diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet')
204 files changed, 18872 insertions, 19460 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/ACLAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/ACLAdminServlet.java index 4737e2f7..b805cc96 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/ACLAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/ACLAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.IOException; import java.util.Enumeration; import java.util.Hashtable; @@ -45,10 +44,9 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.usrgrp.IUGSubsystem; import com.netscape.certsrv.usrgrp.IUser; - /** * Manage Access Control List configuration - * + * * @version $Revision$, $Date$ */ public class ACLAdminServlet extends AdminServlet { @@ -64,7 +62,7 @@ public class ACLAdminServlet extends AdminServlet { private IAuthzManager mAuthzMgr = null; private final static String LOGGING_SIGNED_AUDIT_CONFIG_ACL = - "LOGGING_SIGNED_AUDIT_CONFIG_ACL_3"; + "LOGGING_SIGNED_AUDIT_CONFIG_ACL_3"; /** * Constructs servlet. @@ -74,17 +72,18 @@ public class ACLAdminServlet extends AdminServlet { mUG = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG); } - /** - * initialize the servlet. + /** + * initialize the servlet. * <ul> * <li>http.param OP_TYPE = OP_SEARCH, * <li>http.param OP_SCOPE - the scope of the request operation: - * <ul><LI>"impl" ACL implementations - * <LI>"acls" ACL rules - * <LI>"evaluatorTypes" ACL evaluators. - * </ul> + * <ul> + * <LI>"impl" ACL implementations + * <LI>"acls" ACL rules + * <LI>"evaluatorTypes" ACL evaluators. * </ul> - * + * </ul> + * * @param config servlet configuration, read from the web.xml file */ public void init(ServletConfig config) throws ServletException { @@ -99,24 +98,24 @@ public class ACLAdminServlet extends AdminServlet { return INFO; } - /** + /** * Process the HTTP request. - * + * * @param req the object holding the request information * @param resp the object holding the response information */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { String scope = super.getParameter(req, Constants.OP_SCOPE); String op = super.getParameter(req, Constants.OP_TYPE); if (op == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_INVALID_PROTOCOL")); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), + null, resp); return; } @@ -126,8 +125,8 @@ public class ACLAdminServlet extends AdminServlet { super.authenticate(req); } catch (IOException e) { log(ILogger.LL_SECURITY, CMS.getLogMessage("ADMIN_SRVLT_FAIL_AUTHS")); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req),"CMS_ADMIN_SRVLT_AUTHS_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"), + null, resp); return; } @@ -141,8 +140,8 @@ public class ACLAdminServlet extends AdminServlet { } catch (Exception e) { log(ILogger.LL_FAILURE, e.toString()); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"), + null, resp); return; } @@ -152,9 +151,9 @@ public class ACLAdminServlet extends AdminServlet { if (op.equals(OpDef.OP_SEARCH)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_ACL)) { @@ -171,8 +170,8 @@ public class ACLAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_ACL)) { @@ -183,8 +182,8 @@ public class ACLAdminServlet extends AdminServlet { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_ACL)) { @@ -195,8 +194,8 @@ public class ACLAdminServlet extends AdminServlet { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_ACL_IMPLS)) { @@ -207,8 +206,8 @@ public class ACLAdminServlet extends AdminServlet { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_ACL_IMPLS)) { @@ -218,38 +217,38 @@ public class ACLAdminServlet extends AdminServlet { } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_INVALID_OP_SCOPE")); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } catch (EBaseException e) { log(ILogger.LL_FAILURE, e.toString()); sendResponse(ERROR, e.toString(getLocale(req)), - null, resp); + null, resp); return; } catch (Exception e) { log(ILogger.LL_FAILURE, e.toString()); log(ILogger.LL_DEBUG, "SRVLT_FAIL_PERFORM 2"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"), + null, resp); return; } log(ILogger.LL_DEBUG, "SRVLT_FAIL_PERFORM 3"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"), + null, resp); return; } /** * list acls resources by name */ - private void listResources(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, + private void listResources(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -260,7 +259,7 @@ public class ACLAdminServlet extends AdminServlet { ACL acl = (ACL) res.nextElement(); String desc = acl.getDescription(); - if (desc == null) + if (desc == null) params.add(acl.getName(), ""); else params.add(acl.getName(), desc); @@ -272,19 +271,19 @@ public class ACLAdminServlet extends AdminServlet { /** * get acls information for a resource */ - private void getResourceACL(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, + private void getResourceACL(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); - //get resource id first + // get resource id first String resourceId = super.getParameter(req, Constants.RS_ID); if (resourceId == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -295,7 +294,7 @@ public class ACLAdminServlet extends AdminServlet { StringBuffer rights = new StringBuffer(); - if (rightsEnum.hasMoreElements()) { + if (rightsEnum.hasMoreElements()) { while (rightsEnum.hasMoreElements()) { if (rights.length() != 0) { rights.append(","); @@ -332,8 +331,8 @@ public class ACLAdminServlet extends AdminServlet { } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("ACLS_SRVLT_RESOURCE_NOT_FOUND")); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_ACL_RESOURCE_NOT_FOUND"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ACL_RESOURCE_NOT_FOUND"), + null, resp); return; } } @@ -341,19 +340,20 @@ public class ACLAdminServlet extends AdminServlet { /** * modify acls information for a resource * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ACL used when configuring * Access Control List (ACL) information * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private void updateResources(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, + private void updateResources(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String auditMessage = null; @@ -378,15 +378,15 @@ public class ACLAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // get resource acls String resourceACLs = super.getParameter(req, Constants.PR_ACI); String rights = super.getParameter(req, Constants.PR_ACL_RIGHTS); - String desc = super.getParameter(req, Constants.PR_ACL_DESC); + String desc = super.getParameter(req, Constants.PR_ACL_DESC); try { mAuthzMgr.updateACLs(resourceId, rights, resourceACLs, desc); @@ -417,22 +417,22 @@ public class ACLAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_ACL_UPDATE_FAIL"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ACL_UPDATE_FAIL"), + null, resp); return; } // } catch( EBaseException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ACL, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ACL, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit1; + // // rethrow the specific exception to be handled later + // throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -446,31 +446,31 @@ public class ACLAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ACL, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ACL, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } - + /** * list access evaluators by types and class paths */ - private void listACLsEvaluators(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, + private void listACLsEvaluators(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration<IAccessEvaluator> res = mAuthzMgr.aclEvaluatorElements(); while (res.hasMoreElements()) { - IAccessEvaluator evaluator = res.nextElement(); + IAccessEvaluator evaluator = res.nextElement(); // params.add(evaluator.getType(), evaluator.getDescription()); params.add(evaluator.getType(), evaluator.getClass().getName()); @@ -480,18 +480,18 @@ public class ACLAdminServlet extends AdminServlet { } private void listACLsEvaluatorTypes(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration<IAccessEvaluator> res = mAuthzMgr.aclEvaluatorElements(); while (res.hasMoreElements()) { - IAccessEvaluator evaluator = res.nextElement(); + IAccessEvaluator evaluator = res.nextElement(); String[] operators = evaluator.getSupportedOperators(); StringBuffer str = new StringBuffer(); for (int i = 0; i < operators.length; i++) { - if (str.length() > 0) + if (str.length() > 0) str.append(","); str.append(operators[i]); } @@ -505,22 +505,23 @@ public class ACLAdminServlet extends AdminServlet { /** * add access evaluators * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ACL used when configuring * Access Control List (ACL) information * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of this ACL evaluator's - * substore + * substore * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void addACLsEvaluator(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void addACLsEvaluator(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -543,26 +544,25 @@ public class ACLAdminServlet extends AdminServlet { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // is the evaluator type unique? /* - if (!mACLs.isTypeUnique(type)) { - String infoMsg = "replacing existing type: "+ type; - log(ILogger.LL_WARN, infoMsg); - } + * if (!mACLs.isTypeUnique(type)) { String infoMsg = + * "replacing existing type: "+ type; log(ILogger.LL_WARN, infoMsg); + * } */ // get class String classPath = super.getParameter(req, Constants.PR_ACL_CLASS); IConfigStore destStore = - mConfig.getSubStore(PROP_EVAL); + mConfig.getSubStore(PROP_EVAL); IConfigStore mStore = - destStore.getSubStore(ScopeDef.SC_ACL_IMPLS); + destStore.getSubStore(ScopeDef.SC_ACL_IMPLS); // Does the class exist? Class<?> newImpl = null; @@ -584,17 +584,16 @@ public class ACLAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_ACL_CLASS_LOAD_FAIL"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ACL_CLASS_LOAD_FAIL"), + null, resp); return; } // is the class an IAccessEvaluator? try { - if - (Class.forName("com.netscape.certsrv.evaluators.IAccessEvaluator").isAssignableFrom(newImpl) == false) { + if (Class.forName("com.netscape.certsrv.evaluators.IAccessEvaluator").isAssignableFrom(newImpl) == false) { String errMsg = "class not com.netscape.certsrv.evaluators.IAccessEvaluator" + - classPath; + classPath; log(ILogger.LL_FAILURE, errMsg); @@ -608,13 +607,13 @@ public class ACLAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_ACL_ILL_CLASS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ACL_ILL_CLASS"), + null, resp); return; } } catch (Exception e) { String errMsg = "class not com.netscape.certsrv.evaluators.IAccessEvaluator" + - classPath; + classPath; log(ILogger.LL_FAILURE, errMsg); @@ -628,8 +627,8 @@ public class ACLAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_ACL_ILL_CLASS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ACL_ILL_CLASS"), + null, resp); return; } @@ -653,8 +652,8 @@ public class ACLAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_ACL_COMMIT_FAIL"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ACL_COMMIT_FAIL"), + null, resp); return; } @@ -676,8 +675,8 @@ public class ACLAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_ACL_INST_CLASS_FAIL"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ACL_INST_CLASS_FAIL"), + null, resp); return; } @@ -688,7 +687,7 @@ public class ACLAdminServlet extends AdminServlet { mAuthzMgr.registerEvaluator(type, evaluator); } - //... + // ... NameValuePairs params = new NameValuePairs(); // store a message in the signed audit log file @@ -702,17 +701,17 @@ public class ACLAdminServlet extends AdminServlet { sendResponse(SUCCESS, null, params, resp); // } catch( EBaseException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ACL, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ACL, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit1; + // // rethrow the specific exception to be handled later + // throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -726,38 +725,39 @@ public class ACLAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ACL, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ACL, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } /** * remove access evaluators * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ACL used when configuring * Access Control List (ACL) information * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of this ACL evaluator's - * substore + * substore * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void deleteACLsEvaluator(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, + private synchronized void deleteACLsEvaluator(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, IOException, EBaseException { String auditMessage = null; @@ -782,8 +782,8 @@ public class ACLAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -803,8 +803,8 @@ public class ACLAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_ACL_EVAL_NOT_FOUND"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ACL_EVAL_NOT_FOUND"), + null, resp); return; } @@ -814,13 +814,13 @@ public class ACLAdminServlet extends AdminServlet { try { IConfigStore destStore = - mConfig.getSubStore(PROP_EVAL); + mConfig.getSubStore(PROP_EVAL); IConfigStore mStore = - destStore.getSubStore(ScopeDef.SC_ACL_IMPLS); + destStore.getSubStore(ScopeDef.SC_ACL_IMPLS); mStore.removeSubStore(id); } catch (Exception eeee) { - //CMS.debugStackTrace(eeee); + // CMS.debugStackTrace(eeee); } // commiting try { @@ -838,8 +838,8 @@ public class ACLAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_ACL_COMMIT_FAIL"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ACL_COMMIT_FAIL"), + null, resp); return; } @@ -855,17 +855,17 @@ public class ACLAdminServlet extends AdminServlet { sendResponse(SUCCESS, null, params, resp); return; // } catch( EBaseException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ACL, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ACL, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit1; + // // rethrow the specific exception to be handled later + // throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -879,50 +879,43 @@ public class ACLAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ACL, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ACL, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } - + /** * Searchs for certificate requests. */ - + /* - private void getACLs(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { - NameValuePairs params = new NameValuePairs(); - ByteArrayOutputStream bos = new ByteArrayOutputStream(); - ObjectOutputStream oos = new ObjectOutputStream(bos); - String names = getParameter(req, Constants.PT_NAMES); - StringTokenizer st = new StringTokenizer(names, ","); - while (st.hasMoreTokens()) { - String target = st.nextToken(); - ACL acl = AccessManager.getInstance().getACL(target); - oos.writeObject(acl); - } - // BASE64Encoder encoder = new BASE64Encoder(); - // params.add(Constants.PT_ACLS, encoder.encodeBuffer(bos.toByteArray())); - params.add(Constants.PT_ACLS, CMS.BtoA(bos.toByteArray())); - sendResponse(SUCCESS, null, params, resp); - } + * private void getACLs(HttpServletRequest req, HttpServletResponse resp) + * throws ServletException, IOException, EBaseException { NameValuePairs + * params = new NameValuePairs(); ByteArrayOutputStream bos = new + * ByteArrayOutputStream(); ObjectOutputStream oos = new + * ObjectOutputStream(bos); String names = getParameter(req, + * Constants.PT_NAMES); StringTokenizer st = new StringTokenizer(names, + * ","); while (st.hasMoreTokens()) { String target = st.nextToken(); ACL + * acl = AccessManager.getInstance().getACL(target); oos.writeObject(acl); } + * // BASE64Encoder encoder = new BASE64Encoder(); // + * params.add(Constants.PT_ACLS, encoder.encodeBuffer(bos.toByteArray())); + * params.add(Constants.PT_ACLS, CMS.BtoA(bos.toByteArray())); + * sendResponse(SUCCESS, null, params, resp); } */ private void log(int level, String msg) { if (mLogger == null) return; mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS, - level, "ACLAdminServlet: " + msg); + level, "ACLAdminServlet: " + msg); } -} - +} diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/AdminResources.java b/pki/base/common/src/com/netscape/cms/servlet/admin/AdminResources.java index 2024e496..038355f0 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/AdminResources.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/AdminResources.java @@ -17,13 +17,11 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.util.ListResourceBundle; - /** * A class represents a resource bundle for the remote admin. - * + * * @version $Revision$, $Date$ * @see java.util.ListResourceBundle */ @@ -37,8 +35,7 @@ public class AdminResources extends ListResourceBundle { } /** - * Constants. The suffix represents the number of - * possible parameters. + * Constants. The suffix represents the number of possible parameters. */ static final Object[][] contents = {}; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java index 0f2a6ec7..c7bc1554 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.ByteArrayOutputStream; import java.io.DataOutputStream; import java.io.IOException; @@ -56,32 +55,27 @@ import com.netscape.certsrv.usrgrp.IUGSubsystem; import com.netscape.certsrv.usrgrp.IUser; import com.netscape.cms.servlet.base.UserInfo; - /** - * A class represents an administration servlet that - * is responsible to serve administrative - * operation such as configuration parameter updates. - * - * Since each administration servlet needs to perform - * authentication information parsing and response - * formulation, it makes sense to encapsulate the + * A class represents an administration servlet that is responsible to serve + * administrative operation such as configuration parameter updates. + * + * Since each administration servlet needs to perform authentication information + * parsing and response formulation, it makes sense to encapsulate the * commonalities into this class. - * - * By extending this serlvet, the subclass does not - * need to re-implement the request parsing code - * (i.e. authentication information parsing). - * - * If a subsystem needs to expose configuration - * parameters management, it should create an - * administration servlet (i.e. CAAdminServlet) - * and register it to RemoteAdmin subsystem. - * + * + * By extending this serlvet, the subclass does not need to re-implement the + * request parsing code (i.e. authentication information parsing). + * + * If a subsystem needs to expose configuration parameters management, it should + * create an administration servlet (i.e. CAAdminServlet) and register it to + * RemoteAdmin subsystem. + * * <code> * public class CAAdminServlet extends AdminServlet { * ... * } * </code> - * + * * @version $Revision$, $Date$ */ public class AdminServlet extends HttpServlet { @@ -117,8 +111,8 @@ public class AdminServlet extends HttpServlet { public final static String AUTHZ_SRC_TYPE = "sourceType"; public final static String AUTHZ_SRC_LDAP = "ldap"; public final static String AUTHZ_SRC_XML = "web.xml"; - public static final String CERT_ATTR = - "javax.servlet.request.X509Certificate"; + public static final String CERT_ATTR = + "javax.servlet.request.X509Certificate"; public final static String SIGNED_AUDIT_SCOPE = "Scope"; public final static String SIGNED_AUDIT_OPERATION = "Operation"; @@ -130,19 +124,19 @@ public class AdminServlet extends HttpServlet { public final static String SIGNED_AUDIT_NAME_VALUE_PAIRS_DELIMITER = "+"; private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL = - "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4"; + "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4"; private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS = - "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3"; + "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3"; private final static String LOGGING_SIGNED_AUDIT_AUTHZ_FAIL = - "LOGGING_SIGNED_AUDIT_AUTHZ_FAIL_4"; + "LOGGING_SIGNED_AUDIT_AUTHZ_FAIL_4"; private final static String LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS = - "LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS_4"; + "LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS_4"; private final static String LOGGING_SIGNED_AUDIT_ROLE_ASSUME = - "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3"; + "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3"; private final static String CERTUSERDB = - IAuthSubsystem.CERTUSERDB_AUTHMGR_ID; + IAuthSubsystem.CERTUSERDB_AUTHMGR_ID; private final static String PASSWDUSERDB = - IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID; + IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID; /** * Constructs generic administration servlet. @@ -175,8 +169,8 @@ public class AdminServlet extends HttpServlet { if (srcType.equalsIgnoreCase(AUTHZ_SRC_XML)) { CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_INITED", "")); - // get authz mgr from xml file; if not specified, use - // ldap by default + // get authz mgr from xml file; if not specified, use + // ldap by default mAclMethod = getSCparam(sc, PROP_AUTHZ_MGR, AUTHZ_MGR_LDAP); if (mAclMethod.equalsIgnoreCase(AUTHZ_MGR_BASIC)) { @@ -185,7 +179,7 @@ public class AdminServlet extends HttpServlet { if (aclInfo != null) { try { addACLInfo(aclInfo); - //mAuthz.authzMgrAccessInit(mAclMethod, aclInfo); + // mAuthz.authzMgrAccessInit(mAclMethod, aclInfo); } catch (EBaseException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_MGR_INIT_FAIL")); throw new ServletException("failed to init authz info from xml config file"); @@ -204,45 +198,44 @@ public class AdminServlet extends HttpServlet { } } - public void outputHttpParameters(HttpServletRequest httpReq) - { + public void outputHttpParameters(HttpServletRequest httpReq) { CMS.debug("AdminServlet:service() uri = " + httpReq.getRequestURI()); Enumeration paramNames = httpReq.getParameterNames(); while (paramNames.hasMoreElements()) { - String pn = (String)paramNames.nextElement(); + String pn = (String) paramNames.nextElement(); // added this facility so that password can be hidden, - // all sensitive parameters should be prefixed with + // all sensitive parameters should be prefixed with // __ (double underscores); however, in the event that // a security parameter slips through, we perform multiple // additional checks to insure that it is NOT displayed - if( pn.startsWith("__") || - pn.endsWith("password") || - pn.endsWith("passwd") || - pn.endsWith("pwd") || - pn.equalsIgnoreCase("admin_password_again") || - pn.equalsIgnoreCase("directoryManagerPwd") || - pn.equalsIgnoreCase("bindpassword") || - pn.equalsIgnoreCase("bindpwd") || - pn.equalsIgnoreCase("passwd") || - pn.equalsIgnoreCase("password") || - pn.equalsIgnoreCase("pin") || - pn.equalsIgnoreCase("pwd") || - pn.equalsIgnoreCase("pwdagain") || - pn.equalsIgnoreCase("uPasswd") ) { - CMS.debug("AdminServlet::service() param name='" + pn + - "' value='(sensitive)'" ); + if (pn.startsWith("__") || + pn.endsWith("password") || + pn.endsWith("passwd") || + pn.endsWith("pwd") || + pn.equalsIgnoreCase("admin_password_again") || + pn.equalsIgnoreCase("directoryManagerPwd") || + pn.equalsIgnoreCase("bindpassword") || + pn.equalsIgnoreCase("bindpwd") || + pn.equalsIgnoreCase("passwd") || + pn.equalsIgnoreCase("password") || + pn.equalsIgnoreCase("pin") || + pn.equalsIgnoreCase("pwd") || + pn.equalsIgnoreCase("pwdagain") || + pn.equalsIgnoreCase("uPasswd")) { + CMS.debug("AdminServlet::service() param name='" + pn + + "' value='(sensitive)'"); } else { - CMS.debug("AdminServlet::service() param name='" + pn + - "' value='" + httpReq.getParameter(pn) + "'" ); + CMS.debug("AdminServlet::service() param name='" + pn + + "' value='" + httpReq.getParameter(pn) + "'"); } } } - + /** * Serves HTTP admin request. */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { boolean running_state = CMS.isInRunningState(); if (!running_state) @@ -250,7 +243,7 @@ public class AdminServlet extends HttpServlet { "CMS server is not ready to serve."); if (CMS.debugOn()) { - outputHttpParameters(req); + outputHttpParameters(req); } } @@ -274,18 +267,18 @@ public class AdminServlet extends HttpServlet { } /** - * Authenticates to the identity scope with the given - * userid and password via identity manager. + * Authenticates to the identity scope with the given userid and password + * via identity manager. * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_FAIL used when authentication - * fails (in case of SSL-client auth, only webserver env can pick up the - * SSL violation; CMS authMgr can pick up cert mis-match, so this event - * is used) - * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_SUCCESS used when authentication - * succeeded + * fails (in case of SSL-client auth, only webserver env can pick up the SSL + * violation; CMS authMgr can pick up cert mis-match, so this event is used) + * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_SUCCESS used when + * authentication succeeded * </ul> + * * @exception IOException an input/output error has occurred */ protected void authenticate(HttpServletRequest req) throws @@ -307,12 +300,12 @@ public class AdminServlet extends HttpServlet { // do nothing for now. } IAuthSubsystem auth = (IAuthSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); + CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); X509Certificate cert = null; if (authType.equals("sslclientauth")) { X509Certificate[] allCerts = - (X509Certificate[]) req.getAttribute(CERT_ATTR); + (X509Certificate[]) req.getAttribute(CERT_ATTR); if (allCerts == null || allCerts.length == 0) { // store a message in the signed audit log file @@ -362,10 +355,9 @@ public class AdminServlet extends HttpServlet { mServletID)); try { if (authType.equals("sslclientauth")) { - IAuthManager - authMgr = auth.get(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID); + IAuthManager authMgr = auth.get(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID); IAuthCredentials authCreds = - getAuthCreds(authMgr, cert); + getAuthCreds(authMgr, cert); token = (AuthToken) authMgr.authenticate(authCreds); } else { @@ -400,15 +392,14 @@ public class AdminServlet extends HttpServlet { mServletID)); } } catch (EBaseException e) { - //will fix it later for authorization + // will fix it later for authorization /* - String errMsg = "authenticate(): " + - AdminResources.SRVLT_FAIL_AUTHS +": "+userid +":"+ - e.getMessage(); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAIL", - CMS.getLogMessage("ADMIN_SRVLT_FAIL_AUTHS"), - userid,e.getMessage())); + * String errMsg = "authenticate(): " + + * AdminResources.SRVLT_FAIL_AUTHS +": "+userid +":"+ + * e.getMessage(); log(ILogger.LL_FAILURE, + * CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAIL", + * CMS.getLogMessage("ADMIN_SRVLT_FAIL_AUTHS"), + * userid,e.getMessage())); */ if (authType.equals("sslclientauth")) { @@ -441,9 +432,9 @@ public class AdminServlet extends HttpServlet { if (tuserid == null) { mLogger.log( - ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_NO_AUTH_TOKEN", - tuserid)); + ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_NO_AUTH_TOKEN", + tuserid)); if (authType.equals("sslclientauth")) { // store a message in the signed audit log file @@ -477,9 +468,9 @@ public class AdminServlet extends HttpServlet { if (user == null) { mLogger.log( - ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_FOUND", - tuserid)); + ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_FOUND", + tuserid)); if (authType.equals("sslclientauth")) { // store a message in the signed audit log file @@ -515,7 +506,7 @@ public class AdminServlet extends HttpServlet { sessionContext.put(SessionContext.USER, user); } catch (EUsrGrpException e) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_USR_GRP_ERR", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_USR_GRP_ERR", e.toString())); if (authType.equals("sslclientauth")) { // store a message in the signed audit log file @@ -595,8 +586,8 @@ public class AdminServlet extends HttpServlet { } public static AuthCredentials getAuthCreds( - IAuthManager authMgr, X509Certificate clientCert) - throws EBaseException { + IAuthManager authMgr, X509Certificate clientCert) + throws EBaseException { // get credentials from http parameters. String[] reqCreds = authMgr.getRequiredCreds(); AuthCredentials creds = new AuthCredentials(); @@ -606,8 +597,8 @@ public class AdminServlet extends HttpServlet { if (reqCred.equals(IAuthManager.CRED_SSL_CLIENT_CERT)) { // cert could be null; - creds.set(reqCred, new X509Certificate[] { clientCert} - ); + creds.set(reqCred, new X509Certificate[] { clientCert } + ); } } return creds; @@ -616,15 +607,16 @@ public class AdminServlet extends HttpServlet { /** * Authorize must occur after Authenticate * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_FAIL used when authorization * has failed - * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS used when authorization - * is successful - * <li>signed.audit LOGGING_SIGNED_AUDIT_ROLE_ASSUME used when user assumes a - * role (in current CMS that's when one accesses a role port) + * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS used when + * authorization is successful + * <li>signed.audit LOGGING_SIGNED_AUDIT_ROLE_ASSUME used when user assumes + * a role (in current CMS that's when one accesses a role port) * </ul> + * * @param req HTTP servlet request * @return the authorization token */ @@ -646,7 +638,7 @@ public class AdminServlet extends HttpServlet { // hardcoded for now .. just testing try { // we check both "read" and "write" for now. later within - // each servlet, they can break it down + // each servlet, they can break it down authzTok = mAuthz.authorize(mAclMethod, authToken, AUTHZ_RES_NAME, mOp); // initialize the ACL resource, overwriting "auditACLResource" // if it is not null @@ -779,15 +771,15 @@ public class AdminServlet extends HttpServlet { /** * Sends response. - * + * * @param returnCode return code * @param errorMsg localized error message * @param params result parameters * @param resp HTTP servlet response */ protected void sendResponse(int returnCode, String errorMsg, - NameValuePairs params, HttpServletResponse resp) - throws IOException { + NameValuePairs params, HttpServletResponse resp) + throws IOException { ByteArrayOutputStream bos = new ByteArrayOutputStream(); DataOutputStream dos = new DataOutputStream(bos); @@ -806,8 +798,8 @@ public class AdminServlet extends HttpServlet { String value = java.net.URLEncoder.encode((String) params.getValue(name)); - buf.append(java.net.URLEncoder.encode(name) + - "=" + value); + buf.append(java.net.URLEncoder.encode(name) + + "=" + value); if (e.hasMoreElements()) buf.append("&"); } @@ -850,7 +842,7 @@ public class AdminServlet extends HttpServlet { protected String getParameter(HttpServletRequest req, String name) { // Servlet framework already apply URLdecode - // return URLdecode(req.getParameter(name)); + // return URLdecode(req.getParameter(name)); return req.getParameter(name); } @@ -858,8 +850,8 @@ public class AdminServlet extends HttpServlet { * Generic configuration store get operation. */ protected synchronized void getConfig( - IConfigStore config, HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + IConfigStore config, HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration e = req.getParameterNames(); @@ -867,8 +859,8 @@ public class AdminServlet extends HttpServlet { while (e.hasMoreElements()) { String name = (String) e.nextElement(); - //if (name.equals(Constants.PT_OP)) - // continue; + // if (name.equals(Constants.PT_OP)) + // continue; if (name.equals(Constants.OP_TYPE)) continue; if (name.equals(Constants.RS_ID)) @@ -876,21 +868,20 @@ public class AdminServlet extends HttpServlet { if (name.equals(Constants.OP_SCOPE)) continue; - //System.out.println(name); - //System.out.println(name+","+config.getString(name)); + // System.out.println(name); + // System.out.println(name+","+config.getString(name)); params.add(name, config.getString(name)); } sendResponse(SUCCESS, null, params, resp); } /** - * Generic configuration store set operation. - * The caller is responsible to do validiation before - * calling this, and commit changes after this call. + * Generic configuration store set operation. The caller is responsible to + * do validiation before calling this, and commit changes after this call. */ protected synchronized void setConfig( - IConfigStore config, HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + IConfigStore config, HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration e = req.getParameterNames(); @@ -898,16 +889,16 @@ public class AdminServlet extends HttpServlet { while (e.hasMoreElements()) { String name = (String) e.nextElement(); - //if (name.equals(Constants.PT_OP)) - // continue; + // if (name.equals(Constants.PT_OP)) + // continue; if (name.equals(Constants.OP_TYPE)) continue; if (name.equals(Constants.RS_ID)) continue; if (name.equals(Constants.OP_SCOPE)) continue; - // XXX Need validation... - // XXX what if update failed + // XXX Need validation... + // XXX what if update failed config.putString(name, req.getParameter(name)); } commit(true); @@ -918,8 +909,8 @@ public class AdminServlet extends HttpServlet { * Lists configuration store. */ protected synchronized void listConfig( - IConfigStore config, HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + IConfigStore config, HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { Enumeration e = config.getPropertyNames(); NameValuePairs params = new NameValuePairs(); @@ -938,14 +929,14 @@ public class AdminServlet extends HttpServlet { public boolean authorize(IAuthToken token) throws EBaseException { String mGroupNames[] = { "Administrators" }; boolean mAnd = true; - + try { String userid = token.getInString("userid"); if (userid == null) { mLogger.log( - ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_GRP_AUTHZ_FAIL", userid)); + ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_GRP_AUTHZ_FAIL", userid)); return false; } @@ -955,8 +946,8 @@ public class AdminServlet extends HttpServlet { if (user == null) { mLogger.log( - ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_IN_DB", userid)); + ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_IN_DB", userid)); return false; } @@ -973,9 +964,9 @@ public class AdminServlet extends HttpServlet { for (int i = 0; i < mGroupNames.length; i++) { if (!mUG.isMemberOf(user, mGroupNames[i])) { mLogger.log( - ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_IN_GRP", userid, - mGroupNames[i])); + ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_IN_GRP", userid, + mGroupNames[i])); return false; } } @@ -984,9 +975,9 @@ public class AdminServlet extends HttpServlet { for (int i = 0; i < mGroupNames.length; i++) { if (mUG.isMemberOf(user, mGroupNames[i])) { mLogger.log(ILogger.EV_SYSTEM, - ILogger.S_OTHER, ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_GRP_AUTH_SUCC_USER", userid, - mGroupNames[i])); + ILogger.S_OTHER, ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_GRP_AUTH_SUCC_USER", userid, + mGroupNames[i])); return true; } } @@ -998,24 +989,24 @@ public class AdminServlet extends HttpServlet { groups.append(mGroupNames[j]); } mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_ANY_GRP", userid, groups.toString())); + ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_ANY_GRP", userid, groups.toString())); return false; } } catch (EUsrGrpException e) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_USR_GRP_ERR", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_USR_GRP_ERR", e.toString())); return false; } } /** * FileConfigStore functionality - * - * The original config file is moved to <filename>.<date>. - * Commits the current properties to the configuration file. + * + * The original config file is moved to <filename>.<date>. Commits the + * current properties to the configuration file. * <P> - * + * * @param createBackup true if a backup file should be created */ protected void commit(boolean createBackup) throws EBaseException { @@ -1026,16 +1017,16 @@ public class AdminServlet extends HttpServlet { if (mLogger == null) return; mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ADMIN, - level, "AdminServlet: " + msg); + level, "AdminServlet: " + msg); } /** * Signed Audit Log - * - * This method is inherited by all extended admin servlets - * and is called to store messages to the signed audit log. + * + * This method is inherited by all extended admin servlets and is called to + * store messages to the signed audit log. * <P> - * + * * @param msg signed audit log message */ protected void audit(String msg) { @@ -1047,20 +1038,19 @@ public class AdminServlet extends HttpServlet { } mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + null, + ILogger.S_SIGNED_AUDIT, + ILogger.LL_SECURITY, + msg); } /** * Signed Audit Log Subject ID - * - * This method is inherited by all extended "CMSServlet"s, - * and is called to obtain the "SubjectID" for - * a signed audit log message. + * + * This method is inherited by all extended "CMSServlet"s, and is called to + * obtain the "SubjectID" for a signed audit log message. * <P> - * + * * @return id string containing the signed audit log message SubjectID */ protected String auditSubjectID() { @@ -1092,13 +1082,13 @@ public class AdminServlet extends HttpServlet { /** * Signed Audit Parameters - * - * This method is inherited by all extended admin servlets and - * is called to extract parameters from the HttpServletRequest - * and return a string of name;;value pairs separated by a '+' - * if more than one name;;value pair exists. + * + * This method is inherited by all extended admin servlets and is called to + * extract parameters from the HttpServletRequest and return a string of + * name;;value pairs separated by a '+' if more than one name;;value pair + * exists. * <P> - * + * * @param req HTTP servlet request * @return a delimited string of one or more delimited name/value pairs */ @@ -1172,26 +1162,27 @@ public class AdminServlet extends HttpServlet { // // To fix Blackflag Bug # 613800: // - // Check "com.netscape.certsrv.common.Constants" for - // case-insensitive "password", "pwd", and "passwd" - // name fields, and hide any password values: + // Check "com.netscape.certsrv.common.Constants" for + // case-insensitive "password", "pwd", and "passwd" + // name fields, and hide any password values: // - /* "password" */ if( name.equals( Constants.PASSWORDTYPE ) || - name.equals( Constants.TYPE_PASSWORD ) || - name.equals( Constants.PR_USER_PASSWORD ) || - name.equals( Constants.PT_OLD_PASSWORD ) || - name.equals( Constants.PT_NEW_PASSWORD ) || - name.equals( Constants.PT_DIST_STORE ) || - name.equals( Constants.PT_DIST_EMAIL ) || - /* "pwd" */ name.equals( Constants.PR_AUTH_ADMIN_PWD ) || - // ignore this one name.equals( Constants.PR_BINDPWD_PROMPT ) || - name.equals( Constants.PR_DIRECTORY_MANAGER_PWD ) || - name.equals( Constants.PR_OLD_AGENT_PWD ) || - name.equals( Constants.PR_AGENT_PWD ) || - name.equals( Constants.PT_PUBLISH_PWD ) || - /* "passwd" */ name.equals( Constants.PR_BIND_PASSWD ) || - name.equals( Constants.PR_BIND_PASSWD_AGAIN ) || - name.equals( Constants.PR_TOKEN_PASSWD ) ) { + /* "password" */if (name.equals(Constants.PASSWORDTYPE) || + name.equals(Constants.TYPE_PASSWORD) || + name.equals(Constants.PR_USER_PASSWORD) || + name.equals(Constants.PT_OLD_PASSWORD) || + name.equals(Constants.PT_NEW_PASSWORD) || + name.equals(Constants.PT_DIST_STORE) || + name.equals(Constants.PT_DIST_EMAIL) || + /* "pwd" */name.equals(Constants.PR_AUTH_ADMIN_PWD) || + // ignore this one name.equals( + // Constants.PR_BINDPWD_PROMPT ) || + name.equals(Constants.PR_DIRECTORY_MANAGER_PWD) || + name.equals(Constants.PR_OLD_AGENT_PWD) || + name.equals(Constants.PR_AGENT_PWD) || + name.equals(Constants.PT_PUBLISH_PWD) || + /* "passwd" */name.equals(Constants.PR_BIND_PASSWD) || + name.equals(Constants.PR_BIND_PASSWD_AGAIN) || + name.equals(Constants.PR_TOKEN_PASSWD)) { // hide password value parameters += name @@ -1216,14 +1207,14 @@ public class AdminServlet extends HttpServlet { /** * Signed Audit Groups - * - * This method is called to extract all "groups" associated - * with the "auditSubjectID()". + * + * This method is called to extract all "groups" associated with the + * "auditSubjectID()". * <P> - * + * * @param SubjectID string containing the signed audit log message SubjectID - * @return a delimited string of groups associated - * with the "auditSubjectID()" + * @return a delimited string of groups associated with the + * "auditSubjectID()" */ private String auditGroups(String SubjectID) { // if no signed audit object exists, bail @@ -1232,7 +1223,7 @@ public class AdminServlet extends HttpServlet { } if ((SubjectID == null) || - (SubjectID.equals(ILogger.UNIDENTIFIED))) { + (SubjectID.equals(ILogger.UNIDENTIFIED))) { return ILogger.SIGNED_AUDIT_EMPTY_VALUE; } @@ -1250,7 +1241,7 @@ public class AdminServlet extends HttpServlet { IGroup group = (IGroup) groups.nextElement(); if (group.isMember(SubjectID) == true) { - if (membersString.length()!=0) { + if (membersString.length() != 0) { membersString.append(", "); } @@ -1258,7 +1249,7 @@ public class AdminServlet extends HttpServlet { } } - if (membersString.length()!= 0) { + if (membersString.length() != 0) { return membersString.toString(); } else { return ILogger.SIGNED_AUDIT_EMPTY_VALUE; @@ -1266,7 +1257,8 @@ public class AdminServlet extends HttpServlet { } protected NameValuePairs convertStringArrayToNVPairs(String[] s) { - if (s == null) return null; + if (s == null) + return null; NameValuePairs nvps = new NameValuePairs(); int i; diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/AuthAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/AuthAdminServlet.java index 4a7329c9..28a25216 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/AuthAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/AuthAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -46,13 +45,12 @@ import com.netscape.certsrv.common.ScopeDef; import com.netscape.certsrv.ldap.ILdapAuthInfo; import com.netscape.certsrv.logging.ILogger; - /** - * A class representing an administration servlet for the - * Authentication Management subsystem. This servlet is responsible - * to serve configuration requests for the Auths Management subsystem. + * A class representing an administration servlet for the Authentication + * Management subsystem. This servlet is responsible to serve configuration + * requests for the Auths Management subsystem. + * * - * * @version $Revision$, $Date$ */ public class AuthAdminServlet extends AdminServlet { @@ -64,13 +62,13 @@ public class AuthAdminServlet extends AdminServlet { private final static String INFO = "AuthAdminServlet"; private IAuthSubsystem mAuths = null; - private final static String PW_PASSWORD_CACHE_ADD = - "PASSWORD_CACHE_ADD"; + private final static String PW_PASSWORD_CACHE_ADD = + "PASSWORD_CACHE_ADD"; private final static String VIEW = ";" + Constants.VIEW; private final static String EDIT = ";" + Constants.EDIT; private final static String LOGGING_SIGNED_AUDIT_CONFIG_AUTH = - "LOGGING_SIGNED_AUDIT_CONFIG_AUTH_3"; + "LOGGING_SIGNED_AUDIT_CONFIG_AUTH_3"; public AuthAdminServlet() { super(); @@ -88,18 +86,18 @@ public class AuthAdminServlet extends AdminServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** - * retrieve extended plugin info such as brief description, type info - * from policy, authentication, - * need to add: listener, mapper and publishing plugins - * --- same as policy, should we move this into extendedpluginhelper? + * retrieve extended plugin info such as brief description, type info from + * policy, authentication, need to add: listener, mapper and publishing + * plugins --- same as policy, should we move this into + * extendedpluginhelper? */ private void getExtendedPluginInfo(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); @@ -110,7 +108,7 @@ public class AuthAdminServlet extends AdminServlet { String implName = id.substring(colon + 1); NameValuePairs params = - getExtendedPluginInfo(getLocale(req), implType, implName); + getExtendedPluginInfo(getLocale(req), implType, implName); sendResponse(SUCCESS, null, params, resp); } @@ -142,42 +140,43 @@ public class AuthAdminServlet extends AdminServlet { * Serves HTTP admin request. */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { super.service(req, resp); String scope = req.getParameter(Constants.OP_SCOPE); String op = req.getParameter(Constants.OP_TYPE); if (op == null) { - //System.out.println("SRVLT_INVALID_PROTOCOL"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), - null, resp); + // System.out.println("SRVLT_INVALID_PROTOCOL"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), + null, resp); return; } // if it is not authentication, that means it is for CSC admin ping. // the best way to do is to define another protocol for ping and move // it to the generic servlet which is admin servlet. - if (!op.equals(OpDef.OP_AUTH)) { + if (!op.equals(OpDef.OP_AUTH)) { if (scope.equals(ScopeDef.SC_AUTH)) { String id = req.getParameter(Constants.RS_ID); // for CSC admin ping only if (op.equals(OpDef.OP_READ) && - id.equals(Constants.RS_ID_CONFIG)) { + id.equals(Constants.RS_ID_CONFIG)) { - // no need to authenticate this. if we're alive, return true. + // no need to authenticate this. if we're alive, return + // true. NameValuePairs params = new NameValuePairs(); params.add(Constants.PR_PING, Constants.TRUE); sendResponse(SUCCESS, null, params, resp); return; } else { - //System.out.println("SRVLT_INVALID_OP_TYPE"); + // System.out.println("SRVLT_INVALID_OP_TYPE"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), + null, resp); return; } } @@ -186,7 +185,7 @@ public class AuthAdminServlet extends AdminServlet { try { if (op.equals(OpDef.OP_AUTH)) { if (scope.equals(ScopeDef.SC_AUTHTYPE)) { - IConfigStore configStore = CMS.getConfigStore(); + IConfigStore configStore = CMS.getConfigStore(); String val = configStore.getString("authType", "pwd"); NameValuePairs params = new NameValuePairs(); @@ -196,11 +195,11 @@ public class AuthAdminServlet extends AdminServlet { } } } catch (Exception e) { - sendResponse(ERROR,CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"), + null, resp); return; } - // for the rest + // for the rest try { super.authenticate(req); if (op.equals(OpDef.OP_AUTH)) { // for admin authentication only @@ -208,9 +207,9 @@ public class AuthAdminServlet extends AdminServlet { return; } } catch (IOException e) { - //System.out.println("SRVLT_FAIL_AUTHS"); - sendResponse(ERROR,CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"), - null, resp); + // System.out.println("SRVLT_FAIL_AUTHS"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"), + null, resp); return; } @@ -223,8 +222,8 @@ public class AuthAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } getExtendedPluginInfo(req, resp); @@ -238,8 +237,8 @@ public class AuthAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_AUTH_IMPLS)) { @@ -249,17 +248,17 @@ public class AuthAdminServlet extends AdminServlet { listAuthMgrInsts(req, resp); return; } else { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else if (op.equals(OpDef.OP_READ)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_AUTH_IMPLS)) { @@ -269,17 +268,17 @@ public class AuthAdminServlet extends AdminServlet { getInstConfig(req, resp); return; } else { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else if (op.equals(OpDef.OP_ADD)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_AUTH_IMPLS)) { @@ -289,17 +288,17 @@ public class AuthAdminServlet extends AdminServlet { addAuthMgrInst(req, resp, scope); return; } else { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else if (op.equals(OpDef.OP_DELETE)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_AUTH_IMPLS)) { @@ -309,17 +308,17 @@ public class AuthAdminServlet extends AdminServlet { delAuthMgrInst(req, resp, scope); return; } else { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else if (op.equals(OpDef.OP_MODIFY)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_AUTH_MGR_INSTANCE)) { @@ -328,18 +327,18 @@ public class AuthAdminServlet extends AdminServlet { } } else { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } - } + } } catch (EBaseException e) { sendResponse(ERROR, e.toString(getLocale(req)), null, resp); return; - } + } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"), + null, resp); return; } @@ -356,23 +355,24 @@ public class AuthAdminServlet extends AdminServlet { /** * Add authentication manager plug-in * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring * authentication * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of this authentication - * manager's substore + * manager's substore * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - - private synchronized void addAuthMgrPlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + + private synchronized void addAuthMgrPlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -392,10 +392,10 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // is the manager id unique? @@ -410,8 +410,8 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_DUP_MGR_PLUGIN_ID", id)).toString(), - null, resp); + new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_DUP_MGR_PLUGIN_ID", id)).toString(), + null, resp); return; } @@ -428,13 +428,13 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_NULL_AUTHMGR_CLASSNAME"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_NULL_AUTHMGR_CLASSNAME"), + null, resp); return; } if (classPath.equals("com.netscape.cmscore.authentication.PasswdUserDBAuthentication") || - classPath.equals("com.netscape.cmscore.authentication.CertUserDBAuthentication")) { + classPath.equals("com.netscape.cmscore.authentication.CertUserDBAuthentication")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CONFIG_AUTH, @@ -445,17 +445,17 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp); return; } IConfigStore destStore = - mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN); + mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN); IConfigStore instancesConfig = - destStore.getSubStore(scope); + destStore.getSubStore(scope); // Does the class exist? - + Class<IAuthManager> newImpl = null; try { @@ -473,8 +473,8 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_AUTHMGR_PLUGIN_NOT_FOUND"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_PLUGIN_NOT_FOUND"), + null, resp); return; } catch (IllegalArgumentException e) { // store a message in the signed audit log file @@ -487,8 +487,8 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_AUTHMGR_PLUGIN_NOT_FOUND"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_PLUGIN_NOT_FOUND"), + null, resp); return; } @@ -505,11 +505,12 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_ILL_CLASS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_ILL_CLASS"), + null, resp); return; } - } catch (NullPointerException e) { // unlikely, only if newImpl null. + } catch (NullPointerException e) { // unlikely, only if newImpl + // null. // store a message in the signed audit log file auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CONFIG_AUTH, @@ -520,8 +521,8 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_ILL_CLASS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_ILL_CLASS"), + null, resp); return; } @@ -542,10 +543,10 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); - //System.out.println("SRVLT_FAIL_COMMIT"); + // System.out.println("SRVLT_FAIL_COMMIT"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -553,8 +554,8 @@ public class AuthAdminServlet extends AdminServlet { AuthMgrPlugin plugin = new AuthMgrPlugin(id, classPath); mAuths.getPlugins().put(id, plugin); - mAuths.