); + if (name.equalsIgnoreCase(IRequest.REVOKED_CERTS) && mDetails && + req.getRequestType().equals("getRevocationInfo")) { + RevokedCertImpl revokedCert[] = + req.getExtDataInRevokedCertArray(IRequest.REVOKED_CERTS); if (revokedCert != null && revokedCert[0] != null) { boolean reasonFound = false; - CRLExtensions crlExtensions = revokedCert[0] - .getExtensions(); + CRLExtensions crlExtensions = revokedCert[0].getExtensions(); for (int k = 0; k < crlExtensions.size(); k++) { Extension ext = (Extension) crlExtensions.elementAt(k); if (ext instanceof CRLReasonExtension) { arg.addStringValue("reason", - ((CRLReasonExtension) ext).getReason() - .toString()); + ((CRLReasonExtension) ext).getReason().toString()); reasonFound = true; } } @@ -1037,5 +930,5 @@ public class CertReqParser extends ReqParser { } } } - + } diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java b/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java index 3eca4390..127f2ce8 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.request; + import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.File; @@ -80,9 +81,10 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; + /** * Check the status of a certificate request - * + * * @version $Revision$, $Date$ */ public class CheckRequest extends CMSServlet { @@ -114,14 +116,15 @@ public class CheckRequest extends CMSServlet { /** * Constructs request query servlet. */ - public CheckRequest() throws EBaseException { + public CheckRequest() + throws EBaseException { super(); } /** * initialize the servlet. This servlet uses the template file * "requestStatus.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -137,12 +140,12 @@ public class CheckRequest extends CMSServlet { * Process the HTTP request. * <ul> * <li>http.param requestId ID of the request to check - * <li>http.param format if 'id', then check the request based on the - * request ID parameter. If set to CMC, then use the 'queryPending' - * parameter. + * <li>http.param format if 'id', then check the request based on + * the request ID parameter. If set to CMC, then use the + * 'queryPending' parameter. * <li>http.param queryPending query formatted as a CMC request * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -159,14 +162,14 @@ public class CheckRequest extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "read"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -184,10 +187,9 @@ public class CheckRequest extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, - e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -205,31 +207,27 @@ public class CheckRequest extends CMSServlet { // They may check the status using CMC queryPending String queryPending = req.getParameter("queryPending"); - if (format != null && format.equals("cmc") && queryPending != null - && !queryPending.equals("")) { + if (format != null && format.equals("cmc") && queryPending != null && !queryPending.equals("")) { try { isCMCReq = true; byte[] cmcBlob = CMS.AtoB(queryPending); - ByteArrayInputStream cmcBlobIn = new ByteArrayInputStream( - cmcBlob); - - org.mozilla.jss.pkix.cms.ContentInfo cii = (org.mozilla.jss.pkix.cms.ContentInfo) org.mozilla.jss.pkix.cms.ContentInfo - .getTemplate().decode(cmcBlobIn); - SignedData cmcFullReq = (SignedData) cii - .getInterpretedContent(); - + ByteArrayInputStream cmcBlobIn = + new ByteArrayInputStream(cmcBlob); + + org.mozilla.jss.pkix.cms.ContentInfo cii = (org.mozilla.jss.pkix.cms.ContentInfo) + org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn); + SignedData cmcFullReq = (SignedData) + cii.getInterpretedContent(); + EncapsulatedContentInfo ci = cmcFullReq.getContentInfo(); OBJECT_IDENTIFIER id = ci.getContentType(); - if (!id.equals(OBJECT_IDENTIFIER.id_cct_PKIData) - || !ci.hasContent()) { - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_NO_PKIDATA")); + if (!id.equals(OBJECT_IDENTIFIER.id_cct_PKIData) || !ci.hasContent()) { + throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_PKIDATA")); } OCTET_STRING content = ci.getContent(); - ByteArrayInputStream s = new ByteArrayInputStream( - content.toByteArray()); + ByteArrayInputStream s = new ByteArrayInputStream(content.toByteArray()); PKIData pkiData = (PKIData) (new PKIData.Template()).decode(s); SEQUENCE controlSequence = pkiData.getControlSequence(); @@ -237,8 +235,7 @@ public class CheckRequest extends CMSServlet { for (int i = 0; i < numControls; i++) { // decode message. - TaggedAttribute taggedAttr = (TaggedAttribute) controlSequence - .elementAt(i); + TaggedAttribute taggedAttr = (TaggedAttribute) controlSequence.elementAt(i); OBJECT_IDENTIFIER type = taggedAttr.getType(); if (type.equals(OBJECT_IDENTIFIER.id_cmc_QueryPending)) { @@ -248,21 +245,19 @@ public class CheckRequest extends CMSServlet { // We only process one for now. if (numReq > 0) { - OCTET_STRING reqId = (OCTET_STRING) ASN1Util - .decode(OCTET_STRING.getTemplate(), - ASN1Util.encode(requestIds - .elementAt(0))); + OCTET_STRING reqId = (OCTET_STRING) + ASN1Util.decode(OCTET_STRING.getTemplate(), + ASN1Util.encode(requestIds.elementAt(0))); requestId = new String(reqId.toByteArray()); } - } else if (type - .equals(OBJECT_IDENTIFIER.id_cmc_transactionId)) { + } else if (type.equals(OBJECT_IDENTIFIER.id_cmc_transactionId)) { transIds = taggedAttr.getValues(); - } else if (type - .equals(OBJECT_IDENTIFIER.id_cmc_recipientNonce)) { + }else if + (type.equals(OBJECT_IDENTIFIER.id_cmc_recipientNonce)) { rNonces = taggedAttr.getValues(); - } else if (type - .equals(OBJECT_IDENTIFIER.id_cmc_senderNonce)) { + } else if + (type.equals(OBJECT_IDENTIFIER.id_cmc_senderNonce)) { sNonces = taggedAttr.getValues(); } } @@ -272,63 +267,56 @@ public class CheckRequest extends CMSServlet { } IArgBlock httpParams = cmsReq.getHttpParams(); - boolean importCert = httpParams.getValueAsBoolean("importCert", false); + boolean importCert = httpParams.getValueAsBoolean("importCert", + false); // xxx need to check why this is not available at startup X509Certificate mCACerts[] = null; try { - mCACerts = ((ICertAuthority) mAuthority).getCACertChain() - .getChain(); + mCACerts = ((ICertAuthority) mAuthority).getCACertChain().getChain(); } catch (Exception e) { throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CA_CHAIN_NOT_AVAILABLE")); + CMS.getUserMessage("CMS_GW_CA_CHAIN_NOT_AVAILABLE")); } if (requestId == null || requestId.trim().equals("")) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_REQUEST_ID_PROVIDED")); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_NO_REQUEST_ID_PROVIDED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_REQUEST_ID_PROVIDED")); + throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_REQUEST_ID_PROVIDED")); } try { Integer.parseInt(requestId); } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "BASE_INVALID_NUMBER_FORMAT_1", requestId)); - throw new EBaseException(CMS.getUserMessage(getLocale(req), - "CMS_BASE_INVALID_NUMBER_FORMAT_1", requestId)); - } + log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT_1", requestId)); + throw new EBaseException( + CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT_1", requestId)); + } IRequest r = mQueue.findRequest(new RequestId(requestId)); if (r == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_REQUEST_ID_NOT_FOUND_1", requestId)); - throw new ECMSGWException(CMS.getUserMessage( - "CMS_GW_REQUEST_ID_NOT_FOUND", requestId)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REQUEST_ID_NOT_FOUND_1", requestId)); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_REQUEST_ID_NOT_FOUND", requestId)); } if (authToken != null) { - // if RA, requestOwner must match the group - String group = authToken.getInString("group"); - if ((group != null) && (group != "")) { - if (group.equals("Registration Manager Agents")) { - boolean groupMatched = false; - String requestOwner = r.getExtDataInString("requestOwner"); - if (requestOwner != null) { - if (requestOwner.equals(group)) - groupMatched = true; - } - if (groupMatched == false) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "BASE_INVALID_NUMBER_FORMAT_1", - requestId.toString())); - throw new EBaseException(CMS.getUserMessage( - getLocale(req), - "CMS_BASE_INVALID_NUMBER_FORMAT_1", requestId)); - } - } + // if RA, requestOwner must match the group + String group = authToken.getInString("group"); + if ((group != null) && (group != "")) { + if (group.equals("Registration Manager Agents")) { + boolean groupMatched = false; + String requestOwner = r.getExtDataInString("requestOwner"); + if (requestOwner != null) { + if (requestOwner.equals(group)) + groupMatched = true; + } + if (groupMatched == false) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT_1", requestId.toString())); + throw new EBaseException( + CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT_1", requestId)); + } } + } } RequestStatus status = r.getRequestStatus(); @@ -339,37 +327,35 @@ public class CheckRequest extends CMSServlet { header.addStringValue(STATUS, status.toString()); header.addLongValue(CREATE_ON, r.getCreationTime().getTime() / 1000); header.addLongValue(UPDATE_ON, r.getModificationTime().getTime() / 1000); - if (note != null && note.length() > 0) + if (note != null && note.length() > 0) header.addStringValue("requestNotes", note); String type = r.getRequestType(); Integer result = r.getExtDataInInteger(IRequest.RESULT); - /* - * if (type.equals(IRequest.ENROLLMENT_REQUEST) && (r.get("profile") != - * null) && status.equals(RequestStatus.COMPLETE)) { X509CertImpl cert = - * (X509CertImpl) r.get(IEnrollProfile.REQUEST_ISSUED_CERT); IArgBlock - * rarg = CMS.createArgBlock(); - * - * rarg.addBigIntegerValue("serialNumber", cert.getSerialNumber(), 16); - * argSet.addRepeatRecord(rarg); } - */ +/* if (type.equals(IRequest.ENROLLMENT_REQUEST) && (r.get("profile") != null) && status.equals(RequestStatus.COMPLETE)) { + X509CertImpl cert = (X509CertImpl) r.get(IEnrollProfile.REQUEST_ISSUED_CERT); + IArgBlock rarg = CMS.createArgBlock(); + + rarg.addBigIntegerValue("serialNumber", + cert.getSerialNumber(), 16); + argSet.addRepeatRecord(rarg); + } +*/ String profileId = r.getExtDataInString("profileId"); if (profileId != null) { - result = IRequest.RES_SUCCESS; + result = IRequest.RES_SUCCESS; } - if ((type != null) - && (type.equals(IRequest.ENROLLMENT_REQUEST) || type - .equals(IRequest.RENEWAL_REQUEST)) && (status != null) - && status.equals(RequestStatus.COMPLETE) && (result != null) - && result.equals(IRequest.RES_SUCCESS)) { + if ((type != null) && (type.equals(IRequest.ENROLLMENT_REQUEST) || + type.equals(IRequest.RENEWAL_REQUEST)) && (status != null) && + status.equals(RequestStatus.COMPLETE) && (result != null) && + result.equals(IRequest.RES_SUCCESS)) { Object o = r.getExtDataInCertArray(IRequest.ISSUED_CERTS); if (profileId != null) { - X509CertImpl impl[] = new X509CertImpl[1]; - impl[0] = r - .getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT); - o = impl; + X509CertImpl impl[] = new X509CertImpl[1]; + impl[0] = r.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT); + o = impl; } if (o != null && (o instanceof X509CertImpl[])) { X509CertImpl[] certs = (X509CertImpl[]) o; @@ -380,25 +366,25 @@ public class CheckRequest extends CMSServlet { IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - certs[i].getSerialNumber(), 16); + certs[i].getSerialNumber(), 16); // add pkcs7 cert for importing if (importCert || isCMCReq) { - // byte[] ba = certs[i].getEncoded(); - X509CertImpl[] certsInChain = new X509CertImpl[1]; - ; + //byte[] ba = certs[i].getEncoded(); + X509CertImpl[] certsInChain = new X509CertImpl[1];; if (mCACerts != null) { for (int ii = 0; ii < mCACerts.length; ii++) { if (certs[i].equals(mCACerts[ii])) { - certsInChain = new X509CertImpl[mCACerts.length]; + certsInChain = new + X509CertImpl[mCACerts.length]; break; } certsInChain = new X509CertImpl[mCACerts.length + 1]; } } - + // Set the EE cert certsInChain[0] = certs[i]; - + // Set the Ca certificate chain if (mCACerts != null) { for (int ii = 0; ii < mCACerts.length; ii++) { @@ -410,10 +396,8 @@ public class CheckRequest extends CMSServlet { String p7Str; try { - PKCS7 p7 = new PKCS7( - new AlgorithmId[0], - new netscape.security.pkcs.ContentInfo( - new byte[0]), + PKCS7 p7 = new PKCS7(new AlgorithmId[0], + new netscape.security.pkcs.ContentInfo(new byte[0]), certsInChain, new netscape.security.pkcs.SignerInfo[0]); ByteArrayOutputStream bos = new ByteArrayOutputStream(); @@ -423,7 +407,7 @@ public class CheckRequest extends CMSServlet { p7Str = CMS.BtoA(p7Bytes); - StringTokenizer tokenizer = null; + StringTokenizer tokenizer = null; if (File.separator.equals("\\")) { char[] nl = new char[2]; @@ -432,22 +416,18 @@ public class CheckRequest extends CMSServlet { nl[1] = 13; String nlstr = new String(nl); - tokenizer = new StringTokenizer(p7Str, - nlstr); + tokenizer = new StringTokenizer(p7Str, nlstr); } else - tokenizer = new StringTokenizer(p7Str, - "\n"); + tokenizer = new StringTokenizer(p7Str, "\n"); StringBuffer res = new StringBuffer(); while (tokenizer.hasMoreTokens()) { - String elem = (String) tokenizer - .nextToken(); + String elem = (String) tokenizer.nextToken(); res.append(elem); } - header.addStringValue("pkcs7ChainBase64", - res.toString()); + header.addStringValue("pkcs7ChainBase64", res.toString()); // compose full response if (isCMCReq) { @@ -457,177 +437,152 @@ public class CheckRequest extends CMSServlet { if (bodyPartId != null) bpids.addElement(bodyPartId); - CMCStatusInfo cmcStatusInfo = new CMCStatusInfo( - CMCStatusInfo.SUCCESS, bpids); - TaggedAttribute ta = new TaggedAttribute( - new INTEGER(bpid++), + CMCStatusInfo cmcStatusInfo = new + CMCStatusInfo(CMCStatusInfo.SUCCESS, bpids); + TaggedAttribute ta = new TaggedAttribute(new + INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(ta); - + // copy transactionID, senderNonce, // create recipientNonce if (transIds != null) { - ta = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_transactionId, - transIds); + ta = new TaggedAttribute(new + INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_transactionId, + transIds); controlSeq.addElement(ta); } - + if (sNonces != null) { - ta = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_recipientNonce, - sNonces); + ta = new TaggedAttribute(new + INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_recipientNonce, + sNonces); controlSeq.addElement(ta); } - + String salt = CMSServlet.generateSalt(); byte[] dig; try { - MessageDigest SHA1Digest = MessageDigest - .getInstance("SHA1"); + MessageDigest SHA1Digest = MessageDigest.getInstance("SHA1"); - dig = SHA1Digest.digest(salt - .getBytes()); + dig = SHA1Digest.digest(salt.getBytes()); } catch (NoSuchAlgorithmException ex) { dig = salt.getBytes(); } String b64E = CMS.BtoA(dig); - String[] newNonce = { b64E }; + String[] newNonce = {b64E}; - ta = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_senderNonce, - new OCTET_STRING(newNonce[0] - .getBytes())); + ta = new TaggedAttribute(new + INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_senderNonce, + new OCTET_STRING(newNonce[0].getBytes())); controlSeq.addElement(ta); - - ResponseBody rb = new ResponseBody( - controlSeq, new SEQUENCE(), - new SEQUENCE()); - EncapsulatedContentInfo ci = new EncapsulatedContentInfo( - OBJECT_IDENTIFIER.id_cct_PKIResponse, + + ResponseBody rb = new ResponseBody(controlSeq, new + SEQUENCE(), new + SEQUENCE()); + EncapsulatedContentInfo ci = new + EncapsulatedContentInfo(OBJECT_IDENTIFIER.id_cct_PKIResponse, rb); - + org.mozilla.jss.crypto.X509Certificate x509cert = null; if (mAuthority instanceof ICertificateAuthority) { - x509cert = ((ICertificateAuthority) mAuthority) - .getCaX509Cert(); - } else if (mAuthority instanceof IRegistrationAuthority) { - x509cert = ((IRegistrationAuthority) mAuthority) - .getRACert(); + x509cert = ((ICertificateAuthority) mAuthority).getCaX509Cert(); + }else if (mAuthority instanceof IRegistrationAuthority) { + x509cert = ((IRegistrationAuthority) mAuthority).getRACert(); } if (x509cert == null) - throw new ECMSGWException( - CMS.getUserMessage( - "CMS_GW_CMC_ERROR", - "No signing cert found.")); - - X509CertImpl cert = new X509CertImpl( - x509cert.getEncoded()); - ByteArrayInputStream issuer1 = new ByteArrayInputStream( - ((X500Name) cert.getIssuerDN()) - .getEncoded()); - Name issuer = (Name) Name.getTemplate() - .decode(issuer1); - IssuerAndSerialNumber ias = new IssuerAndSerialNumber( - issuer, new INTEGER(cert - .getSerialNumber() - .toString())); - SignerIdentifier si = new SignerIdentifier( - SignerIdentifier.ISSUER_AND_SERIALNUMBER, - ias, null); - - // SHA1 is the default digest Alg for - // now. + throw new + ECMSGWException(CMS.getUserMessage("CMS_GW_CMC_ERROR", "No signing cert found.")); + + X509CertImpl cert = new X509CertImpl(x509cert.getEncoded()); + ByteArrayInputStream issuer1 = new + ByteArrayInputStream(((X500Name) cert.getIssuerDN()).getEncoded()); + Name issuer = (Name) Name.getTemplate().decode(issuer1); + IssuerAndSerialNumber ias = new + IssuerAndSerialNumber(issuer, new INTEGER(cert.getSerialNumber().toString())); + SignerIdentifier si = new + SignerIdentifier(SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null); + + // SHA1 is the default digest Alg for now. DigestAlgorithm digestAlg = null; SignatureAlgorithm signAlg = null; - org.mozilla.jss.crypto.PrivateKey privKey = CryptoManager - .getInstance() - .findPrivKeyByCert(x509cert); - org.mozilla.jss.crypto.PrivateKey.Type keyType = privKey - .getType(); - - if (keyType - .equals(org.mozilla.jss.crypto.PrivateKey.RSA)) + org.mozilla.jss.crypto.PrivateKey privKey = CryptoManager.getInstance().findPrivKeyByCert(x509cert); + org.mozilla.jss.crypto.PrivateKey.Type keyType = privKey.getType(); + + if (keyType.equals(org.mozilla.jss.crypto.PrivateKey.RSA)) signAlg = SignatureAlgorithm.RSASignatureWithSHA1Digest; - else if (keyType - .equals(org.mozilla.jss.crypto.PrivateKey.DSA)) + else if (keyType.equals(org.mozilla.jss.crypto.PrivateKey.DSA)) signAlg = SignatureAlgorithm.DSASignatureWithSHA1Digest; MessageDigest SHADigest = null; byte[] digest = null; try { - SHADigest = MessageDigest - .getInstance("SHA1"); + SHADigest = MessageDigest.getInstance("SHA1"); digestAlg = DigestAlgorithm.SHA1; ByteArrayOutputStream ostream = new ByteArrayOutputStream(); rb.encode((OutputStream) ostream); - digest = SHADigest.digest(ostream - .toByteArray()); + digest = SHADigest.digest(ostream.toByteArray()); } catch (NoSuchAlgorithmException ex) { - // log("digest fail"); + //log("digest fail"); } - - org.mozilla.jss.pkix.cms.SignerInfo signInfo = new org.mozilla.jss.pkix.cms.SignerInfo( - si, - null, - null, + + org.mozilla.jss.pkix.cms.SignerInfo signInfo = new + org.mozilla.jss.pkix.cms.SignerInfo(si, null, null, OBJECT_IDENTIFIER.id_cct_PKIResponse, - digest, signAlg, privKey); + digest, signAlg, + privKey); SET signInfos = new SET(); signInfos.addElement(signInfo); - + SET digestAlgs = new SET(); if (digestAlg != null) { - AlgorithmIdentifier ai = new AlgorithmIdentifier( - digestAlg.toOID(), null); + AlgorithmIdentifier ai = new + AlgorithmIdentifier(digestAlg.toOID(), + null); digestAlgs.addElement(ai); } - + SET jsscerts = new SET(); for (int j = 0; j < certsInChain.length; j++) { - ByteArrayInputStream is = new ByteArrayInputStream( - certsInChain[j] - .getEncoded()); - org.mozilla.jss.pkix.cert.Certificate certJss = (org.mozilla.jss.pkix.cert.Certificate) org.mozilla.jss.pkix.cert.Certificate - .getTemplate().decode(is); + ByteArrayInputStream is = new + ByteArrayInputStream(certsInChain[j].getEncoded()); + org.mozilla.jss.pkix.cert.Certificate certJss = (org.mozilla.jss.pkix.cert.Certificate) + org.mozilla.jss.pkix.cert.Certificate.getTemplate().decode(is); jsscerts.addElement(certJss); } - - SignedData fResponse = new SignedData( - digestAlgs, ci, jsscerts, null, - signInfos); - org.mozilla.jss.pkix.cms.ContentInfo fullResponse = new org.mozilla.jss.pkix.cms.ContentInfo( - org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA, - fResponse); - ByteArrayOutputStream ostream = new ByteArrayOutputStream(); - - fullResponse - .encode((OutputStream) ostream); + + SignedData fResponse = new + SignedData(digestAlgs, ci, + jsscerts, null, signInfos); + org.mozilla.jss.pkix.cms.ContentInfo fullResponse = new + org.mozilla.jss.pkix.cms.ContentInfo(org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA, fResponse); + ByteArrayOutputStream ostream = new + ByteArrayOutputStream(); + + fullResponse.encode((OutputStream) ostream); byte[] fr = ostream.toByteArray(); - header.addStringValue(FULL_RESPONSE, - CMS.BtoA(fr)); + header.addStringValue(FULL_RESPONSE, CMS.BtoA(fr)); } } catch (Exception e) { e.printStackTrace(); - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERROR_FORMING_PKCS7_1", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_FORMING_PKCS7_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_FORMING_PKCS7_ERROR")); + CMS.getUserMessage("CMS_GW_FORMING_PKCS7_ERROR")); } } argSet.addRepeatRecord(rarg); @@ -643,21 +598,22 @@ public class CheckRequest extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/IReqParser.java b/pki/base/common/src/com/netscape/cms/servlet/request/IReqParser.java index 85a546ab..0e3974a1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/IReqParser.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/IReqParser.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.request; + import java.util.Locale; import com.netscape.certsrv.base.EBaseException; @@ -24,11 +25,13 @@ import com.netscape.certsrv.base.IArgBlock; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.servlet.common.CMSTemplateParams; + /** - * An interface representing a request parser which converts Java request object - * into name value pairs and vice versa. + * An interface representing a request parser which + * converts Java request object into name value + * pairs and vice versa. * <P> - * + * * @version $Revision$, $Date$ */ public interface IReqParser { @@ -36,6 +39,6 @@ public interface IReqParser { /** * Maps request object into argument block. */ - public void fillRequestIntoArg(Locale l, IRequest req, - CMSTemplateParams argSet, IArgBlock arg) throws EBaseException; + public void fillRequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg) + throws EBaseException; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/KeyReqParser.java b/pki/base/common/src/com/netscape/cms/servlet/request/KeyReqParser.java index 4348a545..459aca63 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/KeyReqParser.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/KeyReqParser.