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_PLUGIN_ADD", id)); + mAuths.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_PLUGIN_ADD", id)); NameValuePairs params = new NameValuePairs(); @@ -570,17 +571,17 @@ public class AuthAdminServlet extends AdminServlet { sendResponse(SUCCESS, null, params, resp); return; // } catch( EBaseException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit1; + // // rethrow the specific exception to be handled later + // throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -594,39 +595,40 @@ public class AuthAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } /** * Add authentication manager instance * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring * authentication * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of this authentication - * manager's substore + * manager's substore * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void addAuthMgrInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void addAuthMgrInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -647,8 +649,8 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -664,8 +666,8 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_ILL_MGR_INST_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_ILL_MGR_INST_ID"), + null, resp); return; } @@ -685,21 +687,21 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_MISSING_PARAMS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_MISSING_PARAMS"), + null, resp); return; } // prevent agent & admin creation. if (implname.equals(IAuthSubsystem.PASSWDUSERDB_PLUGIN_ID) || - implname.equals(IAuthSubsystem.CERTUSERDB_PLUGIN_ID)) { + implname.equals(IAuthSubsystem.CERTUSERDB_PLUGIN_ID)) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp); } // check if implementation exists. AuthMgrPlugin plugin = - (AuthMgrPlugin) mAuths.getPlugins().get(implname); + (AuthMgrPlugin) mAuths.getPlugins().get(implname); if (plugin == null) { // store a message in the signed audit log file @@ -712,8 +714,8 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", implname)).toString(), - null, resp); + new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", implname)).toString(), + null, resp); return; } @@ -723,9 +725,9 @@ public class AuthAdminServlet extends AdminServlet { String[] configParams = mAuths.getConfigParams(implname); IConfigStore destStore = - mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN); + mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN); IConfigStore instancesConfig = - destStore.getSubStore(scope); + destStore.getSubStore(scope); IConfigStore substore = instancesConfig.makeSubStore(id); if (configParams != null) { @@ -765,8 +767,8 @@ public class AuthAdminServlet extends AdminServlet { // cleanup instancesConfig.removeSubStore(id); sendResponse(ERROR, - new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), - null, resp); + new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), + null, resp); return; } catch (InstantiationException e) { // store a message in the signed audit log file @@ -780,8 +782,8 @@ public class AuthAdminServlet extends AdminServlet { instancesConfig.removeSubStore(id); sendResponse(ERROR, - new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), - null, resp); + new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { // store a message in the signed audit log file @@ -795,8 +797,8 @@ public class AuthAdminServlet extends AdminServlet { instancesConfig.removeSubStore(id); sendResponse(ERROR, - new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), - null, resp); + new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), + null, resp); return; } @@ -835,16 +837,16 @@ public class AuthAdminServlet extends AdminServlet { // clean up. instancesConfig.removeSubStore(id); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } // inited and commited ok. now add manager instance to list. mAuths.add(id, authMgrInst); - mAuths.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_MGR_ADD", id)); + mAuths.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_MGR_ADD", id)); NameValuePairs params = new NameValuePairs(); @@ -886,22 +888,22 @@ public class AuthAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } - private synchronized void listAuthMgrPlugins(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void listAuthMgrPlugins(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -909,8 +911,8 @@ public class AuthAdminServlet extends AdminServlet { while (e.hasMoreElements()) { String name = (String) e.nextElement(); - AuthMgrPlugin value = (AuthMgrPlugin) - mAuths.getPlugins().get(name); + AuthMgrPlugin value = (AuthMgrPlugin) + mAuths.getPlugins().get(name); if (value.isVisible()) { params.add(name, value.getClassPath() + EDIT); @@ -920,14 +922,13 @@ public class AuthAdminServlet extends AdminServlet { return; } - private synchronized void listAuthMgrInsts(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void listAuthMgrInsts(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); - for (Enumeration<?> e = mAuths.getInstances().keys(); - e.hasMoreElements();) { + for (Enumeration<?> e = mAuths.getInstances().keys(); e.hasMoreElements();) { String name = (String) e.nextElement(); AuthManagerProxy proxy = (AuthManagerProxy) mAuths.getInstances().get(name); IAuthManager value = proxy.getAuthManager(); @@ -938,7 +939,7 @@ public class AuthAdminServlet extends AdminServlet { } AuthMgrPlugin amgrplugin = (AuthMgrPlugin) - mAuths.getPlugins().get(value.getImplName()); + mAuths.getPlugins().get(value.getImplName()); if (!amgrplugin.isVisible()) { params.add(name, value.getImplName() + ";invisible;" + enableStr); @@ -953,21 +954,22 @@ public class AuthAdminServlet extends AdminServlet { /** * Delete authentication manager plug-in * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring * authentication * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of this authentication - * manager's substore + * manager's substore * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void delAuthMgrPlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, + private synchronized void delAuthMgrPlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, IOException, EBaseException { String auditMessage = null; @@ -989,18 +991,18 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // prevent deletion of admin and agent. if (id.equals(IAuthSubsystem.PASSWDUSERDB_PLUGIN_ID) || - id.equals(IAuthSubsystem.CERTUSERDB_PLUGIN_ID)) { + id.equals(IAuthSubsystem.CERTUSERDB_PLUGIN_ID)) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp); } // does auth manager exist? @@ -1015,15 +1017,14 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_DUP_MGR_PLUGIN_ID", id)).toString(), - null, resp); + new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_DUP_MGR_PLUGIN_ID", id)).toString(), + null, resp); return; } // first check if any instances from this auth manager // DON'T remove auth manager if any instance - for (Enumeration<?> e = mAuths.getInstances().keys(); - e.hasMoreElements();) { + for (Enumeration<?> e = mAuths.getInstances().keys(); e.hasMoreElements();) { IAuthManager authMgr = (IAuthManager) mAuths.get((String) e.nextElement()); if (authMgr.getImplName() == id) { @@ -1037,19 +1038,19 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_MGR_IN_USE"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_MGR_IN_USE"), + null, resp); return; } } - + // then delete this auth manager mAuths.getPlugins().remove((Object) id); IConfigStore destStore = - mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN); + mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN); IConfigStore instancesConfig = - destStore.getSubStore(scope); + destStore.getSubStore(scope); instancesConfig.removeSubStore(id); // commiting @@ -1066,8 +1067,8 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -1083,17 +1084,17 @@ public class AuthAdminServlet extends AdminServlet { sendResponse(SUCCESS, null, params, resp); return; // } catch( EBaseException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit1; + // // rethrow the specific exception to be handled later + // throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -1107,38 +1108,39 @@ public class AuthAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit1; + // // rethrow the specific exception to be handled later + // throw eAudit1; } } /** * Delete authentication manager instance * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring * authentication * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of this authentication - * manager's substore + * manager's substore * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void delAuthMgrInst(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, + private synchronized void delAuthMgrInst(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, IOException, EBaseException { String auditMessage = null; @@ -1160,18 +1162,18 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // prevent deletion of admin and agent. if (id.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID) || - id.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { + id.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp); } // does auth manager instance exist? @@ -1186,23 +1188,23 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - new EAuthMgrNotFound(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", id)).toString(), - null, resp); + new EAuthMgrNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", id)).toString(), + null, resp); return; } // only remove from memory // cannot shutdown because we don't keep track of whether it's - // being used. + // being used. IAuthManager mgrInst = (IAuthManager) mAuths.get(id); mAuths.getInstances().remove((Object) id); // remove the configuration. IConfigStore destStore = - mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN); + mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN); IConfigStore instancesConfig = - destStore.getSubStore(scope); + destStore.getSubStore(scope); instancesConfig.removeSubStore(id); // commiting @@ -1218,15 +1220,15 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); - //System.out.println("SRVLT_FAIL_COMMIT"); + // System.out.println("SRVLT_FAIL_COMMIT"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } - //This only works in the fact that we only support one instance per - //auth plugin. + // This only works in the fact that we only support one instance per + // auth plugin. ILdapAuthInfo authInfo = CMS.getLdapAuthInfo(); authInfo.removePassword("Rule " + id); @@ -1243,17 +1245,17 @@ public class AuthAdminServlet extends AdminServlet { sendResponse(SUCCESS, null, params, resp); return; // } catch( EBaseException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit1; + // // rethrow the specific exception to be handled later + // throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -1267,40 +1269,39 @@ public class AuthAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } /** - * used for getting the required configuration parameters (with - * possible default values) for a particular auth manager plugin - * implementation name specified in the RS_ID. Actually, there is - * no logic in here to set any default value here...there's no - * default value for any parameter in this authentication subsystem - * at this point. Later, if we do have one (or some), it can be - * added. The interface remains the same. + * used for getting the required configuration parameters (with possible + * default values) for a particular auth manager plugin implementation name + * specified in the RS_ID. Actually, there is no logic in here to set any + * default value here...there's no default value for any parameter in this + * authentication subsystem at this point. Later, if we do have one (or + * some), it can be added. The interface remains the same. */ - private synchronized void getConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private synchronized void getConfig(HttpServletRequest req, + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String implname = req.getParameter(Constants.RS_ID); if (implname == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -1318,25 +1319,25 @@ public class AuthAdminServlet extends AdminServlet { return; } - private synchronized void getInstConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void getInstConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // does auth manager instance exist? if (mAuths.getInstances().containsKey(id) == false) { sendResponse(ERROR, - new EAuthMgrNotFound(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", id)).toString(), - null, resp); + new EAuthMgrNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", id)).toString(), + null, resp); return; } @@ -1365,29 +1366,29 @@ public class AuthAdminServlet extends AdminServlet { } /** - * Modify authentication manager instance - * This will actually create a new instance with new configuration - * parameters and replace the old instance if the new instance is - * created and initialized successfully. - * The old instance is left running, so this is very expensive. - * Restart of server recommended. + * Modify authentication manager instance This will actually create a new + * instance with new configuration parameters and replace the old instance + * if the new instance is created and initialized successfully. The old + * instance is left running, so this is very expensive. Restart of server + * recommended. * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring * authentication * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of this authentication - * manager's substore + * manager's substore * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void modAuthMgrInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void modAuthMgrInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { // expensive operation. @@ -1409,18 +1410,18 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // prevent modification of admin and agent. if (id.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID) || - id.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { + id.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp); } // Does the manager instance exist? @@ -1435,8 +1436,8 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage("CMS_AUTHENTICATION_MGR_IMPL_NOT_FOUND"), - null, resp); + CMS.getUserMessage("CMS_AUTHENTICATION_MGR_IMPL_NOT_FOUND"), + null, resp); return; } @@ -1454,14 +1455,14 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage("CMS_AUTHENTICATION_MISSING_PARAMS"), - null, resp); + CMS.getUserMessage("CMS_AUTHENTICATION_MISSING_PARAMS"), + null, resp); return; } - // get plugin for implementation + // get plugin for implementation AuthMgrPlugin plugin = - (AuthMgrPlugin) mAuths.getPlugins().get(implname); + (AuthMgrPlugin) mAuths.getPlugins().get(implname); if (plugin == null) { // store a message in the signed audit log file @@ -1474,15 +1475,15 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", implname)).toString(), - null, resp); + new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", implname)).toString(), + null, resp); return; } - // save old instance substore params in case new one fails. + // save old instance substore params in case new one fails. - IAuthManager oldinst = - (IAuthManager) mAuths.get(id); + IAuthManager oldinst = + (IAuthManager) mAuths.get(id); IConfigStore oldConfig = oldinst.getConfigStore(); String[] oldConfigParms = oldinst.getConfigParams(); @@ -1490,7 +1491,7 @@ public class AuthAdminServlet extends AdminServlet { // implName is always required so always include it it. saveParams.add(IAuthSubsystem.PROP_PLUGIN, - (String) oldConfig.get(IAuthSubsystem.PROP_PLUGIN)); + (String) oldConfig.get(IAuthSubsystem.PROP_PLUGIN)); if (oldConfigParms != null) { for (int i = 0; i < oldConfigParms.length; i++) { String key = oldConfigParms[i]; @@ -1507,9 +1508,9 @@ public class AuthAdminServlet extends AdminServlet { // remove old substore. IConfigStore destStore = - mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN); + mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN); IConfigStore instancesConfig = - destStore.getSubStore(scope); + destStore.getSubStore(scope); instancesConfig.removeSubStore(id); @@ -1551,8 +1552,8 @@ public class AuthAdminServlet extends AdminServlet { // cleanup restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), - null, resp); + new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), + null, resp); return; } catch (InstantiationException e) { // store a message in the signed audit log file @@ -1566,8 +1567,8 @@ public class AuthAdminServlet extends AdminServlet { restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), - null, resp); + new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { // store a message in the signed audit log file @@ -1581,8 +1582,8 @@ public class AuthAdminServlet extends AdminServlet { restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), - null, resp); + new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), + null, resp); return; } @@ -1606,7 +1607,7 @@ public class AuthAdminServlet extends AdminServlet { return; } - // initialized ok. commiting + // initialized ok. commiting try { mConfig.commit(true); } catch (EBaseException e) { @@ -1621,10 +1622,10 @@ public class AuthAdminServlet extends AdminServlet { // clean up. restore(instancesConfig, id, saveParams); - //System.out.println("SRVLT_FAIL_COMMIT"); + // System.out.println("SRVLT_FAIL_COMMIT"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -1632,8 +1633,8 @@ public class AuthAdminServlet extends AdminServlet { mAuths.add(id, newMgrInst); - mAuths.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_MGR_REPL", id)); + mAuths.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_MGR_REPL", id)); NameValuePairs params = new NameValuePairs(); @@ -1673,23 +1674,23 @@ public class AuthAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } // convenience routine. - private static void restore(IConfigStore store, - String id, NameValuePairs saveParams) { + private static void restore(IConfigStore store, + String id, NameValuePairs saveParams) { store.removeSubStore(id); IConfigStore rstore = store.makeSubStore(id); @@ -1699,7 +1700,7 @@ public class AuthAdminServlet extends AdminServlet { String key = (String) keys.nextElement(); String value = saveParams.getValue(key); - if (value != null) + if (value != null) rstore.put(key, value); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/AuthCredentials.java b/pki/base/common/src/com/netscape/cms/servlet/admin/AuthCredentials.java index bfa9cccd..cca86dce 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/AuthCredentials.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/AuthCredentials.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.util.Enumeration; import java.util.Hashtable; @@ -25,11 +24,10 @@ import com.netscape.certsrv.authentication.IAuthCredentials; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IArgBlock; - /** * Authentication Credentials as input to the authMgr * <P> - * + * * @version $Revision$, $Date$ */ public class AuthCredentials implements IAuthCredentials { @@ -38,21 +36,23 @@ public class AuthCredentials implements IAuthCredentials { */ private static final long serialVersionUID = -6938644716486895814L; private Hashtable authCreds = null; - // Inserted by bskim + // Inserted by bskim private IArgBlock argblk = null; + // Insert end - + public AuthCredentials() { authCreds = new Hashtable(); } /** * sets a credential with credential name and the credential + * * @param name credential name * @param cred credential * @exception com.netscape.certsrv.base.EBaseException NullPointerException */ - public void set(String name, Object cred)throws EBaseException { + public void set(String name, Object cred) throws EBaseException { if (cred == null) { throw new EBaseException("AuthCredentials.set()"); } @@ -62,7 +62,8 @@ public class AuthCredentials implements IAuthCredentials { /** * returns the credential to which the specified name is mapped in this - * credential set + * credential set + * * @param name credential name * @return the named authentication credential */ @@ -71,9 +72,10 @@ public class AuthCredentials implements IAuthCredentials { } /** - * removes the name and its corresponding credential from this - * credential set. This method does nothing if the named - * credential is not in the credential set. + * removes the name and its corresponding credential from this credential + * set. This method does nothing if the named credential is not in the + * credential set. + * * @param name credential name */ public void delete(String name) { @@ -81,27 +83,27 @@ public class AuthCredentials implements IAuthCredentials { } /** - * returns an enumeration of the credentials in this credential - * set. Use the Enumeration methods on the returned object to - * fetch the elements sequentially. + * returns an enumeration of the credentials in this credential set. Use the + * Enumeration methods on the returned object to fetch the elements + * sequentially. + * * @return an enumeration of the values in this credential set * @see java.util.Enumeration */ public Enumeration getElements() { return (authCreds.elements()); } - + // Inserted by bskim public void setArgBlock(IArgBlock blk) { argblk = blk; return; - } + } // Insert end - + public IArgBlock getArgBlock() { return argblk; - } + } // Insert end } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java index 0ae51ce4..a70d5130 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.File; import java.io.IOException; import java.net.UnknownHostException; @@ -45,13 +44,11 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.request.IRequestListener; import com.netscape.cmsutil.util.Utils; - /** - * A class representings an administration servlet for Certificate - * Authority. This servlet is responsible to serve CA - * administrative operations such as configuration parameter - * updates. - * + * A class representings an administration servlet for Certificate Authority. + * This servlet is responsible to serve CA administrative operations such as + * configuration parameter updates. + * * @version $Revision$, $Date$ */ public class CAAdminServlet extends AdminServlet { @@ -66,7 +63,7 @@ public class CAAdminServlet extends AdminServlet { private final static String INFO = "CAAdminServlet"; private final static String LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE = - "LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE_3"; + "LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE_3"; private ICertificateAuthority mCA = null; protected static final String PROP_ENABLED = "enabled"; @@ -94,22 +91,22 @@ public class CAAdminServlet extends AdminServlet { } /** - * Serves HTTP request. Each request is authenticated to - * the authenticate manager. + * Serves HTTP request. Each request is authenticated to the authenticate + * manager. */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { super.service(req, resp); - - //get all operational flags + + // get all operational flags String op = req.getParameter(Constants.OP_TYPE); String scope = req.getParameter(Constants.OP_SCOPE); - //check operational flags + // check operational flags if ((op == null) || (scope == null)) { sendResponse(1, "Invalid Protocol", null, resp); return; - } + } super.authenticate(req); @@ -120,8 +117,8 @@ public class CAAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } getExtendedPluginInfo(req, resp); @@ -135,8 +132,8 @@ public class CAAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_GENERAL)) @@ -159,8 +156,8 @@ public class CAAdminServlet extends AdminServlet { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_GENERAL)) @@ -171,9 +168,9 @@ public class CAAdminServlet extends AdminServlet { setCRLIPsConfig(req, resp); else if (scope.equals(ScopeDef.SC_CRL)) setCRLConfig(req, resp); - else if (scope.equals(ScopeDef.SC_NOTIFICATION_REQ_COMP)) + else if (scope.equals(ScopeDef.SC_NOTIFICATION_REQ_COMP)) setNotificationReqCompConfig(req, resp); - else if (scope.equals(ScopeDef.SC_NOTIFICATION_REV_COMP)) + else if (scope.equals(ScopeDef.SC_NOTIFICATION_REV_COMP)) setNotificationRevCompConfig(req, resp); else if (scope.equals(ScopeDef.SC_NOTIFICATION_RIQ)) setNotificationRIQConfig(req, resp); @@ -183,8 +180,8 @@ public class CAAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_CRLEXTS_RULES)) @@ -195,8 +192,8 @@ public class CAAdminServlet extends AdminServlet { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_CRLIPS)) @@ -205,8 +202,8 @@ public class CAAdminServlet extends AdminServlet { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_CRLIPS)) @@ -220,23 +217,24 @@ public class CAAdminServlet extends AdminServlet { } } - /*========================================================== - * private methods - *==========================================================*/ - + /* + * ========================================================== private + * methods========================================================== + */ + /* * handle request completion (cert issued) notification config requests */ private void getNotificationCompConfig(HttpServletRequest req, - HttpServletResponse resp, IConfigStore rc) throws ServletException, + HttpServletResponse resp, IConfigStore rc) throws ServletException, IOException, EBaseException { - + NameValuePairs params = new NameValuePairs(); Enumeration e = req.getParameterNames(); - + while (e.hasMoreElements()) { String name = (String) e.nextElement(); - + if (name.equals(Constants.OP_TYPE)) continue; if (name.equals(Constants.RS_ID)) @@ -247,33 +245,33 @@ public class CAAdminServlet extends AdminServlet { continue; params.add(name, rc.getString(name, "")); } - + params.add(Constants.PR_ENABLE, - rc.getString(PROP_ENABLED, Constants.FALSE)); + rc.getString(PROP_ENABLED, Constants.FALSE)); sendResponse(SUCCESS, null, params, resp); } - + private void getNotificationRevCompConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { - + IConfigStore config = mCA.getConfigStore(); IConfigStore nc = - config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); + config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); IConfigStore rc = nc.getSubStore(ICertificateAuthority.PROP_CERT_REVOKED_SUBSTORE); - + getNotificationCompConfig(req, resp, rc); } - + private void getNotificationReqCompConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { - + IConfigStore config = mCA.getConfigStore(); IConfigStore nc = - config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); + config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); IConfigStore rc = nc.getSubStore(ICertificateAuthority.PROP_CERT_ISSUED_SUBSTORE); - + getNotificationCompConfig(req, resp, rc); } @@ -281,14 +279,14 @@ public class CAAdminServlet extends AdminServlet { * handle getting request in queue notification config info */ private void getNotificationRIQConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); IConfigStore config = mCA.getConfigStore(); IConfigStore nc = - config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); + config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); IConfigStore riq = nc.getSubStore(ICertificateAuthority.PROP_REQ_IN_Q_SUBSTORE); @@ -308,8 +306,8 @@ public class CAAdminServlet extends AdminServlet { params.add(name, riq.getString(name, "")); } - params.add(Constants.PR_ENABLE, - riq.getString(PROP_ENABLED, Constants.FALSE)); + params.add(Constants.PR_ENABLE, + riq.getString(PROP_ENABLED, Constants.FALSE)); sendResponse(SUCCESS, null, params, resp); } @@ -317,15 +315,15 @@ public class CAAdminServlet extends AdminServlet { * handle setting request in queue notification config info */ private void setNotificationRIQConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { IConfigStore config = mCA.getConfigStore(); IConfigStore nc = - config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); + config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); IConfigStore riq = nc.getSubStore(ICertificateAuthority.PROP_REQ_IN_Q_SUBSTORE); - //set rest of the parameters + // set rest of the parameters Enumeration e = req.getParameterNames(); while (e.hasMoreElements()) { @@ -346,15 +344,15 @@ public class CAAdminServlet extends AdminServlet { File template = new File(val); if ((!template.exists()) || (!template.canRead()) - || (template.isDirectory())) { + || (template.isDirectory())) { String error = - "Template: " + val + " does not exist or invalid"; + "Template: " + val + " does not exist or invalid"; log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_INVALID_PATH")); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PATH"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PATH"), + null, resp); return; } } @@ -377,10 +375,10 @@ public class CAAdminServlet extends AdminServlet { * handle setting request complete notification config info */ private void setNotificationCompConfig(HttpServletRequest req, - HttpServletResponse resp, IConfigStore rc, IRequestListener thisListener) throws ServletException, + HttpServletResponse resp, IConfigStore rc, IRequestListener thisListener) throws ServletException, IOException, EBaseException { - - //set rest of the parameters + + // set rest of the parameters Enumeration e = req.getParameterNames(); while (e.hasMoreElements()) { @@ -401,15 +399,15 @@ public class CAAdminServlet extends AdminServlet { File template = new File(val); if ((!template.exists()) || (!template.canRead()) - || (template.isDirectory())) { + || (template.isDirectory())) { String error = - "Template: " + val + " does not exist or invalid"; + "Template: " + val + " does not exist or invalid"; log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_INVALID_PATH")); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PATH"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PATH"), + null, resp); return; } } @@ -429,23 +427,23 @@ public class CAAdminServlet extends AdminServlet { } private void setNotificationRevCompConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { IConfigStore config = mCA.getConfigStore(); IConfigStore nc = - config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); + config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); - IConfigStore rc = nc.getSubStore(ICertificateAuthority.PROP_CERT_REVOKED_SUBSTORE); + IConfigStore rc = nc.getSubStore(ICertificateAuthority.PROP_CERT_REVOKED_SUBSTORE); setNotificationCompConfig(req, resp, rc, mCA.getCertRevokedListener()); - } + } private void setNotificationReqCompConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { IConfigStore config = mCA.getConfigStore(); IConfigStore nc = - config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); + config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); IConfigStore rc = nc.getSubStore(ICertificateAuthority.PROP_CERT_ISSUED_SUBSTORE); @@ -454,8 +452,8 @@ public class CAAdminServlet extends AdminServlet { } private void listCRLIPsConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration ips = mCA.getCRLIssuingPoints(); @@ -469,16 +467,16 @@ public class CAAdminServlet extends AdminServlet { if (ipId != null && ipId.length() > 0) params.add(ipId, ip.getDescription()); params.add(ipId + "." + Constants.PR_ENABLED, - (Boolean.valueOf(ip.isCRLIssuingPointEnabled())).toString()); + (Boolean.valueOf(ip.isCRLIssuingPointEnabled())).toString()); } } - + sendResponse(SUCCESS, null, params, resp); } private void getCRLIPsConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String id = req.getParameter(Constants.RS_ID); @@ -518,11 +516,12 @@ public class CAAdminServlet extends AdminServlet { /** * Add CRL issuing points configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when * configuring CRL profile (extensions, frequency, CRL format) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred @@ -530,8 +529,8 @@ public class CAAdminServlet extends AdminServlet { * @exception EBaseException an error has occurred */ private void addCRLIPsConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -578,7 +577,7 @@ public class CAAdminServlet extends AdminServlet { boolean enable = true; if (sEnable != null && sEnable.length() > 0 && - sEnable.equalsIgnoreCase(Constants.FALSE)) { + sEnable.equalsIgnoreCase(Constants.FALSE)) { enable = false; params.add(Constants.PR_ENABLED, Constants.FALSE); } else { @@ -586,7 +585,7 @@ public class CAAdminServlet extends AdminServlet { } IConfigStore crlSubStore = - mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE); + mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE); Enumeration crlNames = crlSubStore.getSubStoreNames(); while (crlNames.hasMoreElements()) { @@ -656,28 +655,29 @@ public class CAAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } /** * Set CRL issuing points configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when * configuring CRL profile (extensions, frequency, CRL format) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred @@ -685,8 +685,8 @@ public class CAAdminServlet extends AdminServlet { * @exception EBaseException an error has occurred */ private void setCRLIPsConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -733,7 +733,7 @@ public class CAAdminServlet extends AdminServlet { boolean enable = true; if (sEnable != null && sEnable.length() > 0 && - sEnable.equalsIgnoreCase(Constants.FALSE)) { + sEnable.equalsIgnoreCase(Constants.FALSE)) { enable = false; params.add(Constants.PR_ENABLED, Constants.FALSE); } else { @@ -741,7 +741,7 @@ public class CAAdminServlet extends AdminServlet { } IConfigStore crlSubStore = - mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE); + mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE); boolean done = false; Enumeration crlNames = crlSubStore.getSubStoreNames(); @@ -759,8 +759,8 @@ public class CAAdminServlet extends AdminServlet { if (c != null) { c.putString(Constants.PR_DESCRIPTION, desc); - c.putString(Constants.PR_ENABLED, - (enable) ? Constants.TRUE : Constants.FALSE); + c.putString(Constants.PR_ENABLED, + (enable) ? Constants.TRUE : Constants.FALSE); } done = true; break; @@ -816,28 +816,29 @@ public class CAAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } /** * Delete CRL issuing points configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when * configuring CRL profile (extensions, frequency, CRL format) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred @@ -845,8 +846,8 @@ public class CAAdminServlet extends AdminServlet { * @exception EBaseException an error has occurred */ private void deleteCRLIPsConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -859,7 +860,7 @@ public class CAAdminServlet extends AdminServlet { if (id != null && id.length() > 0) { IConfigStore crlSubStore = - mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE); + mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE); boolean done = false; Enumeration crlNames = crlSubStore.getSubStoreNames(); @@ -923,23 +924,23 @@ public class CAAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } private void getCRLExtsConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String ipId = null; @@ -974,11 +975,12 @@ public class CAAdminServlet extends AdminServlet { /** * Delete CRL extensions configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when * configuring CRL profile (extensions, frequency, CRL format) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred @@ -986,8 +988,8 @@ public class CAAdminServlet extends AdminServlet { * @exception EBaseException an error has occurred */ private void setCRLExtsConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1007,10 +1009,10 @@ public class CAAdminServlet extends AdminServlet { IConfigStore config = mCA.getConfigStore(); IConfigStore crlsSubStore = - config.getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE); + config.getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE); IConfigStore crlSubStore = crlsSubStore.getSubStore(ipId); IConfigStore crlExtsSubStore = - crlSubStore.getSubStore(ICertificateAuthority.PROP_CRLEXT_SUBSTORE); + crlSubStore.getSubStore(ICertificateAuthority.PROP_CRLEXT_SUBSTORE); String id = req.getParameter(Constants.RS_ID); @@ -1077,23 +1079,23 @@ public class CAAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } private void listCRLExtsConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String id = req.getParameter(Constants.PR_ID); @@ -1130,12 +1132,12 @@ public class CAAdminServlet extends AdminServlet { sendResponse(SUCCESS, null, params, resp); } - /** - * retrieve extended plugin info such as brief description, - * type info from CRL extensions + /** + * retrieve extended plugin info such as brief description, type info from + * CRL extensions */ private void getExtendedPluginInfo(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); int colon = id.indexOf(':'); @@ -1143,8 +1145,8 @@ public class CAAdminServlet extends AdminServlet { String implType = id.substring(0, colon); String implName = id.substring(colon + 1); - NameValuePairs params = - getExtendedPluginInfo(getLocale(req), implType, implName); + NameValuePairs params = + getExtendedPluginInfo(getLocale(req), implType, implName); sendResponse(SUCCESS, null, params, resp); } @@ -1191,11 +1193,12 @@ public class CAAdminServlet extends AdminServlet { /** * Set CRL configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when * configuring CRL profile (extensions, frequency, CRL format) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred @@ -1203,7 +1206,7 @@ public class CAAdminServlet extends AdminServlet { * @exception EBaseException an error has occurred */ private void setCRLConfig(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1215,17 +1218,17 @@ public class CAAdminServlet extends AdminServlet { String id = req.getParameter(Constants.RS_ID); if (id == null || id.length() <= 0 || - id.equals(Constants.RS_ID_CONFIG)) { + id.equals(Constants.RS_ID_CONFIG)) { id = ICertificateAuthority.PROP_MASTER_CRL; } ICRLIssuingPoint ip = mCA.getCRLIssuingPoint(id); - //Save New Settings to the config file + // Save New Settings to the config file IConfigStore config = mCA.getConfigStore(); IConfigStore crlsSubStore = config.getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE); IConfigStore crlSubStore = crlsSubStore.getSubStore(id); - //set reset of the parameters + // set reset of the parameters Enumeration e = req.getParameterNames(); while (e.hasMoreElements()) { @@ -1286,22 +1289,22 @@ public class CAAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } private void getCRLConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -1309,11 +1312,11 @@ public class CAAdminServlet extends AdminServlet { String id = req.getParameter(Constants.RS_ID); if (id == null || id.length() <= 0 || - id.equals(Constants.RS_ID_CONFIG)) { + id.equals(Constants.RS_ID_CONFIG)) { id = ICertificateAuthority.PROP_MASTER_CRL; } IConfigStore crlsSubStore = - mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE); + mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE); IConfigStore crlSubStore = crlsSubStore.getSubStore(id); Enumeration e = req.getParameterNames(); @@ -1335,9 +1338,9 @@ public class CAAdminServlet extends AdminServlet { getSigningAlgConfig(params); sendResponse(SUCCESS, null, params, resp); } - + private void getConnectorConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { IConfigStore caConfig = mCA.getConfigStore(); IConfigStore connectorConfig = caConfig.getSubStore("connector"); @@ -1370,14 +1373,14 @@ public class CAAdminServlet extends AdminServlet { } private void setConnectorConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { IConfigStore caConfig = mCA.getConfigStore(); IConfigStore connectorConfig = caConfig.getSubStore("connector"); IConfigStore caConnectorConfig = null; -// String nickname = CMS.getServerCertNickname(); + // String nickname = CMS.getServerCertNickname(); if (isKRAConnector(req)) { caConnectorConfig = connectorConfig.getSubStore("KRA"); @@ -1397,12 +1400,10 @@ public class CAAdminServlet extends AdminServlet { continue; if (name.equals(Constants.OP_SCOPE)) continue; -/* - if (name.equals("nickName")) { - caConnectorConfig.putString(name, nickname); - continue; - } -*/ + /* + * if (name.equals("nickName")) { + * caConnectorConfig.putString(name, nickname); continue; } + */ if (name.equals("host")) { try { Utils.checkHost(req.getParameter("host")); @@ -1456,27 +1457,23 @@ public class CAAdminServlet extends AdminServlet { } private void getGeneralConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String value = "false"; /* - ISubsystem eeGateway = - SubsystemRegistry.getInstance().get("eeGateway"); - if (eeGateway != null) { - IConfigStore eeConfig = eeGateway.getConfigStore(); - if (eeConfig != null) - value = eeConfig.getString("enabled", "true"); - String ocspValue = "true"; - ocspValue = eeConfig.getString("enableOCSP", "true"); - params.add(Constants.PR_OCSP_ENABLED, ocspValue); - } - params.add(Constants.PR_EE_ENABLED, value); + * ISubsystem eeGateway = + * SubsystemRegistry.getInstance().get("eeGateway"); if (eeGateway != + * null) { IConfigStore eeConfig = eeGateway.getConfigStore(); if + * (eeConfig != null) value = eeConfig.getString("enabled", "true"); + * String ocspValue = "true"; ocspValue = + * eeConfig.getString("enableOCSP", "true"); + * params.add(Constants.PR_OCSP_ENABLED, ocspValue); } + * params.add(Constants.PR_EE_ENABLED, value); */ - IConfigStore caConfig = mCA.getConfigStore(); value = caConfig.getString(ICertificateAuthority.PROP_ENABLE_PAST_CATIME, "false"); @@ -1485,18 +1482,18 @@ public class CAAdminServlet extends AdminServlet { getSigningAlgConfig(params); getSerialConfig(params); getMaxSerialConfig(params); - + sendResponse(SUCCESS, null, params, resp); } private void getSigningAlgConfig(NameValuePairs params) { params.add(Constants.PR_DEFAULT_ALGORITHM, - mCA.getDefaultAlgorithm()); + mCA.getDefaultAlgorithm()); String[] algorithms = mCA.getCASigningAlgorithms(); StringBuffer algorStr = new StringBuffer(); for (int i = 0; i < algorithms.length; i++) { - if (i == 0) + if (i == 0) algorStr.append(algorithms[i]); else { algorStr.append(":"); @@ -1508,23 +1505,23 @@ public class CAAdminServlet extends AdminServlet { private void getSerialConfig(NameValuePairs params) { params.add(Constants.PR_SERIAL, - mCA.getStartSerial()); + mCA.getStartSerial()); } private void getMaxSerialConfig(NameValuePairs params) { params.add(Constants.PR_MAXSERIAL, - mCA.getMaxSerial()); + mCA.getMaxSerial()); } private void setGeneralConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { ISubsystem eeGateway = null; /* - ISubsystem eeGateway = - SubsystemRegistry.getInstance().get("eeGateway"); + * ISubsystem eeGateway = + * SubsystemRegistry.getInstance().get("eeGateway"); */ IConfigStore eeConfig = null; @@ -1533,7 +1530,7 @@ public class CAAdminServlet extends AdminServlet { Enumeration enum1 = req.getParameterNames(); boolean restart = false; - //mCA.setMaxSerial(""); + // mCA.setMaxSerial(""); while (enum1.hasMoreElements()) { String key = (String) enum1.nextElement(); String value = req.getParameter(key); @@ -1541,15 +1538,11 @@ public class CAAdminServlet extends AdminServlet { if (key.equals(Constants.PR_EE_ENABLED)) { /* - if (eeConfig != null) { - if (((EEGateway)eeGateway).isEnabled() && - value.equals("false") || - !((EEGateway)eeGateway).isEnabled() && - value.equals("true")) { - restart=true;; - } - eeConfig.putString("enabled", value); - } + * if (eeConfig != null) { if + * (((EEGateway)eeGateway).isEnabled() && value.equals("false") + * || !((EEGateway)eeGateway).isEnabled() && + * value.equals("true")) { restart=true;; } + * eeConfig.putString("enabled", value); } */ } else if (key.equals(Constants.PR_VALIDITY)) { mCA.setValidity(value); @@ -1573,6 +1566,6 @@ public class CAAdminServlet extends AdminServlet { if (mLogger == null) return; mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER, - level, "CAAdminServlet: " + msg); + level, "CAAdminServlet: " + msg); } -} +} diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java index 3251e46b..f55ba57b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.BufferedReader; import java.io.File; import java.io.FileInputStream; @@ -82,11 +81,10 @@ import com.netscape.cmsutil.util.Cert; import com.netscape.symkey.SessionKey; /** - * A class representings an administration servlet. This - * servlet is responsible to serve Certificate Server - * level administrative operations such as configuration - * parameter updates. - * + * A class representings an administration servlet. This servlet is responsible + * to serve Certificate Server level administrative operations such as + * configuration parameter updates. + * * @version $Revision$, $Date$ */ public final class CMSAdminServlet extends AdminServlet { @@ -108,13 +106,13 @@ public final class CMSAdminServlet extends AdminServlet { private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); private final static byte EOL[] = { Character.LINE_SEPARATOR }; private final static String LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION = - "LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION_3"; + "LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION_3"; private final static String LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY = - "LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY_3"; + "LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY_3"; private final static String LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC = - "LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC_3"; + "LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC_3"; private final static String LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION = - "LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION_2"; + "LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION_2"; private final static String LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION = "LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION_3"; @@ -145,13 +143,13 @@ public final class CMSAdminServlet extends AdminServlet { * Serves HTTP request. */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { super.service(req, resp); try { super.authenticate(req); } catch (IOException e) { sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"), - null, resp); + null, resp); return; } @@ -164,8 +162,8 @@ public final class CMSAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } getEnv(req, resp); @@ -175,8 +173,8 @@ public final class CMSAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_LDAP)) @@ -199,13 +197,13 @@ public final class CMSAdminServlet extends AdminServlet { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_LDAP)) setDBConfig(req, resp); - else if (scope.equals(ScopeDef.SC_SMTP)) + else if (scope.equals(ScopeDef.SC_SMTP)) modifySMTPConfig(req, resp); else if (scope.equals(ScopeDef.SC_TASKS)) performTasks(req, resp); @@ -213,9 +211,9 @@ public final class CMSAdminServlet extends AdminServlet { modifyEncryption(req, resp); else if (scope.equals(ScopeDef.SC_ISSUE_IMPORT_CERT)) issueImportCert(req, resp); - else if (scope.equals(ScopeDef.SC_INSTALL_CERT)) + else if (scope.equals(ScopeDef.SC_INSTALL_CERT)) installCert(req, resp); - else if (scope.equals(ScopeDef.SC_IMPORT_CROSS_CERT)) + else if (scope.equals(ScopeDef.SC_IMPORT_CROSS_CERT)) importXCert(req, resp); else if (scope.equals(ScopeDef.SC_DELETE_CERTS)) deleteCerts(req, resp); @@ -229,8 +227,8 @@ public final class CMSAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_SUBSYSTEM)) @@ -239,11 +237,11 @@ public final class CMSAdminServlet extends AdminServlet { getCACerts(req, resp); else if (scope.equals(ScopeDef.SC_ALL_CERTLIST)) getAllCertsManage(req, resp); - else if (scope.equals(ScopeDef.SC_USERCERTSLIST)) + else if (scope.equals(ScopeDef.SC_USERCERTSLIST)) getUserCerts(req, resp); - else if (scope.equals(ScopeDef.SC_TKSKEYSLIST)) + else if (scope.equals(ScopeDef.SC_TKSKEYSLIST)) getTKSKeys(req, resp); - else if (scope.equals(ScopeDef.SC_TOKEN)) + else if (scope.equals(ScopeDef.SC_TOKEN)) getAllTokenNames(req, resp); else if (scope.equals(ScopeDef.SC_ROOTCERTSLIST)) getRootCerts(req, resp); @@ -251,21 +249,21 @@ public final class CMSAdminServlet extends AdminServlet { mOp = "delete"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_ROOTCERTSLIST)) { deleteRootCert(req, resp); } else if (scope.equals(ScopeDef.SC_USERCERTSLIST)) { - deleteUserCert(req,resp); + deleteUserCert(req, resp); } } else if (op.equals(OpDef.OP_PROCESS)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_CERT_REQUEST)) @@ -282,14 +280,14 @@ public final class CMSAdminServlet extends AdminServlet { checkTokenStatus(req, resp); else if (scope.equals(ScopeDef.SC_SELFTESTS)) runSelfTestsOnDemand(req, resp); - else if (scope.equals(ScopeDef.SC_TKSKEYSLIST)) + else if (scope.equals(ScopeDef.SC_TKSKEYSLIST)) createMasterKey(req, resp); } else if (op.equals(OpDef.OP_VALIDATE)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_SUBJECT_NAME)) @@ -303,7 +301,7 @@ public final class CMSAdminServlet extends AdminServlet { } } catch (EBaseException e) { sendResponse(ERROR, e.toString(getLocale(req)), - null, resp); + null, resp); return; } catch (Exception e) { StringWriter sw = new StringWriter(); @@ -316,7 +314,7 @@ public final class CMSAdminServlet extends AdminServlet { } private void getEnv(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -324,16 +322,16 @@ public final class CMSAdminServlet extends AdminServlet { params.add(Constants.PR_NT, Constants.TRUE); else params.add(Constants.PR_NT, Constants.FALSE); - + sendResponse(SUCCESS, null, params, resp); } private void getAllTokenNames(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); NameValuePairs params = new NameValuePairs(); params.add(Constants.PR_TOKEN_LIST, jssSubSystem.getTokenList()); @@ -342,15 +340,15 @@ public final class CMSAdminServlet extends AdminServlet { } private void getAllNicknames(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); params.add(Constants.PR_ALL_NICKNAMES, jssSubSystem.getAllCerts()); - + sendResponse(SUCCESS, null, params, resp); } @@ -361,18 +359,18 @@ public final class CMSAdminServlet extends AdminServlet { String type = ""; ISubsystem sys = (ISubsystem) e.nextElement(); - //get subsystem type + // get subsystem type if ((sys instanceof IKeyRecoveryAuthority) && - subsystem.equals("kra")) + subsystem.equals("kra")) return true; else if ((sys instanceof IRegistrationAuthority) && - subsystem.equals("ra")) + subsystem.equals("ra")) return true; else if ((sys instanceof ICertificateAuthority) && - subsystem.equals("ca")) + subsystem.equals("ca")) return true; else if ((sys instanceof IOCSPAuthority) && - subsystem.equals("ocsp")) + subsystem.equals("ocsp")) return true; } @@ -380,7 +378,7 @@ public final class CMSAdminServlet extends AdminServlet { } private void readEncryption(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { Enumeration<ISubsystem> e = CMS.getSubsystems(); @@ -394,7 +392,7 @@ public final class CMSAdminServlet extends AdminServlet { String type = ""; ISubsystem sys = (ISubsystem) e.nextElement(); - //get subsystem type + // get subsystem type if (sys instanceof IKeyRecoveryAuthority) isKRAInstalled = true; else if (sys instanceof IRegistrationAuthority) @@ -405,17 +403,17 @@ public final class CMSAdminServlet extends AdminServlet { isOCSPInstalled = true; else if (sys instanceof ITKSAuthority) isTKSInstalled = true; - - } + + } ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); String caTokenName = ""; NameValuePairs params = new NameValuePairs(); params.add(Constants.PR_CIPHER_VERSION, - jssSubSystem.getCipherVersion()); + jssSubSystem.getCipherVersion()); params.add(Constants.PR_CIPHER_FORTEZZA, jssSubSystem.isCipherFortezza()); params.add(Constants.PR_CIPHER_PREF, jssSubSystem.getCipherPreferences()); @@ -427,7 +425,7 @@ public final class CMSAdminServlet extends AdminServlet { while (tokenizer.hasMoreElements()) { String tokenName = (String) tokenizer.nextElement(); String certs = jssSubSystem.getCertListWithoutTokenName(tokenName); - + if (certs.equals("")) continue; if (tokenNewList.equals("")) @@ -451,13 +449,13 @@ public final class CMSAdminServlet extends AdminServlet { String caNickName = signingUnit.getNickname(); - //params.add(Constants.PR_CERT_CA, caTokenName+","+caNickName); + // params.add(Constants.PR_CERT_CA, caTokenName+","+caNickName); params.add(Constants.PR_CERT_CA, getCertNickname(caNickName)); } if (isRAInstalled) { IRegistrationAuthority ra = (IRegistrationAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_RA); + CMS.getSubsystem(CMS.SUBSYSTEM_RA); String raNickname = ra.getNickname(); params.add(Constants.PR_CERT_RA, getCertNickname(raNickname)); @@ -465,17 +463,17 @@ public final class CMSAdminServlet extends AdminServlet { if (isKRAInstalled) { IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_KRA); + CMS.getSubsystem(CMS.SUBSYSTEM_KRA); String kraNickname = kra.getNickname(); params.add(Constants.PR_CERT_TRANS, getCertNickname(kraNickname)); } if (isTKSInstalled) { ITKSAuthority tks = (ITKSAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_TKS); + CMS.getSubsystem(CMS.SUBSYSTEM_TKS); } String nickName = CMS.getServerCertNickname(); - + params.add(Constants.PR_CERT_SERVER, getCertNickname(nickName)); sendResponse(SUCCESS, null, params, resp); @@ -517,17 +515,18 @@ public final class CMSAdminServlet extends AdminServlet { /** * Modify encryption configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION used when * configuring encryption (cert settings and SSL cipher preferences) * </ul> + * * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException failed to modify encryption configuration */ private void modifyEncryption(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String auditMessage = null; @@ -537,10 +536,10 @@ public final class CMSAdminServlet extends AdminServlet { // to the signed audit log and stored as failures try { @SuppressWarnings("unchecked") - Enumeration<String> enum1 = req.getParameterNames(); + Enumeration<String> enum1 = req.getParameterNames(); NameValuePairs params = new NameValuePairs(); ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); jssSubSystem.getInternalTokenName(); Enumeration<ISubsystem> e = CMS.getSubsystems(); @@ -554,7 +553,7 @@ public final class CMSAdminServlet extends AdminServlet { String type = ""; ISubsystem sys = (ISubsystem) e.nextElement(); - //get subsystem type + // get subsystem type if (sys instanceof IKeyRecoveryAuthority) isKRAInstalled = true; else if (sys instanceof IRegistrationAuthority) @@ -563,14 +562,14 @@ public final class CMSAdminServlet extends AdminServlet { isCAInstalled = true; else if (sys instanceof IOCSPAuthority) isOCSPInstalled = true; - else if (sys instanceof ITKSAuthority) + else if (sys instanceof ITKSAuthority) isTKSInstalled = true; } - ICertificateAuthority ca = null; + ICertificateAuthority ca = null; IRegistrationAuthority ra = null; IKeyRecoveryAuthority kra = null; - ITKSAuthority tks = null; + ITKSAuthority tks = null; if (isCAInstalled) ca = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA); @@ -693,19 +692,19 @@ public final class CMSAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; - // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); - // - // audit( auditMessage ); - // - // // rethrow the specific exception to be handled later - // throw eAudit3; - } + // } catch( ServletException eAudit3 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit3; + } } private String getCertConfigNickname(String val) throws EBaseException { @@ -727,9 +726,9 @@ public final class CMSAdminServlet extends AdminServlet { CMS.setServerCertNickname(nickName); /* - RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance(); - HTTPService httpsService = raAdmin.getHttpsService(); - httpsService.setNickName(nickName); + * RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance(); + * HTTPService httpsService = raAdmin.getHttpsService(); + * httpsService.setNickName(nickName); */ } @@ -737,9 +736,9 @@ public final class CMSAdminServlet extends AdminServlet { CMS.setServerCertNickname(nickName); /* - AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID); - HTTPService httpsService = gateway.getHttpsService(); - httpsService.setNickName(nickName); + * AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID); + * HTTPService httpsService = gateway.getHttpsService(); + * httpsService.setNickName(nickName); */ } @@ -747,9 +746,9 @@ public final class CMSAdminServlet extends AdminServlet { CMS.setServerCertNickname(nickName); /* - HTTPSubsystem eeGateway = ra.getHTTPSubsystem(); - HTTPService httpsService = eeGateway.getHttpsService(); - httpsService.setNickName(nickName); + * HTTPSubsystem eeGateway = ra.getHTTPSubsystem(); HTTPService + * httpsService = eeGateway.getHttpsService(); + * httpsService.setNickName(nickName); */ } @@ -757,9 +756,9 @@ public final class CMSAdminServlet extends AdminServlet { CMS.setServerCertNickname(nickName); /* - HTTPSubsystem caGateway = ca.getHTTPSubsystem(); - HTTPService httpsService = caGateway.getHttpsService(); - httpsService.setNickName(nickName); + * HTTPSubsystem caGateway = ca.getHTTPSubsystem(); HTTPService + * httpsService = caGateway.getHttpsService(); + * httpsService.setNickName(nickName); */ } @@ -767,21 +766,21 @@ public final class CMSAdminServlet extends AdminServlet { * Performs Server Tasks: RESTART/STOP operation */ private void performTasks(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String restart = req.getParameter(Constants.PR_SERVER_RESTART); String stop = req.getParameter(Constants.PR_SERVER_STOP); NameValuePairs params = new NameValuePairs(); if (restart != null) { - //XXX Uncommented afetr watchdog is implemented + // XXX Uncommented afetr watchdog is implemented sendResponse(SUCCESS, null, params, resp); - //mServer.restart(); + // mServer.restart(); return; } if (stop != null) { - //XXX Send response first then shutdown + // XXX Send response first then shutdown sendResponse(SUCCESS, null, params, resp); CMS.shutdown(); return; @@ -795,7 +794,7 @@ public final class CMSAdminServlet extends AdminServlet { * Reads subsystems that server has loaded with. */ private void readSubsystem(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration<ISubsystem> e = CMS.getSubsystems(); @@ -805,7 +804,7 @@ public final class CMSAdminServlet extends AdminServlet { String type = ""; ISubsystem sys = (ISubsystem) e.nextElement(); - //get subsystem type + // get subsystem type if (sys instanceof IKeyRecoveryAuthority) type = Constants.PR_KRA_INSTANCE; if (sys instanceof IRegistrationAuthority) @@ -814,7 +813,7 @@ public final class CMSAdminServlet extends AdminServlet { type = Constants.PR_CA_INSTANCE; if (sys instanceof IOCSPAuthority) type = Constants.PR_OCSP_INSTANCE; - if (sys instanceof ITKSAuthority) + if (sys instanceof ITKSAuthority) type = Constants.PR_TKS_INSTANCE; if (!type.trim().equals("")) params.add(sys.getId(), type); @@ -827,7 +826,7 @@ public final class CMSAdminServlet extends AdminServlet { * Reads server statistics. */ private void readStat(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); IConfigStore cs = CMS.getConfigStore(); @@ -850,9 +849,9 @@ public final class CMSAdminServlet extends AdminServlet { } params.add(Constants.PR_STAT_STARTUP, - (new Date(CMS.getStartupTime())).toString()); + (new Date(CMS.getStartupTime())).toString()); params.add(Constants.PR_STAT_TIME, - (new Date(System.currentTimeMillis())).toString()); + (new Date(System.currentTimeMillis())).toString()); sendResponse(SUCCESS, null, params, resp); } @@ -860,12 +859,12 @@ public final class CMSAdminServlet extends AdminServlet { * Modifies database information. */ private void setDBConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { IConfigStore dbConfig = mConfig.getSubStore(PROP_INTERNAL_DB); @SuppressWarnings("unchecked") - Enumeration<String> enum1 = req.getParameterNames(); + Enumeration<String> enum1 = req.getParameterNames(); while (enum1.hasMoreElements()) { String key = (String) enum1.nextElement(); @@ -876,117 +875,112 @@ public final class CMSAdminServlet extends AdminServlet { continue; if (key.equals(Constants.OP_SCOPE)) continue; - - dbConfig.putString(key, req.getParameter(key)); + + dbConfig.putString(key, req.getParameter(key)); } sendResponse(RESTART, null, null, resp); mConfig.commit(true); } - /** + + /** * Create Master Key */ -private void createMasterKey(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private void createMasterKey(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @SuppressWarnings("unchecked") - Enumeration<String> e = req.getParameterNames(); - String newKeyName = null, selectedToken = null; + Enumeration<String> e = req.getParameterNames(); + String newKeyName = null, selectedToken = null; while (e.hasMoreElements()) { String name = (String) e.nextElement(); - if (name.equals(Constants.PR_KEY_LIST)) - { - newKeyName = req.getParameter(name); - } - if (name.equals(Constants.PR_TOKEN_LIST)) - { - selectedToken = req.getParameter(name); - } - + if (name.equals(Constants.PR_KEY_LIST)) { + newKeyName = req.getParameter(name); + } + if (name.equals(Constants.PR_TOKEN_LIST)) { + selectedToken = req.getParameter(name); + } } - if(selectedToken!=null && newKeyName!=null) - { - String symKeys = SessionKey.GenMasterKey(selectedToken,newKeyName); - CMS.getConfigStore().putString("tks.defaultSlot", selectedToken); - String masterKeyPrefix = CMS.getConfigStore().getString("tks.master_key_prefix", null); - - SessionKey.SetDefaultPrefix(masterKeyPrefix); - params.add(Constants.PR_KEY_LIST, newKeyName); - params.add(Constants.PR_TOKEN_LIST, selectedToken); - } - sendResponse(SUCCESS, null, params, resp); -} + if (selectedToken != null && newKeyName != null) { + String symKeys = SessionKey.GenMasterKey(selectedToken, newKeyName); + CMS.getConfigStore().putString("tks.defaultSlot", selectedToken); + String masterKeyPrefix = CMS.getConfigStore().getString("tks.master_key_prefix", null); + + SessionKey.SetDefaultPrefix(masterKeyPrefix); + params.add(Constants.PR_KEY_LIST, newKeyName); + params.add(Constants.PR_TOKEN_LIST, selectedToken); + } + sendResponse(SUCCESS, null, params, resp); + } - /** + /** * Reads secmod.db */ private void getTKSKeys(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @SuppressWarnings("unchecked") - Enumeration<String> e = req.getParameterNames(); + Enumeration<String> e = req.getParameterNames(); while (e.hasMoreElements()) { String name = (String) e.nextElement(); - if (name.equals(Constants.PR_TOKEN_LIST)) - { - String selectedToken = req.getParameter(name); - - int count = 0; - int keys_found = 0; - - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); - - CryptoToken token = null; - CryptoManager mCryptoManager = null; - try { - mCryptoManager = CryptoManager.getInstance(); - } catch (Exception e2) { - } - - if(!jssSubSystem.isTokenLoggedIn(selectedToken)) - { - PasswordCallback cpcb = new ConsolePasswordCallback(); - while (true) { + if (name.equals(Constants.PR_TOKEN_LIST)) { + String selectedToken = req.getParameter(name); + + int count = 0; + int keys_found = 0; + + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + + CryptoToken token = null; + CryptoManager mCryptoManager = null; + try { + mCryptoManager = CryptoManager.getInstance(); + } catch (Exception e2) { + } + + if (!jssSubSystem.isTokenLoggedIn(selectedToken)) { + PasswordCallback cpcb = new ConsolePasswordCallback(); + while (true) { try { - token = mCryptoManager.getTokenByName(selectedToken); - token.login(cpcb); + token = mCryptoManager.getTokenByName(selectedToken); + token.login(cpcb); break; } catch (Exception e3) { - //log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_INCORRECT_PWD")); + // log(ILogger.LL_FAILURE, + // CMS.getLogMessage("CMSCORE_SECURITY_INCORRECT_PWD")); continue; } - } - } - // String symKeys = new String("key1,key2"); - String symKeys = SessionKey.ListSymmetricKeys(selectedToken); - params.add(Constants.PR_TOKEN_LIST, symKeys); + } + } + // String symKeys = new String("key1,key2"); + String symKeys = SessionKey.ListSymmetricKeys(selectedToken); + params.add(Constants.PR_TOKEN_LIST, symKeys); - } + } } sendResponse(SUCCESS, null, params, resp); } - - + /** * Reads database information. */ private void getDBConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { IConfigStore dbConfig = mConfig.getSubStore(PROP_DB); IConfigStore ldapConfig = dbConfig.getSubStore("ldap"); NameValuePairs params = new NameValuePairs(); @SuppressWarnings("unchecked") - Enumeration<String> e = req.getParameterNames(); - + Enumeration<String> e = req.getParameterNames(); + while (e.hasMoreElements()) { String name = (String) e.nextElement(); @@ -998,7 +992,7 @@ private void createMasterKey(HttpServletRequest req, continue; if (name.equals(Constants.PR_SECURE_PORT_ENABLED)) params.add(name, ldapConfig.getString(name, "Constants.FALSE")); - else + else params.add(name, ldapConfig.getString(name, "")); } sendResponse(SUCCESS, null, params, resp); @@ -1008,7 +1002,7 @@ private void createMasterKey(HttpServletRequest req, * Modifies SMTP configuration. */ private void modifySMTPConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { // XXX IConfigStore sConfig = mConfig.getSubStore(PROP_SMTP); @@ -1022,7 +1016,7 @@ private void createMasterKey(HttpServletRequest req, if (port != null) sConfig.putString("port", port); - + commit(true); sendResponse(SUCCESS, null, null, resp); @@ -1032,23 +1026,23 @@ private void createMasterKey(HttpServletRequest req, * Reads SMTP configuration. */ private void readSMTPConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { IConfigStore dbConfig = mConfig.getSubStore(PROP_SMTP); NameValuePairs params = new NameValuePairs(); params.add(Constants.PR_SERVER_NAME, - dbConfig.getString("host")); + dbConfig.getString("host")); params.add(Constants.PR_PORT, - dbConfig.getString("port")); + dbConfig.getString("port")); sendResponse(SUCCESS, null, params, resp); } private void loggedInToken(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { @SuppressWarnings("unchecked") - Enumeration<String> enum1 = req.getParameterNames(); + Enumeration<String> enum1 = req.getParameterNames(); String tokenName = ""; String pwd = ""; @@ -1064,7 +1058,7 @@ private void createMasterKey(HttpServletRequest req, } ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); jssSubSystem.loggedInToken(tokenName, pwd); @@ -1074,10 +1068,10 @@ private void createMasterKey(HttpServletRequest req, } private void checkTokenStatus(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { @SuppressWarnings("unchecked") - Enumeration<String> enum1 = req.getParameterNames(); + Enumeration<String> enum1 = req.getParameterNames(); String key = ""; String value = ""; @@ -1090,7 +1084,7 @@ private void createMasterKey(HttpServletRequest req, } ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); boolean status = jssSubSystem.isTokenLoggedIn(value); NameValuePairs params = new NameValuePairs(); @@ -1103,17 +1097,18 @@ private void createMasterKey(HttpServletRequest req, /** * Retrieve a certificate request * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC used when * asymmetric keys are generated * </ul> + * * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException failed to retrieve certificate request */ private void getCertRequest(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1124,7 +1119,7 @@ private void createMasterKey(HttpServletRequest req, try { NameValuePairs params = new NameValuePairs(); @SuppressWarnings("unchecked") - Enumeration<String> enum1 = req.getParameterNames(); + Enumeration<String> enum1 = req.getParameterNames(); String tokenName = Constants.PR_INTERNAL_TOKEN_NAME; String keyType = ""; int keyLength = 512; @@ -1164,10 +1159,10 @@ private void createMasterKey(HttpServletRequest req, } pathname = mConfig.getString("instanceRoot", "") - + File.separator + "conf" + File.separator; + + File.separator + "conf" + File.separator; dir = pathname; ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); KeyPair keypair = null; PQGParams pqgParams = null; @@ -1208,9 +1203,9 @@ private void createMasterKey(HttpServletRequest req, if (keyType.equals("ECC")) { // get ECC keypair keypair = jssSubSystem.getECCKeyPair(tokenName, keyCurveName, certType); - } else { //DSA or RSA + } else { // DSA or RSA if (keyType.equals("DSA")) - pqgParams = jssSubSystem.getPQG(keyLength); + pqgParams = jssSubSystem.getPQG(keyLength); keypair = jssSubSystem.getKeyPair(tokenName, keyType, keyLength, pqgParams); } } @@ -1289,25 +1284,25 @@ private void createMasterKey(HttpServletRequest req, // rethrow the specific exception to be handled later throw eAudit2; - // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC, - // auditSubjectID, - // ILogger.FAILURE, - // auditPublicKey ); - // - // audit( auditMessage ); - // - // // rethrow the specific exception to be handled later - // throw eAudit3; - } - } - - private void setCANewnickname(String tokenName, String nickname) - throws EBaseException { + // } catch( ServletException eAudit3 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC, + // auditSubjectID, + // ILogger.FAILURE, + // auditPublicKey ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit3; + } + } + + private void setCANewnickname(String tokenName, String nickname) + throws EBaseException { ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + CMS.getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getSigningUnit(); if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) @@ -1322,16 +1317,16 @@ private void createMasterKey(HttpServletRequest req, private String getCANewnickname() throws EBaseException { ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + CMS.getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getSigningUnit(); - return signingUnit.getNewNickName(); + return signingUnit.getNewNickName(); } private void setRANewnickname(String tokenName, String nickname) - throws EBaseException { + throws EBaseException { IRegistrationAuthority ra = (IRegistrationAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_RA); + CMS.getSubsystem(CMS.SUBSYSTEM_RA); if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) ra.setNewNickName(nickname); @@ -1345,13 +1340,13 @@ private void createMasterKey(HttpServletRequest req, private String getRANewnickname() throws EBaseException { IRegistrationAuthority ra = (IRegistrationAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_RA); + CMS.getSubsystem(CMS.SUBSYSTEM_RA); return ra.getNewNickName(); } private void setOCSPNewnickname(String tokenName, String nickname) - throws EBaseException { + throws EBaseException { IOCSPAuthority ocsp = (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP); if (ocsp != null) { @@ -1367,7 +1362,7 @@ private void createMasterKey(HttpServletRequest req, } } else { ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + CMS.getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getOCSPSigningUnit(); if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) @@ -1387,20 +1382,20 @@ private void createMasterKey(HttpServletRequest req, if (ocsp != null) { ISigningUnit signingUnit = ocsp.getSigningUnit(); - return signingUnit.getNewNickName(); + return signingUnit.getNewNickName(); } else { ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + CMS.getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getOCSPSigningUnit(); - return signingUnit.getNewNickName(); + return signingUnit.getNewNickName(); } } - private void setKRANewnickname(String tokenName, String nickname) - throws EBaseException { + private void setKRANewnickname(String tokenName, String nickname) + throws EBaseException { IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_KRA); + CMS.getSubsystem(CMS.SUBSYSTEM_KRA); if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) kra.setNewNickName(nickname); @@ -1418,81 +1413,76 @@ private void createMasterKey(HttpServletRequest req, return kra.getNewNickName(); } - private void setRADMNewnickname(String tokenName, String nickName) - throws EBaseException { + private void setRADMNewnickname(String tokenName, String nickName) + throws EBaseException { CMS.setServerCertNickname(tokenName, nickName); /* - RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance(); - HTTPService httpsService = raAdmin.getHttpsService(); - if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) - httpsService.setNewNickName(nickName); - else { - if (tokenName.equals("") && nickName.equals("")) - httpsService.setNewNickName(""); - else - httpsService.setNewNickName(tokenName+":"+nickName); - } + * RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance(); + * HTTPService httpsService = raAdmin.getHttpsService(); if + * (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) + * httpsService.setNewNickName(nickName); else { if + * (tokenName.equals("") && nickName.equals("")) + * httpsService.setNewNickName(""); else + * httpsService.setNewNickName(tokenName+":"+nickName); } */ } - private String getRADMNewnickname() - throws EBaseException { + private String getRADMNewnickname() + throws EBaseException { // assuming the nickname does not change. return CMS.getServerCertNickname(); /* - RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance(); - HTTPService httpsService = raAdmin.getHttpsService(); - return httpsService.getNewNickName(); + * RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance(); + * HTTPService httpsService = raAdmin.getHttpsService(); return + * httpsService.getNewNickName(); */ } private void setAgentNewnickname(String tokenName, String nickName) - throws EBaseException { + throws EBaseException { CMS.setServerCertNickname(tokenName, nickName); /* - AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID); - HTTPService httpsService = gateway.getHttpsService(); - if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) - httpsService.setNewNickName(nickName); - else { - if (tokenName.equals("") && nickName.equals("")) - httpsService.setNewNickName(""); - else - httpsService.setNewNickName(tokenName+":"+nickName); - } + * AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID); + * HTTPService httpsService = gateway.getHttpsService(); if + * (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) + * httpsService.setNewNickName(nickName); else { if + * (tokenName.equals("") && nickName.equals("")) + * httpsService.setNewNickName(""); else + * httpsService.setNewNickName(tokenName+":"+nickName); } */ } - private String getAgentNewnickname() - throws EBaseException { + private String getAgentNewnickname() + throws EBaseException { // assuming the nickname does not change. return CMS.getServerCertNickname(); /* - AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID); - HTTPService httpsService = gateway.getHttpsService(); - return httpsService.getNewNickName(); + * AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID); + * HTTPService httpsService = gateway.getHttpsService(); return + * httpsService.getNewNickName(); */ } /** * Issue import certificate * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when - * "Certificate Setup Wizard" is used to import CA certs into the + * "Certificate Setup Wizard" is used to import CA certs into the * certificate database * </ul> + * * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException failed to issue an import certificate */ private void issueImportCert(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1501,7 +1491,7 @@ private void createMasterKey(HttpServletRequest req, // to the signed audit log and stored as failures try { @SuppressWarnings("unchecked") - Enumeration<String> enum1 = req.getParameterNames(); + Enumeration<String> enum1 = req.getParameterNames(); String pkcs = ""; String type = ""; String tokenName = Constants.PR_INTERNAL_TOKEN_NAME; @@ -1518,7 +1508,7 @@ private void createMasterKey(HttpServletRequest req, String key = (String) enum1.nextElement(); String value = req.getParameter(key); - if (key.equals("pathname")) { + if (key.equals("pathname")) { configPath = mConfig.getString("instanceRoot", "") + File.separator + "conf" + File.separator; pathname = configPath + value; @@ -1532,16 +1522,16 @@ private void createMasterKey(HttpServletRequest req, String certType = (String) properties.get(Constants.RS_ID); ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); IDBSubsystem dbs = (IDBSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_DBS); + CMS.getSubsystem(CMS.SUBSYSTEM_DBS); ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + CMS.getSubsystem(CMS.SUBSYSTEM_CA); ICertificateRepository repository = - (ICertificateRepository) ca.getCertificateRepository(); + (ICertificateRepository) ca.getCertificateRepository(); ISigningUnit signingUnit = ca.getSigningUnit(); String oldtokenname = null; - //this is the old nick name + // this is the old nick name String nickname = getNickname(certType); String nicknameWithoutTokenName = ""; String oldcatokenname = signingUnit.getTokenName(); @@ -1566,8 +1556,7 @@ private void createMasterKey(HttpServletRequest req, audit(auditMessage); - throw new - EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND")); + throw new EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND")); } if (newtokenname == null) @@ -1587,13 +1576,12 @@ private void createMasterKey(HttpServletRequest req, audit(auditMessage); - throw new - EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND")); + throw new EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND")); } - //xxx renew ca ,use old issuer? + // xxx renew ca ,use old issuer? properties.setIssuerName( - jssSubSystem.getCertSubjectName(oldcatokenname, + jssSubSystem.getCertSubjectName(oldcatokenname, canicknameWithoutTokenName)); KeyPair pair = null; @@ -1608,11 +1596,10 @@ private void createMasterKey(HttpServletRequest req, audit(auditMessage); - throw new - EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND")); + throw new EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND")); } - //xxx set to old nickname? + // xxx set to old nickname? properties.setCertNickname(nickname); if (!certType.equals(Constants.PR_CA_SIGNING_CERT)) { CertificateExtensions exts = jssSubSystem.getExtensions( @@ -1633,14 +1620,14 @@ private void createMasterKey(HttpServletRequest req, defaultOCSPSigningAlg = properties.getHashType(); } } - + // create a new CA certificate or ssl server cert - if (properties.getKeyCurveName() != null) { //new ECC + if (properties.getKeyCurveName() != null) { // new ECC CMS.debug("CMSAdminServlet: issueImportCert: generating ECC keys"); pair = jssSubSystem.getECCKeyPair(properties); - if (certType.equals(Constants.PR_CA_SIGNING_CERT)) + if (certType.equals(Constants.PR_CA_SIGNING_CERT)) caKeyPair = pair; - } else if (properties.getKeyLength() != null) { //new RSA or DSA + } else if (properties.getKeyLength() != null) { // new RSA or DSA keyType = properties.getKeyType(); String keyLen = properties.getKeyLength(); PQGParams pqgParams = null; @@ -1648,10 +1635,10 @@ private void createMasterKey(HttpServletRequest req, if (keyType.equals("DSA")) { pqgParams = jssSubSystem.getCAPQG(Integer.parseInt(keyLen), mConfig); - //properties.put(Constants.PR_PQGPARAMS, pqgParams); + // properties.put(Constants.PR_PQGPARAMS, pqgParams); } pair = jssSubSystem.getKeyPair(properties); - if (certType.equals(Constants.PR_CA_SIGNING_CERT)) + if (certType.equals(Constants.PR_CA_SIGNING_CERT)) caKeyPair = pair; // renew the CA certificate or ssl server cert } else { @@ -1664,11 +1651,12 @@ private void createMasterKey(HttpServletRequest req, } /* - String alg = jssSubSystem.getSignatureAlgorithm(nickname); - SignatureAlgorithm sigAlg = SigningUnit.mapAlgorithmToJss(alg); - properties.setSignatureAlgorithm(sigAlg); - properties.setAlgorithmId( - jssSubSystem.getAlgorithmId(alg, mConfig)); + * String alg = jssSubSystem.getSignatureAlgorithm(nickname); + * SignatureAlgorithm sigAlg = + * SigningUnit.mapAlgorithmToJss(alg); + * properties.setSignatureAlgorithm(sigAlg); + * properties.setAlgorithmId( jssSubSystem.getAlgorithmId(alg, + * mConfig)); */ } @@ -1684,7 +1672,7 @@ private void createMasterKey(HttpServletRequest req, properties.setAlgorithmId(jssSubSystem.getAlgorithmId(alg, mConfig)); } - if (pair == null) + if (pair == null) CMS.debug("CMSAdminServlet: issueImportCert: key pair is null"); BigInteger nextSerialNo = repository.getNextSerialNumber(); @@ -1692,36 +1680,34 @@ private void createMasterKey(HttpServletRequest req, properties.setSerialNumber(nextSerialNo); properties.setKeyPair(pair); properties.setConfigFile(mConfig); - // properties.put(Constants.PR_CA_KEYPAIR, pair); + // properties.put(Constants.PR_CA_KEYPAIR, pair); properties.put(Constants.PR_CA_KEYPAIR, caKeyPair); - X509CertImpl signedCert = - jssSubSystem.getSignedCert(properties, certType, + X509CertImpl signedCert = + jssSubSystem.getSignedCert(properties, certType, caKeyPair.getPrivate()); - if (signedCert == null) - CMS.debug("CMSAdminServlet: issueImportCert: signedCert is null"); + if (signedCert == null) + CMS.debug("CMSAdminServlet: issueImportCert: signedCert is null"); - /* bug 600124 - try { - jssSubSystem.deleteTokenCertificate(nickname, pathname); - } catch (Throwable e) { - //skip it - } + /* + * bug 600124 try { jssSubSystem.deleteTokenCertificate(nickname, + * pathname); } catch (Throwable e) { //skip it } */ boolean nicknameChanged = false; - //xxx import cert with nickname without token name? - //jss adds the token prefix!!! - //log(ILogger.LL_DEBUG,"import as alias"+ nicknameWithoutTokenName); + // xxx import cert with nickname without token name? + // jss adds the token prefix!!! + // log(ILogger.LL_DEBUG,"import as alias"+ + // nicknameWithoutTokenName); try { CMS.debug("CMSAdminServlet: issueImportCert: Importing cert: " + nicknameWithoutTokenName); jssSubSystem.importCert(signedCert, nicknameWithoutTokenName, certType); } catch (EBaseException e) { // if it fails, let use a different nickname to try - Date now = new Date(); + Date now = new Date(); String newNickname = nicknameWithoutTokenName + "-" + now.getTime(); @@ -1746,20 +1732,20 @@ private void createMasterKey(HttpServletRequest req, if (certType.equals(Constants.PR_CA_SIGNING_CERT)) { try { X509CertInfo certInfo = (X509CertInfo) signedCert.get( - X509CertImpl.NAME + "." + X509CertImpl.INFO); + X509CertImpl.NAME + "." + X509CertImpl.INFO); CertificateExtensions extensions = (CertificateExtensions) - certInfo.get(X509CertInfo.EXTENSIONS); + certInfo.get(X509CertInfo.EXTENSIONS); if (extensions != null) { BasicConstraintsExtension basic = - (BasicConstraintsExtension) - extensions.get(BasicConstraintsExtension.class.getSimpleName()); + (BasicConstraintsExtension) + extensions.get(BasicConstraintsExtension.class.getSimpleName()); if (basic == null) log(CMS.getLogMessage("ADMIN_SRVLT_BASIC_CONSTRAIN_NULL")); else { Integer pathlen = (Integer) - basic.get(BasicConstraintsExtension.PATH_LEN); + basic.get(BasicConstraintsExtension.PATH_LEN); int num = pathlen.intValue(); if (num == 0) @@ -1776,7 +1762,7 @@ private void createMasterKey(HttpServletRequest req, } } - CMS.debug("CMSAdminServlet: oldtoken:" + oldtokenname + CMS.debug("CMSAdminServlet: oldtoken:" + oldtokenname + " newtoken:" + newtokenname + " nickname:" + nickname); if ((newtokenname != null && !newtokenname.equals(oldtokenname)) || nicknameChanged) { @@ -1786,10 +1772,10 @@ private void createMasterKey(HttpServletRequest req, newtokenname); } else { signingUnit.updateConfig(newtokenname + ":" + - nicknameWithoutTokenName, + nicknameWithoutTokenName, newtokenname); } - } else if (certType.equals(Constants.PR_SERVER_CERT)) { + } else if (certType.equals(Constants.PR_SERVER_CERT)) { if (newtokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { nickname = nicknameWithoutTokenName; } else { @@ -1797,13 +1783,13 @@ private void createMasterKey(HttpServletRequest req, + nicknameWithoutTokenName; } - //setRADMNewnickname("",""); - //modifyRADMCert(nickname); + // setRADMNewnickname("",""); + // modifyRADMCert(nickname); modifyAgentGatewayCert(nickname); if (isSubsystemInstalled("ra")) { IRegistrationAuthority ra = - (IRegistrationAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_RA); + (IRegistrationAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_RA); modifyEEGatewayCert(ra, nickname); } @@ -1820,23 +1806,23 @@ private void createMasterKey(HttpServletRequest req, modifyRADMCert(nickname); } else if (certType.equals(Constants.PR_OCSP_SIGNING_CERT)) { - if (ca != null) { + if (ca != null) { ISigningUnit ocspSigningUnit = ca.getOCSPSigningUnit(); if (newtokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { ocspSigningUnit.updateConfig( - nicknameWithoutTokenName, newtokenname); + nicknameWithoutTokenName, newtokenname); } else { ocspSigningUnit.updateConfig(newtokenname + ":" + - nicknameWithoutTokenName, - newtokenname); + nicknameWithoutTokenName, + newtokenname); } } } } - + // set signing algorithms if needed - if (certType.equals(Constants.PR_CA_SIGNING_CERT)) + if (certType.equals(Constants.PR_CA_SIGNING_CERT)) signingUnit.setDefaultAlgorithm(defaultSigningAlg); if (defaultOCSPSigningAlg != null) { @@ -1884,46 +1870,47 @@ private void createMasterKey(HttpServletRequest req, // rethrow the specific exception to be handled later throw eAudit2; - // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); - // - // audit( auditMessage ); - // - // // rethrow the specific exception to be handled later - // throw eAudit3; - } - } - - private void updateCASignature(String nickname, KeyCertData properties, - ICryptoSubsystem jssSubSystem) throws EBaseException { + // } catch( ServletException eAudit3 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit3; + } + } + + private void updateCASignature(String nickname, KeyCertData properties, + ICryptoSubsystem jssSubSystem) throws EBaseException { String alg = jssSubSystem.getSignatureAlgorithm(nickname); SignatureAlgorithm sigAlg = Cert.mapAlgorithmToJss(alg); properties.setSignatureAlgorithm(sigAlg); properties.setAlgorithmId( - jssSubSystem.getAlgorithmId(alg, mConfig)); + jssSubSystem.getAlgorithmId(alg, mConfig)); } /** * Install certificates * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when - * "Certificate Setup Wizard" is used to import CA certs into the + * "Certificate Setup Wizard" is used to import CA certs into the * certificate database * </ul> + * * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException failed to install a certificate */ private void installCert(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1940,37 +1927,37 @@ private void createMasterKey(HttpServletRequest req, String serverID = ""; String certpath = ""; @SuppressWarnings("unchecked") - Enumeration<String> enum1 = req.getParameterNames(); + Enumeration<String> enum1 = req.getParameterNames(); while (enum1.hasMoreElements()) { String key = (String) enum1.nextElement(); String value = req.getParameter(key); - if (key.equals(Constants.PR_PKCS10)) + if (key.equals(Constants.PR_PKCS10)) pkcs = value; else if (key.equals(Constants.RS_ID)) certType = value; else if (key.equals(Constants.PR_NICKNAME)) nickname = value; - else if (key.equals("pathname")) + else if (key.equals("pathname")) pathname = value; else if (key.equals(Constants.PR_SERVER_ROOT)) serverRoot = value; - else if (key.equals(Constants.PR_SERVER_ID)) + else if (key.equals(Constants.PR_SERVER_ID)) serverID = value; - else if (key.equals(Constants.PR_CERT_FILEPATH)) + else if (key.equals(Constants.PR_CERT_FILEPATH)) certpath = value; } - + try { if (pkcs == null || pkcs.equals("")) { if (certpath == null || certpath.equals("")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -1981,7 +1968,7 @@ private void createMasterKey(HttpServletRequest req, } else { FileInputStream in = new FileInputStream(certpath); BufferedReader d = - new BufferedReader(new InputStreamReader(in)); + new BufferedReader(new InputStreamReader(in)); String content = ""; pkcs = ""; @@ -2009,7 +1996,7 @@ private void createMasterKey(HttpServletRequest req, audit(auditMessage); throw new EBaseException( - CMS.getLogMessage("BASE_OPEN_FILE_FAILED")); + CMS.getLogMessage("BASE_OPEN_FILE_FAILED")); } pkcs = pkcs.trim(); @@ -2017,8 +2004,8 @@ private void createMasterKey(HttpServletRequest req, + File.separator + "config" + File.separator + pathname; ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); - //String nickname = getNickname(certType); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + // String nickname = getNickname(certType); String nicknameWithoutTokenName = ""; int index = nickname.indexOf(":"); @@ -2039,72 +2026,62 @@ private void createMasterKey(HttpServletRequest req, audit(auditMessage); throw new EBaseException( - CMS.getLogMessage("BASE_CERT_NOT_FOUND")); + CMS.getLogMessage("BASE_CERT_NOT_FOUND")); } /* - if (certType.equals(Constants.PR_CA_SIGNING_CERT) || - certType.equals(Constants.PR_RA_SIGNING_CERT) || - certType.equals(Constants.PR_OCSP_SIGNING_CERT) || - certType.equals(Constants.PR_KRA_TRANSPORT_CERT) || - certType.equals(Constants.PR_SERVER_CERT) || - certType.equals(Constants.PR_SERVER_CERT_RADM)) { - String oldnickname = getNickname(certType); - try { - jssSubsystem.deleteTokenCertificate(oldnickname, - pathname); - //jssSubsystem.deleteTokenCertificate(nickname, - pathname); - } catch (EBaseException e) { - // skip it - } - } else { - try { - jssSubsystem.deleteTokenCertificate(nickname, pathname); - } catch (EBaseException e) { - // skip it - } - } - */ + * if (certType.equals(Constants.PR_CA_SIGNING_CERT) || + * certType.equals(Constants.PR_RA_SIGNING_CERT) || + * certType.equals(Constants.PR_OCSP_SIGNING_CERT) || + * certType.equals(Constants.PR_KRA_TRANSPORT_CERT) || + * certType.equals(Constants.PR_SERVER_CERT) || + * certType.equals(Constants.PR_SERVER_CERT_RADM)) { String + * oldnickname = getNickname(certType); try { + * jssSubsystem.deleteTokenCertificate(oldnickname, pathname); + * //jssSubsystem.deleteTokenCertificate(nickname, pathname); } + * catch (EBaseException e) { // skip it } } else { try { + * jssSubsystem.deleteTokenCertificate(nickname, pathname); } catch + * (EBaseException e) { // skip it } } + */ // 600124 - renewal of SSL crash the server // we now do not delete previously installed certificates. - // Same Subject | Same Nickname | Same Key | Legal - // ----------------------------------------------------------- - // 1. Yes Yes No Yes - // 2. Yes Yes Yes Yes - // 3. No No Yes Yes - // 4. No No No Yes - // 5. No Yes Yes No - // 6. No Yes No No - // 7. Yes No Yes No - // 8. Yes No No No + // Same Subject | Same Nickname | Same Key | Legal + // ----------------------------------------------------------- + // 1. Yes Yes No Yes + // 2. Yes Yes Yes Yes + // 3. No No Yes Yes + // 4. No No No Yes + // 5. No Yes Yes No + // 6. No Yes No No + // 7. Yes No Yes No + // 8. Yes No No No // Based on above table, the following cases are permitted: // Existing Key: - // (a) Same Subject & Same Nickname --- (2) - // (b) Different Subject & Different Nickname --- (3) - // (In order to support Case b., we need to use a different - // nickname). + // (a) Same Subject & Same Nickname --- (2) + // (b) Different Subject & Different Nickname --- (3) + // (In order to support Case b., we need to use a different + // nickname). // New Key: - // (c) Same Subject & Same Nickname --- (1) - // (d) Different Subject & Different Nickname --- (4) - // (In order to support Case b., we need to use a different - // nickname). + // (c) Same Subject & Same Nickname --- (1) + // (d) Different Subject & Different Nickname --- (4) + // (In order to support Case b., we need to use a different + // nickname). // - CMS.debug("CMSAdminServlet.installCert(): About to try jssSubSystem.importCert: "+ nicknameWithoutTokenName); + CMS.debug("CMSAdminServlet.installCert(): About to try jssSubSystem.importCert: " + nicknameWithoutTokenName); try { - jssSubSystem.importCert(pkcs, nicknameWithoutTokenName, - certType); + jssSubSystem.importCert(pkcs, nicknameWithoutTokenName, + certType); } catch (EBaseException e) { boolean certFound = false; String eString = e.toString(); - if(eString.contains("Failed to find certificate that was just imported")) { - CMS.debug("CMSAdminServlet.installCert(): nickname="+nicknameWithoutTokenName + " TokenException: " + eString); + if (eString.contains("Failed to find certificate that was just imported")) { + CMS.debug("CMSAdminServlet.installCert(): nickname=" + nicknameWithoutTokenName + " TokenException: " + eString); X509Certificate cert = null; try { @@ -2116,11 +2093,11 @@ private void createMasterKey(HttpServletRequest req, } catch (Exception ex) { CMS.debug("CMSAdminServlet.installCert() Can't find cert just imported: " + ex.toString()); } - } + } if (!certFound) { // if it fails, let use a different nickname to try - Date now = new Date(); + Date now = new Date(); String newNickname = nicknameWithoutTokenName + "-" + now.getTime(); @@ -2131,16 +2108,16 @@ private void createMasterKey(HttpServletRequest req, } else { nickname = tokenName + ":" + newNickname; } - CMS.debug("CMSAdminServlet: installCert(): After second install attempt following initial error: nickname="+nickname); - } + CMS.debug("CMSAdminServlet: installCert(): After second install attempt following initial error: nickname=" + nickname); + } } if (certType.equals(Constants.PR_CA_SIGNING_CERT)) { ICertificateAuthority ca = - (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA); + (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getSigningUnit(); String signatureAlg = - jssSubSystem.getSignatureAlgorithm(nickname); + jssSubSystem.getSignatureAlgorithm(nickname); signingUnit.setDefaultAlgorithm(signatureAlg); setCANewnickname("", ""); @@ -2149,26 +2126,26 @@ private void createMasterKey(HttpServletRequest req, if (nickname.equals(nicknameWithoutTokenName)) { signingUnit.updateConfig(nickname, - Constants.PR_INTERNAL_TOKEN_NAME); + Constants.PR_INTERNAL_TOKEN_NAME); extensions = jssSubSystem.getExtensions( - Constants.PR_INTERNAL_TOKEN_NAME, nickname); + Constants.PR_INTERNAL_TOKEN_NAME, nickname); } else { String tokenname1 = nickname.substring(0, index); signingUnit.updateConfig(nickname, tokenname1); extensions = jssSubSystem.getExtensions(tokenname1, - nicknameWithoutTokenName); + nicknameWithoutTokenName); } if (extensions != null) { BasicConstraintsExtension basic = - (BasicConstraintsExtension) - extensions.get(BasicConstraintsExtension.class.getSimpleName()); + (BasicConstraintsExtension) + extensions.get(BasicConstraintsExtension.class.getSimpleName()); if (basic == null) log(CMS.getLogMessage("ADMIN_SRVLT_BASIC_CONSTRAIN_NULL")); else { Integer pathlen = (Integer) - basic.get(BasicConstraintsExtension.PATH_LEN); + basic.get(BasicConstraintsExtension.PATH_LEN); int num = pathlen.intValue(); if (num == 0) @@ -2187,34 +2164,34 @@ private void createMasterKey(HttpServletRequest req, } else if (certType.equals(Constants.PR_RA_SIGNING_CERT)) { setRANewnickname("", ""); IRegistrationAuthority ra = - (IRegistrationAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_RA); + (IRegistrationAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_RA); ra.setNickname(nickname); } else if (certType.equals(Constants.PR_OCSP_SIGNING_CERT)) { setOCSPNewnickname("", ""); IOCSPAuthority ocsp = - (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP); + (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP); if (ocsp != null) { ISigningUnit signingUnit = ocsp.getSigningUnit(); if (nickname.equals(nicknameWithoutTokenName)) { signingUnit.updateConfig(nickname, - Constants.PR_INTERNAL_TOKEN_NAME); + Constants.PR_INTERNAL_TOKEN_NAME); } else { String tokenname1 = nickname.substring(0, index); signingUnit.updateConfig(nickname, tokenname1); } - } else { + } else { ICertificateAuthority ca = - (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + (ICertificateAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getOCSPSigningUnit(); if (nickname.equals(nicknameWithoutTokenName)) { signingUnit.updateConfig(nickname, - Constants.PR_INTERNAL_TOKEN_NAME); + Constants.PR_INTERNAL_TOKEN_NAME); } else { String tokenname1 = nickname.substring(0, index); @@ -2224,24 +2201,24 @@ private void createMasterKey(HttpServletRequest req, } else if (certType.equals(Constants.PR_KRA_TRANSPORT_CERT)) { setKRANewnickname("", ""); IKeyRecoveryAuthority kra = - (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA); + (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA); kra.setNickname(nickname); } else if (certType.equals(Constants.PR_SERVER_CERT)) { setAgentNewnickname("", ""); - //modifyRADMCert(nickname); + // modifyRADMCert(nickname); modifyAgentGatewayCert(nickname); if (isSubsystemInstalled("ra")) { IRegistrationAuthority ra = - (IRegistrationAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_RA); + (IRegistrationAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_RA); modifyEEGatewayCert(ra, nickname); } if (isSubsystemInstalled("ca")) { ICertificateAuthority ca = - (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + (ICertificateAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_CA); modifyCAGatewayCert(ca, nickname); } @@ -2252,7 +2229,7 @@ private void createMasterKey(HttpServletRequest req, boolean verified = CMS.verifySystemCertByNickname(nickname, null); if (verified == true) { - CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() succeeded:"+ nickname); + CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() succeeded:" + nickname); auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, auditSubjectID, @@ -2261,7 +2238,7 @@ private void createMasterKey(HttpServletRequest req, audit(auditMessage); } else { - CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() failed:"+ nickname); + CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() failed:" + nickname); auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, auditSubjectID, @@ -2280,11 +2257,11 @@ private void createMasterKey(HttpServletRequest req, audit(auditMessage); mConfig.commit(true); - if(verified == true) { + if (verified == true) { sendResponse(SUCCESS, null, null, resp); } else { sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_CERT_VALIDATE_FAILED"), - null, resp); + null, resp); } } catch (EBaseException eAudit1) { // store a message in the signed audit log file @@ -2310,37 +2287,38 @@ private void createMasterKey(HttpServletRequest req, // rethrow the specific exception to be handled later throw eAudit2; - // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); - // - // audit( auditMessage ); - // - // // rethrow the specific exception to be handled later - // throw eAudit3; - } + // } catch( ServletException eAudit3 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit3; + } } /** - * For "importing" cross-signed cert into internal db for further - * cross pair matching and publishing + * For "importing" cross-signed cert into internal db for further cross pair + * matching and publishing * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when * "Certificate Setup Wizard" is used to import a CA cross-signed * certificate into the database * </ul> + * * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException failed to import a cross-certificate pair */ private void importXCert(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -2355,7 +2333,7 @@ private void createMasterKey(HttpServletRequest req, String serverID = ""; String certpath = ""; @SuppressWarnings("unchecked") - Enumeration<String> enum1 = req.getParameterNames(); + Enumeration<String> enum1 = req.getParameterNames(); NameValuePairs results = new NameValuePairs(); while (enum1.hasMoreElements()) { @@ -2363,29 +2341,29 @@ private void createMasterKey(HttpServletRequest req, String value = req.getParameter(key); // really should be PR_CERT_CONTENT - if (key.equals(Constants.PR_PKCS10)) + if (key.equals(Constants.PR_PKCS10)) b64Cert = value; else if (key.equals(Constants.RS_ID)) certType = value; - else if (key.equals("pathname")) + else if (key.equals("pathname")) pathname = value; else if (key.equals(Constants.PR_SERVER_ROOT)) serverRoot = value; - else if (key.equals(Constants.PR_SERVER_ID)) + else if (key.equals(Constants.PR_SERVER_ID)) serverID = value; - else if (key.equals(Constants.PR_CERT_FILEPATH)) + else if (key.equals(Constants.PR_CERT_FILEPATH)) certpath = value; } - + try { if (b64Cert == null || b64Cert.equals("")) { if (certpath == null || certpath.equals("")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -2396,7 +2374,7 @@ private void createMasterKey(HttpServletRequest req, } else { FileInputStream in = new FileInputStream(certpath); BufferedReader d = - new BufferedReader(new InputStreamReader(in)); + new BufferedReader(new InputStreamReader(in)); String content = ""; b64Cert = ""; @@ -2423,7 +2401,7 @@ private void createMasterKey(HttpServletRequest req, audit(auditMessage); throw new EBaseException( - CMS.getLogMessage("BASE_OPEN_FILE_FAILED")); + CMS.getLogMessage("BASE_OPEN_FILE_FAILED")); } CMS.debug("CMSAdminServlet: got b64Cert"); b64Cert = Cert.stripBrackets(b64Cert.trim()); @@ -2441,10 +2419,10 @@ private void createMasterKey(HttpServletRequest req, + File.separator + "config" + File.separator + pathname; ICrossCertPairSubsystem ccps = - (ICrossCertPairSubsystem) CMS.getSubsystem("CrossCertPair"); + (ICrossCertPairSubsystem) CMS.getSubsystem("CrossCertPair"); try { - //this will import into internal ldap crossCerts entry + // this will import into internal ldap crossCerts entry ccps.importCert(bCert); } catch (Exception e) { // store a message in the signed audit log file @@ -2480,8 +2458,8 @@ private void createMasterKey(HttpServletRequest req, } ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); - String content = jssSubSystem.getCertPrettyPrint(b64Cert, + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + String content = jssSubSystem.getCertPrettyPrint(b64Cert, super.getLocale(req)); results.add(Constants.PR_NICKNAME, "FBCA cross-signed cert"); @@ -2521,19 +2499,19 @@ private void createMasterKey(HttpServletRequest req, // rethrow the specific exception to be handled later throw eAudit2; - // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); - // - // audit( auditMessage ); - // - // // rethrow the specific exception to be handled later - // throw eAudit3; - } + // } catch( ServletException eAudit3 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit3; + } } private String getNickname(String certType) throws EBaseException { @@ -2541,13 +2519,13 @@ private void createMasterKey(HttpServletRequest req, if (certType.equals(Constants.PR_CA_SIGNING_CERT)) { ICertificateAuthority ca = - (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA); + (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getSigningUnit(); nickname = signingUnit.getNickname(); } else if (certType.equals(Constants.PR_OCSP_SIGNING_CERT)) { IOCSPAuthority ocsp = - (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP); + (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP); if (ocsp == null) { // this is a local CA service @@ -2562,28 +2540,28 @@ private void createMasterKey(HttpServletRequest req, } } else if (certType.equals(Constants.PR_RA_SIGNING_CERT)) { IRegistrationAuthority ra = - (IRegistrationAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_RA); + (IRegistrationAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_RA); nickname = ra.getNickname(); } else if (certType.equals(Constants.PR_KRA_TRANSPORT_CERT)) { IKeyRecoveryAuthority kra = - (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA); + (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA); nickname = kra.getNickname(); } else if (certType.equals(Constants.PR_SERVER_CERT)) { nickname = CMS.getServerCertNickname(); } else if (certType.equals(Constants.PR_SERVER_CERT_RADM)) { nickname = CMS.getServerCertNickname(); - } + } return nickname; } private void getCertInfo(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { @SuppressWarnings("unchecked") - Enumeration<String> enum1 = req.getParameterNames(); + Enumeration<String> enum1 = req.getParameterNames(); NameValuePairs results = new NameValuePairs(); String pkcs = ""; String path = ""; @@ -2616,7 +2594,7 @@ private void createMasterKey(HttpServletRequest req, } else { FileInputStream in = new FileInputStream(path); BufferedReader d = - new BufferedReader(new InputStreamReader(in)); + new BufferedReader(new InputStreamReader(in)); String content = ""; pkcs = ""; @@ -2640,7 +2618,7 @@ private void createMasterKey(HttpServletRequest req, int totalLen = pkcs.length(); if (pkcs.indexOf(BEGIN_HEADER) != 0 || - pkcs.indexOf(END_HEADER) != (totalLen - 25)) { + pkcs.indexOf(END_HEADER) != (totalLen - 25)) { throw (new EBaseException(CMS.getLogMessage("BASE_INVALID_CERT_FORMAT"))); } @@ -2665,25 +2643,25 @@ private void createMasterKey(HttpServletRequest req, nickname = getNickname(certType); ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); String content = jssSubSystem.getCertPrettyPrint(pkcs, super.getLocale(req)); if (nickname != null && !nickname.equals("")) results.add(Constants.PR_NICKNAME, nickname); results.add(Constants.PR_CERT_CONTENT, content); - //results = jssSubSystem.getCertInfo(value); + // results = jssSubSystem.getCertInfo(value); sendResponse(SUCCESS, null, results, resp); } private void getCertPrettyPrint(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { - @SuppressWarnings("unchecked") + @SuppressWarnings("unchecked") Enumeration<String> enum1 = req.getParameterNames(); ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); String nickname = ""; String serialno = ""; String issuername = ""; @@ -2703,7 +2681,7 @@ private void createMasterKey(HttpServletRequest req, if (key.equals(Constants.PR_NICK_NAME)) { nickname = value; continue; - } + } if (key.equals(Constants.PR_SERIAL_NUMBER)) { serialno = value; continue; @@ -2714,20 +2692,20 @@ private void createMasterKey(HttpServletRequest req, } } - String print = jssSubSystem.getCertPrettyPrintAndFingerPrint(nickname, - serialno, issuername, locale); + String print = jssSubSystem.getCertPrettyPrintAndFingerPrint(nickname, + serialno, issuername, locale); pairs.add(nickname, print); sendResponse(SUCCESS, null, pairs, resp); } private void getRootCertTrustBit(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { - @SuppressWarnings("unchecked") + @SuppressWarnings("unchecked") Enumeration<String> enum1 = req.getParameterNames(); ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); String nickname = ""; String serialno = ""; String issuername = ""; @@ -2759,92 +2737,92 @@ private void createMasterKey(HttpServletRequest req, } String trustbit = jssSubSystem.getRootCertTrustBit(nickname, - serialno, issuername); + serialno, issuername); pairs.add(nickname, trustbit); sendResponse(SUCCESS, null, pairs, resp); } private void getCACerts(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); NameValuePairs pairs = jssSubSystem.getCACerts(); sendResponse(SUCCESS, null, pairs, resp); } private void deleteRootCert(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); int mindex = id.indexOf(":SERIAL#<"); String nickname = id.substring(0, mindex); String sstr1 = id.substring(mindex); int lindex = sstr1.indexOf(">"); String serialno = sstr1.substring(9, lindex); - String issuername = sstr1.substring(lindex+1); + String issuername = sstr1.substring(lindex + 1); jssSubSystem.deleteRootCert(nickname, serialno, issuername); sendResponse(SUCCESS, null, null, resp); } private void deleteUserCert(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); int mindex = id.indexOf(":SERIAL#<"); String nickname = id.substring(0, mindex); String sstr1 = id.substring(mindex); int lindex = sstr1.indexOf(">"); String serialno = sstr1.substring(9, lindex); - String issuername = sstr1.substring(lindex+1); + String issuername = sstr1.substring(lindex + 1); jssSubSystem.deleteUserCert(nickname, serialno, issuername); sendResponse(SUCCESS, null, null, resp); } private void getRootCerts(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); NameValuePairs pairs = jssSubSystem.getRootCerts(); sendResponse(SUCCESS, null, pairs, resp); } private void getAllCertsManage(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); NameValuePairs pairs = jssSubSystem.getAllCertsManage(); sendResponse(SUCCESS, null, pairs, resp); } private void getUserCerts(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); NameValuePairs pairs = jssSubSystem.getUserCerts(); sendResponse(SUCCESS, null, pairs, resp); } private void deleteCerts(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { - @SuppressWarnings("unchecked") + @SuppressWarnings("unchecked") Enumeration<String> enum1 = req.getParameterNames(); ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); String nickname = ""; String date = ""; @@ -2862,19 +2840,19 @@ private void createMasterKey(HttpServletRequest req, nickname = value.substring(0, index); date = value.substring(index + 1); - // cant use this one now since jss doesnt have the interface to + // cant use this one now since jss doesnt have the interface to // do it. jssSubSystem.deleteCert(nickname, date); - // jssSubsystem.deleteCACert(nickname, date); + // jssSubsystem.deleteCACert(nickname, date); } sendResponse(SUCCESS, null, null, resp); } private void validateSubjectName(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { - @SuppressWarnings("unchecked") + @SuppressWarnings("unchecked") Enumeration<String> enum1 = req.getParameterNames(); while (enum1.hasMoreElements()) { @@ -2883,19 +2861,19 @@ private void createMasterKey(HttpServletRequest req, if (key.equals(Constants.PR_SUBJECT_NAME)) { ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); jssSubSystem.isX500DN(value); } } sendResponse(SUCCESS, null, null, resp); - } + } private void validateKeyLength(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { - @SuppressWarnings("unchecked") + @SuppressWarnings("unchecked") Enumeration<String> enum1 = req.getParameterNames(); String keyType = "RSA"; String keyLen = "512"; @@ -2917,16 +2895,16 @@ private void createMasterKey(HttpServletRequest req, int minKey = mConfig.getInteger( ConfigConstants.PR_RSA_MIN_KEYLENGTH, 512); ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); // jssSubSystem.checkKeyLength(keyType, keyLength, certType, minKey); sendResponse(SUCCESS, null, null, resp); } private void validateCurveName(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { - @SuppressWarnings("unchecked") + @SuppressWarnings("unchecked") Enumeration<String> enum1 = req.getParameterNames(); String curveName = null; @@ -2942,7 +2920,7 @@ private void createMasterKey(HttpServletRequest req, String curveList = mConfig.getString("keys.ecc.curve.list", "nistp521"); String[] curves = curveList.split(","); boolean match = false; - for (int i=0; i<curves.length; i++) { + for (int i = 0; i < curves.length; i++) { if (curves[i].equals(curveName)) { match = true; } @@ -2955,9 +2933,9 @@ private void createMasterKey(HttpServletRequest req, } private void validateCertExtension(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { - @SuppressWarnings("unchecked") + @SuppressWarnings("unchecked") Enumeration<String> enum1 = req.getParameterNames(); String certExt = ""; @@ -2972,19 +2950,19 @@ private void createMasterKey(HttpServletRequest req, } ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); jssSubSystem.checkCertificateExt(certExt); sendResponse(SUCCESS, null, null, resp); } private void getSubjectName(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @SuppressWarnings("unchecked") Enumeration<String> enum1 = req.getParameterNames(); - + String nickname = ""; String keyType = "RSA"; String keyLen = "512"; @@ -3003,7 +2981,7 @@ private void createMasterKey(HttpServletRequest req, } ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); String subjectName = jssSubSystem.getSubjectDN(nickname); params.add(Constants.PR_SUBJECT_NAME, subjectName); @@ -3011,7 +2989,7 @@ private void createMasterKey(HttpServletRequest req, } private void processSubjectName(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @SuppressWarnings("unchecked") @@ -3033,7 +3011,7 @@ private void createMasterKey(HttpServletRequest req, } ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); String subjectName = jssSubSystem.getSubjectDN(nickname); params.add(Constants.PR_SUBJECT_NAME, subjectName); @@ -3041,7 +3019,7 @@ private void createMasterKey(HttpServletRequest req, } public void setRootCertTrust(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -3053,10 +3031,10 @@ private void createMasterKey(HttpServletRequest req, CMS.debug("CMSAdminServlet: setRootCertTrust()"); ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); try { jssSubSystem.setRootCertTrust(nickname, serialno, issuername, trust); - } catch (EBaseException e) { + } catch (EBaseException e) { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, auditSubjectID, @@ -3083,18 +3061,19 @@ private void createMasterKey(HttpServletRequest req, /** * Establish trust of a CA certificate * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when - * "Manage Certificate" is used to edit the trustness of certs and - * deletion of certs + * "Manage Certificate" is used to edit the trustness of certs and deletion + * of certs * </ul> + * * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException failed to establish CA certificate trust */ private void trustCACert(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -3104,10 +3083,10 @@ private void createMasterKey(HttpServletRequest req, // ensure that any low-level exceptions are reported // to the signed audit log and stored as failures try { - @SuppressWarnings("unchecked") + @SuppressWarnings("unchecked") Enumeration<String> enum1 = req.getParameterNames(); ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); String trust = ""; while (enum1.hasMoreElements()) { @@ -3134,7 +3113,7 @@ private void createMasterKey(HttpServletRequest req, audit(auditMessage); - //sendResponse(SUCCESS, null, null, resp); + // sendResponse(SUCCESS, null, null, resp); sendResponse(RESTART, null, null, resp); } catch (EBaseException eAudit1) { // store a message in the signed audit log file @@ -3160,41 +3139,42 @@ private void createMasterKey(HttpServletRequest req, // rethrow the specific exception to be handled later throw eAudit2; - // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); - // - // audit( auditMessage ); - // - // // rethrow the specific exception to be handled later - // throw eAudit3; - } + // } catch( ServletException eAudit3 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit3; + } } /** * Execute all self tests specified to be run on demand. * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION used when self * tests are run on demand * </ul> - * @exception EMissingSelfTestException a self test plugin instance - * property name was missing + * + * @exception EMissingSelfTestException a self test plugin instance property + * name was missing * @exception ESelfTestException a self test is missing a required - * configuration parameter + * configuration parameter * @exception IOException an input/output error has occurred */ private synchronized void - runSelfTestsOnDemand(HttpServletRequest req, - HttpServletResponse resp) - throws EMissingSelfTestException, - ESelfTestException, - IOException { + runSelfTestsOnDemand(HttpServletRequest req, + HttpServletResponse resp) + throws EMissingSelfTestException, + ESelfTestException, + IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -3203,7 +3183,7 @@ private void createMasterKey(HttpServletRequest req, try { if (CMS.debugOn()) { CMS.debug("CMSAdminServlet::runSelfTestsOnDemand():" - + " ENTERING . . ."); + + " ENTERING . . ."); } @SuppressWarnings("unchecked") Enumeration<String> enum1 = req.getParameterNames(); @@ -3224,10 +3204,10 @@ private void createMasterKey(HttpServletRequest req, } ISelfTestSubsystem mSelfTestSubsystem = (ISelfTestSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_SELFTESTS); + CMS.getSubsystem(CMS.SUBSYSTEM_SELFTESTS); if ((request == null) || - (request.equals(""))) { + (request.equals(""))) { // self test plugin run on demand request parameter was missing // log the error logMessage = CMS.getLogMessage("SELFTESTS_RUN_ON_DEMAND_REQUEST", @@ -3236,7 +3216,7 @@ private void createMasterKey(HttpServletRequest req, ); mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), - logMessage); + logMessage); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -3264,7 +3244,7 @@ private void createMasterKey(HttpServletRequest req, getServletInfo()); mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), - logMessage); + logMessage); // store this information for console notification content += logMessage @@ -3288,8 +3268,8 @@ private void createMasterKey(HttpServletRequest req, getServletInfo()); mSelfTestSubsystem.log( - mSelfTestSubsystem.getSelfTestLogger(), - logMessage); + mSelfTestSubsystem.getSelfTestLogger(), + logMessage); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -3309,18 +3289,19 @@ private void createMasterKey(HttpServletRequest req, } ISelfTest test = (ISelfTest) - mSelfTestSubsystem.getSelfTest(instanceName); + mSelfTestSubsystem.getSelfTest(instanceName); if (test == null) { - // self test plugin instance property name is not present + // self test plugin instance property name is not + // present // log the error logMessage = CMS.getLogMessage("SELFTESTS_MISSING_NAME", getServletInfo(), instanceFullName); mSelfTestSubsystem.log( - mSelfTestSubsystem.getSelfTestLogger(), - logMessage); + mSelfTestSubsystem.getSelfTestLogger(), + logMessage); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -3342,9 +3323,9 @@ private void createMasterKey(HttpServletRequest req, try { if (CMS.debugOn()) { CMS.debug("CMSAdminServlet::runSelfTestsOnDemand():" - + " running \"" - + test.getSelfTestName() - + "\""); + + " running \"" + + test.getSelfTestName() + + "\""); } // store this information for console notification @@ -3368,8 +3349,8 @@ private void createMasterKey(HttpServletRequest req, instanceFullName); mSelfTestSubsystem.log( - mSelfTestSubsystem.getSelfTestLogger(), - logMessage); + mSelfTestSubsystem.getSelfTestLogger(), + logMessage); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -3401,7 +3382,7 @@ private void createMasterKey(HttpServletRequest req, logMessage = CMS.getLogMessage("SELFTESTS_RUN_ON_DEMAND_SUCCEEDED", getServletInfo()); mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), - logMessage); + logMessage); // store this information for console notification content += logMessage @@ -3412,7 +3393,7 @@ private void createMasterKey(HttpServletRequest req, getServletInfo()); mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), - logMessage); + logMessage); // store this information for console notification content += logMessage @@ -3429,14 +3410,14 @@ private void createMasterKey(HttpServletRequest req, // notify console of SUCCESS results.add(Constants.PR_RUN_SELFTESTS_ON_DEMAND_CLASS, - CMSAdminServlet.class.getName()); + CMSAdminServlet.class.getName()); results.add(Constants.PR_RUN_SELFTESTS_ON_DEMAND_CONTENT, - content); + content); sendResponse(SUCCESS, null, results, resp); if (CMS.debugOn()) { CMS.debug("CMSAdminServlet::runSelfTestsOnDemand():" - + " EXITING."); + + " EXITING."); } } catch (EMissingSelfTestException eAudit1) { // store a message in the signed audit log file @@ -3475,16 +3456,16 @@ private void createMasterKey(HttpServletRequest req, } public void log(int level, String msg) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, "CMSAdminServlet: " + msg); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, "CMSAdminServlet: " + msg); } /** * Signed Audit Log Public Key - * + * * This method is called to obtain the public key from the passed in * "KeyPair" object for a signed audit log message. * <P> - * + * * @param object a Key Pair Object * @return key string containing the public key */ @@ -3533,4 +3514,3 @@ private void createMasterKey(HttpServletRequest req, } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/JobsAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/JobsAdminServlet.java index 7f18d94e..dffa4034 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/JobsAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/JobsAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -42,10 +41,9 @@ import com.netscape.certsrv.jobs.IJobsScheduler; import com.netscape.certsrv.jobs.JobPlugin; import com.netscape.certsrv.logging.ILogger; - /** - * A class representing an administration servlet for the - * Jobs Scheduler and it's scheduled jobs. + * A class representing an administration servlet for the Jobs Scheduler and + * it's scheduled jobs. * * @version $Revision$, $Date$ */ @@ -82,16 +80,16 @@ public class JobsAdminServlet extends AdminServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } - /** - * retrieve extended plugin info such as brief description, type info - * from jobs + /** + * retrieve extended plugin info such as brief description, type info from + * jobs */ private void getExtendedPluginInfo(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); @@ -100,8 +98,8 @@ public class JobsAdminServlet extends AdminServlet { String implType = id.substring(0, colon); String implName = id.substring(colon + 1); - NameValuePairs params = - getExtendedPluginInfo(getLocale(req), implType, implName); + NameValuePairs params = + getExtendedPluginInfo(getLocale(req), implType, implName); sendResponse(SUCCESS, null, params, resp); } @@ -111,7 +109,7 @@ public class JobsAdminServlet extends AdminServlet { Object impl = null; JobPlugin jp = - (JobPlugin) mJobsSched.getPlugins().get(implName); + (JobPlugin) mJobsSched.getPlugins().get(implName); if (jp != null) impl = getClassByNameAsExtendedPluginInfo(jp.getClassPath()); @@ -137,25 +135,25 @@ public class JobsAdminServlet extends AdminServlet { * Serves HTTP admin request. */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { super.service(req, resp); String scope = req.getParameter(Constants.OP_SCOPE); String op = req.getParameter(Constants.OP_TYPE); if (op == null) { - //System.out.println("SRVLT_INVALID_PROTOCOL"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), - null, resp); + // System.out.println("SRVLT_INVALID_PROTOCOL"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), + null, resp); return; } try { super.authenticate(req); } catch (IOException e) { - sendResponse(ERROR,CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"), + null, resp); return; } @@ -165,8 +163,8 @@ public class JobsAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_JOBS)) @@ -174,27 +172,27 @@ public class JobsAdminServlet extends AdminServlet { else if (scope.equals(ScopeDef.SC_JOBS_IMPLS)) getConfig(req, resp); else if (scope.equals(ScopeDef.SC_JOBS_INSTANCE)) - getInstConfig(req, resp); + getInstConfig(req, resp); else if (scope.equals(ScopeDef.SC_EXTENDED_PLUGIN_INFO)) { - try { - getExtendedPluginInfo(req, resp); - } catch (EBaseException e) { - sendResponse(ERROR, e.toString(getLocale(req)), null, resp); - return; + try { + getExtendedPluginInfo(req, resp); + } catch (EBaseException e) { + sendResponse(ERROR, e.toString(getLocale(req)), null, resp); + return; } } else { - //System.out.println("SRVLT_INVALID_OP_SCOPE"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + // System.out.println("SRVLT_INVALID_OP_SCOPE"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else if (op.equals(OpDef.OP_MODIFY)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_JOBS)) { @@ -202,17 +200,17 @@ public class JobsAdminServlet extends AdminServlet { } else if (scope.equals(ScopeDef.SC_JOBS_INSTANCE)) { modJobsInst(req, resp, scope); } else { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else if (op.equals(OpDef.OP_SEARCH)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_JOBS_IMPLS)) @@ -220,18 +218,18 @@ public class JobsAdminServlet extends AdminServlet { else if (scope.equals(ScopeDef.SC_JOBS_INSTANCE)) listJobsInsts(req, resp); else { - //System.out.println("SRVLT_INVALID_OP_SCOPE"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + // System.out.println("SRVLT_INVALID_OP_SCOPE"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else if (op.equals(OpDef.OP_ADD)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_JOBS_IMPLS)) @@ -239,18 +237,18 @@ public class JobsAdminServlet extends AdminServlet { else if (scope.equals(ScopeDef.SC_JOBS_INSTANCE)) addJobsInst(req, resp, scope); else { - //System.out.println("SRVLT_INVALID_OP_SCOPE"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + // System.out.println("SRVLT_INVALID_OP_SCOPE"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else if (op.equals(OpDef.OP_DELETE)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_JOBS_IMPLS)) @@ -258,42 +256,42 @@ public class JobsAdminServlet extends AdminServlet { else if (scope.equals(ScopeDef.SC_JOBS_INSTANCE)) delJobsInst(req, resp, scope); else { - //System.out.println("SRVLT_INVALID_OP_SCOPE"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + // System.out.println("SRVLT_INVALID_OP_SCOPE"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), + null, resp); return; } } catch (EBaseException e) { sendResponse(ERROR, e.toString(getLocale(req)), null, resp); return; - } + } } - private synchronized void addJobPlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void addJobPlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // is the job plugin id unique? if (mJobsSched.getPlugins().containsKey((Object) id)) { sendResponse(ERROR, - new EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ILL_JOB_PLUGIN_ID", id)).toString(), - null, resp); + new EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_ILL_JOB_PLUGIN_ID", id)).toString(), + null, resp); return; } @@ -301,15 +299,15 @@ public class JobsAdminServlet extends AdminServlet { if (classPath == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_NULL_CLASS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_NULL_CLASS"), + null, resp); return; } IConfigStore destStore = - mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); + mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); IConfigStore instancesConfig = - destStore.getSubStore(scope); + destStore.getSubStore(scope); // Does the class exist? Class newImpl = null; @@ -318,13 +316,13 @@ public class JobsAdminServlet extends AdminServlet { newImpl = Class.forName(classPath); } catch (ClassNotFoundException e) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_NO_CLASS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_NO_CLASS"), + null, resp); return; } catch (IllegalArgumentException e) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_NO_CLASS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_NO_CLASS"), + null, resp); return; } @@ -332,14 +330,14 @@ public class JobsAdminServlet extends AdminServlet { try { if (IJob.class.isAssignableFrom(newImpl) == false) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ILL_CLASS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_ILL_CLASS"), + null, resp); return; } } catch (NullPointerException e) { // unlikely, only if newImpl null. sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ILL_CLASS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_ILL_CLASS"), + null, resp); return; } @@ -351,10 +349,10 @@ public class JobsAdminServlet extends AdminServlet { try { mConfig.commit(true); } catch (EBaseException e) { - //System.out.println("SRVLT_FAIL_COMMIT"); + // System.out.println("SRVLT_FAIL_COMMIT"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -362,8 +360,8 @@ public class JobsAdminServlet extends AdminServlet { JobPlugin plugin = new JobPlugin(id, classPath); mJobsSched.getPlugins().put(id, plugin); - mJobsSched.