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.request; + import java.math.BigInteger; import java.util.Locale; @@ -28,9 +29,10 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.key.KeyRecordParser; + /** * Output a 'pretty print' of a Key Archival request - * + * * @version $Revision$, $Date$ */ public class KeyReqParser extends ReqParser { @@ -47,8 +49,8 @@ public class KeyReqParser extends ReqParser { /** * Fills in certificate specific request attributes. */ - public void fillRequestIntoArg(Locale l, IRequest req, - CMSTemplateParams argSet, IArgBlock arg) throws EBaseException { + public void fillRequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg) + throws EBaseException { // fill in the standard attributes super.fillRequestIntoArg(l, req, argSet, arg); @@ -56,11 +58,11 @@ public class KeyReqParser extends ReqParser { if (type.equals(IRequest.ENROLLMENT_REQUEST)) { BigInteger recSerialNo = req.getExtDataInBigInteger("keyRecord"); - IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS - .getSubsystem("kra"); + IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority)CMS.getSubsystem("kra"); if (kra != null) { - KeyRecordParser.fillRecordIntoArg(kra.getKeyRepository() - .readKeyRecord(recSerialNo), arg); + KeyRecordParser.fillRecordIntoArg( + kra.getKeyRepository().readKeyRecord(recSerialNo), + arg); } else { throw new EBaseException("KRA is not available"); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java b/pki/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java index b5fe3c4c..76418a99 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.request; + import java.io.IOException; import java.security.NoSuchAlgorithmException; import java.security.cert.Certificate; @@ -78,10 +79,12 @@ import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; import com.netscape.cms.servlet.common.ICMSTemplateFiller; + /** - * Agent operations on Certificate requests. This servlet is used by an Agent to - * approve, reject, reassign, or change a certificate request. - * + * Agent operations on Certificate requests. This servlet is used + * by an Agent to approve, reject, reassign, or change a certificate + * request. + * * @version $Revision$, $Date$ */ public class ProcessCertReq extends CMSServlet { @@ -102,85 +105,101 @@ public class ProcessCertReq extends CMSServlet { private boolean mExtraAgentParams = false; // for RA only since it does not have a database. - private final static String REQ_COMPLETED_TEMPLATE = "ra/RequestCompleted.template"; - private final static String PROP_REQ_COMPLETED_TEMPLATE = "requestCompletedTemplate"; - private final static String PROP_EXTRA_AGENT_PARAMS = "extraAgentParams"; - private static ICMSTemplateFiller REQ_COMPLETED_FILLER = new RAReqCompletedFiller(); + private final static String + REQ_COMPLETED_TEMPLATE = "ra/RequestCompleted.template"; + private final static String + PROP_REQ_COMPLETED_TEMPLATE = "requestCompletedTemplate"; + private final static String + PROP_EXTRA_AGENT_PARAMS = "extraAgentParams"; + private static ICMSTemplateFiller + REQ_COMPLETED_FILLER = new RAReqCompletedFiller(); private String mReqCompletedTemplate = null; - private final static String CERT_TYPE = "certType"; + private final static String + CERT_TYPE = "certType"; private String auditServiceID = ILogger.UNIDENTIFIED; - private final static String AGENT_CA_CLONE_ENROLLMENT_SERVLET = "caProcessCertReq"; - private final static String AGENT_RA_CLONE_ENROLLMENT_SERVLET = "raProcessCertReq"; + private final static String AGENT_CA_CLONE_ENROLLMENT_SERVLET = + "caProcessCertReq"; + private final static String AGENT_RA_CLONE_ENROLLMENT_SERVLET = + "raProcessCertReq"; private final static String SIGNED_AUDIT_ACCEPTANCE = "accept"; private final static String SIGNED_AUDIT_CANCELLATION = "cancel"; private final static String SIGNED_AUDIT_CLONING = "clone"; private final static String SIGNED_AUDIT_REJECTION = "reject"; private final static byte EOL[] = { Character.LINE_SEPARATOR }; - private final static String[] SIGNED_AUDIT_MANUAL_CANCELLATION_REASON = new String[] { - - /* 0 */"manual non-profile cert request cancellation: " - + "request cannot be processed due to an " - + "authorization failure", - - /* 1 */"manual non-profile cert request cancellation: " - + "no reason has been given for cancelling this " - + "cert request", - - /* 2 */"manual non-profile cert request cancellation: " - + "indeterminate reason for inability to process " - + "cert request due to an EBaseException", - - /* 3 */"manual non-profile cert request cancellation: " - + "indeterminate reason for inability to process " - + "cert request due to an IOException", - - /* 4 */"manual non-profile cert request cancellation: " - + "indeterminate reason for inability to process " - + "cert request due to a CertificateException", - - /* 5 */"manual non-profile cert request cancellation: " - + "indeterminate reason for inability to process " - + "cert request due to a NoSuchAlgorithmException" }; - private final static String[] SIGNED_AUDIT_MANUAL_REJECTION_REASON = new String[] { - - /* 0 */"manual non-profile cert request rejection: " - + "request cannot be processed due to an " - + "authorization failure", - - /* 1 */"manual non-profile cert request rejection: " - + "no reason has been given for rejecting this " - + "cert request", - - /* 2 */"manual non-profile cert request rejection: " - + "indeterminate reason for inability to process " - + "cert request due to an EBaseException", - - /* 3 */"manual non-profile cert request rejection: " - + "indeterminate reason for inability to process " - + "cert request due to an IOException", - - /* 4 */"manual non-profile cert request rejection: " - + "indeterminate reason for inability to process " - + "cert request due to a CertificateException", - - /* 5 */"manual non-profile cert request rejection: " - + "indeterminate reason for inability to process " - + "cert request due to a NoSuchAlgorithmException" }; - private final static String LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST = "LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST_5"; - private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; + private final static String[] + SIGNED_AUDIT_MANUAL_CANCELLATION_REASON = new String[] { + + /* 0 */ "manual non-profile cert request cancellation: " + + "request cannot be processed due to an " + + "authorization failure", + + /* 1 */ "manual non-profile cert request cancellation: " + + "no reason has been given for cancelling this " + + "cert request", + + /* 2 */ "manual non-profile cert request cancellation: " + + "indeterminate reason for inability to process " + + "cert request due to an EBaseException", + + /* 3 */ "manual non-profile cert request cancellation: " + + "indeterminate reason for inability to process " + + "cert request due to an IOException", + + /* 4 */ "manual non-profile cert request cancellation: " + + "indeterminate reason for inability to process " + + "cert request due to a CertificateException", + + /* 5 */ "manual non-profile cert request cancellation: " + + "indeterminate reason for inability to process " + + "cert request due to a NoSuchAlgorithmException" + }; + private final static String[] + SIGNED_AUDIT_MANUAL_REJECTION_REASON = new String[] { + + /* 0 */ "manual non-profile cert request rejection: " + + "request cannot be processed due to an " + + "authorization failure", + + /* 1 */ "manual non-profile cert request rejection: " + + "no reason has been given for rejecting this " + + "cert request", + + /* 2 */ "manual non-profile cert request rejection: " + + "indeterminate reason for inability to process " + + "cert request due to an EBaseException", + + /* 3 */ "manual non-profile cert request rejection: " + + "indeterminate reason for inability to process " + + "cert request due to an IOException", + + /* 4 */ "manual non-profile cert request rejection: " + + "indeterminate reason for inability to process " + + "cert request due to a CertificateException", + + /* 5 */ "manual non-profile cert request rejection: " + + "indeterminate reason for inability to process " + + "cert request due to a NoSuchAlgorithmException" + }; + private final static String + LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST = + "LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST_5"; + private final static String + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = + "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; /** * Process request. */ - public ProcessCertReq() throws EBaseException { + public ProcessCertReq() + throws EBaseException { super(); } /** * initialize the servlet. This servlet uses the template file * "processCertReq.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -191,9 +210,10 @@ public class ProcessCertReq extends CMSServlet { String id = sc.getInitParameter(CMSServlet.PROP_ID); if (id != null) { - if (!(auditServiceID.equals(AGENT_CA_CLONE_ENROLLMENT_SERVLET)) - && !(auditServiceID - .equals(AGENT_RA_CLONE_ENROLLMENT_SERVLET))) { + if (!(auditServiceID.equals( + AGENT_CA_CLONE_ENROLLMENT_SERVLET)) + && !(auditServiceID.equals( + AGENT_RA_CLONE_ENROLLMENT_SERVLET))) { auditServiceID = ILogger.UNIDENTIFIED; } else { auditServiceID = id.trim(); @@ -201,20 +221,20 @@ public class ProcessCertReq extends CMSServlet { } mQueue = mAuthority.getRequestQueue(); - mPublisherProcessor = ((ICertAuthority) mAuthority) - .getPublisherProcessor(); + mPublisherProcessor = + ((ICertAuthority) mAuthority).getPublisherProcessor(); mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; mParser = CertReqParser.DETAIL_PARSER; - // override success and error templates to null - + // override success and error templates to null - // handle templates locally. mTemplates.remove(CMSRequest.SUCCESS); try { - mReqCompletedTemplate = sc - .getInitParameter(PROP_REQ_COMPLETED_TEMPLATE); + mReqCompletedTemplate = sc.getInitParameter( + PROP_REQ_COMPLETED_TEMPLATE); if (mReqCompletedTemplate == null) mReqCompletedTemplate = REQ_COMPLETED_TEMPLATE; String tmp = sc.getInitParameter(PROP_EXTRA_AGENT_PARAMS); @@ -232,24 +252,25 @@ public class ProcessCertReq extends CMSServlet { } } + /** * Process the HTTP request. * <ul> - * <li>http.param seqNum request id - * <li>http.param notValidBefore certificate validity - notBefore - in - * seconds since jan 1, 1970 - * <li>http.param notValidAfter certificate validity - notAfter - in seconds - * since jan 1, 1970 - * <li>http.param subject certificate subject name - * <li>http.param toDo requested action (can be one of: clone, reject, - * accept, cancel) + * <li>http.param seqNum request id + * <li>http.param notValidBefore certificate validity + * - notBefore - in seconds since jan 1, 1970 + * <li>http.param notValidAfter certificate validity + * - notAfter - in seconds since jan 1, 1970 + * <li>http.param subject certificate subject name + * <li>http.param toDo requested action + * (can be one of: clone, reject, accept, cancel) * <li>http.param signatureAlgorithm certificate signing algorithm - * <li>http.param addExts base-64, DER encoded Extension or SEQUENCE OF - * Extensions to add to certificate - * <li>http.param pathLenConstraint integer path length constraint to use in - * BasicConstraint extension if applicable + * <li>http.param addExts base-64, DER encoded Extension or + * SEQUENCE OF Extensions to add to certificate + * <li>http.param pathLenConstraint integer path length constraint to + * use in BasicConstraint extension if applicable * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -276,16 +297,15 @@ public class ProcessCertReq extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, - e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } try { if (req.getParameter(SEQNUM) != null) { - CMS.debug("ProcessCertReq: parameter seqNum " - + req.getParameter(SEQNUM)); + CMS.debug( + "ProcessCertReq: parameter seqNum " + req.getParameter(SEQNUM)); seqNum = Integer.parseInt(req.getParameter(SEQNUM)); } String notValidBeforeStr = req.getParameter("notValidBefore"); @@ -306,30 +326,31 @@ public class ProcessCertReq extends CMSServlet { subject = req.getParameter("subject"); signatureAlgorithm = req.getParameter("signatureAlgorithm"); + IRequest r = null; if (seqNum > -1) { - r = mQueue.findRequest(new RequestId(Integer.toString(seqNum))); + r = mQueue.findRequest(new RequestId( + Integer.toString(seqNum))); } - if (seqNum > -1 && r != null) { - processX509(cmsReq, argSet, header, seqNum, req, resp, toDo, - signatureAlgorithm, subject, notValidBefore, - notValidAfter, locale[0], startTime); + if(seqNum > -1 && r != null) + { + processX509(cmsReq, argSet, header, seqNum, req, resp, + toDo, signatureAlgorithm, subject, + notValidBefore, notValidAfter, locale[0], startTime); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_REQUEST_ID_1", - String.valueOf(seqNum))); - error = new ECMSGWException(CMS.getUserMessage( - "CMS_GW_INVALID_REQUEST_ID", String.valueOf(seqNum))); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_REQUEST_ID_1", String.valueOf(seqNum))); + error = new ECMSGWException( + CMS.getUserMessage("CMS_GW_INVALID_REQUEST_ID", + String.valueOf(seqNum))); } } catch (EBaseException e) { error = e; } catch (NumberFormatException e) { log(ILogger.LL_FAILURE, "Error " + e); - error = new EBaseException(CMS.getUserMessage(getLocale(req), - "CMS_BASE_INVALID_NUMBER_FORMAT")); - } + error = new EBaseException(CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT")); + } try { ServletOutputStream out = resp.getOutputStream(); @@ -337,47 +358,46 @@ public class ProcessCertReq extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - String output = form.getOutput(argSet); - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + String output = form.getOutput(argSet); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } - + } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } return; } /** * Process X509 certificate enrollment request and send request information - * to the caller. + * to the caller. * <P> - * + * * (Certificate Request - an "agent" cert request for "cloning") * <P> - * - * (Certificate Request Processed - either a manual "agent" non-profile - * based cert acceptance, a manual "agent" non-profile based cert - * cancellation, or a manual "agent" non-profile based cert rejection) + * + * (Certificate Request Processed - either a manual "agent" non-profile + * based cert acceptance, a manual "agent" non-profile based cert + * cancellation, or a manual "agent" non-profile based cert rejection) * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST used when - * a non-profile cert request is made (before approval process) + * <li>signed.audit LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST used when a + * non-profile cert request is made (before approval process) * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a * certificate request has just been through the approval process * </ul> - * * @param cmsReq a certificate enrollment request * @param argSet CMS template parameters * @param header argument block @@ -385,22 +405,26 @@ public class ProcessCertReq extends CMSServlet { * @param req HTTP servlet request * @param resp HTTP servlet response * @param toDo string representing the requested action (can be one of: - * clone, reject, accept, cancel) + * clone, reject, accept, cancel) * @param signatureAlgorithm string containing the signature algorithm * @param subject string containing the subject name of the certificate - * @param notValidBefore certificate validity - notBefore - in seconds since - * Jan 1, 1970 + * @param notValidBefore certificate validity - notBefore - in seconds + * since Jan 1, 1970 * @param notValidAfter certificate validity - notAfter - in seconds since - * Jan 1, 1970 + * Jan 1, 1970 * @param locale the system locale * @param startTime the current date * @exception EBaseException an error has occurred */ - private void processX509(CMSRequest cmsReq, CMSTemplateParams argSet, - IArgBlock header, int seqNum, HttpServletRequest req, - HttpServletResponse resp, String toDo, String signatureAlgorithm, - String subject, long notValidBefore, long notValidAfter, - Locale locale, long startTime) throws EBaseException { + private void processX509(CMSRequest cmsReq, + CMSTemplateParams argSet, IArgBlock header, + int seqNum, HttpServletRequest req, + HttpServletResponse resp, + String toDo, String signatureAlgorithm, + String subject, + long notValidBefore, long notValidAfter, + Locale locale, long startTime) + throws EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRequesterID = ILogger.UNIDENTIFIED; @@ -410,16 +434,16 @@ public class ProcessCertReq extends CMSServlet { // "normalize" the "auditCertificateSubjectName" if (auditCertificateSubjectName != null) { - // NOTE: This is ok even if the cert subject name is "" (empty)! + // NOTE: This is ok even if the cert subject name is "" (empty)! auditCertificateSubjectName = auditCertificateSubjectName.trim(); } else { - // NOTE: Here, the cert subject name is MISSING, not "" (empty)! + // NOTE: Here, the cert subject name is MISSING, not "" (empty)! auditCertificateSubjectName = ILogger.SIGNED_AUDIT_EMPTY_VALUE; } try { - IRequest r = mQueue.findRequest(new RequestId(Integer - .toString(seqNum))); + IRequest r = mQueue.findRequest(new RequestId( + Integer.toString(seqNum))); if (r != null) { // overwrite "auditRequesterID" if and only if "id" != null @@ -429,7 +453,7 @@ public class ProcessCertReq extends CMSServlet { } } - if (mAuthority != null) + if (mAuthority != null) header.addStringValue("authorityid", mAuthority.getId()); if (toDo != null) { @@ -439,15 +463,15 @@ public class ProcessCertReq extends CMSServlet { try { authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "execute"); + mAuthzResourceName, "execute"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); } if (authzToken == null) { @@ -457,37 +481,45 @@ public class ProcessCertReq extends CMSServlet { if (toDo.equals(SIGNED_AUDIT_CLONING)) { // ("agent" cert request for "cloning") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, - auditSubjectID, ILogger.FAILURE, - auditRequesterID, auditServiceID, - auditCertificateSubjectName); + LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditServiceID, + auditCertificateSubjectName); audit(auditMessage); } else if (toDo.equals(SIGNED_AUDIT_ACCEPTANCE)) { // (manual "agent" cert request processed - "accepted") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, - auditRequesterID, auditInfoName, - ILogger.SIGNED_AUDIT_EMPTY_VALUE); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditInfoName, + ILogger.SIGNED_AUDIT_EMPTY_VALUE); audit(auditMessage); } else if (toDo.equals(SIGNED_AUDIT_CANCELLATION)) { // (manual "agent" cert request processed - "cancelled") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, - auditRequesterID, auditInfoName, - SIGNED_AUDIT_MANUAL_CANCELLATION_REASON[0]); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditInfoName, + SIGNED_AUDIT_MANUAL_CANCELLATION_REASON[0]); audit(auditMessage); } else if (toDo.equals(SIGNED_AUDIT_REJECTION)) { // (manual "agent" cert request processed - "rejected") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, - auditRequesterID, auditInfoName, - SIGNED_AUDIT_MANUAL_REJECTION_REASON[0]); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditInfoName, + SIGNED_AUDIT_MANUAL_REJECTION_REASON[0]); audit(auditMessage); } @@ -498,16 +530,14 @@ public class ProcessCertReq extends CMSServlet { String authMgr = AuditFormat.NOAUTH; if (authToken != null) { - authMgr = authToken - .getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); + authMgr = + authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); } String agentID = authToken.getInString("userid"); - String initiative = AuditFormat.FROMAGENT + " agentID: " - + agentID; + String initiative = AuditFormat.FROMAGENT + " agentID: " + agentID; // Get the certificate info from the request - X509CertInfo certInfo[] = r - .getExtDataInCertInfoArray(IRequest.CERT_INFO); + X509CertInfo certInfo[] = r.getExtDataInCertInfoArray(IRequest.CERT_INFO); header.addStringValue("toDo", toDo); if (toDo.equals("accept")) { @@ -516,95 +546,89 @@ public class ProcessCertReq extends CMSServlet { int alterationCounter = 0; for (int i = 0; i < certInfo.length; i++) { - CertificateAlgorithmId certAlgId = (CertificateAlgorithmId) certInfo[i] - .get(X509CertInfo.ALGORITHM_ID); + CertificateAlgorithmId certAlgId = + (CertificateAlgorithmId) + certInfo[i].get(X509CertInfo.ALGORITHM_ID); - AlgorithmId algId = (AlgorithmId) certAlgId - .get(CertificateAlgorithmId.ALGORITHM); + AlgorithmId algId = (AlgorithmId) + certAlgId.get(CertificateAlgorithmId.ALGORITHM); if (!(algId.getName().equals(signatureAlgorithm))) { alterationCounter++; - AlgorithmId newAlgId = AlgorithmId - .getAlgorithmId(signatureAlgorithm); + AlgorithmId newAlgId = AlgorithmId.getAlgorithmId(signatureAlgorithm); certInfo[i].set(X509CertInfo.ALGORITHM_ID, - new CertificateAlgorithmId(newAlgId)); + new CertificateAlgorithmId(newAlgId)); } - CertificateSubjectName certSubject = (CertificateSubjectName) certInfo[i] - .get(X509CertInfo.SUBJECT); + CertificateSubjectName certSubject = + (CertificateSubjectName) + certInfo[i].get(X509CertInfo.SUBJECT); - if (subject != null - && !(certSubject.toString().equals(subject))) { + if (subject != null && + !(certSubject.toString().equals(subject))) { alterationCounter++; certInfo[i].set(X509CertInfo.SUBJECT, - new CertificateSubjectName( - (new X500Name(subject)))); + new CertificateSubjectName( + (new X500Name(subject)))); } - CertificateValidity certValidity = (CertificateValidity) certInfo[i] - .get(X509CertInfo.VALIDITY); + CertificateValidity certValidity = + (CertificateValidity) + certInfo[i].get(X509CertInfo.VALIDITY); Date currentTime = CMS.getCurrentDate(); boolean validityChanged = false; - // only override these values if agent specified - // them + // only override these values if agent specified them if (notValidBefore > 0) { - Date notBefore = (Date) certValidity - .get(CertificateValidity.NOT_BEFORE); + Date notBefore = (Date) certValidity.get( + CertificateValidity.NOT_BEFORE); - if (notBefore.getTime() == 0 - || notBefore.getTime() != notValidBefore) { + if (notBefore.getTime() == 0 || + notBefore.getTime() != notValidBefore) { Date validFrom = new Date(notValidBefore); - notBefore = (notValidBefore == 0) ? currentTime - : validFrom; - certValidity.set( - CertificateValidity.NOT_BEFORE, - notBefore); + notBefore = (notValidBefore == 0) ? currentTime : validFrom; + certValidity.set(CertificateValidity.NOT_BEFORE, + notBefore); validityChanged = true; } } if (notValidAfter > 0) { Date validTo = new Date(notValidAfter); - Date notAfter = (Date) certValidity - .get(CertificateValidity.NOT_AFTER); + Date notAfter = (Date) + certValidity.get(CertificateValidity.NOT_AFTER); - if (notAfter.getTime() == 0 - || notAfter.getTime() != notValidAfter) { + if (notAfter.getTime() == 0 || + notAfter.getTime() != notValidAfter) { notAfter = currentTime; - notAfter = (notValidAfter == 0) ? currentTime - : validTo; - certValidity.set( - CertificateValidity.NOT_AFTER, - notAfter); + notAfter = (notValidAfter == 0) ? currentTime : validTo; + certValidity.set(CertificateValidity.NOT_AFTER, + notAfter); validityChanged = true; } } if (validityChanged) { - // this set() trigger this rebuild of internal + // this set() trigger this rebuild of internal // raw der encoding cache of X509CertInfo. // Otherwise, the above change wont have effect. - certInfo[i].set(X509CertInfo.VALIDITY, - certValidity); + certInfo[i].set(X509CertInfo.VALIDITY, certValidity); } if (certInfo[i].get(X509CertInfo.VERSION) == null) { certInfo[i].set(X509CertInfo.VERSION, - new CertificateVersion( - CertificateVersion.V3)); + new CertificateVersion( + CertificateVersion.V3)); } CertificateExtensions extensions = null; try { - extensions = (CertificateExtensions) certInfo[i] - .get(X509CertInfo.EXTENSIONS); + extensions = (CertificateExtensions) + certInfo[i].get(X509CertInfo.EXTENSIONS); } catch (Exception e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERROR_PARSING_EXTENS", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_PARSING_EXTENS", e.toString())); } // 99/08/31 #361906 - handling additional extensions @@ -613,131 +637,104 @@ public class ProcessCertReq extends CMSServlet { if (addExts != null && !addExts.trim().equals("")) { Vector extsToBeAdded = new Vector(); - byte[] b = (byte[]) (com.netscape.osutil.OSUtil - .AtoB(addExts)); + byte[] b = (byte[]) (com.netscape.osutil.OSUtil.AtoB(addExts)); - // this b can be "Extension" Or - // "SEQUENCE OF Extension" + // this b can be "Extension" Or "SEQUENCE OF Extension" try { DerValue b_der = new DerValue(b); while (b_der.data.available() != 0) { - Extension de = new Extension( - b_der.data.getDerValue()); + Extension de = new Extension(b_der.data.getDerValue()); extsToBeAdded.addElement(de); } } catch (IOException e) { // it could be a single extension - Extension de = new Extension( - new DerValue(b)); + Extension de = new Extension(new DerValue(b)); extsToBeAdded.addElement(de); } if (extsToBeAdded.size() > 0) { if (extensions == null) { extensions = new CertificateExtensions(); - certInfo[i].set( - X509CertInfo.EXTENSIONS, - extensions); + certInfo[i].set(X509CertInfo.EXTENSIONS, extensions); } for (int j = 0; j < extsToBeAdded.size(); j++) { - Extension theExt = (Extension) extsToBeAdded - .elementAt(j); + Extension theExt = (Extension) extsToBeAdded.elementAt(j); - extensions.set(theExt.getExtensionId() - .toString(), theExt); + extensions.set(theExt.getExtensionId().toString(), theExt); } } } if (extensions != null) { try { - NSCertTypeExtension nsExtensions = (NSCertTypeExtension) extensions - .get(NSCertTypeExtension.NAME); + NSCertTypeExtension nsExtensions = + (NSCertTypeExtension) + extensions.get( + NSCertTypeExtension.NAME); if (nsExtensions != null) { updateNSExtension(req, nsExtensions); - } + } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage( - "CMSGW_ERROR_PROCESS_NETSCAPE_EXTENSION", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_PROCESS_NETSCAPE_EXTENSION", e.toString())); } - String pathLength = req - .getParameter("pathLenConstraint"); + String pathLength = req.getParameter("pathLenConstraint"); if (pathLength != null) { try { - int pathLen = Integer - .parseInt(pathLength); - BasicConstraintsExtension bcExt = (BasicConstraintsExtension) extensions - .get(BasicConstraintsExtension.NAME); + int pathLen = Integer.parseInt(pathLength); + BasicConstraintsExtension bcExt = + (BasicConstraintsExtension) + extensions.get( + BasicConstraintsExtension.NAME); if (bcExt != null) { - Integer bcPathLen = (Integer) bcExt - .get(BasicConstraintsExtension.PATH_LEN); - Boolean isCA = (Boolean) bcExt - .get(BasicConstraintsExtension.IS_CA); - - if (bcPathLen != null - && bcPathLen.intValue() != pathLen - && isCA != null) { - BasicConstraintsExtension bcExt0 = new BasicConstraintsExtension( - isCA.booleanValue(), - pathLen); - - extensions - .delete(BasicConstraintsExtension.NAME); - extensions - .set(BasicConstraintsExtension.NAME, - (Extension) bcExt0); + Integer bcPathLen = (Integer) bcExt.get(BasicConstraintsExtension.PATH_LEN); + Boolean isCA = (Boolean) bcExt.get(BasicConstraintsExtension.IS_CA); + + if (bcPathLen != null && + bcPathLen.intValue() != pathLen && + isCA != null) { + BasicConstraintsExtension bcExt0 = + new BasicConstraintsExtension(isCA.booleanValue(), pathLen); + + extensions.delete(BasicConstraintsExtension.NAME); + extensions.set(BasicConstraintsExtension.NAME, (Extension) bcExt0); alterationCounter++; } } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage( - "CMSGW_ERROR_PROCESS_CONSTRAINTS_EXTENSION", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_PROCESS_CONSTRAINTS_EXTENSION", e.toString())); } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage( - "CMSGW_ERROR_PROCESS_CONSTRAINTS_EXTENSION", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_PROCESS_CONSTRAINTS_EXTENSION", e.toString())); } } // handle Presence Server Extension - String PSE_Enable = req - .getParameter("PSE_Enable"); + String PSE_Enable = req.getParameter("PSE_Enable"); if (PSE_Enable != null) { - boolean Critical = (req - .getParameter("PSE_Critical") != null); + boolean Critical = (req.getParameter("PSE_Critical") != null); int Version = 0; try { - Version = Integer.parseInt(req - .getParameter("PSE_Version")); + Version = Integer.parseInt(req.getParameter("PSE_Version")); } catch (Exception e1) { } - String StreetAddress = req - .getParameter("PSE_StreetAddress"); + String StreetAddress = req.getParameter("PSE_StreetAddress"); if (StreetAddress == null) { StreetAddress = ""; } - String TelephoneNumber = req - .getParameter("PSE_TelephoneNumber"); + String TelephoneNumber = req.getParameter("PSE_TelephoneNumber"); if (TelephoneNumber == null) { TelephoneNumber = ""; } - String RFC822Name = req - .getParameter("PSE_RFC822Name"); + String RFC822Name = req.getParameter("PSE_RFC822Name"); if (RFC822Name == null) { RFC822Name = ""; @@ -747,8 +744,7 @@ public class ProcessCertReq extends CMSServlet { if (IMID == null) { IMID = ""; } - String HostName = req - .getParameter("PSE_HostName"); + String HostName = req.getParameter("PSE_HostName"); if (HostName == null) { HostName = ""; @@ -756,80 +752,61 @@ public class ProcessCertReq extends CMSServlet { int PortNumber = 0; try { - PortNumber = Integer - .parseInt(req - .getParameter("PSE_PortNumber")); + PortNumber = Integer.parseInt(req.getParameter("PSE_PortNumber")); } catch (Exception e1) { } int MaxUsers = 0; try { - MaxUsers = Integer.parseInt(req - .getParameter("PSE_MaxUsers")); + MaxUsers = Integer.parseInt(req.getParameter("PSE_MaxUsers")); } catch (Exception e1) { } int ServiceLevel = 0; try { - ServiceLevel = Integer - .parseInt(req - .getParameter("PSE_ServiceLevel")); + ServiceLevel = Integer.parseInt(req.getParameter("PSE_ServiceLevel")); } catch (Exception e1) { } // create extension - PresenceServerExtension pseExt = new PresenceServerExtension( - Critical, Version, StreetAddress, - TelephoneNumber, RFC822Name, IMID, - HostName, PortNumber, MaxUsers, - ServiceLevel); - - extensions.set(pseExt.getExtensionId() - .toString(), pseExt); + PresenceServerExtension pseExt = new PresenceServerExtension(Critical, Version, StreetAddress, TelephoneNumber, RFC822Name, IMID, HostName, PortNumber, MaxUsers, ServiceLevel); + + extensions.set(pseExt.getExtensionId().toString(), pseExt); } if (mExtraAgentParams) { - Enumeration extraparams = req - .getParameterNames(); + Enumeration extraparams = req.getParameterNames(); int l = IRequest.AGENT_PARAMS.length() + 1; int ap_counter = 0; Hashtable agentparamsargblock = new Hashtable(); if (extraparams != null) { while (extraparams.hasMoreElements()) { - String s = (String) extraparams - .nextElement(); + String s = (String) extraparams.nextElement(); if (s.startsWith(IRequest.AGENT_PARAMS)) { - String param_value = req - .getParameter(s); + String param_value = req.getParameter(s); if (param_value != null) { - String new_name = s - .substring(l); + String new_name = s.substring(l); - agentparamsargblock.put( - new_name, - param_value); + agentparamsargblock.put(new_name, param_value); ap_counter += 1; } } } } if (ap_counter > 0) { - r.setExtData(IRequest.AGENT_PARAMS, - agentparamsargblock); + r.setExtData(IRequest.AGENT_PARAMS, agentparamsargblock); alterationCounter++; } } - // this set() trigger this rebuild of internal + // this set() trigger this rebuild of internal // raw der encoding cache of X509CertInfo. // Otherwise, the above change wont have effect. - certInfo[i].set(X509CertInfo.EXTENSIONS, - extensions); + certInfo[i].set(X509CertInfo.EXTENSIONS, extensions); } - alterationCounter += updateExtensionsInRequest(req, - r); + alterationCounter += updateExtensionsInRequest(req, r); } if (alterationCounter > 0) { mQueue.updateRequest(r); @@ -841,87 +818,100 @@ public class ProcessCertReq extends CMSServlet { if (r.getRequestStatus().equals(RequestStatus.PENDING)) { cmsReq.setResult(r); cmsReq.setStatus(CMSRequest.PENDING); - if (certInfo != null) { + if (certInfo != null) { for (int i = 0; i < certInfo.length; i++) { - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "pending", - certInfo[i] - .get(X509CertInfo.SUBJECT), - "" }); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "pending", + certInfo[i].get(X509CertInfo.SUBJECT), + ""} + ); } } else { if (subject != null) { - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { r.getRequestType(), - r.getRequestId(), initiative, - authMgr, "pending", subject, "" }); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "pending", + subject, + ""} + ); } else { - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { r.getRequestType(), - r.getRequestId(), initiative, - authMgr, "pending" }); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.NODNFORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "pending"} + ); } } } else if (r.getRequestStatus().equals( - RequestStatus.APPROVED) - || r.getRequestStatus().equals( - RequestStatus.SVC_PENDING)) { + RequestStatus.APPROVED) || + r.getRequestStatus().equals( + RequestStatus.SVC_PENDING)) { cmsReq.setResult(r); cmsReq.setStatus(CMSRequest.SVC_PENDING); if (certInfo != null) { for (int i = 0; i < certInfo.length; i++) { - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - r.getRequestStatus(), - certInfo[i] - .get(X509CertInfo.SUBJECT), - "" }); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + r.getRequestStatus(), + certInfo[i].get(X509CertInfo.SUBJECT), + ""} + ); } } else { if (subject != null) { - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { r.getRequestType(), - r.getRequestId(), initiative, - authMgr, r.getRequestStatus(), - subject, "" }); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + r.getRequestStatus(), + subject, + ""} + ); } else { - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { r.getRequestType(), - r.getRequestId(), initiative, - authMgr, r.getRequestStatus() }); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.NODNFORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + r.getRequestStatus()} + ); } } } else if (r.getRequestStatus().equals( @@ -930,98 +920,100 @@ public class ProcessCertReq extends CMSServlet { // XXX make the repeat record. // Get the certificate(s) from the request - X509CertImpl issuedCerts[] = r - .getExtDataInCertArray(IRequest.ISSUED_CERTS); + X509CertImpl issuedCerts[] = + r.getExtDataInCertArray(IRequest.ISSUED_CERTS); - // return potentially more than one certificates. + // return potentially more than one certificates. if (issuedCerts != null) { long endTime = CMS.getCurrentDate().getTime(); StringBuffer sbuf = new StringBuffer(); - // header.addBigIntegerValue("serialNumber", - // issuedCerts[0].getSerialNumber(),16); + //header.addBigIntegerValue("serialNumber", + //issuedCerts[0].getSerialNumber(),16); for (int i = 0; i < issuedCerts.length; i++) { - if (i != 0) + if (i != 0) sbuf.append(", "); - sbuf.append("0x" - + issuedCerts[i].getSerialNumber() - .toString(16)); - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "completed", - issuedCerts[i].getSubjectDN(), - "cert issued serial number: 0x" - + issuedCerts[i] - .getSerialNumber() - .toString(16) - + " time: " - + (endTime - startTime) }); + sbuf.append("0x" + + issuedCerts[i].getSerialNumber().toString(16)); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "completed", + issuedCerts[i].getSubjectDN(), + "cert issued serial number: 0x" + + issuedCerts[i].getSerialNumber().toString(16) + " time: " + (endTime - startTime)} + ); // store a message in the signed audit log file // (one for each manual "agent" - // cert request processed - "accepted") - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - auditInfoName, - auditInfoCertValue(issuedCerts[i])); + // cert request processed - "accepted") + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + auditInfoName, + auditInfoCertValue(issuedCerts[i])); audit(auditMessage); } - header.addStringValue("serialNumber", - sbuf.toString()); + header.addStringValue( + "serialNumber", sbuf.toString()); } else { if (subject != null) { - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { r.getRequestType(), - r.getRequestId(), initiative, - authMgr, "completed", subject, - "" }); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "completed", + subject, + ""} + ); } else { - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { r.getRequestType(), - r.getRequestId(), initiative, - authMgr, "completed" }); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.NODNFORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "completed"} + ); } // store a message in the signed audit log file // (manual "agent" cert request processed - // - "accepted") - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, ILogger.SUCCESS, - auditRequesterID, auditInfoName, - ILogger.SIGNED_AUDIT_EMPTY_VALUE); + // - "accepted") + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + auditInfoName, + ILogger.SIGNED_AUDIT_EMPTY_VALUE); audit(auditMessage); } - // grant trusted manager or agent privileges + // grant trusted manager or agent privileges Object grantError = null; - try { - int res = grant_privileges(cmsReq, r, issuedCerts, - header); + try { + int res = grant_privileges( + cmsReq, r, issuedCerts, header); if (res != 0) { header.addStringValue(GRANT_ERROR, "SUCCESS"); @@ -1035,41 +1027,45 @@ public class ProcessCertReq extends CMSServlet { // if this is a RA, show the certificate right away // since ther is no cert database. /* - * if (mAuthority instanceof RegistrationAuthority) { - * Object[] results = new Object[] { issuedCerts, - * grantError }; cmsReq.setResult(results); - * renderTemplate(cmsReq, mReqCompletedTemplate, - * REQ_COMPLETED_FILLER); - * - * return; } + if (mAuthority instanceof RegistrationAuthority) { + Object[] results = + new Object[] { issuedCerts, grantError }; + cmsReq.setResult(results); + renderTemplate(cmsReq, + mReqCompletedTemplate, REQ_COMPLETED_FILLER); + + return; + } */ cmsReq.setResult(r); String scheme = req.getScheme(); - if (scheme.equals("http") && connectionIsSSL(req)) - scheme = "https"; + if (scheme.equals("http") && + connectionIsSSL(req)) scheme = "https"; - /* - * header.addStringValue( "authorityid", - * mAuthority.getId()); - * header.addStringValue("serviceURL", scheme +"://"+ - * req.getServerName() + ":"+ req.getServerPort() + - * req.getRequestURI()); - */ + /* + header.addStringValue( + "authorityid", mAuthority.getId()); + header.addStringValue("serviceURL", scheme +"://"+ + req.getServerName() + ":"+ + req.getServerPort() + + req.getRequestURI()); + */ - if (mPublisherProcessor != null - && mPublisherProcessor.ldapEnabled()) { + if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) { header.addStringValue("dirEnabled", "yes"); - Integer[] ldapPublishStatus = r - .getExtDataInIntegerArray("ldapPublishStatus"); + Integer[] ldapPublishStatus = + r.getExtDataInIntegerArray("ldapPublishStatus"); int certsUpdated = 0; if (ldapPublishStatus != null) { - for (int i = 0; i < ldapPublishStatus.length; i++) { - if (ldapPublishStatus[i] == IRequest.RES_SUCCESS) { + for (int i = 0; + i < ldapPublishStatus.length; i++) { + if (ldapPublishStatus[i] == + IRequest.RES_SUCCESS) { certsUpdated++; } } @@ -1085,50 +1081,59 @@ public class ProcessCertReq extends CMSServlet { mQueue.rejectRequest(r); if (certInfo != null) { for (int i = 0; i < certInfo.length; i++) { - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "rejected", - certInfo[i] - .get(X509CertInfo.SUBJECT), - "" }); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "rejected", + certInfo[i].get(X509CertInfo.SUBJECT), + ""} + ); } } else { if (subject != null) { - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { r.getRequestType(), - r.getRequestId(), initiative, - authMgr, "rejected", subject, "" }); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "rejected", + subject, + ""} + ); } else { - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { r.getRequestType(), - r.getRequestId(), initiative, - authMgr, "rejected" }); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.NODNFORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "rejected"} + ); } } // store a message in the signed audit log file // (manual "agent" cert request processed - "rejected") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, ILogger.SUCCESS, auditRequesterID, - auditInfoName, - SIGNED_AUDIT_MANUAL_REJECTION_REASON[1]); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + auditInfoName, + SIGNED_AUDIT_MANUAL_REJECTION_REASON[1]); audit(auditMessage); @@ -1137,40 +1142,47 @@ public class ProcessCertReq extends CMSServlet { if (certInfo != null) { for (int i = 0; i < certInfo.length; i++) { - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "canceled", - certInfo[i] - .get(X509CertInfo.SUBJECT), - "" }); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "canceled", + certInfo[i].get(X509CertInfo.SUBJECT), + ""} + ); } } else { if (subject != null) { - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { r.getRequestType(), - r.getRequestId(), initiative, - authMgr, "canceled", subject, "" }); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "canceled", + subject, + ""} + ); } else { - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { r.getRequestType(), - r.getRequestId(), initiative, - authMgr, "canceled" }); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.NODNFORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "canceled"} + ); } } @@ -1178,91 +1190,90 @@ public class ProcessCertReq extends CMSServlet { // store a message in the signed audit log file // (manual "agent" cert request processed - "cancelled") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, ILogger.SUCCESS, auditRequesterID, - auditInfoName, - SIGNED_AUDIT_MANUAL_CANCELLATION_REASON[1]); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + auditInfoName, + SIGNED_AUDIT_MANUAL_CANCELLATION_REASON[1]); audit(auditMessage); } else if (toDo.equals("clone")) { IRequest clonedRequest = mQueue.cloneAndMarkPending(r); - header.addStringValue("clonedRequestId", clonedRequest - .getRequestId().toString()); + header.addStringValue("clonedRequestId", + clonedRequest.getRequestId().toString()); if (certInfo != null) { for (int i = 0; i < certInfo.length; i++) { - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "cloned to reqID: " - + clonedRequest - .getRequestId() - .toString(), - certInfo[i] - .get(X509CertInfo.SUBJECT), - "" }); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "cloned to reqID: " + + clonedRequest.getRequestId().toString(), + certInfo[i].get(X509CertInfo.SUBJECT), + ""} + ); } } else { if (subject != null) { - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "cloned to reqID: " - + clonedRequest - .getRequestId() - .toString(), - subject, "" }); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "cloned to reqID: " + + clonedRequest.getRequestId().toString(), + subject, + ""} + ); } else { - mLogger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "cloned to reqID: " - + clonedRequest - .getRequestId() - .toString() }); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.NODNFORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "cloned to reqID: " + + clonedRequest.getRequestId().toString()} + ); } } // store a message in the signed audit log file // ("agent" cert request for "cloning") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, - auditSubjectID, ILogger.SUCCESS, auditRequesterID, - auditServiceID, auditCertificateSubjectName); + LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + auditServiceID, + auditCertificateSubjectName); audit(auditMessage); } } - // add authority names to know what privileges can be requested. - if (CMS.getSubsystem("kra") != null) + // add authority names to know what privileges can be requested. + if (CMS.getSubsystem("kra") != null) header.addStringValue("localkra", "yes"); - if (CMS.getSubsystem("ca") != null) + if (CMS.getSubsystem("ca") != null) header.addStringValue("localca", "yes"); - if (CMS.getSubsystem("ra") != null) + if (CMS.getSubsystem("ra") != null) header.addStringValue("localra", "yes"); header.addIntegerValue("seqNum", seqNum); @@ -1272,44 +1283,52 @@ public class ProcessCertReq extends CMSServlet { if (rid != null) header.addStringValue("remoteReqID", rid); } catch (EBaseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString())); // store a message in the signed audit log file if (toDo != null) { if (toDo.equals(SIGNED_AUDIT_CLONING)) { // ("agent" cert request for "cloning") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, - auditSubjectID, ILogger.FAILURE, auditRequesterID, - auditServiceID, auditCertificateSubjectName); + LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditServiceID, + auditCertificateSubjectName); audit(auditMessage); } else if (toDo.equals(SIGNED_AUDIT_ACCEPTANCE)) { // (manual "agent" cert request processed - "accepted") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, auditRequesterID, - auditInfoName, ILogger.SIGNED_AUDIT_EMPTY_VALUE); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditInfoName, + ILogger.SIGNED_AUDIT_EMPTY_VALUE); audit(auditMessage); } else if (toDo.equals(SIGNED_AUDIT_CANCELLATION)) { // (manual "agent" cert request processed - "cancelled") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, auditRequesterID, - auditInfoName, - SIGNED_AUDIT_MANUAL_CANCELLATION_REASON[2]); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditInfoName, + SIGNED_AUDIT_MANUAL_CANCELLATION_REASON[2]); audit(auditMessage); } else if (toDo.equals(SIGNED_AUDIT_REJECTION)) { // (manual "agent" cert request processed - "rejected") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, auditRequesterID, - auditInfoName, - SIGNED_AUDIT_MANUAL_REJECTION_REASON[2]); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditInfoName, + SIGNED_AUDIT_MANUAL_REJECTION_REASON[2]); audit(auditMessage); } @@ -1317,149 +1336,172 @@ public class ProcessCertReq extends CMSServlet { throw e; } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString())); // store a message in the signed audit log file if (toDo != null) { if (toDo.equals(SIGNED_AUDIT_CLONING)) { // ("agent" cert request for "cloning") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, - auditSubjectID, ILogger.FAILURE, auditRequesterID, - auditServiceID, auditCertificateSubjectName); + LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditServiceID, + auditCertificateSubjectName); audit(auditMessage); } else if (toDo.equals(SIGNED_AUDIT_ACCEPTANCE)) { // (manual "agent" cert request processed - "accepted") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, auditRequesterID, - auditInfoName, ILogger.SIGNED_AUDIT_EMPTY_VALUE); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditInfoName, + ILogger.SIGNED_AUDIT_EMPTY_VALUE); audit(auditMessage); } else if (toDo.equals(SIGNED_AUDIT_CANCELLATION)) { // (manual "agent" cert request processed - "cancelled") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, auditRequesterID, - auditInfoName, - SIGNED_AUDIT_MANUAL_CANCELLATION_REASON[3]); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditInfoName, + SIGNED_AUDIT_MANUAL_CANCELLATION_REASON[3]); audit(auditMessage); } else if (toDo.equals(SIGNED_AUDIT_REJECTION)) { // (manual "agent" cert request processed - "rejected") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, auditRequesterID, - auditInfoName, - SIGNED_AUDIT_MANUAL_REJECTION_REASON[3]); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditInfoName, + SIGNED_AUDIT_MANUAL_REJECTION_REASON[3]); audit(auditMessage); } } throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_ENCODING_ISSUED_CERT_ERROR")); + CMS.getUserMessage("CMS_GW_ENCODING_ISSUED_CERT_ERROR")); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString())); // store a message in the signed audit log file if (toDo != null) { if (toDo.equals(SIGNED_AUDIT_CLONING)) { // ("agent" cert request for "cloning") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, - auditSubjectID, ILogger.FAILURE, auditRequesterID, - auditServiceID, auditCertificateSubjectName); + LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditServiceID, + auditCertificateSubjectName); audit(auditMessage); } else if (toDo.equals(SIGNED_AUDIT_ACCEPTANCE)) { // (manual "agent" cert request processed - "accepted") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, auditRequesterID, - auditInfoName, ILogger.SIGNED_AUDIT_EMPTY_VALUE); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditInfoName, + ILogger.SIGNED_AUDIT_EMPTY_VALUE); audit(auditMessage); } else if (toDo.equals(SIGNED_AUDIT_CANCELLATION)) { // (manual "agent" cert request processed - "cancelled") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, auditRequesterID, - auditInfoName, - SIGNED_AUDIT_MANUAL_CANCELLATION_REASON[4]); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditInfoName, + SIGNED_AUDIT_MANUAL_CANCELLATION_REASON[4]); audit(auditMessage); } else if (toDo.equals(SIGNED_AUDIT_REJECTION)) { // (manual "agent" cert request processed - "rejected") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, auditRequesterID, - auditInfoName, - SIGNED_AUDIT_MANUAL_REJECTION_REASON[4]); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditInfoName, + SIGNED_AUDIT_MANUAL_REJECTION_REASON[4]); audit(auditMessage); } } throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_ENCODING_ISSUED_CERT_ERROR")); + CMS.getUserMessage("CMS_GW_ENCODING_ISSUED_CERT_ERROR")); } catch (NoSuchAlgorithmException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString())); // store a message in the signed audit log file if (toDo != null) { if (toDo.equals(SIGNED_AUDIT_CLONING)) { // ("agent" cert request for "cloning") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, - auditSubjectID, ILogger.FAILURE, auditRequesterID, - auditServiceID, auditCertificateSubjectName); + LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditServiceID, + auditCertificateSubjectName); audit(auditMessage); } else if (toDo.equals(SIGNED_AUDIT_ACCEPTANCE)) { // (manual "agent" cert request processed - "accepted") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, auditRequesterID, - auditInfoName, ILogger.SIGNED_AUDIT_EMPTY_VALUE); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditInfoName, + ILogger.SIGNED_AUDIT_EMPTY_VALUE); audit(auditMessage); } else if (toDo.equals(SIGNED_AUDIT_CANCELLATION)) { // (manual "agent" cert request processed - "cancelled") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, auditRequesterID, - auditInfoName, - SIGNED_AUDIT_MANUAL_CANCELLATION_REASON[5]); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditInfoName, + SIGNED_AUDIT_MANUAL_CANCELLATION_REASON[5]); audit(auditMessage); } else if (toDo.equals(SIGNED_AUDIT_REJECTION)) { // (manual "agent" cert request processed - "rejected") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, ILogger.FAILURE, auditRequesterID, - auditInfoName, - SIGNED_AUDIT_MANUAL_REJECTION_REASON[5]); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditInfoName, + SIGNED_AUDIT_MANUAL_REJECTION_REASON[5]); audit(auditMessage); } } - throw new EBaseException(CMS.getUserMessage(locale, - "CMS_BASE_INTERNAL_ERROR", e.toString())); + throw new EBaseException(CMS.getUserMessage(locale, "CMS_BASE_INTERNAL_ERROR", e.toString())); } return; } - - private void updateNSExtension(HttpServletRequest req, - NSCertTypeExtension ext) throws IOException { + + private void updateNSExtension(HttpServletRequest req, + NSCertTypeExtension ext) throws IOException { try { if (req.getParameter("certTypeSSLServer") == null) { @@ -1481,11 +1523,9 @@ public class ProcessCertReq extends CMSServlet { } if (req.getParameter("certTypeObjSigning") == null) { - ext.set(NSCertTypeExtension.OBJECT_SIGNING, - Boolean.valueOf(false)); + ext.set(NSCertTypeExtension.OBJECT_SIGNING, Boolean.valueOf(false)); } else { - ext.set(NSCertTypeExtension.OBJECT_SIGNING, - Boolean.valueOf(true)); + ext.set(NSCertTypeExtension.OBJECT_SIGNING, Boolean.valueOf(true)); } if (req.getParameter("certTypeEmailCA") == null) { @@ -1501,111 +1541,115 @@ public class ProcessCertReq extends CMSServlet { } if (req.getParameter("certTypeObjSigningCA") == null) { - ext.set(NSCertTypeExtension.OBJECT_SIGNING_CA, - Boolean.valueOf(false)); + ext.set(NSCertTypeExtension.OBJECT_SIGNING_CA, Boolean.valueOf(false)); } else { - ext.set(NSCertTypeExtension.OBJECT_SIGNING_CA, - Boolean.valueOf(true)); + ext.set(NSCertTypeExtension.OBJECT_SIGNING_CA, Boolean.valueOf(true)); } } catch (CertificateException e) { } } /** - * This method sets extensions parameter into the request so that the - * NSCertTypeExtension policy creates new NSCertTypExtension with this - * setting. Note that this setting will not be used if the NSCertType - * Extension already exist in CertificateExtension. In that case, - * updateExtensions() will be called to set the extension parameter into the - * extension directly. + * This method sets extensions parameter into the request so + * that the NSCertTypeExtension policy creates new + * NSCertTypExtension with this setting. Note that this + * setting will not be used if the NSCertType Extension + * already exist in CertificateExtension. In that case, + * updateExtensions() will be called to set the extension + * parameter into the extension directly. */ private int updateExtensionsInRequest(HttpServletRequest req, IRequest r) { int nChanges = 0; - if (req.getParameter("certTypeSSLServer") != null) { - r.setExtData(NSCertTypeExtension.SSL_SERVER, "true"); - nChanges++; - } else { - r.deleteExtData(NSCertTypeExtension.SSL_SERVER); - nChanges++; - } + if (req.getParameter("certTypeSSLServer") != null) { + r.setExtData(NSCertTypeExtension.SSL_SERVER, "true"); + nChanges++; + } else { + r.deleteExtData(NSCertTypeExtension.SSL_SERVER); + nChanges++; + } - if (req.getParameter("certTypeSSLClient") != null) { - r.setExtData(NSCertTypeExtension.SSL_CLIENT, "true"); - nChanges++; - } else { - r.deleteExtData(NSCertTypeExtension.SSL_CLIENT); - nChanges++; - } + if (req.getParameter("certTypeSSLClient") != null) { + r.setExtData(NSCertTypeExtension.SSL_CLIENT, "true"); + nChanges++; + } else { + r.deleteExtData(NSCertTypeExtension.SSL_CLIENT); + nChanges++; + } - if (req.getParameter("certTypeEmail") != null) { - r.setExtData(NSCertTypeExtension.EMAIL, "true"); - nChanges++; - } else { - r.deleteExtData(NSCertTypeExtension.EMAIL); - nChanges++; - } + if (req.getParameter("certTypeEmail") != null) { + r.setExtData(NSCertTypeExtension.EMAIL, "true"); + nChanges++; + } else { + r.deleteExtData(NSCertTypeExtension.EMAIL); + nChanges++; + } - if (req.getParameter("certTypeObjSigning") != null) { - r.setExtData(NSCertTypeExtension.OBJECT_SIGNING, "true"); - nChanges++; - } else { - r.deleteExtData(NSCertTypeExtension.OBJECT_SIGNING); - nChanges++; - } + if (req.getParameter("certTypeObjSigning") != null) { + r.setExtData(NSCertTypeExtension.OBJECT_SIGNING, "true"); + nChanges++; + } else { + r.deleteExtData(NSCertTypeExtension.OBJECT_SIGNING); + nChanges++; + } - if (req.getParameter("certTypeEmailCA") != null) { - r.setExtData(NSCertTypeExtension.EMAIL_CA, "true"); - nChanges++; - } else { - r.deleteExtData(NSCertTypeExtension.EMAIL_CA); - nChanges++; - } + if (req.getParameter("certTypeEmailCA") != null) { + r.setExtData(NSCertTypeExtension.EMAIL_CA, "true"); + nChanges++; + } else { + r.deleteExtData(NSCertTypeExtension.EMAIL_CA); + nChanges++; + } - if (req.getParameter("certTypeSSLCA") != null) { - r.setExtData(NSCertTypeExtension.SSL_CA, "true"); - nChanges++; - } else { - r.deleteExtData(NSCertTypeExtension.SSL_CA); - nChanges++; - } + if (req.getParameter("certTypeSSLCA") != null) { + r.setExtData(NSCertTypeExtension.SSL_CA, "true"); + nChanges++; + } else { + r.deleteExtData(NSCertTypeExtension.SSL_CA); + nChanges++; + } - if (req.getParameter("certTypeObjSigningCA") != null) { - r.setExtData(NSCertTypeExtension.OBJECT_SIGNING_CA, "true"); - nChanges++; - } else { - r.deleteExtData(NSCertTypeExtension.OBJECT_SIGNING_CA); - nChanges++; - } + if (req.getParameter("certTypeObjSigningCA") != null) { + r.setExtData(NSCertTypeExtension.OBJECT_SIGNING_CA, "true"); + nChanges++; + } else { + r.deleteExtData(NSCertTypeExtension.OBJECT_SIGNING_CA); + nChanges++; + } return nChanges; } - + protected static final String GRANT_ERROR = "grantError"; - public static final String GRANT_TRUSTEDMGR_PRIVILEGE = "grantTrustedManagerPrivilege"; - public static final String GRANT_CMAGENT_PRIVILEGE = "grantCMAgentPrivilege"; - public static final String GRANT_RMAGENT_PRIVILEGE = "grantRMAgentPrivilege"; - public static final String GRANT_DRMAGENT_PRIVILEGE = "grantDRMAgentPrivilege"; + public static final String + GRANT_TRUSTEDMGR_PRIVILEGE = "grantTrustedManagerPrivilege"; + public static final String + GRANT_CMAGENT_PRIVILEGE = "grantCMAgentPrivilege"; + public static final String + GRANT_RMAGENT_PRIVILEGE = "grantRMAgentPrivilege"; + public static final String + GRANT_DRMAGENT_PRIVILEGE = "grantDRMAgentPrivilege"; public static final String GRANT_UID = "grantUID"; public static final String GRANT_PRIVILEGE = "grantPrivilege"; - protected int grant_privileges(CMSRequest cmsReq, IRequest req, - Certificate[] certs, IArgBlock header) throws EBaseException { + protected int grant_privileges( + CMSRequest cmsReq, IRequest req, Certificate[] certs, IArgBlock header) + throws EBaseException { // get privileges to grant IArgBlock httpParams = cmsReq.getHttpParams(); - boolean grantTrustedMgr = httpParams.getValueAsBoolean( - GRANT_TRUSTEDMGR_PRIVILEGE, false); - boolean grantRMAgent = httpParams.getValueAsBoolean( - GRANT_RMAGENT_PRIVILEGE, false); - boolean grantCMAgent = httpParams.getValueAsBoolean( - GRANT_CMAGENT_PRIVILEGE, false); - boolean grantDRMAgent = httpParams.getValueAsBoolean( - GRANT_DRMAGENT_PRIVILEGE, false); - - if (!grantTrustedMgr && !grantCMAgent && !grantRMAgent - && !grantDRMAgent) { + boolean grantTrustedMgr = + httpParams.getValueAsBoolean(GRANT_TRUSTEDMGR_PRIVILEGE, false); + boolean grantRMAgent = + httpParams.getValueAsBoolean(GRANT_RMAGENT_PRIVILEGE, false); + boolean grantCMAgent = + httpParams.getValueAsBoolean(GRANT_CMAGENT_PRIVILEGE, false); + boolean grantDRMAgent = + httpParams.getValueAsBoolean(GRANT_DRMAGENT_PRIVILEGE, false); + + if (!grantTrustedMgr && + !grantCMAgent && !grantRMAgent && !grantDRMAgent) { return 0; } else { IAuthToken authToken = getAuthToken(req); @@ -1613,8 +1657,8 @@ public class ProcessCertReq extends CMSServlet { String resourceName = "certServer." + mAuthority.getId() + ".group"; try { - authzToken = authorize(mAclMethod, authToken, resourceName, - "add"); + authzToken = authorize(mAclMethod, authToken, + resourceName, "add"); } catch (Exception e) { // do nothing for now } @@ -1624,7 +1668,7 @@ public class ProcessCertReq extends CMSServlet { if (grantTrustedMgr) obj[0] = TRUSTED_RA_GROUP; - else if (grantRMAgent) + else if (grantRMAgent) obj[0] = RA_AGENT_GROUP; else if (grantCMAgent) obj[0] = CA_AGENT_GROUP; @@ -1633,16 +1677,14 @@ public class ProcessCertReq extends CMSServlet { else obj[0] = "unknown group"; - throw new ECMSGWException(CMS.getUserMessage( - "CMS_GW_UNAUTHORIZED_CREATE_GROUP", obj[0])); + throw new ECMSGWException(CMS.getUserMessage("CMS_GW_UNAUTHORIZED_CREATE_GROUP", obj[0])); } } String uid = (String) httpParams.getValueAsString(GRANT_UID, null); if (uid == null || uid.length() == 0) { - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_GRANT_UID")); + throw new ECMSGWException(CMS.getUserMessage("CMS_GW_MISSING_GRANT_UID")); } header.addStringValue(GRANT_UID, uid); @@ -1653,22 +1695,22 @@ public class ProcessCertReq extends CMSServlet { groupname = TRUSTED_RA_GROUP; userType = Constants.PR_SUBSYSTEM_TYPE; } else { - if (grantCMAgent) + if (grantCMAgent) groupname = CA_AGENT_GROUP; - else if (grantRMAgent) + else if (grantRMAgent) groupname = RA_AGENT_GROUP; if (grantDRMAgent) { - if (groupname != null) + if (groupname != null) groupname1 = KRA_AGENT_GROUP; - else + else groupname = KRA_AGENT_GROUP; } userType = Constants.PR_AGENT_TYPE; } - String privilege = (groupname1 == null) ? groupname : groupname - + " and " + groupname1; + String privilege = + (groupname1 == null) ? groupname : groupname + " and " + groupname1; header.addStringValue(GRANT_PRIVILEGE, privilege); @@ -1684,27 +1726,24 @@ public class ProcessCertReq extends CMSServlet { IGroup group = ug.findGroup(groupname), group1 = null; if (group == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_FIND_GROUP_1", groupname)); - throw new ECMSGWException(CMS.getUserMessage( - "CMS_GW_FIND_GROUP_ERROR", groupname)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_FIND_GROUP_1", groupname)); + throw new ECMSGWException(CMS.getUserMessage("CMS_GW_FIND_GROUP_ERROR", groupname)); } if (groupname1 != null) { group1 = ug.findGroup(groupname1); if (group1 == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERROR_FIND_GROUP_1", groupname)); - throw new ECMSGWException(CMS.getUserMessage( - "CMS_GW_FIND_GROUP_ERROR", groupname1)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_FIND_GROUP_1", groupname)); + throw new ECMSGWException(CMS.getUserMessage("CMS_GW_FIND_GROUP_ERROR", groupname1)); } } try { ug.addUser(user); } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_ADDING_USER_1", uid)); - throw new ECMSGWException(CMS.getUserMessage( - "CMS_GW_ADDING_USER_ERROR", uid)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_ADDING_USER_1", uid)); + throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_USER_ERROR", uid)); } try { if (certs[0] instanceof X509CertImpl) { @@ -1712,13 +1751,12 @@ public class ProcessCertReq extends CMSServlet { user.setX509Certificates(tmp); } - + ug.addUserCert(user); } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_ADDING_CERT_1", uid)); - throw new ECMSGWException(CMS.getUserMessage( - "CMS_GW_ADDING_CERT_ERROR", uid)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_ADDING_CERT_1", uid)); + throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_CERT_ERROR", uid)); } try { group.addMemberName(uid); @@ -1726,43 +1764,44 @@ public class ProcessCertReq extends CMSServlet { // for audit log SessionContext sContext = SessionContext.getContext(); String adminId = (String) sContext.get(SessionContext.USER_ID); - - mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP, AuditFormat.LEVEL, - AuditFormat.ADDUSERGROUPFORMAT, new Object[] { adminId, - uid, groupname }); + + mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP, + AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT, + new Object[] {adminId, uid, groupname} + ); if (group1 != null) { group1.addMemberName(uid); ug.modifyGroup(group1); - + mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP, - AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT, - new Object[] { adminId, uid, groupname1 }); + AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT, + new Object[] {adminId, uid, groupname1} + ); } } catch (Exception e) { - String msg = "Could not add user " + uid + " to group " + groupname; + String msg = + "Could not add user " + uid + " to group " + groupname; if (group1 != null) msg += " or group " + groupname1; log(ILogger.LL_FAILURE, msg); - if (group1 == null) - throw new ECMSGWException(CMS.getUserMessage( - "CMS_GW_ADDING_MEMBER", uid, groupname)); - else - throw new ECMSGWException(CMS.getUserMessage( - "CMS_GW_ADDING_MEMBER_1", uid, groupname, groupname1)); + if (group1 == null) + throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_MEMBER", uid, groupname)); + else + throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_MEMBER_1", uid, groupname, groupname1)); } return 1; } /** * Signed Audit Log Info Name - * - * This method is called to obtain the "InfoName" for a signed audit log - * message. + * + * This method is called to obtain the "InfoName" for + * a signed audit log message. * <P> - * + * * @param type signed audit log request processing type * @return id string containing the signed audit log message InfoName */ @@ -1793,11 +1832,11 @@ public class ProcessCertReq extends CMSServlet { /** * Signed Audit Log Info Certificate Value - * + * * This method is called to obtain the certificate from the passed in * "X509CertImpl" for a signed audit log message. * <P> - * + * * @param x509cert an X509CertImpl * @return cert string containing the certificate */ @@ -1851,41 +1890,42 @@ public class ProcessCertReq extends CMSServlet { } } + class RAReqCompletedFiller extends ImportCertsTemplateFiller { private static final String RA_AGENT_GROUP = "Registration Manager Agents"; private static final String KRA_AGENT_GROUP = "Data Recovery Manager Agents"; - public RAReqCompletedFiller() { super(); } - public CMSTemplateParams getTemplateParams(CMSRequest cmsReq, - IAuthority authority, Locale locale, Exception e) throws Exception { + public CMSTemplateParams getTemplateParams( + CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) + throws Exception { Object[] results = (Object[]) cmsReq.getResult(); Object grantError = results[1]; - // X509CertImpl[] issuedCerts = (X509CertImpl[])results[0]; + //X509CertImpl[] issuedCerts = (X509CertImpl[])results[0]; Certificate[] issuedCerts = (Certificate[]) results[0]; - + cmsReq.setResult(issuedCerts); - CMSTemplateParams params = super.getTemplateParams(cmsReq, authority, - locale, e); + CMSTemplateParams params = + super.getTemplateParams(cmsReq, authority, locale, e); if (grantError != null) { IArgBlock header = params.getHeader(); if (grantError instanceof String) { - header.addStringValue(ProcessCertReq.GRANT_ERROR, - (String) grantError); + header.addStringValue( + ProcessCertReq.GRANT_ERROR, (String) grantError); } else { EBaseException ex = (EBaseException) grantError; - header.addStringValue(ProcessCertReq.GRANT_ERROR, - ex.toString(locale)); + header.addStringValue( + ProcessCertReq.GRANT_ERROR, ex.toString(locale)); } IArgBlock httpParams = cmsReq.getHttpParams(); - String uid = httpParams.getValueAsString(ProcessCertReq.GRANT_UID, - null); + String uid = httpParams.getValueAsString( + ProcessCertReq.GRANT_UID, null); header.addStringValue(ProcessCertReq.GRANT_UID, uid); boolean grantRMAgent = httpParams.getValueAsBoolean( @@ -1900,7 +1940,7 @@ class RAReqCompletedFiller extends ImportCertsTemplateFiller { if (grantDRMAgent) { if (privilege != null) privilege += " and " + KRA_AGENT_GROUP; - else + else privilege = KRA_AGENT_GROUP; } header.addStringValue(ProcessCertReq.GRANT_PRIVILEGE, privilege); @@ -1908,3 +1948,4 @@ class RAReqCompletedFiller extends ImportCertsTemplateFiller { return params; } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/ProcessReq.java b/pki/base/common/src/com/netscape/cms/servlet/request/ProcessReq.java index 7d74671b..0ac27197 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/ProcessReq.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/ProcessReq.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.request; + import java.io.IOException; import java.util.Locale; @@ -49,9 +50,10 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; + /** * Display Generic Request detail to the user. - * + * * @version $Revision$, $Date$ */ public class ProcessReq extends CMSServlet { @@ -72,9 +74,8 @@ public class ProcessReq extends CMSServlet { private IReqParser mParser = null; private String[] mSigningAlgorithms = null; - private static String[] DEF_SIGNING_ALGORITHMS = new String[] { - "SHA1withRSA", "SHA256withRSA", "SHA512withRSA", "SHA1withDSA", - "MD5withRSA", "MD2withRSA" }; + private static String[] DEF_SIGNING_ALGORITHMS = new String[] + {"SHA1withRSA", "SHA256withRSA", "SHA512withRSA", "SHA1withDSA", "MD5withRSA", "MD2withRSA"}; /** * Process request. @@ -85,15 +86,15 @@ public class ProcessReq extends CMSServlet { /** * initialize the servlet. This servlet uses the template file - * "processReq.template" to process the response. The initialization - * parameter 'parser' is read from the servlet configration, and is used to - * set the type of request. The value of this parameter can be: - * <UL> - * <LI><B>CertReqParser.NODETAIL_PARSER</B> - Show certificate Summary - * <LI><B>CertReqParser.DETAIL_PARSER</B> - Show certificate detail - * <LI><B>KeyReqParser.PARSER</B> - Show key archival detail - * </UL> - * + * "processReq.template" to process the response. + * The initialization parameter 'parser' is read from the + * servlet configration, and is used to set the type of request. + * The value of this parameter can be: + * <UL><LI><B>CertReqParser.NODETAIL_PARSER</B> - Show certificate Summary + * <LI><B>CertReqParser.DETAIL_PARSER</B> - Show certificate detail + * <LI><B>KeyReqParser.PARSER</B> - Show key archival detail + * </UL> + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -110,13 +111,13 @@ public class ProcessReq extends CMSServlet { mParser = CertReqParser.DETAIL_PARSER; else if (tmp.trim().equals("KeyReqParser.PARSER")) mParser = KeyReqParser.PARSER; - } + } - // override success and error templates to null - + // override success and error templates to null - // handle templates locally. mTemplates.remove(CMSRequest.SUCCESS); mTemplates.remove(CMSRequest.ERROR); - if (mOutputTemplatePath != null) + if (mOutputTemplatePath != null) mFormPath = mOutputTemplatePath; } @@ -125,9 +126,9 @@ public class ProcessReq extends CMSServlet { * <ul> * <li>http.param seqNum * <li>http.param doAssign reassign request. Value can be reassignToMe - * reassignToNobody + * reassignToNobody * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -151,10 +152,10 @@ public class ProcessReq extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, "Error getting template " + mFormPath - + " Error " + e); + log(ILogger.LL_FAILURE, + "Error getting template " + mFormPath + " Error " + e); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } try { @@ -170,23 +171,21 @@ public class ProcessReq extends CMSServlet { try { if (doAssign == null) { authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "read"); - } else if (doAssign.equals("toMe") - || doAssign.equals("reassignToMe")) { + mAuthzResourceName, "read"); + } else if (doAssign.equals("toMe") || + doAssign.equals("reassignToMe")) { authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "assign"); + mAuthzResourceName, "assign"); } else if (doAssign.equals("reassignToNobody")) { authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "unassign"); + mAuthzResourceName, "unassign"); } } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -194,18 +193,19 @@ public class ProcessReq extends CMSServlet { return; } - process(argSet, header, seqNum, req, resp, doAssign, locale[0]); + process(argSet, header, seqNum, req, resp, + doAssign, locale[0]); } else { log(ILogger.LL_FAILURE, "Invalid sequence number " + seqNum); - error = new ECMSGWException(CMS.getUserMessage( - "CMS_GW_INVALID_REQUEST_ID", String.valueOf(seqNum))); + error = new ECMSGWException( + CMS.getUserMessage("CMS_GW_INVALID_REQUEST_ID", + String.valueOf(seqNum))); } } catch (EBaseException e) { error = e; } catch (NumberFormatException e) { - error = new EBaseException(CMS.getUserMessage(locale[0], - "CMS_BASE_INVALID_NUMBER_FORMAT")); - } + error = new EBaseException(CMS.getUserMessage(locale[0], "CMS_BASE_INVALID_NUMBER_FORMAT")); + } try { ServletOutputStream out = resp.getOutputStream(); @@ -213,44 +213,46 @@ public class ProcessReq extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - String output = form.getOutput(argSet); - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + String output = form.getOutput(argSet); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setError(error); cmsReq.setStatus(CMSRequest.ERROR); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - "Error getting servlet output stream for rendering template. " - + "Error " + e); + log(ILogger.LL_FAILURE, + "Error getting servlet output stream for rendering template. " + + "Error " + e); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } return; } /** - * Sends request information to the calller. returns whether there was an - * error or not. + * Sends request information to the calller. + * returns whether there was an error or not. */ private void process(CMSTemplateParams argSet, IArgBlock header, - int seqNum, HttpServletRequest req, HttpServletResponse resp, - String doAssign, Locale locale) throws EBaseException { + int seqNum, HttpServletRequest req, + HttpServletResponse resp, + String doAssign, Locale locale) + throws EBaseException { header.addIntegerValue("seqNum", seqNum); - IRequest r = mQueue - .findRequest(new RequestId(Integer.toString(seqNum))); + IRequest r = + mQueue.findRequest(new RequestId(Integer.toString(seqNum))); if (r != null) { if (doAssign != null) { if ((doAssign.equals("toMe")) - || (doAssign.equals("reassignToMe"))) { + || (doAssign.equals("reassignToMe"))) { SessionContext ctx = SessionContext.getContext(); String id = (String) ctx.get(SessionContext.USER_ID); @@ -262,32 +264,32 @@ public class ProcessReq extends CMSServlet { } } - // add authority names to know what privileges can be requested. - if (CMS.getSubsystem("kra") != null) + // add authority names to know what privileges can be requested. + if (CMS.getSubsystem("kra") != null) header.addStringValue("localkra", "yes"); - if (CMS.getSubsystem("ca") != null) + if (CMS.getSubsystem("ca") != null) header.addStringValue("localca", "yes"); - if (CMS.getSubsystem("ra") != null) + if (CMS.getSubsystem("ra") != null) header.addStringValue("localra", "yes"); - // DONT NEED TO DO THIS FOR DRM + // DONT NEED TO DO THIS FOR DRM if (mAuthority instanceof ICertAuthority) { // Check/set signing algorithms dynamically. - // In RA mSigningAlgorithms could be null at startup if CA is - // not - // up and set later when CA comes back up. + // In RA mSigningAlgorithms could be null at startup if CA is not + // up and set later when CA comes back up. // Once it's set assumed that it won't change. String[] allAlgorithms = mSigningAlgorithms; if (allAlgorithms == null) { - allAlgorithms = mSigningAlgorithms = ((ICertAuthority) mAuthority) - .getCASigningAlgorithms(); + allAlgorithms = mSigningAlgorithms = + ((ICertAuthority) mAuthority).getCASigningAlgorithms(); if (allAlgorithms == null) { - CMS.debug("ProcessReq: signing algorithms set to All algorithms"); + CMS.debug( + "ProcessReq: signing algorithms set to All algorithms"); allAlgorithms = AlgorithmId.ALL_SIGNING_ALGORITHMS; - } else - CMS.debug("ProcessReq: First signing algorithms is " - + allAlgorithms[0]); + } else + CMS.debug( + "ProcessReq: First signing algorithms is " + allAlgorithms[0]); } String validAlgorithms = null; StringBuffer sb = new StringBuffer(); @@ -303,19 +305,15 @@ public class ProcessReq extends CMSServlet { if (validAlgorithms != null) header.addStringValue("validAlgorithms", validAlgorithms); if (mAuthority instanceof ICertificateAuthority) { - String signingAlgorithm = ((ICertificateAuthority) mAuthority) - .getDefaultAlgorithm(); + String signingAlgorithm = ((ICertificateAuthority) mAuthority).getDefaultAlgorithm(); if (signingAlgorithm != null) - header.addStringValue("caSigningAlgorithm", - signingAlgorithm); + header.addStringValue("caSigningAlgorithm", signingAlgorithm); header.addLongValue("defaultValidityLength", - ((ICertificateAuthority) mAuthority) - .getDefaultValidity() / 1000); + ((ICertificateAuthority) mAuthority).getDefaultValidity() / 1000); } else if (mAuthority instanceof IRegistrationAuthority) { header.addLongValue("defaultValidityLength", - ((IRegistrationAuthority) mAuthority) - .getDefaultValidity() / 1000); + ((IRegistrationAuthority) mAuthority).getDefaultValidity() / 1000); } X509CertImpl caCert = ((ICertAuthority) mAuthority).getCACert(); @@ -329,8 +327,9 @@ public class ProcessReq extends CMSServlet { mParser.fillRequestIntoArg(locale, r, argSet, header); } else { log(ILogger.LL_FAILURE, "Invalid sequence number " + seqNum); - throw new ECMSGWException(CMS.getUserMessage( - "CMS_GW_INVALID_REQUEST_ID", String.valueOf(seqNum))); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_INVALID_REQUEST_ID", + String.valueOf(seqNum))); } return; diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/QueryReq.java b/pki/base/common/src/com/netscape/cms/servlet/request/QueryReq.java index c08aecbb..c065173c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/QueryReq.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/QueryReq.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.request; + import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -45,9 +46,10 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; + /** * Show paged list of requests matching search criteria - * + * * @version $Revision$, $Date$ */ public class QueryReq extends CMSServlet { @@ -60,7 +62,7 @@ public class QueryReq extends CMSServlet { private final static String IN_SHOW_ALL = "showAll"; private final static String IN_SHOW_WAITING = "showWaiting"; private final static String IN_SHOW_IN_SERVICE = "showInService"; - private final static String IN_SHOW_PENDING = "showPending"; + private final static String IN_SHOW_PENDING= "showPending"; private final static String IN_SHOW_CANCELLED = "showCancelled"; private final static String IN_SHOW_REJECTED = "showRejected"; private final static String IN_SHOW_COMPLETED = "showCompleted"; @@ -84,16 +86,17 @@ public class QueryReq extends CMSServlet { private final static String OUT_UPDATE_ON = "updatedOn"; private final static String OUT_UPDATE_BY = "updatedBy"; private final static String OUT_REQUESTING_USER = "requestingUser"; - // keeps track of where to begin if page down + //keeps track of where to begin if page down private final static String OUT_FIRST_ENTRY_ON_PAGE = "firstEntryOnPage"; - // keeps track of where to begin if page up + //keeps track of where to begin if page up private final static String OUT_LAST_ENTRY_ON_PAGE = "lastEntryOnPage"; private final static String OUT_SUBJECT = "subject"; private final static String OUT_REQUEST_TYPE = "requestType"; private final static String OUT_COMMENTS = "requestorComments"; private final static String OUT_SERIALNO = "serialNumber"; private final static String OUT_OWNER_NAME = "ownerName"; - private final static String OUT_PUBLIC_KEY_INFO = "subjectPublicKeyInfo"; + private final static String OUT_PUBLIC_KEY_INFO = + "subjectPublicKeyInfo"; private final static String OUT_ERROR = "error"; private final static String OUT_AUTHORITY_ID = "authorityid"; @@ -117,7 +120,7 @@ public class QueryReq extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "queryReq.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -140,9 +143,9 @@ public class QueryReq extends CMSServlet { mParser = CertReqParser.DETAIL_PARSER; else if (tmp.trim().equals("KeyReqParser.PARSER")) mParser = KeyReqParser.PARSER; - } + } - // override success and error templates to null - + // override success and error templates to null - // handle templates locally. mTemplates.remove(CMSRequest.SUCCESS); mTemplates.remove(CMSRequest.ERROR); @@ -150,7 +153,7 @@ public class QueryReq extends CMSServlet { if (mOutputTemplatePath != null) mFormPath = mOutputTemplatePath; } - + private String getRequestType(String p) { String filter = "(requestType=*)"; @@ -210,145 +213,150 @@ public class QueryReq extends CMSServlet { /** * Process the HTTP request. * <ul> - * <li>http.param reqState request state (one of showAll, showWaiting, - * showInService, showCancelled, showRejected, showCompleted) + * <li>http.param reqState request state + * (one of showAll, showWaiting, showInService, + * showCancelled, showRejected, showCompleted) * <li>http.param reqType * <li>http.param seqNumFromDown request ID to start at (decimal, or hex if - * when paging down seqNumFromDown starts with 0x) + * when paging down + * seqNumFromDown starts with 0x) * <li>http.param seqNumFromUp request ID to start at (decimal, or hex if - * when paging up seqNumFromUp starts with 0x) + * when paging up + * seqNumFromUp starts with 0x) * <li>http.param maxCount maximum number of records to show * <li>http.param totalCount total number of records in set of pages * <li>http.param direction "up", "down", "begin", or "end" * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { - CMS.debug("in QueryReq servlet"); - - // Authentication / Authorization - - HttpServletRequest req = cmsReq.getHttpReq(); - IAuthToken authToken = authenticate(cmsReq); - AuthzToken authzToken = null; - - try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "list"); - } catch (EAuthzAccessDenied e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } - if (authzToken == null) { - cmsReq.setStatus(CMSRequest.UNAUTHORIZED); - return; - } - - CMSTemplate form = null; - Locale[] locale = new Locale[1]; - - try { - // if get a EBaseException we just throw it. - form = getTemplate(mFormPath, req, locale); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, - e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - - /** - * WARNING: - * - * PLEASE DO NOT TOUCH THE FILTER HERE. ALL FILTERS ARE INDEXED. - * - **/ - String filter = null; - String reqState = req.getParameter("reqState"); - String reqType = req.getParameter("reqType"); - - if (reqState == null || reqType == null) { - filter = "(requeststate=*)"; - } else if (reqState.equals(IN_SHOW_ALL) && reqType.equals(IN_SHOW_ALL)) { - filter = "(requeststate=*)"; - } else if (reqState.equals(IN_SHOW_ALL)) { - filter = getRequestType(reqType); - } else if (reqType.equals(IN_SHOW_ALL)) { - filter = getRequestState(reqState); - } else { - filter = "(&" + getRequestState(reqState) + getRequestType(reqType) - + ")"; - } - - String direction = "begin"; - if (req.getParameter("direction") != null) { - direction = req.getParameter("direction").trim(); - } - - int top = 0, bottom = 0; - - try { - String top_s = req.getParameter(OUT_FIRST_ENTRY_ON_PAGE); - if (top_s == null) - top_s = "0"; - - String bottom_s = req.getParameter(OUT_LAST_ENTRY_ON_PAGE); - if (bottom_s == null) - bottom_s = "0"; - - if (top_s.trim().startsWith("0x")) { - top = Integer.parseInt(top_s.trim().substring(2), 16); - } else { - top = Integer.parseInt(top_s.trim()); - } - if (bottom_s.trim().startsWith("0x")) { - bottom = Integer.parseInt(bottom_s.trim().substring(2), 16); - } else { - bottom = Integer.parseInt(bottom_s.trim()); - } - - } catch (NumberFormatException e) { - - } - - // avoid NumberFormatException to the user interface - int maxCount = 10; - try { - maxCount = Integer.parseInt(req.getParameter(IN_MAXCOUNT)); - } catch (Exception e) { - } + CMS.debug("in QueryReq servlet"); + + // Authentication / Authorization + + HttpServletRequest req = cmsReq.getHttpReq(); + IAuthToken authToken = authenticate(cmsReq); + AuthzToken authzToken = null; + + try { + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "list"); + } catch (EAuthzAccessDenied e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + } catch (Exception e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + } + if (authzToken == null) { + cmsReq.setStatus(CMSRequest.UNAUTHORIZED); + return; + } + + + + + CMSTemplate form = null; + Locale[] locale = new Locale[1]; + + try { + // if get a EBaseException we just throw it. + form = getTemplate(mFormPath, req, locale); + } catch (IOException e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + } + + /** + * WARNING: + * + * PLEASE DO NOT TOUCH THE FILTER HERE. ALL FILTERS ARE INDEXED. + * + **/ + String filter = null; + String reqState = req.getParameter("reqState"); + String reqType = req.getParameter("reqType"); + + if (reqState == null || reqType == null) { + filter = "(requeststate=*)"; + } else if (reqState.equals(IN_SHOW_ALL) && + reqType.equals(IN_SHOW_ALL)) { + filter = "(requeststate=*)"; + } else if (reqState.equals(IN_SHOW_ALL)) { + filter = getRequestType(reqType); + } else if (reqType.equals(IN_SHOW_ALL)) { + filter = getRequestState(reqState); + } else { + filter = "(&" + getRequestState(reqState) + + getRequestType(reqType) + ")"; + } + + String direction = "begin"; + if (req.getParameter("direction") != null) { + direction = req.getParameter("direction").trim(); + } + + + int top=0, bottom=0; + + try { + String top_s = req.getParameter(OUT_FIRST_ENTRY_ON_PAGE); + if (top_s == null) top_s = "0"; + + String bottom_s = req.getParameter(OUT_LAST_ENTRY_ON_PAGE); + if (bottom_s == null) bottom_s = "0"; + + if (top_s.trim().startsWith("0x")) { + top = Integer.parseInt(top_s.trim().substring(2), 16); + } else { + top = Integer.parseInt(top_s.trim()); + } + if (bottom_s.trim().startsWith("0x")) { + bottom = Integer.parseInt(bottom_s.trim().substring(2), 16); + } else { + bottom = Integer.parseInt(bottom_s.trim()); + } + + } catch (NumberFormatException e) { + + } + + // avoid NumberFormatException to the user interface + int maxCount = 10; + try { + maxCount = Integer.parseInt(req.getParameter(IN_MAXCOUNT)); + } catch (Exception e) { + } if (maxCount > mMaxReturns) { - CMS.debug("Resetting page size from " + maxCount + " to " - + mMaxReturns); + CMS.debug("Resetting page size from " + maxCount + " to " + mMaxReturns); maxCount = mMaxReturns; } - HttpServletResponse resp = cmsReq.getHttpResp(); - CMSTemplateParams argset = doSearch(locale[0], filter, maxCount, - direction, top, bottom); - - argset.getFixed().addStringValue("reqType", reqType); + HttpServletResponse resp = cmsReq.getHttpResp(); + CMSTemplateParams argset = doSearch(locale[0],filter, maxCount, direction, top, bottom ); + + + argset.getFixed().addStringValue("reqType",reqType); argset.getFixed().addStringValue("reqState", reqState); - argset.getFixed().addIntegerValue("maxCount", maxCount); - - try { - form.getOutput(argset); - resp.setContentType("text/html"); - form.renderOutput(resp.getOutputStream(), argset); - } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - cmsReq.setStatus(CMSRequest.SUCCESS); - return; + argset.getFixed().addIntegerValue("maxCount",maxCount); + + + try { + form.getOutput(argset); + resp.setContentType("text/html"); + form.renderOutput(resp.getOutputStream(), argset); + } catch (IOException e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + } + cmsReq.setStatus(CMSRequest.SUCCESS); + return; } private static String makeRequestStatusEq(RequestStatus s) { @@ -361,197 +369,200 @@ public class QueryReq extends CMSServlet { /** * Perform search based on direction button pressed - * - * @param filter ldap filter indicating which VLV to search through. This - * can be 'all requests', 'pending', etc + * @param filter ldap filter indicating which VLV to search through. This can be + * 'all requests', 'pending', etc * @param count the number of requests to show per page - * @param direction either 'begin', 'end', 'previous' or 'next' (defaults to - * end) - * @param top the number of the request shown on at the top of the current - * page - * @param bottom the number of the request shown on at the bottom of the - * current page - * @return + * @param direction either 'begin', 'end', 'previous' or 'next' (defaults to end) + * @param top the number of the request shown on at the top of the current page + * @param bottom the number of the request shown on at the bottom of the current page + * @return */ - - private CMSTemplateParams doSearch(Locale l, String filter, int count, - String direction, int top, int bottom) { - CMSTemplateParams ctp = null; - if (direction.equals("previous")) { - ctp = doSearch(l, filter, -count, top - 1); - } else if (direction.equals("next")) { - ctp = doSearch(l, filter, count, bottom + 1); - } else if (direction.equals("begin")) { - ctp = doSearch(l, filter, count, 0); - } else if (direction.equals("first")) { - ctp = doSearch(l, filter, count, bottom); - } else { // if 'direction is 'end', default here - ctp = doSearch(l, filter, -count, -1); - } - return ctp; + + private CMSTemplateParams doSearch(Locale l, String filter, + int count, String direction, int top, int bottom) + { + CMSTemplateParams ctp = null; + if (direction.equals("previous")) { + ctp = doSearch(l, filter, -count, top-1); + } else if (direction.equals("next")) { + ctp = doSearch(l,filter, count, bottom+1); + } else if (direction.equals("begin")) { + ctp = doSearch(l,filter, count, 0); + } else if (direction.equals("first")) { + ctp = doSearch(l,filter, count, bottom); + } else { // if 'direction is 'end', default here + ctp = doSearch(l,filter, -count, -1); + } + return ctp; } - - /** - * - * @param locale - * @param filter the types of requests to return - this must match the VLV - * index - * @param count maximum number of records to return - * @param marker indication of the request ID where the page is anchored - * @return - */ - - private CMSTemplateParams doSearch(Locale locale, String filter, int count, - int marker) { - - IArgBlock header = CMS.createArgBlock(); - IArgBlock context = CMS.createArgBlock(); - CMSTemplateParams argset = new CMSTemplateParams(header, context); - - try { - long startTime = CMS.getCurrentDate().getTime(); - // preserve the type of request that we are - // requesting. - - header.addStringValue(OUT_AUTHORITY_ID, mAuthority.getId()); - header.addStringValue(OUT_REQUESTING_USER, "admin"); - - boolean jumptoend = false; - if (marker == -1) { - marker = 0; // I think this is inconsequential - jumptoend = true; // override to '99' during search - } - - RequestId id = new RequestId(Integer.toString(marker)); - IRequestVirtualList list = mQueue.getPagedRequestsByFilter(id, - jumptoend, filter, count + 1, "requestId"); - - int totalCount = list.getSize() - list.getCurrentIndex(); - header.addIntegerValue(OUT_TOTALCOUNT, totalCount); - header.addIntegerValue(OUT_CURRENTCOUNT, list.getSize()); - - int numEntries = list.getSize() - list.getCurrentIndex(); - - Vector v = fetchRecords(list, Math.abs(count)); - v = normalizeOrder(v); - trim(v, id); - - int currentCount = 0; - int curNum = 0; - int firstNum = -1; - Enumeration requests = v.elements(); - - while (requests.hasMoreElements()) { - IRequest request = null; - try { - request = (IRequest) requests.nextElement(); - } catch (Exception e) { - CMS.debug("Error displaying request:" + e.getMessage()); - // handled below - } - if (request == null) { - log(ILogger.LL_WARN, "Error display request on page"); - continue; - } - - curNum = Integer.parseInt(request.getRequestId().toString()); - - if (firstNum == -1) { - firstNum = curNum; - } - - IArgBlock rec = CMS.createArgBlock(); - mParser.fillRequestIntoArg(locale, request, argset, rec); - mQueue.releaseRequest(request); - argset.addRepeatRecord(rec); - - currentCount++; - - }// while - long endTime = CMS.getCurrentDate().getTime(); - - header.addIntegerValue(OUT_CURRENTCOUNT, currentCount); - header.addStringValue("time", Long.toString(endTime - startTime)); - header.addIntegerValue(OUT_FIRST_ENTRY_ON_PAGE, firstNum); - header.addIntegerValue(OUT_LAST_ENTRY_ON_PAGE, curNum); - - } catch (EBaseException e) { - header.addStringValue(OUT_ERROR, e.toString(locale)); - } catch (Exception e) { - } - return argset; - + + + + /** + * + * @param locale + * @param filter the types of requests to return - this must match the VLV index + * @param count maximum number of records to return + * @param marker indication of the request ID where the page is anchored + * @return + */ + + private CMSTemplateParams doSearch( + Locale locale, + String filter, + int count, + int marker) { + + IArgBlock header = CMS.createArgBlock(); + IArgBlock context = CMS.createArgBlock(); + CMSTemplateParams argset = new CMSTemplateParams(header, context); + + try { + long startTime = CMS.getCurrentDate().getTime(); + // preserve the type of request that we are + // requesting. + + header.addStringValue(OUT_AUTHORITY_ID, mAuthority.getId()); + header.addStringValue(OUT_REQUESTING_USER, "admin"); + + + boolean jumptoend = false; + if (marker == -1) { + marker = 0; // I think this is inconsequential + jumptoend = true; // override to '99' during search + } + + RequestId id = new RequestId(Integer.toString(marker)); + IRequestVirtualList list = mQueue.getPagedRequestsByFilter( + id, + jumptoend, + filter, + count+1, + "requestId"); + + int totalCount = list.getSize() - list.getCurrentIndex(); + header.addIntegerValue(OUT_TOTALCOUNT, totalCount); + header.addIntegerValue(OUT_CURRENTCOUNT, list.getSize()); + + int numEntries = list.getSize() - list.getCurrentIndex(); + + Vector v = fetchRecords(list,Math.abs(count)); + v = normalizeOrder(v); + trim(v,id); + + + int currentCount = 0; + int curNum = 0; + int firstNum = -1; + Enumeration requests = v.elements(); + + while (requests.hasMoreElements()) { + IRequest request = null; + try { + request = (IRequest) requests.nextElement(); + } catch (Exception e) { + CMS.debug("Error displaying request:"+e.getMessage()); + // handled below + } + if (request == null) { + log(ILogger.LL_WARN, "Error display request on page"); + continue; + } + + curNum = Integer.parseInt( + request.getRequestId().toString()); + + if (firstNum == -1) { + firstNum = curNum; + } + + IArgBlock rec = CMS.createArgBlock(); + mParser.fillRequestIntoArg(locale, request, argset, rec); + mQueue.releaseRequest(request); + argset.addRepeatRecord(rec); + + currentCount++; + + }// while + long endTime = CMS.getCurrentDate().getTime(); + + header.addIntegerValue(OUT_CURRENTCOUNT, currentCount); + header.addStringValue("time", Long.toString(endTime - startTime)); + header.addIntegerValue(OUT_FIRST_ENTRY_ON_PAGE, firstNum); + header.addIntegerValue(OUT_LAST_ENTRY_ON_PAGE, curNum); + + } catch (EBaseException e) { + header.addStringValue(OUT_ERROR, e.toString(locale)); + } catch (Exception e) { + } + return argset; + } /** * If the vector contains the marker element at the end, remove it. - * - * @param v The vector to trim - * @param marker the marker to look for. - */ - private void trim(Vector v, RequestId marker) { - int i = v.size() - 1; - if (((IRequest) v.elementAt(i)).getRequestId().equals(marker)) { - v.remove(i); - } - - } - - /** - * Sometimes the list comes back from LDAP in reverse order. This function - * makes sure the results are in 'forward' order. - * - * @param list - * @return + * @param v The vector to trim + * @param marker the marker to look for. */ + private void trim(Vector v, RequestId marker) { + int i = v.size()-1; + if (((IRequest)v.elementAt(i)).getRequestId().equals(marker)) { + v.remove(i); + } + + } + + /** + * Sometimes the list comes back from LDAP in reverse order. This function makes + * sure the results are in 'forward' order. + * @param list + * @return + */ private Vector fetchRecords(IRequestVirtualList list, int maxCount) { - - Vector v = new Vector(); - int count = list.getSize(); - int c = 0; - for (int i = 0; i < count; i++) { - IRequest request = list.getElementAt(i); - if (request != null) { - v.add(request); - c++; - } - if (c >= maxCount) - break; - } - - return v; + + Vector v = new Vector(); + int count = list.getSize(); + int c=0; + for (int i=0; i<count; i++) { + IRequest request = list.getElementAt(i); + if (request != null) { + v.add(request); + c++; + } + if (c >= maxCount) break; + } + + return v; } /** * If the requests are in backwards order, reverse the list - * * @param list * @return */ private Vector normalizeOrder(Vector list) { - - int firstrequestnum = Integer.parseInt(((IRequest) list.elementAt(0)) - .getRequestId().toString()); - int lastrequestnum = Integer.parseInt(((IRequest) list.elementAt(list - .size() - 1)).getRequestId().toString()); - boolean reverse = false; - if (firstrequestnum > lastrequestnum) { - reverse = true; // if the order is backwards, place items at the - // beginning - } - Vector v = new Vector(); - int count = list.size(); - for (int i = 0; i < count; i++) { - Object request = list.elementAt(i); - if (request != null) { - if (reverse) - v.add(0, request); - else - v.add(request); - } - } - - return v; + + int firstrequestnum = Integer.parseInt(((IRequest) list.elementAt(0)) + .getRequestId().toString()); + int lastrequestnum = Integer.parseInt(((IRequest) list.elementAt(list + .size() - 1)).getRequestId().toString()); + boolean reverse = false; + if (firstrequestnum > lastrequestnum) { + reverse = true; // if the order is backwards, place items at the beginning + } + Vector v = new Vector(); + int count = list.size(); + for (int i = 0; i < count; i++) { + Object request = list.elementAt(i); + if (request != null) { + if (reverse) + v.add(0, request); + else + v.add(request); + } + } + + return v; } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/ReqParser.java b/pki/base/common/src/com/netscape/cms/servlet/request/ReqParser.java index e37e4c76..29414ca5 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/ReqParser.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/ReqParser.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.request; + import java.util.Locale; import com.netscape.certsrv.base.EBaseException; @@ -25,10 +26,11 @@ import com.netscape.certsrv.base.SessionContext; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.servlet.common.CMSTemplateParams; + /** * A class representing a request parser. * <P> - * + * * @version $Revision$, $Date$ */ public class ReqParser implements IReqParser { @@ -48,28 +50,30 @@ public class ReqParser implements IReqParser { /** * Maps request object into argument block. */ - public void fillRequestIntoArg(Locale l, IRequest req, - CMSTemplateParams argSet, IArgBlock arg) throws EBaseException { + public void fillRequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg) + throws EBaseException { arg.addStringValue(TYPE, req.getRequestType()); - arg.addLongValue("seqNum", - Long.parseLong(req.getRequestId().toString())); - arg.addStringValue(STATUS, req.getRequestStatus().toString()); - arg.addLongValue(CREATE_ON, req.getCreationTime().getTime() / 1000); - arg.addLongValue(UPDATE_ON, req.getModificationTime().getTime() / 1000); + arg.addLongValue("seqNum", + Long.parseLong(req.getRequestId().toString())); + arg.addStringValue(STATUS, + req.getRequestStatus().toString()); + arg.addLongValue(CREATE_ON, + req.getCreationTime().getTime() / 1000); + arg.addLongValue(UPDATE_ON, + req.getModificationTime().getTime() / 1000); String updatedBy = req.getExtDataInString(IRequest.UPDATED_BY); - if (updatedBy == null) - updatedBy = ""; + if (updatedBy == null) updatedBy = ""; arg.addStringValue(UPDATE_BY, updatedBy); SessionContext ctx = SessionContext.getContext(); - String id = (String) ctx.get(SessionContext.USER_ID); + String id = (String) ctx.get(SessionContext.USER_ID); arg.addStringValue("callerName", id); - + String owner = req.getRequestOwner(); - if (owner != null) + if (owner != null) arg.addStringValue("assignedTo", owner); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/SearchReqs.java b/pki/base/common/src/com/netscape/cms/servlet/request/SearchReqs.java index 917fdd40..04b21440 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/SearchReqs.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/SearchReqs.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.request; + import java.io.IOException; import java.math.BigInteger; import java.util.Date; @@ -47,9 +48,10 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; + /** * Search for certificates matching complex query filter - * + * * @version $Revision$, $Date$ */ public class SearchReqs extends CMSServlet { @@ -88,9 +90,8 @@ public class SearchReqs extends CMSServlet { } /** - * initialize the servlet. This servlet uses queryReq.template to render the - * response - * + * initialize the servlet. This servlet uses queryReq.template + * to render the response * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -104,8 +105,7 @@ public class SearchReqs extends CMSServlet { if (authConfig != null) { try { - mMaxReturns = authConfig.getInteger( - PROP_MAX_SEARCH_RETURNS, MAX_RESULTS); + mMaxReturns = authConfig.getInteger(PROP_MAX_SEARCH_RETURNS, MAX_RESULTS); } catch (EBaseException e) { // do nothing } @@ -120,8 +120,7 @@ public class SearchReqs extends CMSServlet { /* Server-Side time limit */ try { - int maxResults = Integer - .parseInt(sc.getInitParameter("maxResults")); + int maxResults = Integer.parseInt(sc.getInitParameter("maxResults")); if (maxResults < mMaxReturns) mMaxReturns = maxResults; } catch (Exception e) { @@ -155,8 +154,10 @@ public class SearchReqs extends CMSServlet { /** * Serves HTTP request. This format of this request is as follows: - * queryCert? [maxCount=<number>] [queryFilter=<filter>] - * [revokeAll=<filter>] + * queryCert? + * [maxCount=<number>] + * [queryFilter=<filter>] + * [revokeAll=<filter>] */ public void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest req = cmsReq.getHttpReq(); @@ -167,14 +168,14 @@ public class SearchReqs extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "list"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "list"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -197,10 +198,10 @@ public class SearchReqs extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } try { @@ -213,13 +214,11 @@ public class SearchReqs extends CMSServlet { if (timeLimitStr != null && timeLimitStr.length() > 0) timeLimit = Integer.parseInt(timeLimitStr); - process(argSet, header, req.getParameter("queryRequestFilter"), - authToken, maxResults, timeLimit, req, resp, locale[0]); + process(argSet, header, req.getParameter("queryRequestFilter"), authToken, + maxResults, timeLimit, req, resp, locale[0]); } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); - error = new EBaseException(CMS.getUserMessage(getLocale(req), - "CMS_BASE_INVALID_NUMBER_FORMAT")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); + error = new EBaseException(CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT")); } catch (EBaseException e) { error = e; } @@ -230,32 +229,33 @@ public class SearchReqs extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - cmsReq.setStatus(CMSRequest.SUCCESS); - resp.setContentType("text/html"); - form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } /** * Process the key search. */ - private void process(CMSTemplateParams argSet, IArgBlock header, - String filter, IAuthToken token, int maxResults, int timeLimit, - HttpServletRequest req, HttpServletResponse resp, Locale locale) - throws EBaseException { + private void process(CMSTemplateParams argSet, IArgBlock header, + String filter, IAuthToken token, + int maxResults, int timeLimit, + HttpServletRequest req, HttpServletResponse resp, + Locale locale) + throws EBaseException { try { long startTime = CMS.getCurrentDate().getTime(); @@ -272,27 +272,25 @@ public class SearchReqs extends CMSServlet { } else { if (owner.equals("self")) { String self_uid = token.getInString(IAuthToken.USER_ID); - requestowner_filter = "(requestowner=" + self_uid + ")"; + requestowner_filter = "(requestowner="+self_uid+")"; } else { String uid = req.getParameter("uid"); - requestowner_filter = "(requestowner=" + uid + ")"; + requestowner_filter = "(requestowner="+uid+")"; } - newfilter = "(&" + requestowner_filter + filter.substring(2); + newfilter = "(&"+requestowner_filter+filter.substring(2); } // xxx the filter includes serial number range??? if (maxResults == -1 || maxResults > mMaxReturns) { - CMS.debug("Resetting maximum of returned results from " - + maxResults + " to " + mMaxReturns); + CMS.debug("Resetting maximum of returned results from " + maxResults + " to " + mMaxReturns); maxResults = mMaxReturns; } if (timeLimit == -1 || timeLimit > mTimeLimits) { - CMS.debug("Resetting timelimit from " + timeLimit + " to " - + mTimeLimits); + CMS.debug("Resetting timelimit from " + timeLimit + " to " + mTimeLimits); timeLimit = mTimeLimits; } - IRequestList list = (timeLimit > 0) ? mQueue.listRequestsByFilter( - newfilter, maxResults, timeLimit) : mQueue - .listRequestsByFilter(newfilter, maxResults); + IRequestList list = (timeLimit > 0) ? + mQueue.listRequestsByFilter(newfilter, maxResults, timeLimit) : + mQueue.listRequestsByFilter(newfilter, maxResults); int count = 0; @@ -307,8 +305,7 @@ public class SearchReqs extends CMSServlet { long endTime = CMS.getCurrentDate().getTime(); header.addIntegerValue(OUT_CURRENTCOUNT, count); - header.addStringValue("time", - Long.toString(endTime - startTime)); + header.addStringValue("time", Long.toString(endTime - startTime)); } } header.addIntegerValue(OUT_TOTALCOUNT, count); @@ -326,8 +323,7 @@ public class SearchReqs extends CMSServlet { int i = filter.indexOf(CURRENT_TIME, k); while (i > -1) { - if (now == null) - now = new Date(); + if (now == null) now = new Date(); newFilter.append(filter.substring(k, i)); newFilter.append(now.getTime()); k = i + CURRENT_TIME.length(); diff --git a/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java b/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java index 7d30d3ae..1f6efa85 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java @@ -52,11 +52,14 @@ import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.symkey.SessionKey; + + /** - * A class representings an administration servlet for Token Key Service - * Authority. This servlet is responsible to serve tks administrative operation - * such as configuration parameter updates. - * + * A class representings an administration servlet for Token Key + * Service Authority. This servlet is responsible to serve + * tks administrative operation such as configuration + * parameter updates. + * * @version $Revision$, $Date$ */ public class TokenServlet extends CMSServlet { @@ -65,40 +68,66 @@ public class TokenServlet extends CMSServlet { */ private static final long serialVersionUID = 8687436109695172791L; protected static final String PROP_ENABLED = "enabled"; - protected static final String TRANSPORT_KEY_NAME = "sharedSecret"; + protected static final String TRANSPORT_KEY_NAME ="sharedSecret"; private final static String INFO = "TokenServlet"; public static int ERROR = 1; private ITKSAuthority mTKS = null; private String mSelectedToken = null; private String mNewSelectedToken = null; String mKeyNickName = null; - String mNewKeyNickName = null; - private final static String LOGGING_SIGNED_AUDIT_CONFIG_DRM = "LOGGING_SIGNED_AUDIT_CONFIG_DRM_3"; + String mNewKeyNickName = null; + private final static String LOGGING_SIGNED_AUDIT_CONFIG_DRM = + "LOGGING_SIGNED_AUDIT_CONFIG_DRM_3"; IPrettyPrintFormat pp = CMS.getPrettyPrintFormat(":"); - private final static String LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST = "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_3"; + private final static String + LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST = + "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_3"; + + private final static String + LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS = + "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS_8"; - private final static String LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS = "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS_8"; + private final static String + LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE = + "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE_9"; - private final static String LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE = "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE_9"; + private final static String + LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST = + "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_5"; - private final static String LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST = "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_5"; + private final static String + LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS = + "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS_6"; - private final static String LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS = "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS_6"; + private final static String + LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE = + "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE_7"; - private final static String LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE = "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE_7"; - private final static String LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST = "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_4"; + private final static String + LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST = + "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_4"; - private final static String LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS = "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS_7"; + private final static String + LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS = + "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS_7"; - private final static String LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE = "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE_8"; + private final static String + LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE = + "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE_8"; - private final static String LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST = "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_2"; + private final static String + LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST = + "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_2"; - private final static String LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS = "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS_3"; + private final static String + LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS = + "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS_3"; - private final static String LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE = "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE_4"; + private final static String + LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE = + "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE_4"; /** * Constructs tks servlet. @@ -108,13 +137,14 @@ public class TokenServlet extends CMSServlet { } - public static String trim(String a) { - StringBuffer newa = new StringBuffer(); + public static String trim(String a) + { + StringBuffer newa = new StringBuffer(); StringTokenizer tokens = new StringTokenizer(a, "\n"); - while (tokens.hasMoreTokens()) { - newa.append(tokens.nextToken()); - } - return newa.toString(); + while (tokens.hasMoreTokens()) { + newa.append(tokens.nextToken()); + } + return newa.toString(); } public void init(ServletConfig config) throws ServletException { @@ -123,19 +153,18 @@ public class TokenServlet extends CMSServlet { /** * Returns serlvet information. - * + * * @return name of this servlet */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } - - /** - * Process the HTTP request. - * + /** + * Process the HTTP request. + * * @param s The URL to decode. */ - protected String URLdecode(String s) { + protected String URLdecode(String s) { if (s == null) return null; ByteArrayOutputStream out = new ByteArrayOutputStream(s.length()); @@ -155,63 +184,62 @@ public class TokenServlet extends CMSServlet { } } // end for return out.toString(); - } + } - private void setDefaultSlotAndKeyName(HttpServletRequest req) { - try { + private void setDefaultSlotAndKeyName(HttpServletRequest req) + { + try { - String keySet = req.getParameter("keySet"); - if (keySet == null || keySet.equals("")) { - keySet = "defKeySet"; - } - CMS.debug("keySet selected: " + keySet); - - mNewSelectedToken = null; - - mSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot"); - String masterKeyPrefix = CMS.getConfigStore().getString( - "tks.master_key_prefix", null); - String temp = req.getParameter("KeyInfo"); // #xx#xx - String keyInfoMap = "tks." + keySet + ".mk_mappings." + temp; - String mappingValue = CMS.getConfigStore().getString(keyInfoMap, - null); - if (mappingValue != null) { - StringTokenizer st = new StringTokenizer(mappingValue, ":"); - int tokenNumber = 0; - while (st.hasMoreTokens()) { - - String currentToken = st.nextToken(); - if (tokenNumber == 0) - mSelectedToken = currentToken; - else if (tokenNumber == 1) - mKeyNickName = currentToken; - tokenNumber++; + String keySet = req.getParameter("keySet"); + if (keySet == null || keySet.equals("")) { + keySet = "defKeySet"; + } + CMS.debug("keySet selected: " + keySet); - } - } - if (req.getParameter("newKeyInfo") != null) // for diversification - { - temp = req.getParameter("newKeyInfo"); // #xx#xx - String newKeyInfoMap = "tks." + keySet + ".mk_mappings." + temp; - String newMappingValue = CMS.getConfigStore().getString( - newKeyInfoMap, null); - if (newMappingValue != null) { - StringTokenizer st = new StringTokenizer(newMappingValue, - ":"); - int tokenNumber = 0; - while (st.hasMoreTokens()) { - String currentToken = st.nextToken(); - if (tokenNumber == 0) - mNewSelectedToken = currentToken; - else if (tokenNumber == 1) - mNewKeyNickName = currentToken; + mNewSelectedToken = null; + + mSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot"); + String masterKeyPrefix = CMS.getConfigStore().getString("tks.master_key_prefix", null); + String temp = req.getParameter("KeyInfo"); //#xx#xx + String keyInfoMap = "tks." + keySet + ".mk_mappings." + temp; + String mappingValue = CMS.getConfigStore().getString(keyInfoMap, null); + if(mappingValue!=null) + { + StringTokenizer st = new StringTokenizer(mappingValue, ":"); + int tokenNumber=0; + while (st.hasMoreTokens()) { + + String currentToken= st.nextToken(); + if(tokenNumber==0) + mSelectedToken = currentToken; + else if(tokenNumber==1) + mKeyNickName = currentToken; tokenNumber++; - + } - } } + if(req.getParameter("newKeyInfo")!=null) // for diversification + { + temp = req.getParameter("newKeyInfo"); //#xx#xx + String newKeyInfoMap = "tks." + keySet + ".mk_mappings." + temp; + String newMappingValue = CMS.getConfigStore().getString(newKeyInfoMap, null); + if(newMappingValue!=null) + { + StringTokenizer st = new StringTokenizer(newMappingValue, ":"); + int tokenNumber=0; + while (st.hasMoreTokens()) { + String currentToken= st.nextToken(); + if(tokenNumber==0) + mNewSelectedToken = currentToken; + else if(tokenNumber==1) + mNewKeyNickName = currentToken; + tokenNumber++; + + } + } + } - SessionKey.SetDefaultPrefix(masterKeyPrefix); + SessionKey.SetDefaultPrefix(masterKeyPrefix); } catch (Exception e) { e.printStackTrace(); @@ -221,8 +249,9 @@ public class TokenServlet extends CMSServlet { } private void processComputeSessionKey(HttpServletRequest req, - HttpServletResponse resp) throws EBaseException { - byte[] card_challenge, host_challenge, keyInfo, xCUID, CUID, session_key; + HttpServletResponse resp) throws EBaseException + { + byte[] card_challenge ,host_challenge,keyInfo, xCUID, CUID, session_key; byte[] card_crypto, host_cryptogram, input_card_crypto; byte[] xcard_challenge, xhost_challenge; byte[] enc_session_key, xkeyInfo; @@ -230,18 +259,18 @@ public class TokenServlet extends CMSServlet { String errorMsg = ""; String badParams = ""; String transportKeyName = ""; - - String rCUID = req.getParameter("CUID"); + + String rCUID = req.getParameter("CUID"); String keySet = req.getParameter("keySet"); if (keySet == null || keySet.equals("")) { - keySet = "defKeySet"; + keySet = "defKeySet"; } CMS.debug("keySet selected: " + keySet); boolean serversideKeygen = false; byte[] drm_trans_wrapped_desKey = null; - PK11SymKey desKey = null; - // PK11SymKey kek_session_key; + PK11SymKey desKey = null; + // PK11SymKey kek_session_key; PK11SymKey kek_key; IConfigStore sconfig = CMS.getConfigStore(); @@ -251,53 +280,52 @@ public class TokenServlet extends CMSServlet { card_crypto = null; host_cryptogram = null; enc_session_key = null; - // kek_session_key = null; + // kek_session_key = null; SessionContext sContext = SessionContext.getContext(); - String agentId = ""; + String agentId=""; if (sContext != null) { - agentId = (String) sContext.get(SessionContext.USER_ID); + agentId = + (String) sContext.get(SessionContext.USER_ID); } auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST, rCUID, - ILogger.SUCCESS, agentId); + LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST, + rCUID, + ILogger.SUCCESS, + agentId); audit(auditMessage); String kek_wrapped_desKeyString = null; - String keycheck_s = null; + String keycheck_s = null; CMS.debug("processComputeSessionKey:"); - String useSoftToken_s = CMS.getConfigStore().getString( - "tks.useSoftToken", "true"); - if (!useSoftToken_s.equalsIgnoreCase("true")) - useSoftToken_s = "false"; + String useSoftToken_s = CMS.getConfigStore().getString("tks.useSoftToken", "true"); + if (!useSoftToken_s.equalsIgnoreCase("true")) + useSoftToken_s = "false"; - String rServersideKeygen = (String) req - .getParameter("serversideKeygen"); + String rServersideKeygen = (String) req.getParameter("serversideKeygen"); if (rServersideKeygen.equals("true")) { - CMS.debug("TokenServlet: serversideKeygen requested"); - serversideKeygen = true; + CMS.debug("TokenServlet: serversideKeygen requested"); + serversideKeygen = true; } else { - CMS.debug("TokenServlet: serversideKeygen not requested"); + CMS.debug("TokenServlet: serversideKeygen not requested"); } try { - isCryptoValidate = sconfig.getBoolean( - "cardcryptogram.validate.enable", true); + isCryptoValidate = sconfig.getBoolean("cardcryptogram.validate.enable", true); } catch (EBaseException eee) { } try { - transportKeyName = sconfig.getString("tks.tksSharedSymKeyName", - TRANSPORT_KEY_NAME); + transportKeyName = sconfig.getString("tks.tksSharedSymKeyName",TRANSPORT_KEY_NAME); } catch (EBaseException e) { } - CMS.debug("TokenServlet: ComputeSessionKey(): tksSharedSymKeyName: " - + transportKeyName); + CMS.debug("TokenServlet: ComputeSessionKey(): tksSharedSymKeyName: " + transportKeyName); + String rcard_challenge = req.getParameter("card_challenge"); String rhost_challenge = req.getParameter("host_challenge"); @@ -327,6 +355,7 @@ public class TokenServlet extends CMSServlet { missingParam = true; } + String selectedToken = null; String keyNickName = null; boolean sameCardCrypto = true; @@ -335,51 +364,48 @@ public class TokenServlet extends CMSServlet { xCUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID); if (xCUID == null || xCUID.length != 10) { - badParams += " CUID length,"; - CMS.debug("TokenServlet: Invalid CUID length"); - missingParam = true; + badParams += " CUID length,"; + CMS.debug("TokenServlet: Invalid CUID length"); + missingParam = true; } xkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo); if (xkeyInfo == null || xkeyInfo.length != 2) { - badParams += " KeyInfo length,"; - CMS.debug("TokenServlet: Invalid key info length."); - missingParam = true; + badParams += " KeyInfo length,"; + CMS.debug("TokenServlet: Invalid key info length."); + missingParam = true; } - xcard_challenge = com.netscape.cmsutil.util.Utils - .SpecialDecode(rcard_challenge); + xcard_challenge = + com.netscape.cmsutil.util.Utils.SpecialDecode(rcard_challenge); if (xcard_challenge == null || xcard_challenge.length != 8) { - badParams += " card_challenge length,"; - CMS.debug("TokenServlet: Invalid card challenge length."); - missingParam = true; + badParams += " card_challenge length,"; + CMS.debug("TokenServlet: Invalid card challenge length."); + missingParam = true; } - - xhost_challenge = com.netscape.cmsutil.util.Utils - .SpecialDecode(rhost_challenge); + + xhost_challenge = com.netscape.cmsutil.util.Utils.SpecialDecode(rhost_challenge); if (xhost_challenge == null || xhost_challenge.length != 8) { - badParams += " host_challenge length,"; - CMS.debug("TokenServlet: Invalid host challenge length"); - missingParam = true; + badParams += " host_challenge length,"; + CMS.debug("TokenServlet: Invalid host challenge length"); + missingParam = true; } - + } CUID = null; if (!missingParam) { - card_challenge = com.netscape.cmsutil.util.Utils - .SpecialDecode(rcard_challenge); - - host_challenge = com.netscape.cmsutil.util.Utils - .SpecialDecode(rhost_challenge); + card_challenge = + com.netscape.cmsutil.util.Utils.SpecialDecode(rcard_challenge); + + host_challenge = com.netscape.cmsutil.util.Utils.SpecialDecode(rhost_challenge); keyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo); - CUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID); + CUID =com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID); - String keyInfoMap = "tks." + keySet + ".mk_mappings." + rKeyInfo; // #xx#xx - String mappingValue = CMS.getConfigStore().getString(keyInfoMap, - null); + String keyInfoMap = "tks." + keySet + ".mk_mappings." + rKeyInfo; //#xx#xx + String mappingValue = CMS.getConfigStore().getString(keyInfoMap, null); if (mappingValue == null) { - selectedToken = CMS.getConfigStore().getString( - "tks.defaultSlot", "internal"); + selectedToken = + CMS.getConfigStore().getString("tks.defaultSlot", "internal"); keyNickName = rKeyInfo; } else { StringTokenizer st = new StringTokenizer(mappingValue, ":"); @@ -393,198 +419,175 @@ public class TokenServlet extends CMSServlet { try { - byte macKeyArray[] = com.netscape.cmsutil.util.Utils - .SpecialDecode(sconfig.getString("tks." + keySet - + ".mac_key")); - CMS.debug("TokenServlet about to try ComputeSessionKey selectedToken=" - + selectedToken + " keyNickName=" + keyNickName); - session_key = SessionKey.ComputeSessionKey(selectedToken, - keyNickName, card_challenge, host_challenge, - keyInfo, CUID, macKeyArray, useSoftToken_s, keySet, - transportKeyName); - - if (session_key == null) { + byte macKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".mac_key")); + CMS.debug("TokenServlet about to try ComputeSessionKey selectedToken=" + selectedToken + " keyNickName=" + keyNickName); + session_key = SessionKey.ComputeSessionKey( + selectedToken,keyNickName,card_challenge, + host_challenge,keyInfo,CUID, macKeyArray, useSoftToken_s, keySet, transportKeyName ); + + if(session_key == null) + { CMS.debug("TokenServlet:Tried ComputeSessionKey, got NULL "); - throw new Exception("Can't compute session key!"); + throw new Exception("Can't compute session key!"); - } + } - byte encKeyArray[] = com.netscape.cmsutil.util.Utils - .SpecialDecode(sconfig.getString("tks." + keySet - + ".auth_key")); + byte encKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".auth_key")); enc_session_key = SessionKey.ComputeEncSessionKey( - selectedToken, keyNickName, card_challenge, - host_challenge, keyInfo, CUID, encKeyArray, - useSoftToken_s, keySet); + selectedToken,keyNickName,card_challenge, + host_challenge,keyInfo,CUID, encKeyArray, useSoftToken_s, keySet); - if (enc_session_key == null) { + if(enc_session_key == null) + { CMS.debug("TokenServlet:Tried ComputeEncSessionKey, got NULL "); - throw new Exception("Can't compute enc session key!"); - + throw new Exception("Can't compute enc session key!"); + } if (serversideKeygen == true) { /** - * 0. generate des key 1. encrypt des key with kek key - * 2. encrypt des key with DRM transport key These two - * wrapped items are to be sent back to TPS. 2nd item is - * to DRM + * 0. generate des key + * 1. encrypt des key with kek key + * 2. encrypt des key with DRM transport key + * These two wrapped items are to be sent back to + * TPS. 2nd item is to DRM **/ CMS.debug("TokenServlet: calling ComputeKekKey"); - byte kekKeyArray[] = com.netscape.cmsutil.util.Utils - .SpecialDecode(sconfig.getString("tks." - + keySet + ".kek_key")); + byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key")); + + + kek_key = SessionKey.ComputeKekKey( + selectedToken,keyNickName,card_challenge, + host_challenge,keyInfo,CUID, kekKeyArray, useSoftToken_s,keySet); - kek_key = SessionKey.ComputeKekKey(selectedToken, - keyNickName, card_challenge, host_challenge, - keyInfo, CUID, kekKeyArray, useSoftToken_s, - keySet); CMS.debug("TokenServlet: called ComputeKekKey"); - if (kek_key == null) { + if(kek_key == null) + { CMS.debug("TokenServlet:Tried ComputeKekKey, got NULL "); - throw new Exception("Can't compute kek key!"); - + throw new Exception("Can't compute kek key!"); + } // now use kek key to wrap kek session key.. - CMS.debug("computeSessionKey:kek key len =" - + kek_key.getLength()); - - // (1) generate DES key - /* - * applet does not support DES3 - * org.mozilla.jss.crypto.KeyGenerator kg = - * internalToken.getKeyGenerator(KeyGenAlgorithm.DES3); - * desKey = kg.generate(); - */ - - /* - * XXX GenerateSymkey firt generates a 16 byte DES2 key. - * It then pads it into a 24 byte key with last 8 bytes - * copied from the 1st 8 bytes. Effectively making it a - * 24 byte DES2 key. We need this for wrapping private - * keys on DRM. - */ - /* generate it on whichever token the master key is at */ - if (useSoftToken_s.equals("true")) { - CMS.debug("TokenServlet: key encryption key generated on internal"); - // cfu audit here? sym key gen - desKey = SessionKey.GenerateSymkey("internal"); - // cfu audit here? sym key gen done - } else { - CMS.debug("TokenServlet: key encryption key generated on " - + selectedToken); - desKey = SessionKey.GenerateSymkey(selectedToken); - } - if (desKey != null) - CMS.debug("TokenServlet: key encryption key generated for " - + rCUID); - else { - CMS.debug("TokenServlet: key encryption key generation failed for " - + rCUID); - throw new Exception( - "can't generate key encryption key"); - } - - /* - * XXX ECBencrypt actually takes the 24 byte DES2 key - * and discard the last 8 bytes before it encrypts. This - * is done so that the applet can digest it - */ - byte[] encDesKey = SessionKey.ECBencrypt(kek_key, - desKey); - /* - * CMS.debug("computeSessionKey:encrypted desKey size = " - * +encDesKey.length); CMS.debug(encDesKey); - */ - - kek_wrapped_desKeyString = com.netscape.cmsutil.util.Utils - .SpecialEncode(encDesKey); - - // get keycheck - byte[] keycheck = SessionKey.ComputeKeyCheck(desKey); - /* - * CMS.debug("computeSessionKey:keycheck size = "+keycheck - * .length); CMS.debug(keycheck); - */ - keycheck_s = com.netscape.cmsutil.util.Utils - .SpecialEncode(keycheck); - - // XXX use DRM transport cert to wrap desKey - String drmTransNickname = CMS.getConfigStore() - .getString("tks.drm_transport_cert_nickname", - ""); - - if ((drmTransNickname == null) - || (drmTransNickname == "")) { - CMS.debug("TokenServlet:did not find DRM transport certificate nickname"); - throw new Exception( - "can't find DRM transport certificate nickname"); + CMS.debug("computeSessionKey:kek key len ="+ + kek_key.getLength()); + + // (1) generate DES key + /* applet does not support DES3 + org.mozilla.jss.crypto.KeyGenerator kg = + internalToken.getKeyGenerator(KeyGenAlgorithm.DES3); + desKey = kg.generate();*/ + + /* + * XXX GenerateSymkey firt generates a 16 byte DES2 key. + * It then pads it into a 24 byte key with last + * 8 bytes copied from the 1st 8 bytes. Effectively + * making it a 24 byte DES2 key. We need this for + * wrapping private keys on DRM. + */ + /*generate it on whichever token the master key is at*/ + if (useSoftToken_s.equals("true")) { + CMS.debug("TokenServlet: key encryption key generated on internal"); +//cfu audit here? sym key gen + desKey = SessionKey.GenerateSymkey("internal"); +//cfu audit here? sym key gen done } else { - CMS.debug("TokenServlet:drmtransport_cert_nickname=" - + drmTransNickname); + CMS.debug("TokenServlet: key encryption key generated on " + selectedToken); + desKey = SessionKey.GenerateSymkey(selectedToken); } + if (desKey != null) + CMS.debug("TokenServlet: key encryption key generated for "+rCUID); + else { + CMS.debug("TokenServlet: key encryption key generation failed for "+rCUID); + throw new Exception ("can't generate key encryption key"); + } + + /* + * XXX ECBencrypt actually takes the 24 byte DES2 key + * and discard the last 8 bytes before it encrypts. + * This is done so that the applet can digest it + */ + byte[] encDesKey = + SessionKey.ECBencrypt( kek_key, + desKey); + /* + CMS.debug("computeSessionKey:encrypted desKey size = "+encDesKey.length); + CMS.debug(encDesKey); + */ + + kek_wrapped_desKeyString = + com.netscape.cmsutil.util.Utils.SpecialEncode(encDesKey); + + // get keycheck + byte[] keycheck = + SessionKey.ComputeKeyCheck(desKey); + /* + CMS.debug("computeSessionKey:keycheck size = "+keycheck.length); + CMS.debug(keycheck); + */ + keycheck_s = + com.netscape.cmsutil.util.Utils.SpecialEncode(keycheck); + + //XXX use DRM transport cert to wrap desKey + String drmTransNickname = CMS.getConfigStore().getString("tks.drm_transport_cert_nickname", ""); + + if ((drmTransNickname == null) || (drmTransNickname == "")) { + CMS.debug("TokenServlet:did not find DRM transport certificate nickname"); + throw new Exception("can't find DRM transport certificate nickname"); + } else { + CMS.debug("TokenServlet:drmtransport_cert_nickname="+drmTransNickname); + } X509Certificate drmTransCert = null; - drmTransCert = CryptoManager.getInstance() - .findCertByNickname(drmTransNickname); + drmTransCert = CryptoManager.getInstance().findCertByNickname(drmTransNickname); // wrap kek session key with DRM transport public key - CryptoToken token = null; - if (useSoftToken_s.equals("true")) { - // token = - // CryptoManager.getInstance().getTokenByName(selectedToken); - token = CryptoManager.getInstance() - .getInternalCryptoToken(); + CryptoToken token = null; + if (useSoftToken_s.equals("true")) { + //token = CryptoManager.getInstance().getTokenByName(selectedToken); + token = CryptoManager.getInstance().getInternalCryptoToken(); } else { - token = CryptoManager.getInstance().getTokenByName( - selectedToken); + token = CryptoManager.getInstance().getTokenByName(selectedToken); } PublicKey pubKey = drmTransCert.getPublicKey(); String pubKeyAlgo = pubKey.getAlgorithm(); CMS.debug("Transport Cert Key Algorithm: " + pubKeyAlgo); KeyWrapper keyWrapper = null; - // For wrapping symmetric keys don't need IV, use ECB + //For wrapping symmetric keys don't need IV, use ECB if (pubKeyAlgo.equals("EC")) { - keyWrapper = token - .getKeyWrapper(KeyWrapAlgorithm.AES_ECB); + keyWrapper = token.getKeyWrapper(KeyWrapAlgorithm.AES_ECB); keyWrapper.initWrap(pubKey, null); } else { - keyWrapper = token - .getKeyWrapper(KeyWrapAlgorithm.RSA); + keyWrapper = token.getKeyWrapper(KeyWrapAlgorithm.RSA); keyWrapper.initWrap(pubKey, null); } - CMS.debug("desKey token " - + desKey.getOwningToken().getName() - + " token: " + token.getName()); + CMS.debug("desKey token " + desKey.getOwningToken().getName() + " token: " + token.getName() ); drm_trans_wrapped_desKey = keyWrapper.wrap(desKey); - CMS.debug("computeSessionKey:desKey wrapped with drm transportation key."); + CMS.debug("computeSessionKey:desKey wrapped with drm transportation key."); } // if (serversideKeygen == true) - byte authKeyArray[] = com.netscape.cmsutil.util.Utils - .SpecialDecode(sconfig.getString("tks." + keySet - + ".auth_key")); + byte authKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".auth_key")); host_cryptogram = SessionKey.ComputeCryptogram( - selectedToken, keyNickName, card_challenge, - host_challenge, keyInfo, CUID, 0, authKeyArray, - useSoftToken_s, keySet); + selectedToken,keyNickName,card_challenge, + host_challenge,keyInfo,CUID,0, authKeyArray, useSoftToken_s, keySet); - if (host_cryptogram == null) { + if(host_cryptogram == null) + { CMS.debug("TokenServlet:Tried ComputeCryptogram, got NULL "); - throw new Exception("Can't compute host cryptogram!"); + throw new Exception("Can't compute host cryptogram!"); } - card_crypto = SessionKey.ComputeCryptogram(selectedToken, - keyNickName, card_challenge, host_challenge, - keyInfo, CUID, 1, authKeyArray, useSoftToken_s, - keySet); + card_crypto = SessionKey.ComputeCryptogram( + selectedToken,keyNickName,card_challenge, + host_challenge,keyInfo,CUID,1, authKeyArray, useSoftToken_s, keySet); - if (card_crypto == null) { + if(card_crypto == null) + { CMS.debug("TokenServlet:Tried ComputeCryptogram, got NULL "); - throw new Exception("Can't compute card cryptogram!"); + throw new Exception("Can't compute card cryptogram!"); } @@ -593,10 +596,10 @@ public class TokenServlet extends CMSServlet { CMS.debug("TokenServlet: ComputeCryptogram(): missing card cryptogram"); throw new Exception("Missing card cryptogram"); } - input_card_crypto = com.netscape.cmsutil.util.Utils - .SpecialDecode(rcard_cryptogram); + input_card_crypto = + com.netscape.cmsutil.util.Utils.SpecialDecode(rcard_cryptogram); if (card_crypto.length == input_card_crypto.length) { - for (int i = 0; i < card_crypto.length; i++) { + for (int i=0; i<card_crypto.length; i++) { if (card_crypto[i] != input_card_crypto[i]) { sameCardCrypto = false; break; @@ -608,20 +611,17 @@ public class TokenServlet extends CMSServlet { } } - CMS.getLogger().log( - ILogger.EV_AUDIT, + CMS.getLogger().log(ILogger.EV_AUDIT, ILogger.S_TKS, - ILogger.LL_INFO, - "processComputeSessionKey for CUID=" - + trim(pp.toHexString(CUID))); - } catch (Exception e) { + ILogger.LL_INFO,"processComputeSessionKey for CUID=" + + trim(pp.toHexString(CUID))); + } catch (Exception e) { CMS.debug(e); - CMS.debug("TokenServlet Computing Session Key: " - + e.toString()); + CMS.debug("TokenServlet Computing Session Key: " + e.toString()); if (isCryptoValidate) sameCardCrypto = false; } - } + } } // ! missingParam String value = ""; @@ -634,33 +634,34 @@ public class TokenServlet extends CMSServlet { String cryptogram = ""; String status = "0"; if (session_key != null && session_key.length > 0) { - outputString = com.netscape.cmsutil.util.Utils - .SpecialEncode(session_key); - } else { - + outputString = + com.netscape.cmsutil.util.Utils.SpecialEncode(session_key); + } else { + status = "1"; } if (enc_session_key != null && enc_session_key.length > 0) { - encSessionKeyString = com.netscape.cmsutil.util.Utils - .SpecialEncode(enc_session_key); - } else { + encSessionKeyString = + com.netscape.cmsutil.util.Utils.SpecialEncode(enc_session_key); + } else { status = "1"; } + if (serversideKeygen == true) { - if (drm_trans_wrapped_desKey != null - && drm_trans_wrapped_desKey.length > 0) - drm_trans_wrapped_desKeyString = com.netscape.cmsutil.util.Utils - .SpecialEncode(drm_trans_wrapped_desKey); - else { - status = "1"; + if ( drm_trans_wrapped_desKey != null && drm_trans_wrapped_desKey.length > 0) + drm_trans_wrapped_desKeyString = + com.netscape.cmsutil.util.Utils.SpecialEncode(drm_trans_wrapped_desKey); + else { + status = "1"; } - } + } + if (host_cryptogram != null && host_cryptogram.length > 0) { - cryptogram = com.netscape.cmsutil.util.Utils - .SpecialEncode(host_cryptogram); + cryptogram = + com.netscape.cmsutil.util.Utils.SpecialEncode(host_cryptogram); } else { status = "2"; } @@ -676,30 +677,32 @@ public class TokenServlet extends CMSServlet { if (missingParam) { status = "3"; } - - if (!status.equals("0")) { - - if (status.equals("1")) { - errorMsg = "Problem generating session key info."; - } - - if (status.equals("2")) { - errorMsg = "Problem creating host_cryptogram."; - } - - if (status.equals("4")) { - errorMsg = "Problem obtaining token information."; - } - - if (status.equals("3")) { - if (badParams.endsWith(",")) { - badParams = badParams.substring(0, badParams.length() - 1); - } - errorMsg = "Missing input parameters :" + badParams; - } - - value = "status=" + status; - } else { + + if (!status.equals("0")) { + + + if(status.equals("1")) { + errorMsg = "Problem generating session key info."; + } + + if(status.equals("2")) { + errorMsg = "Problem creating host_cryptogram."; + } + + if(status.equals("4")) { + errorMsg = "Problem obtaining token information."; + } + + if(status.equals("3")) { + if(badParams.endsWith(",")) { + badParams = badParams.substring(0,badParams.length() -1); + } + errorMsg = "Missing input parameters :" + badParams; + } + + value = "status="+status; + } + else { if (serversideKeygen == true) { StringBuffer sb = new StringBuffer(); sb.append("status=0&"); @@ -708,10 +711,10 @@ public class TokenServlet extends CMSServlet { sb.append("&hostCryptogram="); sb.append(cryptogram); sb.append("&encSessionKey="); - sb.append(encSessionKeyString); + sb.append(encSessionKeyString); sb.append("&kek_wrapped_desKey="); sb.append(kek_wrapped_desKeyString); - sb.append("&keycheck="); + sb.append("&keycheck="); sb.append(keycheck_s); sb.append("&drm_trans_wrapped_desKey="); sb.append(drm_trans_wrapped_desKeyString); @@ -721,19 +724,19 @@ public class TokenServlet extends CMSServlet { sb.append("status=0&"); sb.append("sessionKey="); sb.append(outputString); - sb.append("&hostCryptogram="); - sb.append(cryptogram); + sb.append("&hostCryptogram="); + sb.append(cryptogram); sb.append("&encSessionKey="); sb.append(encSessionKeyString); value = sb.toString(); } } - CMS.debug("TokenServlet:outputString.encode " + value); + CMS.debug("TokenServlet:outputString.encode " +value); - try { + try{ resp.setContentLength(value.length()); - CMS.debug("TokenServlet:outputString.length " + value.length()); + CMS.debug("TokenServlet:outputString.length " +value.length()); OutputStream ooss = resp.getOutputStream(); ooss.write(value.getBytes()); ooss.flush(); @@ -741,65 +744,78 @@ public class TokenServlet extends CMSServlet { } catch (IOException e) { CMS.debug("TokenServlet: " + e.toString()); } - - if (status.equals("0")) { - - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, - rCUID, ILogger.SUCCESS, status, agentId, - isCryptoValidate ? "true" : "false", - serversideKeygen ? "true" : "false", selectedToken, - keyNickName); + + if(status.equals("0")) { + + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, + rCUID, + ILogger.SUCCESS, + status, + agentId, + isCryptoValidate? "true":"false", + serversideKeygen? "true":"false", + selectedToken, + keyNickName); } else { - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE, - rCUID, ILogger.FAILURE, status, agentId, - isCryptoValidate ? "true" : "false", - serversideKeygen ? "true" : "false", selectedToken, - keyNickName, errorMsg); - } - + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE, + rCUID, + ILogger.FAILURE, + status, + agentId, + isCryptoValidate? "true":"false", + serversideKeygen? "true":"false", + selectedToken, + keyNickName, + errorMsg); + } + audit(auditMessage); } private void processDiversifyKey(HttpServletRequest req, - HttpServletResponse resp) throws EBaseException { - byte[] KeySetData, KeysValues, CUID, xCUID; - byte[] xkeyInfo, xnewkeyInfo; + HttpServletResponse resp) throws EBaseException { + byte[] KeySetData,KeysValues,CUID,xCUID; + byte[] xkeyInfo,xnewkeyInfo; boolean missingParam = false; String errorMsg = ""; String badParams = ""; IConfigStore sconfig = CMS.getConfigStore(); - String rnewKeyInfo = req.getParameter("newKeyInfo"); + String rnewKeyInfo = req.getParameter("newKeyInfo"); String newMasterKeyName = req.getParameter("newKeyInfo"); String oldMasterKeyName = req.getParameter("KeyInfo"); - String rCUID = req.getParameter("CUID"); - String auditMessage = ""; + String rCUID =req.getParameter("CUID"); + String auditMessage=""; String keySet = req.getParameter("keySet"); if (keySet == null || keySet.equals("")) { - keySet = "defKeySet"; + keySet = "defKeySet"; } CMS.debug("keySet selected: " + keySet); SessionContext sContext = SessionContext.getContext(); - String agentId = ""; + String agentId=""; if (sContext != null) { - agentId = (String) sContext.get(SessionContext.USER_ID); + agentId = + (String) sContext.get(SessionContext.USER_ID); } auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST, rCUID, - ILogger.SUCCESS, agentId, oldMasterKeyName, newMasterKeyName); + LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST, + rCUID, + ILogger.SUCCESS, + agentId, + oldMasterKeyName, + newMasterKeyName); audit(auditMessage); + if ((rCUID == null) || (rCUID.equals(""))) { badParams += " CUID,"; CMS.debug("TokenServlet: processDiversifyKey(): missing request parameter: CUID"); @@ -810,144 +826,130 @@ public class TokenServlet extends CMSServlet { CMS.debug("TokenServlet: processDiversifyKey(): missing request parameter: newKeyInfo"); missingParam = true; } - if ((oldMasterKeyName == null) || (oldMasterKeyName.equals(""))) { + if ((oldMasterKeyName == null) || (oldMasterKeyName.equals(""))){ badParams += " KeyInfo,"; CMS.debug("TokenServlet: processDiversifyKey(): missing request parameter: KeyInfo"); missingParam = true; } if (!missingParam) { - xkeyInfo = com.netscape.cmsutil.util.Utils - .SpecialDecode(oldMasterKeyName); - if (xkeyInfo == null || xkeyInfo.length != 2) { - badParams += " KeyInfo length,"; - CMS.debug("TokenServlet: Invalid key info length"); - missingParam = true; - } - xnewkeyInfo = com.netscape.cmsutil.util.Utils - .SpecialDecode(newMasterKeyName); - if (xnewkeyInfo == null || xnewkeyInfo.length != 2) { - badParams += " NewKeyInfo length,"; - CMS.debug("TokenServlet: Invalid new key info length"); - missingParam = true; - } - } - String useSoftToken_s = CMS.getConfigStore().getString( - "tks.useSoftToken", "true"); - if (!useSoftToken_s.equalsIgnoreCase("true")) - useSoftToken_s = "false"; + xkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(oldMasterKeyName); + if (xkeyInfo == null || xkeyInfo.length != 2) { + badParams += " KeyInfo length,"; + CMS.debug("TokenServlet: Invalid key info length"); + missingParam = true; + } + xnewkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(newMasterKeyName); + if (xnewkeyInfo == null || xnewkeyInfo.length != 2) { + badParams += " NewKeyInfo length,"; + CMS.debug("TokenServlet: Invalid new key info length"); + missingParam = true; + } + } + String useSoftToken_s = CMS.getConfigStore().getString("tks.useSoftToken", "true"); + if (!useSoftToken_s.equalsIgnoreCase("true")) + useSoftToken_s = "false"; KeySetData = null; String outputString = null; if (!missingParam) { - xCUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID); - if (xCUID == null || xCUID.length != 10) { - badParams += " CUID length,"; - CMS.debug("TokenServlet: Invalid CUID length"); - missingParam = true; - } - } + xCUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID); + if (xCUID == null || xCUID.length != 10) { + badParams += " CUID length,"; + CMS.debug("TokenServlet: Invalid CUID length"); + missingParam = true; + } + } if (!missingParam) { - CUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID); - - if (mKeyNickName != null) - oldMasterKeyName = mKeyNickName; - if (mNewKeyNickName != null) - newMasterKeyName = mNewKeyNickName; - - String oldKeyInfoMap = "tks." + keySet + ".mk_mappings." - + req.getParameter("KeyInfo"); // #xx#xx - String oldMappingValue = CMS.getConfigStore().getString( - oldKeyInfoMap, null); - String oldSelectedToken = null; - String oldKeyNickName = null; - if (oldMappingValue == null) { - oldSelectedToken = CMS.getConfigStore().getString( - "tks.defaultSlot", "internal"); - oldKeyNickName = req.getParameter("KeyInfo"); - } else { - StringTokenizer st = new StringTokenizer(oldMappingValue, ":"); - oldSelectedToken = st.nextToken(); - oldKeyNickName = st.nextToken(); - } - - String newKeyInfoMap = "tks.mk_mappings." + rnewKeyInfo; // #xx#xx - String newMappingValue = CMS.getConfigStore().getString( - newKeyInfoMap, null); - String newSelectedToken = null; - String newKeyNickName = null; - if (newMappingValue == null) { - newSelectedToken = CMS.getConfigStore().getString( - "tks.defaultSlot", "internal"); - newKeyNickName = rnewKeyInfo; - } else { - StringTokenizer st = new StringTokenizer(newMappingValue, ":"); - newSelectedToken = st.nextToken(); - newKeyNickName = st.nextToken(); - } - - CMS.debug("process DiversifyKey for oldSelectedToke=" - + oldSelectedToken + " newSelectedToken=" - + newSelectedToken + " oldKeyNickName=" + oldKeyNickName - + " newKeyNickName=" + newKeyNickName); - - byte kekKeyArray[] = com.netscape.cmsutil.util.Utils - .SpecialDecode(sconfig.getString("tks." + keySet - + ".kek_key")); - KeySetData = SessionKey.DiversifyKey(oldSelectedToken, - newSelectedToken, oldKeyNickName, newKeyNickName, - rnewKeyInfo, CUID, kekKeyArray, useSoftToken_s, keySet); - - if (KeySetData == null || KeySetData.length <= 1) { - CMS.getLogger().log(ILogger.EV_AUDIT, ILogger.S_TKS, - ILogger.LL_INFO, - "process DiversifyKey: Missing MasterKey in Slot"); - } - - CMS.getLogger().log( - ILogger.EV_AUDIT, - ILogger.S_TKS, - ILogger.LL_INFO, - "process DiversifyKey for CUID =" - + trim(pp.toHexString(CUID)) - + ";from oldMasterKeyName=" + oldSelectedToken - + ":" + oldKeyNickName + ";to newMasterKeyName=" - + newSelectedToken + ":" + newKeyNickName); - - resp.setContentType("text/html"); - - if (KeySetData != null) { - outputString = new String(KeySetData); - } + CUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID); + + if (mKeyNickName!=null) + oldMasterKeyName = mKeyNickName; + if (mNewKeyNickName!=null) + newMasterKeyName = mNewKeyNickName; + + String oldKeyInfoMap = "tks." + keySet + ".mk_mappings." + req.getParameter("KeyInfo"); //#xx#xx + String oldMappingValue = CMS.getConfigStore().getString(oldKeyInfoMap, null); + String oldSelectedToken = null; + String oldKeyNickName = null; + if (oldMappingValue == null) { + oldSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot", "internal"); + oldKeyNickName = req.getParameter("KeyInfo"); + } else { + StringTokenizer st = new StringTokenizer(oldMappingValue, ":"); + oldSelectedToken = st.nextToken(); + oldKeyNickName = st.nextToken(); + } + + String newKeyInfoMap = "tks.mk_mappings." + rnewKeyInfo; //#xx#xx + String newMappingValue = CMS.getConfigStore().getString(newKeyInfoMap, null); + String newSelectedToken = null; + String newKeyNickName = null; + if (newMappingValue == null) { + newSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot", "internal"); + newKeyNickName = rnewKeyInfo; + } else { + StringTokenizer st = new StringTokenizer(newMappingValue, ":"); + newSelectedToken = st.nextToken(); + newKeyNickName = st.nextToken(); + } + + CMS.debug("process DiversifyKey for oldSelectedToke="+ + oldSelectedToken + " newSelectedToken=" + newSelectedToken + + " oldKeyNickName=" + oldKeyNickName + " newKeyNickName=" + + newKeyNickName); + + byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key")); + KeySetData = SessionKey.DiversifyKey(oldSelectedToken, + newSelectedToken, oldKeyNickName, + newKeyNickName,rnewKeyInfo,CUID, kekKeyArray, useSoftToken_s, keySet); + + if (KeySetData == null || KeySetData.length<=1) { + CMS.getLogger().log(ILogger.EV_AUDIT, + ILogger.S_TKS, + ILogger.LL_INFO,"process DiversifyKey: Missing MasterKey in Slot"); + } + + CMS.getLogger().log(ILogger.EV_AUDIT, + ILogger.S_TKS, + ILogger.LL_INFO,"process DiversifyKey for CUID ="+ trim(pp.toHexString(CUID)) + + ";from oldMasterKeyName="+oldSelectedToken + ":" + oldKeyNickName + +";to newMasterKeyName="+newSelectedToken + ":" + newKeyNickName); + + resp.setContentType("text/html"); + + if (KeySetData != null) { + outputString = new String(KeySetData); + } } // ! missingParam - // CMS.debug("TokenServlet:processDiversifyKey " +outputString); - // String value="keySetData=%00" if the KeySetData=byte[0]=0; + //CMS.debug("TokenServlet:processDiversifyKey " +outputString); + //String value="keySetData=%00" if the KeySetData=byte[0]=0; String value = ""; String status = "0"; if (KeySetData != null && KeySetData.length > 1) { - value = "status=0&" + "keySetData=" - + com.netscape.cmsutil.util.Utils.SpecialEncode(KeySetData); - CMS.debug("TokenServlet:process DiversifyKey.encode " + value); + value = "status=0&"+"keySetData=" + + com.netscape.cmsutil.util.Utils.SpecialEncode(KeySetData); + CMS.debug("TokenServlet:process DiversifyKey.encode " +value); } else if (missingParam) { status = "3"; - if (badParams.endsWith(",")) { - badParams = badParams.substring(0, badParams.length() - 1); + if(badParams.endsWith(",")) { + badParams = badParams.substring(0,badParams.length() -1); } errorMsg = "Missing input parameters: " + badParams; value = "status=" + status; - } else { + } else { errorMsg = "Problem diversifying key data."; status = "1"; value = "status=" + status; } resp.setContentLength(value.length()); - CMS.debug("TokenServlet:outputString.length " + value.length()); + CMS.debug("TokenServlet:outputString.length " +value.length()); - try { + try{ OutputStream ooss = resp.getOutputStream(); ooss.write(value.getBytes()); ooss.flush(); @@ -956,28 +958,35 @@ public class TokenServlet extends CMSServlet { CMS.debug("TokenServlet:process DiversifyKey: " + e.toString()); } - if (status.equals("0")) { + if(status.equals("0")) { - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, - rCUID, ILogger.SUCCESS, status, agentId, - oldMasterKeyName, newMasterKeyName); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, + rCUID, + ILogger.SUCCESS, + status, + agentId, + oldMasterKeyName, + newMasterKeyName); } else { - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE, - rCUID, ILogger.FAILURE, status, agentId, - oldMasterKeyName, newMasterKeyName, errorMsg); - } - - audit(auditMessage); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE, + rCUID, + ILogger.FAILURE, + status, + agentId, + oldMasterKeyName, + newMasterKeyName, + errorMsg); + } + + audit(auditMessage); } private void processEncryptData(HttpServletRequest req, - HttpServletResponse resp) throws EBaseException { + HttpServletResponse resp) throws EBaseException { byte[] keyInfo, CUID, xCUID, encryptedData, xkeyInfo; boolean missingParam = false; byte[] data = null; @@ -997,15 +1006,15 @@ public class TokenServlet extends CMSServlet { SessionContext sContext = SessionContext.getContext(); - String agentId = ""; + String agentId=""; if (sContext != null) { - agentId = (String) sContext.get(SessionContext.USER_ID); + agentId = + (String) sContext.get(SessionContext.USER_ID); } CMS.debug("keySet selected: " + keySet); - String s_isRandom = sconfig.getString("tks.EncryptData.isRandom", - "true"); + String s_isRandom = sconfig.getString("tks.EncryptData.isRandom", "true"); if (s_isRandom.equalsIgnoreCase("false")) { CMS.debug("TokenServlet: processEncryptData(): Random number not to be generated"); isRandom = false; @@ -1015,27 +1024,30 @@ public class TokenServlet extends CMSServlet { } String auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST, rCUID, - ILogger.SUCCESS, agentId, s_isRandom); + LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST, + rCUID, + ILogger.SUCCESS, + agentId, + s_isRandom); audit(auditMessage); if (isRandom) { if ((rdata == null) || (rdata.equals(""))) { - CMS.debug("TokenServlet: processEncryptData(): no data in request. Generating random number as data"); + CMS.debug("TokenServlet: processEncryptData(): no data in request. Generating random number as data"); } else { - CMS.debug("TokenServlet: processEncryptData(): contain data in request, however, random generation on TKS is required. Generating..."); + CMS.debug("TokenServlet: processEncryptData(): contain data in request, however, random generation on TKS is required. Generating..."); } try { - SecureRandom random = SecureRandom.getInstance("SHA1PRNG"); - data = new byte[16]; - random.nextBytes(data); + SecureRandom random = SecureRandom.getInstance("SHA1PRNG"); + data = new byte[16]; + random.nextBytes(data); } catch (Exception e) { - CMS.debug("TokenServlet: processEncryptData():" + e.toString()); - badParams += " Random Number,"; - missingParam = true; + CMS.debug("TokenServlet: processEncryptData():"+ e.toString()); + badParams += " Random Number,"; + missingParam = true; } - } else if ((!isRandom) && (((rdata == null) || (rdata.equals(""))))) { + } else if ((!isRandom) && (((rdata == null) || (rdata.equals(""))))){ CMS.debug("TokenServlet: processEncryptData(): missing request parameter: data."); badParams += " data,"; missingParam = true; @@ -1046,84 +1058,75 @@ public class TokenServlet extends CMSServlet { CMS.debug("TokenServlet: processEncryptData(): missing request parameter: CUID"); missingParam = true; } - + if ((rKeyInfo == null) || (rKeyInfo.equals(""))) { badParams += " KeyInfo,"; CMS.debug("TokenServlet: processEncryptData(): missing request parameter: key info"); missingParam = true; } + if (!missingParam) { - xCUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID); - if (xCUID == null || xCUID.length != 10) { - badParams += " CUID length,"; - CMS.debug("TokenServlet: Invalid CUID length"); - missingParam = true; - } - xkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo); - if (xkeyInfo == null || xkeyInfo.length != 2) { - badParams += " KeyInfo length,"; - CMS.debug("TokenServlet: Invalid key info length"); - missingParam = true; - } + xCUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID); + if (xCUID == null || xCUID.length != 10) { + badParams += " CUID length,"; + CMS.debug("TokenServlet: Invalid CUID length"); + missingParam = true; + } + xkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo); + if (xkeyInfo == null || xkeyInfo.length != 2) { + badParams += " KeyInfo length,"; + CMS.debug("TokenServlet: Invalid key info length"); + missingParam = true; + } } - String useSoftToken_s = CMS.getConfigStore().getString( - "tks.useSoftToken", "true"); - if (!useSoftToken_s.equalsIgnoreCase("true")) - useSoftToken_s = "false"; + String useSoftToken_s = CMS.getConfigStore().getString("tks.useSoftToken","true"); + if (!useSoftToken_s.equalsIgnoreCase("true")) + useSoftToken_s = "false"; String selectedToken = null; String keyNickName = null; if (!missingParam) { - if (!isRandom) - data = com.netscape.cmsutil.util.Utils.SpecialDecode(rdata); - keyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo); - CUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID); - - String keyInfoMap = "tks." + keySet + ".mk_mappings." + rKeyInfo; - String mappingValue = CMS.getConfigStore().getString(keyInfoMap, - null); - if (mappingValue == null) { - selectedToken = CMS.getConfigStore().getString( - "tks.defaultSlot", "internal"); - keyNickName = rKeyInfo; - } else { - StringTokenizer st = new StringTokenizer(mappingValue, ":"); - selectedToken = st.nextToken(); - keyNickName = st.nextToken(); - } - - byte kekKeyArray[] = com.netscape.cmsutil.util.Utils - .SpecialDecode(sconfig.getString("tks." + keySet - + ".kek_key")); - encryptedData = SessionKey.EncryptData(selectedToken, keyNickName, - data, keyInfo, CUID, kekKeyArray, useSoftToken_s, keySet); - - CMS.getLogger().log( - ILogger.EV_AUDIT, - ILogger.S_TKS, - ILogger.LL_INFO, - "process EncryptData for CUID =" - + trim(pp.toHexString(CUID))); + if (!isRandom) + data = com.netscape.cmsutil.util.Utils.SpecialDecode(rdata); + keyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo); + CUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID); + + String keyInfoMap = "tks." + keySet + ".mk_mappings." + rKeyInfo; + String mappingValue = CMS.getConfigStore().getString(keyInfoMap, null); + if (mappingValue == null) { + selectedToken = CMS.getConfigStore().getString("tks.defaultSlot", "internal"); + keyNickName = rKeyInfo; + } else { + StringTokenizer st = new StringTokenizer(mappingValue, ":"); + selectedToken = st.nextToken(); + keyNickName = st.nextToken(); + } + + byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key")); + encryptedData = SessionKey.EncryptData( + selectedToken,keyNickName,data,keyInfo,CUID, kekKeyArray, useSoftToken_s, keySet); + + CMS.getLogger().log(ILogger.EV_AUDIT, + ILogger.S_TKS, + ILogger.LL_INFO,"process EncryptData for CUID ="+ trim(pp.toHexString(CUID))); } // !missingParam resp.setContentType("text/html"); - + String value = ""; - String status = "0"; - if (encryptedData != null && encryptedData.length > 0) { - String outputString = new String(encryptedData); + String status = "0"; + if (encryptedData != null && encryptedData.length > 0) { + String outputString = new String(encryptedData); // sending both the pre-encrypted and encrypted data back - value = "status=0&" - + "data=" - + com.netscape.cmsutil.util.Utils.SpecialEncode(data) - + "&encryptedData=" - + com.netscape.cmsutil.util.Utils - .SpecialEncode(encryptedData); + value = "status=0&"+"data="+ + com.netscape.cmsutil.util.Utils.SpecialEncode(data)+ + "&encryptedData=" + + com.netscape.cmsutil.util.Utils.SpecialEncode(encryptedData); } else if (missingParam) { - if (badParams.endsWith(",")) { - badParams = badParams.substring(0, badParams.length() - 1); + if(badParams.endsWith(",")) { + badParams = badParams.substring(0,badParams.length() -1); } errorMsg = "Missing input parameters: " + badParams; status = "3"; @@ -1134,12 +1137,12 @@ public class TokenServlet extends CMSServlet { value = "status=" + status; } - CMS.debug("TokenServlet:process EncryptData.encode " + value); + CMS.debug("TokenServlet:process EncryptData.encode " +value); try { resp.setContentLength(value.length()); - CMS.debug("TokenServlet:outputString.lenght " + value.length()); - + CMS.debug("TokenServlet:outputString.lenght " +value.length()); + OutputStream ooss = resp.getOutputStream(); ooss.write(value.getBytes()); ooss.flush(); @@ -1148,39 +1151,54 @@ public class TokenServlet extends CMSServlet { CMS.debug("TokenServlet: " + e.toString()); } - if (status.equals("0")) { + if(status.equals("0")) { - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS, - rCUID, ILogger.SUCCESS, status, agentId, - s_isRandom, selectedToken, keyNickName); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS, + rCUID, + ILogger.SUCCESS, + status, + agentId, + s_isRandom, + selectedToken, + keyNickName); } else { - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE, - rCUID, ILogger.FAILURE, status, agentId, - s_isRandom, selectedToken, keyNickName, errorMsg); - } - - audit(auditMessage); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE, + rCUID, + ILogger.FAILURE, + status, + agentId, + s_isRandom, + selectedToken, + keyNickName, + errorMsg); + } + + audit(auditMessage); } - /* - * For EncryptData: data=value1 CUID=value2 // missing from RA - * versionID=value3 // missing from RA - * - * For ComputeSession: card_challenge=value1 host_challenge=value2 - * - * For DiversifyKey: new_master_key_index master_key_index + /* + * For EncryptData: + * data=value1 + * CUID=value2 // missing from RA + * versionID=value3 // missing from RA + * + * For ComputeSession: + * card_challenge=value1 + * host_challenge=value2 + + * For DiversifyKey: + * new_master_key_index + * master_key_index */ private void processComputeRandomData(HttpServletRequest req, - HttpServletResponse resp) throws EBaseException { - - byte[] randomData = null; + HttpServletResponse resp) throws EBaseException { + + byte[] randomData = null; String status = "0"; String errorMsg = ""; String badParams = ""; @@ -1191,22 +1209,26 @@ public class TokenServlet extends CMSServlet { SessionContext sContext = SessionContext.getContext(); - String agentId = ""; + String agentId=""; if (sContext != null) { - agentId = (String) sContext.get(SessionContext.USER_ID); + agentId = + (String) sContext.get(SessionContext.USER_ID); } String sDataSize = req.getParameter("dataNumBytes"); - if (sDataSize == null || sDataSize.equals("")) { + if(sDataSize == null || sDataSize.equals("")) { CMS.debug("TokenServlet::processComputeRandomData missing param dataNumBytes"); badParams += " Random Data size, "; missingParam = true; status = "1"; } else { - try { - dataSize = Integer.parseInt(sDataSize.trim()); - } catch (NumberFormatException nfe) { + try + { + dataSize = Integer.parseInt(sDataSize.trim()); + } + catch (NumberFormatException nfe) + { CMS.debug("TokenServlet::processComputeRandomData invalid data size input!"); badParams += " Random Data size, "; missingParam = true; @@ -1215,43 +1237,42 @@ public class TokenServlet extends CMSServlet { } - CMS.debug("TokenServlet::processComputeRandomData data size requested: " - + dataSize); + CMS.debug("TokenServlet::processComputeRandomData data size requested: " + dataSize); String auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST, - ILogger.SUCCESS, agentId); + LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST, + ILogger.SUCCESS, + agentId); audit(auditMessage); - if (!missingParam) { + if(!missingParam) { try { - SecureRandom random = SecureRandom.getInstance("SHA1PRNG"); - randomData = new byte[dataSize]; - random.nextBytes(randomData); - } catch (Exception e) { - CMS.debug("TokenServlet::processComputeRandomData:" - + e.toString()); - errorMsg = "Can't generate random data!"; - status = "2"; + SecureRandom random = SecureRandom.getInstance("SHA1PRNG"); + randomData = new byte[dataSize]; + random.nextBytes(randomData); + } catch (Exception e) { + CMS.debug("TokenServlet::processComputeRandomData:"+ e.toString()); + errorMsg = "Can't generate random data!"; + status = "2"; } } String randomDataOut = ""; - if (status.equals("0")) { + if(status.equals("0")) { if (randomData != null && randomData.length == dataSize) { - randomDataOut = com.netscape.cmsutil.util.Utils - .SpecialEncode(randomData); + randomDataOut = + com.netscape.cmsutil.util.Utils.SpecialEncode(randomData); } else { status = "2"; errorMsg = "Can't convert random data!"; } } - if (status.equals("1") && missingParam) { + if(status.equals("1") && missingParam) { - if (badParams.endsWith(",")) { - badParams = badParams.substring(0, badParams.length() - 1); + if(badParams.endsWith(",")) { + badParams = badParams.substring(0,badParams.length() -1); } errorMsg = "Missing input parameters :" + badParams; } @@ -1259,16 +1280,15 @@ public class TokenServlet extends CMSServlet { resp.setContentType("text/html"); String value = ""; - value = "status=" + status; - if (status.equals("0")) { - value = value + "&DATA=" + randomDataOut; + value = "status="+status; + if(status.equals("0")) { + value = value + "&DATA="+randomDataOut; } - + try { resp.setContentLength(value.length()); - CMS.debug("TokenServler::processComputeRandomData :outputString.length " - + value.length()); - + CMS.debug("TokenServler::processComputeRandomData :outputString.length " +value.length()); + OutputStream ooss = resp.getOutputStream(); ooss.write(value.getBytes()); ooss.flush(); @@ -1277,19 +1297,22 @@ public class TokenServlet extends CMSServlet { CMS.debug("TokenServlet::processComputeRandomData " + e.toString()); } - if (status.equals("0")) { - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS, - ILogger.SUCCESS, status, agentId); - } else { - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE, - ILogger.FAILURE, status, agentId, errorMsg); - } - - audit(auditMessage); + if(status.equals("0")) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS, + ILogger.SUCCESS, + status, + agentId); + } else { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE, + ILogger.FAILURE, + status, + agentId, + errorMsg); + } + + audit(auditMessage); } public void process(CMSRequest cmsReq) throws EBaseException { @@ -1300,14 +1323,14 @@ public class TokenServlet extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "execute"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "execute"); } catch (Exception e) { } if (authzToken == null) { - try { + try{ resp.setContentType("text/html"); String value = "unauthorized="; CMS.debug("TokenServlet: Unauthorized"); @@ -1317,36 +1340,37 @@ public class TokenServlet extends CMSServlet { ooss.write(value.getBytes()); ooss.flush(); mRenderResult = false; - } catch (Exception e) { + }catch (Exception e) { CMS.debug("TokenServlet: " + e.toString()); } - // cmsReq.setStatus(CMSRequest.UNAUTHORIZED); + // cmsReq.setStatus(CMSRequest.UNAUTHORIZED); return; } String temp = req.getParameter("card_challenge"); mSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot"); setDefaultSlotAndKeyName(req); - if (temp != null) { - processComputeSessionKey(req, resp); - } else if (req.getParameter("data") != null) { - processEncryptData(req, resp); - } else if (req.getParameter("newKeyInfo") != null) { - processDiversifyKey(req, resp); - } else if (req.getParameter("dataNumBytes") != null) { - processComputeRandomData(req, resp); + if(temp!=null) + { + processComputeSessionKey(req,resp); + }else if(req.getParameter("data")!=null){ + processEncryptData(req,resp); + }else if(req.getParameter("newKeyInfo")!=null){ + processDiversifyKey(req,resp); + }else if(req.getParameter("dataNumBytes") !=null){ + processComputeRandomData(req,resp); } } /** * Serves HTTP admin request. - * + * * @param req HTTP request * @param resp HTTP response */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { String scope = req.getParameter(Constants.OP_SCOPE); String op = req.getParameter(Constants.OP_TYPE); @@ -1355,7 +1379,7 @@ public class TokenServlet extends CMSServlet { /** * Parses uid0=pwd0,uid1=pwd1,... into AgentCredential. - * + * * @param s credential string * @return a list of credentials */ @@ -1367,7 +1391,8 @@ public class TokenServlet extends CMSServlet { String a = st.nextToken(); StringTokenizer st0 = new StringTokenizer(a, "="); - v.addElement(new Credential(st0.nextToken(), st0.nextToken())); + v.addElement(new Credential(st0.nextToken(), + st0.nextToken())); } Credential ac[] = new Credential[v.size()]; diff --git a/pki/base/common/src/com/netscape/cms/servlet/wizard/IWizardPanel.java b/pki/base/common/src/com/netscape/cms/servlet/wizard/IWizardPanel.java index 543ef1a3..9d67065d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/wizard/IWizardPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/wizard/IWizardPanel.java @@ -33,19 +33,18 @@ public interface IWizardPanel { /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) throws ServletException; + public void init(ServletConfig config, int panelno) + throws ServletException; - public void init(WizardServlet servlet, ServletConfig config, int panelno, - String id) throws ServletException; + public void init(WizardServlet servlet, ServletConfig config, + int panelno, String id) throws ServletException; public String getName(); public int getPanelNo(); public void setId(String id); - public String getId(); - public PropertySet getUsage(); /** @@ -84,23 +83,25 @@ public interface IWizardPanel { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, Context context); - + HttpServletResponse response, + Context context ); /** * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException; + HttpServletResponse response, + Context context ) throws IOException; /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException; - + HttpServletResponse response, + Context context ) throws IOException; /** * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, Context context); + HttpServletResponse response, + Context context); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/wizard/WizardServlet.java b/pki/base/common/src/com/netscape/cms/servlet/wizard/WizardServlet.java index 3e42d5ba..691d3e98 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/wizard/WizardServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/wizard/WizardServlet.java @@ -37,10 +37,13 @@ import com.netscape.cms.servlet.csadmin.Cert; import com.netscape.cmsutil.crypto.Module; /** - * wizard?p=[panel number]&op=usage <= usage in xml wizard?p=[panel - * number]&op=display wizard?p=[panel number]&op=next&...[additional - * parameters]... wizard?p=[panel number]&op=apply wizard?p=[panel - * number]&op=back wizard?op=menu return menu options + * wizard?p=[panel number]&op=usage <= usage in xml + * wizard?p=[panel number]&op=display + * wizard?p=[panel number]&op=next&...[additional parameters]... + * wizard?p=[panel number]&op=apply + * wizard?p=[panel number]&op=back + * wizard?op=menu + * return menu options */ public class WizardServlet extends VelocityServlet { @@ -51,7 +54,8 @@ public class WizardServlet extends VelocityServlet { private String name = null; private Vector mPanels = new Vector(); - public void init(ServletConfig config) throws ServletException { + public void init(ServletConfig config) throws ServletException + { super.init(config); /* load sequence map */ @@ -60,32 +64,33 @@ public class WizardServlet extends VelocityServlet { StringTokenizer st = new StringTokenizer(panels, ","); int pno = 0; while (st.hasMoreTokens()) { - String p = st.nextToken(); - StringTokenizer st1 = new StringTokenizer(p, "="); - String id = st1.nextToken(); - String pvalue = st1.nextToken(); - try { - IWizardPanel panel = (IWizardPanel) Class.forName(pvalue) - .newInstance(); - panel.init(this, config, pno, id); - CMS.debug("WizardServlet: panel name=" + panel.getName()); - mPanels.addElement(panel); - } catch (Exception e) { - CMS.debug("WizardServlet: " + e.toString()); - } - pno++; + String p = st.nextToken(); + StringTokenizer st1 = new StringTokenizer(p, "="); + String id = st1.nextToken(); + String pvalue = st1.nextToken(); + try { + IWizardPanel panel = (IWizardPanel)Class.forName(pvalue).newInstance(); + panel.init(this, config, pno, id); + CMS.debug("WizardServlet: panel name=" + panel.getName()); + mPanels.addElement(panel); + } catch (Exception e) { + CMS.debug("WizardServlet: " + e.toString()); + } + pno++; } CMS.debug("WizardServlet: done"); - + } public void exposePanels(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context ) + { Enumeration e = mPanels.elements(); Vector panels = new Vector(); while (e.hasMoreElements()) { - IWizardPanel p = (IWizardPanel) e.nextElement(); - panels.addElement(p); + IWizardPanel p = (IWizardPanel)e.nextElement(); + panels.addElement(p); } context.put("panels", panels); } @@ -93,80 +98,84 @@ public class WizardServlet extends VelocityServlet { /** * Cleans up panels from a particular panel. */ - public void cleanUpFromPanel(int pno) throws IOException { - /* panel number starts from zero */ - int s = mPanels.size(); - for (int i = pno; i < s; i++) { - IWizardPanel panel = (IWizardPanel) mPanels.elementAt(i); - panel.cleanUp(); - } + public void cleanUpFromPanel(int pno) throws IOException + { + /* panel number starts from zero */ + int s = mPanels.size(); + for (int i = pno; i < s; i++) { + IWizardPanel panel = (IWizardPanel)mPanels.elementAt(i); + panel.cleanUp(); + } } - public IWizardPanel getPanelByNo(int p) { - IWizardPanel panel = (IWizardPanel) mPanels.elementAt(p); + public IWizardPanel getPanelByNo(int p) + { + IWizardPanel panel = (IWizardPanel)mPanels.elementAt(p); if (panel.shouldSkip()) { - panel = getPanelByNo(p + 1); + panel = getPanelByNo(p+1); } return panel; } public Template displayPanel(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context ) + { CMS.debug("WizardServlet: in display"); int p = getPanelNo(request); if (p == 0) { - CMS.debug("WizardServlet: firstpanel"); - context.put("firstpanel", Boolean.TRUE); + CMS.debug("WizardServlet: firstpanel"); + context.put("firstpanel", Boolean.TRUE); } if (p == (mPanels.size() - 1)) { - CMS.debug("WizardServlet: lastpanel"); - context.put("lastpanel", Boolean.TRUE); + CMS.debug("WizardServlet: lastpanel"); + context.put("lastpanel", Boolean.TRUE); } IWizardPanel panel = getPanelByNo(p); CMS.debug("WizardServlet: panel=" + panel); if (panel.showApplyButton() == true) - context.put("showApplyButton", Boolean.TRUE); + context.put("showApplyButton", Boolean.TRUE); else - context.put("showApplyButton", Boolean.FALSE); + context.put("showApplyButton", Boolean.FALSE); panel.display(request, response, context); context.put("p", Integer.toString(panel.getPanelNo())); try { return Velocity.getTemplate("admin/console/config/wizard.vm"); - } catch (Exception e) { + } catch (Exception e) { } return null; } - public String xml_value_flatten(Object v) { + public String xml_value_flatten(Object v) + { String ret = ""; if (v instanceof String) { ret += v; } else if (v instanceof Integer) { - ret += ((Integer) v).toString(); + ret += ((Integer)v).toString(); } else if (v instanceof Vector) { ret += "<Vector>"; - Vector v1 = (Vector) v; + Vector v1 = (Vector)v; Enumeration e = v1.elements(); StringBuffer sb = new StringBuffer(); while (e.hasMoreElements()) { - sb.append(xml_value_flatten(e.nextElement())); + sb.append(xml_value_flatten(e.nextElement())); } ret += sb.toString(); ret += "</Vector>"; } else if (v instanceof Module) { // for hardware token - Module m = (Module) v; + Module m = (Module)v; ret += "<Module>"; ret += "<CommonName>" + m.getCommonName() + "</CommonName>"; - ret += "<UserFriendlyName>" + m.getUserFriendlyName() - + "</UserFriendlyName>"; + ret += "<UserFriendlyName>" + m.getUserFriendlyName() + "</UserFriendlyName>"; ret += "<ImagePath>" + m.getImagePath() + "</ImagePath>"; ret += "</Module>"; } else if (v instanceof Cert) { - Cert m = (Cert) v; + Cert m = (Cert)v; ret += "<CertReqPair>"; ret += "<Nickname>" + m.getNickname() + "</Nickname>"; ret += "<Tokenname>" + m.getTokenname() + "</Tokenname>"; @@ -178,7 +187,7 @@ public class WizardServlet extends VelocityServlet { ret += "<KeyOption>" + m.getKeyOption() + "</KeyOption>"; ret += "</CertReqPair>"; } else if (v instanceof IWizardPanel) { - IWizardPanel m = (IWizardPanel) v; + IWizardPanel m = (IWizardPanel)v; ret += "<Panel>"; ret += "<Id>" + m.getId() + "</Id>"; ret += "<Name>" + m.getName() + "</Name>"; @@ -189,84 +198,89 @@ public class WizardServlet extends VelocityServlet { return ret; } - public String xml_flatten(Context context) { + public String xml_flatten(Context context) + { StringBuffer ret = new StringBuffer(); - Object o[] = context.getKeys(); - for (int i = 0; i < o.length; i++) { - if (o[i] instanceof String) { - String key = (String) o[i]; - if (key.startsWith("__")) { - continue; - } - ret.append("<"); - ret.append(key); - ret.append(">"); - if (key.equals("bindpwd")) { - ret.append("(sensitive)"); - } else { - Object v = context.get(key); - ret.append(xml_value_flatten(v)); - } - ret.append("</"); - ret.append(key); - ret.append(">"); + Object o[] = context.getKeys(); + for (int i = 0; i < o.length; i ++) { + if (o[i] instanceof String) { + String key = (String)o[i]; + if (key.startsWith("__")) { + continue; + } + ret.append("<"); + ret.append(key); + ret.append(">"); + if (key.equals("bindpwd")) { + ret.append("(sensitive)"); + } else { + Object v = context.get(key); + ret.append(xml_value_flatten(v)); } + ret.append("</"); + ret.append(key); + ret.append(">"); + } } return ret.toString(); } - public int getPanelNo(HttpServletRequest request) { + public int getPanelNo(HttpServletRequest request) + { int p = 0; - - // panel number can be identified by either - // panel no (p parameter) directly, or - // panel name (panelname parameter). + + // panel number can be identified by either + // panel no (p parameter) directly, or + // panel name (panelname parameter). if (request.getParameter("panelname") != null) { - String name = request.getParameter("panelname"); - for (int i = 0; i < mPanels.size(); i++) { - IWizardPanel panel = (IWizardPanel) mPanels.elementAt(i); - if (panel.getId().equals(name)) { - return i; - } + String name = request.getParameter("panelname"); + for (int i = 0; i < mPanels.size(); i++) { + IWizardPanel panel = (IWizardPanel)mPanels.elementAt(i); + if (panel.getId().equals(name)) { + return i; } + } } else if (request.getParameter("p") != null) { - p = Integer.parseInt(request.getParameter("p")); + p = Integer.parseInt(request.getParameter("p")); } return p; } - public String getNameFromPanelNo(int p) { - IWizardPanel wp = (IWizardPanel) mPanels.elementAt(p); - return wp.getId(); + public String getNameFromPanelNo(int p) + { + IWizardPanel wp = (IWizardPanel)mPanels.elementAt(p); + return wp.getId(); } - public IWizardPanel getPreviousPanel(int p) { + public IWizardPanel getPreviousPanel(int p) + { CMS.debug("getPreviousPanel input p=" + p); - IWizardPanel backpanel = (IWizardPanel) mPanels.elementAt(p - 1); + IWizardPanel backpanel = (IWizardPanel)mPanels.elementAt(p-1); if (backpanel.isSubPanel()) { - backpanel = (IWizardPanel) mPanels.elementAt(p - 1 - 1); + backpanel = (IWizardPanel)mPanels.elementAt(p-1-1); } while (backpanel.shouldSkip()) { - backpanel = (IWizardPanel) mPanels - .elementAt(backpanel.getPanelNo() - 1); + backpanel = (IWizardPanel) + mPanels.elementAt(backpanel.getPanelNo() - 1); } CMS.debug("getPreviousPanel output p=" + backpanel.getPanelNo()); return backpanel; } - public IWizardPanel getNextPanel(int p) { + public IWizardPanel getNextPanel(int p) + { CMS.debug("getNextPanel input p=" + p); - IWizardPanel panel = (IWizardPanel) mPanels.elementAt(p); + IWizardPanel panel = (IWizardPanel)mPanels.elementAt(p); if (p == (mPanels.size() - 1)) { p = p; - } else if (panel.isSubPanel()) { - if (panel.isLoopbackPanel()) { - p = p - 1; // Login Panel is a loop back panel - } else { - p = p + 1; - } - } else if (panel.hasSubPanel()) { - p = p + 2; + } else if(panel.isSubPanel()) { + if (panel.isLoopbackPanel()) { + p = p-1; // Login Panel is a loop back panel + } else { + p = p+1; + } + } else if (panel.hasSubPanel()) { + p = p + 2; } else { p = p + 1; } @@ -276,175 +290,191 @@ public class WizardServlet extends VelocityServlet { } public Template goApply(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) + { return goNextApply(request, response, context, true); } public Template goNext(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context ) + { return goNextApply(request, response, context, false); } /* - * The parameter "stay" is used to indicate "apply" without moving to the - * next panel + * The parameter "stay" is used to indicate "apply" without + * moving to the next panel */ public Template goNextApply(HttpServletRequest request, - HttpServletResponse response, Context context, boolean stay) { + HttpServletResponse response, + Context context, boolean stay ) + { int p = getPanelNo(request); if (stay == true) CMS.debug("WizardServlet: in reply " + p); else CMS.debug("WizardServlet: in next " + p); - IWizardPanel panel = (IWizardPanel) mPanels.elementAt(p); + IWizardPanel panel = (IWizardPanel)mPanels.elementAt(p); try { - panel.validate(request, response, context); - try { - panel.update(request, response, context); - if (stay == true) { // "apply" - - if (panel.showApplyButton() == true) - context.put("showApplyButton", Boolean.TRUE); - else - context.put("showApplyButton", Boolean.FALSE); - panel.display(request, response, context); - } else { // "next" - IWizardPanel nextpanel = getNextPanel(p); - - if (nextpanel.showApplyButton() == true) - context.put("showApplyButton", Boolean.TRUE); - else - context.put("showApplyButton", Boolean.FALSE); - nextpanel.display(request, response, context); - panel = nextpanel; - } - context.put("errorString", ""); - } catch (Exception e) { - context.put("errorString", e.getMessage()); - panel.displayError(request, response, context); + panel.validate(request, response, context); + try { + panel.update(request, response, context); + if (stay == true) { // "apply" + + if (panel.showApplyButton() == true) + context.put("showApplyButton", Boolean.TRUE); + else + context.put("showApplyButton", Boolean.FALSE); + panel.display(request, response, context); + } else { // "next" + IWizardPanel nextpanel = getNextPanel(p); + + if (nextpanel.showApplyButton() == true) + context.put("showApplyButton", Boolean.TRUE); + else + context.put("showApplyButton", Boolean.FALSE); + nextpanel.display(request, response, context); + panel = nextpanel; } - } catch (IOException eee) { - context.put("errorString", eee.getMessage()); + context.put("errorString", ""); + } catch (Exception e) { + context.put("errorString", e.getMessage()); panel.displayError(request, response, context); + } + } catch (IOException eee) { + context.put("errorString", eee.getMessage()); + panel.displayError(request, response, context); } p = panel.getPanelNo(); CMS.debug("panel no=" + p); CMS.debug("panel name=" + getNameFromPanelNo(p)); - CMS.debug("total number of panels=" + mPanels.size()); + CMS.debug("total number of panels="+mPanels.size()); context.put("p", Integer.toString(p)); context.put("panelname", getNameFromPanelNo(p)); if (p == 0) { - CMS.debug("WizardServlet: firstpanel"); - context.put("firstpanel", Boolean.TRUE); + CMS.debug("WizardServlet: firstpanel"); + context.put("firstpanel", Boolean.TRUE); } if (p == (mPanels.size() - 1)) { - CMS.debug("WizardServlet: lastpanel"); - context.put("lastpanel", Boolean.TRUE); + CMS.debug("WizardServlet: lastpanel"); + context.put("lastpanel", Boolean.TRUE); } // this is where we handle the xml request String xml = request.getParameter("xml"); if (xml != null && xml.equals("true")) { - CMS.debug("WizardServlet: found xml"); - - response.setContentType("application/xml"); - String xmlstr = xml_flatten(context); - context.put("xml", xmlstr); - try { - return Velocity.getTemplate("admin/console/config/xml.vm"); - } catch (Exception e) { - CMS.debug("Failing to get template" + e); - } + CMS.debug("WizardServlet: found xml"); + + response.setContentType("application/xml"); + String xmlstr = xml_flatten(context); + context.put("xml", xmlstr); + try { + return Velocity.getTemplate("admin/console/config/xml.vm"); + } catch (Exception e) { + CMS.debug("Failing to get template" + e ); + } } else { - try { - return Velocity.getTemplate("admin/console/config/wizard.vm"); - } catch (Exception e) { - CMS.debug("Failing to get template" + e); - } + try { + return Velocity.getTemplate("admin/console/config/wizard.vm"); + } catch (Exception e) { + CMS.debug("Failing to get template" + e ); + } } return null; } public Template goBack(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context ) + { int p = getPanelNo(request); CMS.debug("WizardServlet: in back " + p); IWizardPanel backpanel = getPreviousPanel(p); if (backpanel.showApplyButton() == true) - context.put("showApplyButton", Boolean.TRUE); + context.put("showApplyButton", Boolean.TRUE); else - context.put("showApplyButton", Boolean.FALSE); + context.put("showApplyButton", Boolean.FALSE); backpanel.display(request, response, context); - context.put("p", Integer.toString(backpanel.getPanelNo())); + context.put("p", Integer.toString(backpanel.getPanelNo())); context.put("panelname", getNameFromPanelNo(backpanel.getPanelNo())); p = backpanel.getPanelNo(); if (p == 0) { - CMS.debug("WizardServlet: firstpanel"); - context.put("firstpanel", Boolean.TRUE); + CMS.debug("WizardServlet: firstpanel"); + context.put("firstpanel", Boolean.TRUE); } if (p == (mPanels.size() - 1)) { - CMS.debug("WizardServlet: lastpanel"); - context.put("lastpanel", Boolean.TRUE); + CMS.debug("WizardServlet: lastpanel"); + context.put("lastpanel", Boolean.TRUE); } try { return Velocity.getTemplate("admin/console/config/wizard.vm"); - } catch (Exception e) { + } catch (Exception e) { } return null; } public boolean authenticate(HttpServletRequest request, - HttpServletResponse response, Context context) { - String pin = (String) request.getSession().getAttribute("pin"); - if (pin == null) { - try { - response.sendRedirect("login"); - } catch (IOException e) { - } - return false; + HttpServletResponse response, + Context context ) { + String pin = (String)request.getSession().getAttribute("pin"); + if (pin == null) { + try { + response.sendRedirect("login"); + } catch (IOException e) { } - return true; + return false; + } + return true; } - public void outputHttpParameters(HttpServletRequest httpReq) { + public void outputHttpParameters(HttpServletRequest httpReq) + { CMS.debug("WizardServlet:service() uri = " + httpReq.getRequestURI()); Enumeration paramNames = httpReq.getParameterNames(); while (paramNames.hasMoreElements()) { - String pn = (String) paramNames.nextElement(); + String pn = (String)paramNames.nextElement(); // added this facility so that password can be hidden, - // all sensitive parameters should be prefixed with + // all sensitive parameters should be prefixed with // __ (double underscores); however, in the event that // a security parameter slips through, we perform multiple // additional checks to insure that it is NOT displayed - if (pn.startsWith("__") || pn.endsWith("password") - || pn.endsWith("passwd") || pn.endsWith("pwd") - || pn.equalsIgnoreCase("admin_password_again") - || pn.equalsIgnoreCase("directoryManagerPwd") - || pn.equalsIgnoreCase("bindpassword") - || pn.equalsIgnoreCase("bindpwd") - || pn.equalsIgnoreCase("passwd") - || pn.equalsIgnoreCase("password") - || pn.equalsIgnoreCase("pin") || pn.equalsIgnoreCase("pwd") - || pn.equalsIgnoreCase("pwdagain") - || pn.equalsIgnoreCase("uPasswd")) { - CMS.debug("WizardServlet::service() param name='" + pn - + "' value='(sensitive)'"); + if( pn.startsWith("__") || + pn.endsWith("password") || + pn.endsWith("passwd") || + pn.endsWith("pwd") || + pn.equalsIgnoreCase("admin_password_again") || + pn.equalsIgnoreCase("directoryManagerPwd") || + pn.equalsIgnoreCase("bindpassword") || + pn.equalsIgnoreCase("bindpwd") || + pn.equalsIgnoreCase("passwd") || + pn.equalsIgnoreCase("password") || + pn.equalsIgnoreCase("pin") || + pn.equalsIgnoreCase("pwd") || + pn.equalsIgnoreCase("pwdagain") || + pn.equalsIgnoreCase("uPasswd") ) { + CMS.debug("WizardServlet::service() param name='" + pn + + "' value='(sensitive)'" ); } else { - CMS.debug("WizardServlet::service() param name='" + pn - + "' value='" + httpReq.getParameter(pn) + "'"); + CMS.debug("WizardServlet::service() param name='" + pn + + "' value='" + httpReq.getParameter(pn) + "'" ); } } } + public Template handleRequest(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context ) + { CMS.debug("WizardServlet: process"); - if (CMS.debugOn()) { - outputHttpParameters(request); + if (CMS.debugOn()) { + outputHttpParameters(request); } if (!authenticate(request, response, context)) { @@ -454,7 +484,7 @@ public class WizardServlet extends VelocityServlet { String op = request.getParameter("op"); /* operation */ if (op == null) { - op = "display"; + op = "display"; } CMS.debug("WizardServlet: op=" + op); CMS.debug("WizardServlet: size=" + mPanels.size()); |