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_JS_PLUGIN_ADD", id)); + mJobsSched.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_JS_PLUGIN_ADD", id)); NameValuePairs params = new NameValuePairs(); @@ -371,24 +369,24 @@ public class JobsAdminServlet extends AdminServlet { return; } - private synchronized void addJobsInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void addJobsInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // is the job instance id unique? if (mJobsSched.getInstances().containsKey((Object) id)) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ILL_JOB_INST_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_ILL_JOB_INST_ID"), + null, resp); return; } @@ -399,21 +397,21 @@ public class JobsAdminServlet extends AdminServlet { if (implname == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ADD_MISSING_PARAMS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_ADD_MISSING_PARAMS"), + null, resp); return; } // check if implementation exists. JobPlugin plugin = - (JobPlugin) mJobsSched.getPlugins().get(implname); + (JobPlugin) mJobsSched.getPlugins().get(implname); if (plugin == null) { sendResponse(ERROR, - new - EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND", - id)).toString(), - null, resp); + new + EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND", + id)).toString(), + null, resp); return; } @@ -423,9 +421,9 @@ public class JobsAdminServlet extends AdminServlet { String[] configParams = mJobsSched.getConfigParams(implname); IConfigStore destStore = - mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); + mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); IConfigStore instancesConfig = - destStore.getSubStore(scope); + destStore.getSubStore(scope); IConfigStore substore = instancesConfig.makeSubStore(id); if (configParams != null) { @@ -437,10 +435,10 @@ public class JobsAdminServlet extends AdminServlet { substore.put(key, val); } else if (!key.equals("profileId")) { sendResponse(ERROR, - new - EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_MISSING_INST_PARAM_VAL", - key)).toString(), - null, resp); + new + EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_MISSING_INST_PARAM_VAL", + key)).toString(), + null, resp); return; } } @@ -458,28 +456,28 @@ public class JobsAdminServlet extends AdminServlet { // cleanup instancesConfig.removeSubStore(id); sendResponse(ERROR, - new EJobsException( - CMS.getUserMessage(getLocale(req),"CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), - null, resp); + new EJobsException( + CMS.getUserMessage(getLocale(req), "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), + null, resp); return; } catch (InstantiationException e) { instancesConfig.removeSubStore(id); sendResponse(ERROR, - new EJobsException( - CMS.getUserMessage(getLocale(req),"CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), - null, resp); + new EJobsException( + CMS.getUserMessage(getLocale(req), "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { instancesConfig.removeSubStore(id); sendResponse(ERROR, - new EJobsException( - CMS.getUserMessage(getLocale(req),"CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), - null, resp); + new EJobsException( + CMS.getUserMessage(getLocale(req), "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), + null, resp); return; } - + IJobsScheduler scheduler = (IJobsScheduler) - CMS.getSubsystem(CMS.SUBSYSTEM_JOBS); + CMS.getSubsystem(CMS.SUBSYSTEM_JOBS); // initialize the job plugin try { @@ -498,16 +496,16 @@ public class JobsAdminServlet extends AdminServlet { // clean up. instancesConfig.removeSubStore(id); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } // inited and commited ok. now add manager instance to list. mJobsSched.getInstances().put(id, jobsInst); - mJobsSched.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_JOB_INST_ADD", id)); + mJobsSched.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_JOB_INST_ADD", id)); NameValuePairs params = new NameValuePairs(); @@ -516,8 +514,8 @@ public class JobsAdminServlet extends AdminServlet { return; } - private synchronized void listJobPlugins(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void listJobPlugins(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -525,83 +523,81 @@ public class JobsAdminServlet extends AdminServlet { while (e.hasMoreElements()) { String name = (String) e.nextElement(); - JobPlugin value = (JobPlugin) - mJobsSched.getPlugins().get(name); + JobPlugin value = (JobPlugin) + mJobsSched.getPlugins().get(name); params.add(name, value.getClassPath()); - // params.add(name, value.getClassPath()+EDIT); + // params.add(name, value.getClassPath()+EDIT); } sendResponse(SUCCESS, null, params, resp); return; } - private synchronized void listJobsInsts(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void listJobsInsts(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); - for (Enumeration e = mJobsSched.getInstances().keys(); - e.hasMoreElements();) { + for (Enumeration e = mJobsSched.getInstances().keys(); e.hasMoreElements();) { String name = (String) e.nextElement(); - IJob value = (IJob) - mJobsSched.getInstances().get((Object) name); + IJob value = (IJob) + mJobsSched.getInstances().get((Object) name); - // params.add(name, value.getImplName()); + // params.add(name, value.getImplName()); params.add(name, value.getImplName() + VISIBLE + - (value.isEnabled() ? ENABLED : DISABLED) - ); + (value.isEnabled() ? ENABLED : DISABLED) + ); } sendResponse(SUCCESS, null, params, resp); return; } - private synchronized void delJobPlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, + private synchronized void delJobPlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // does this job plugin exist? if (mJobsSched.getPlugins().containsKey(id) == false) { sendResponse(ERROR, - new - EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND", - id)).toString(), - null, resp); + new + EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND", + id)).toString(), + null, resp); return; } // first check if any instances from this job plugin // DON'T remove job plugin if any instance - for (Enumeration e = mJobsSched.getInstances().elements(); - e.hasMoreElements();) { + for (Enumeration e = mJobsSched.getInstances().elements(); e.hasMoreElements();) { IJob jobs = (IJob) e.nextElement(); if ((jobs.getImplName()).equals(id)) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_JOB_IN_USE"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_JOB_IN_USE"), + null, resp); return; } } - + // then delete this job plugin mJobsSched.getPlugins().remove((Object) id); IConfigStore destStore = - mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); + mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); IConfigStore instancesConfig = - destStore.getSubStore(scope); + destStore.getSubStore(scope); instancesConfig.removeSubStore(id); // commiting @@ -609,8 +605,8 @@ public class JobsAdminServlet extends AdminServlet { mConfig.commit(true); } catch (EBaseException e) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -618,52 +614,52 @@ public class JobsAdminServlet extends AdminServlet { return; } - private synchronized void delJobsInst(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, + private synchronized void delJobsInst(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // does job plugin instance exist? if (mJobsSched.getInstances().containsKey(id) == false) { sendResponse(ERROR, - new EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_JOB_NOT_FOUND", - id)).toString(), - null, resp); + new EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_JOB_NOT_FOUND", + id)).toString(), + null, resp); return; } // only remove from memory // cannot shutdown because we don't keep track of whether it's - // being used. + // being used. IJob jobInst = (IJob) mJobsSched.getInstances().get(id); mJobsSched.getInstances().remove((Object) id); // remove the configuration. IConfigStore destStore = - mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); + mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); IConfigStore instancesConfig = - destStore.getSubStore(scope); + destStore.getSubStore(scope); instancesConfig.removeSubStore(id); // commiting try { mConfig.commit(true); } catch (EBaseException e) { - //System.out.println("SRVLT_FAIL_COMMIT"); + // System.out.println("SRVLT_FAIL_COMMIT"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -672,25 +668,24 @@ public class JobsAdminServlet extends AdminServlet { } /** - * used for getting the required configuration parameters (with - * possible default values) for a particular job plugin - * implementation name specified in the RS_ID. Actually, there is - * no logic in here to set any default value here...there's no - * default value for any parameter in this job scheduler subsystem - * at this point. Later, if we do have one (or some), it can be - * added. The interface remains the same. + * used for getting the required configuration parameters (with possible + * default values) for a particular job plugin implementation name specified + * in the RS_ID. Actually, there is no logic in here to set any default + * value here...there's no default value for any parameter in this job + * scheduler subsystem at this point. Later, if we do have one (or some), it + * can be added. The interface remains the same. */ - private synchronized void getConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private synchronized void getConfig(HttpServletRequest req, + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String implname = req.getParameter(Constants.RS_ID); if (implname == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -708,25 +703,25 @@ public class JobsAdminServlet extends AdminServlet { return; } - private synchronized void getInstConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void getInstConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // does job plugin instance exist? if (mJobsSched.getInstances().containsKey(id) == false) { sendResponse(ERROR, - new EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_JOB_NOT_FOUND", - id)).toString(), - null, resp); + new EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_JOB_NOT_FOUND", + id)).toString(), + null, resp); return; } @@ -757,34 +752,32 @@ public class JobsAdminServlet extends AdminServlet { } /** - * Modify job plugin instance. - * This will actually create a new instance with new configuration - * parameters and replace the old instance, if the new instance - * created and initialized successfully. - * The old instance is left running. so this is very expensive. - * Restart of server recommended. + * Modify job plugin instance. This will actually create a new instance with + * new configuration parameters and replace the old instance, if the new + * instance created and initialized successfully. The old instance is left + * running. so this is very expensive. Restart of server recommended. */ - private synchronized void modJobsInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void modJobsInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { // expensive operation. String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // Does the job instance exist? if (!mJobsSched.getInstances().containsKey((Object) id)) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ILL_JOB_INST_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_ILL_JOB_INST_ID"), + null, resp); return; } @@ -793,27 +786,27 @@ public class JobsAdminServlet extends AdminServlet { if (implname == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ADD_MISSING_PARAMS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_ADD_MISSING_PARAMS"), + null, resp); return; } - // get plugin for implementation + // get plugin for implementation JobPlugin plugin = - (JobPlugin) mJobsSched.getPlugins().get(implname); + (JobPlugin) mJobsSched.getPlugins().get(implname); if (plugin == null) { sendResponse(ERROR, - new EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND", - id)).toString(), - null, resp); + new EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND", + id)).toString(), + null, resp); return; } - // save old instance substore params in case new one fails. + // save old instance substore params in case new one fails. - IJob oldinst = - (IJob) mJobsSched.getInstances().get((Object) id); + IJob oldinst = + (IJob) mJobsSched.getInstances().get((Object) id); IConfigStore oldConfig = oldinst.getConfigStore(); String[] oldConfigParms = oldinst.getConfigParams(); @@ -821,7 +814,7 @@ public class JobsAdminServlet extends AdminServlet { // implName is always required so always include it it. saveParams.add(IJobsScheduler.PROP_PLUGIN, - (String) oldConfig.get(IJobsScheduler.PROP_PLUGIN)); + (String) oldConfig.get(IJobsScheduler.PROP_PLUGIN)); if (oldConfigParms != null) { for (int i = 0; i < oldConfigParms.length; i++) { String key = oldConfigParms[i]; @@ -838,9 +831,9 @@ public class JobsAdminServlet extends AdminServlet { // remove old substore. IConfigStore destStore = - mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); + mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); IConfigStore instancesConfig = - destStore.getSubStore(scope); + destStore.getSubStore(scope); instancesConfig.removeSubStore(id); @@ -861,10 +854,10 @@ public class JobsAdminServlet extends AdminServlet { } else if (!key.equals("profileId")) { restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new - EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_MISSING_INST_PARAM_VAL", - key)).toString(), - null, resp); + new + EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_MISSING_INST_PARAM_VAL", + key)).toString(), + null, resp); return; } } @@ -880,30 +873,30 @@ public class JobsAdminServlet extends AdminServlet { // cleanup restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new EJobsException( - CMS.getUserMessage(getLocale(req),"CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), - null, resp); + new EJobsException( + CMS.getUserMessage(getLocale(req), "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), + null, resp); return; } catch (InstantiationException e) { restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new EJobsException( - CMS.getUserMessage(getLocale(req),"CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), - null, resp); + new EJobsException( + CMS.getUserMessage(getLocale(req), "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new EJobsException( - CMS.getUserMessage(getLocale(req),"CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), - null, resp); + new EJobsException( + CMS.getUserMessage(getLocale(req), "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), + null, resp); return; } // initialize the job plugin IJobsScheduler scheduler = (IJobsScheduler) - CMS.getSubsystem(CMS.SUBSYSTEM_JOBS); + CMS.getSubsystem(CMS.SUBSYSTEM_JOBS); try { newJobInst.init(scheduler, id, implname, substore); @@ -919,17 +912,17 @@ public class JobsAdminServlet extends AdminServlet { return; } - // initialized ok. commiting + // initialized ok. commiting try { mConfig.commit(true); } catch (EBaseException e) { // clean up. restore(instancesConfig, id, saveParams); - //System.out.println("SRVLT_FAIL_COMMIT"); + // System.out.println("SRVLT_FAIL_COMMIT"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -937,8 +930,8 @@ public class JobsAdminServlet extends AdminServlet { mJobsSched.getInstances().put(id, newJobInst); - mJobsSched.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_JOB_INST_REP", id)); + mJobsSched.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_JOB_INST_REP", id)); NameValuePairs params = new NameValuePairs(); @@ -947,25 +940,25 @@ public class JobsAdminServlet extends AdminServlet { } private void getSettings(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); IConfigStore config = mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); - params.add(Constants.PR_ENABLE, - config.getString(IJobsScheduler.PROP_ENABLED, - Constants.FALSE)); + params.add(Constants.PR_ENABLE, + config.getString(IJobsScheduler.PROP_ENABLED, + Constants.FALSE)); // default 1 minute - params.add(Constants.PR_JOBS_FREQUENCY, - config.getString(IJobsScheduler.PROP_INTERVAL, "1")); + params.add(Constants.PR_JOBS_FREQUENCY, + config.getString(IJobsScheduler.PROP_INTERVAL, "1")); - //System.out.println("Send: "+params.toString()); + // System.out.println("Send: "+params.toString()); sendResponse(SUCCESS, null, params, resp); } private void setSettings(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { - //Save New Settings to the config file + throws ServletException, IOException, EBaseException { + // Save New Settings to the config file IConfigStore config = mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); String enabled = config.getString(IJobsScheduler.PROP_ENABLED); @@ -978,14 +971,14 @@ public class JobsAdminServlet extends AdminServlet { config.putString(IJobsScheduler.PROP_ENABLED, enabledSetTo); } - //set frequency + // set frequency String interval = - req.getParameter(Constants.PR_JOBS_FREQUENCY); + req.getParameter(Constants.PR_JOBS_FREQUENCY); if (interval != null) { config.putString(IJobsScheduler.PROP_INTERVAL, interval); mJobsSched.setInterval( - config.getInteger(IJobsScheduler.PROP_INTERVAL)); + config.getInteger(IJobsScheduler.PROP_INTERVAL)); } if (enabledChanged == true) { @@ -999,8 +992,8 @@ public class JobsAdminServlet extends AdminServlet { } // convenience routine. - private static void restore(IConfigStore store, - String id, NameValuePairs saveParams) { + private static void restore(IConfigStore store, + String id, NameValuePairs saveParams) { store.removeSubStore(id); IConfigStore rstore = store.makeSubStore(id); @@ -1010,7 +1003,7 @@ public class JobsAdminServlet extends AdminServlet { String key = (String) keys.nextElement(); String value = saveParams.getValue(key); - if (!value.equals("")) + if (!value.equals("")) rstore.put(key, value); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/KRAAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/KRAAdminServlet.java index e4138d74..feb4ea9b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/KRAAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/KRAAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.IOException; import java.util.Enumeration; @@ -35,13 +34,11 @@ import com.netscape.certsrv.common.ScopeDef; import com.netscape.certsrv.kra.IKeyRecoveryAuthority; import com.netscape.certsrv.logging.ILogger; - /** - * A class representings an administration servlet for Key - * Recovery Authority. This servlet is responsible to serve - * KRA administrative operation such as configuration - * parameter updates. - * + * A class representings an administration servlet for Key Recovery Authority. + * This servlet is responsible to serve KRA administrative operation such as + * configuration parameter updates. + * * @version $Revision$, $Date$ */ public class KRAAdminServlet extends AdminServlet { @@ -57,7 +54,7 @@ public class KRAAdminServlet extends AdminServlet { private IKeyRecoveryAuthority mKRA = null; private final static String LOGGING_SIGNED_AUDIT_CONFIG_DRM = - "LOGGING_SIGNED_AUDIT_CONFIG_DRM_3"; + "LOGGING_SIGNED_AUDIT_CONFIG_DRM_3"; /** * Constructs KRA servlet. @@ -73,63 +70,60 @@ public class KRAAdminServlet extends AdminServlet { /** * Returns serlvet information. - * + * * @return name of this servlet */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** * Serves HTTP admin request. - * + * * @param req HTTP request * @param resp HTTP response */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { super.service(req, resp); super.authenticate(req); String scope = req.getParameter(Constants.OP_SCOPE); if (scope == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } String op = req.getParameter(Constants.OP_TYPE); if (op == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), + null, resp); return; } - + try { AUTHZ_RES_NAME = "certServer.kra.configuration"; if (op.equals(OpDef.OP_READ)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } - /* Functions not implemented in console - if (scope.equals(ScopeDef.SC_AUTO_RECOVERY)) { - readAutoRecoveryConfig(req, resp); - return; - } else if (scope.equals(ScopeDef.SC_RECOVERY)) { - readRecoveryConfig(req, resp); - return; - } else if (scope.equals(ScopeDef.SC_NOTIFICATION_RIQ)) { - getNotificationRIQConfig(req, resp); - return; - } else - */ + /* + * Functions not implemented in console if + * (scope.equals(ScopeDef.SC_AUTO_RECOVERY)) { + * readAutoRecoveryConfig(req, resp); return; } else if + * (scope.equals(ScopeDef.SC_RECOVERY)) { + * readRecoveryConfig(req, resp); return; } else if + * (scope.equals(ScopeDef.SC_NOTIFICATION_RIQ)) { + * getNotificationRIQConfig(req, resp); return; } else + */ if (scope.equals(ScopeDef.SC_GENERAL)) { getGeneralConfig(req, resp); return; @@ -138,44 +132,39 @@ public class KRAAdminServlet extends AdminServlet { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } - /* Functions not implemented in console - if (scope.equals(ScopeDef.SC_AUTO_RECOVERY)) { - modifyAutoRecoveryConfig(req, resp); - return; - } else if (scope.equals(ScopeDef.SC_AGENT_PWD)) { - changeAgentPwd(req, resp); - return; - } else if (scope.equals(ScopeDef.SC_MNSCHEME)) { - changeMNScheme(req, resp); - return; - } else if (scope.equals(ScopeDef.SC_NOTIFICATION_RIQ)) { - setNotificationRIQConfig(req, resp); - return; - } else - */ + /* + * Functions not implemented in console if + * (scope.equals(ScopeDef.SC_AUTO_RECOVERY)) { + * modifyAutoRecoveryConfig(req, resp); return; } else if + * (scope.equals(ScopeDef.SC_AGENT_PWD)) { changeAgentPwd(req, + * resp); return; } else if (scope.equals(ScopeDef.SC_MNSCHEME)) + * { changeMNScheme(req, resp); return; } else if + * (scope.equals(ScopeDef.SC_NOTIFICATION_RIQ)) { + * setNotificationRIQConfig(req, resp); return; } else + */ if (scope.equals(ScopeDef.SC_GENERAL)) { - setGeneralConfig(req,resp); + setGeneralConfig(req, resp); } - } + } } catch (EBaseException e) { // convert exception into locale-specific message - sendResponse(ERROR, e.toString(getLocale(req)), - null, resp); + sendResponse(ERROR, e.toString(getLocale(req)), + null, resp); return; } catch (Exception e) { e.printStackTrace(); } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), + null, resp); } private void getGeneralConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -188,7 +177,7 @@ public class KRAAdminServlet extends AdminServlet { } private void setGeneralConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { Enumeration enum1 = req.getParameterNames(); boolean restart = false; @@ -202,14 +191,14 @@ public class KRAAdminServlet extends AdminServlet { if (key.equals(Constants.PR_NO_OF_REQUIRED_RECOVERY_AGENTS)) { try { - int number = Integer.parseInt(value); + int number = Integer.parseInt(value); mKRA.setNoOfRequiredAgents(number); } catch (NumberFormatException e) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_DRM, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); throw new EBaseException("Number of agents must be an integer"); @@ -220,10 +209,10 @@ public class KRAAdminServlet extends AdminServlet { commit(true); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_DRM, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java index 08d6fcf5..4dc862a5 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.IOException; import java.util.Enumeration; import java.util.Hashtable; @@ -45,13 +44,11 @@ import com.netscape.certsrv.logging.ILogSubsystem; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.logging.LogPlugin; - /** - * A class representings an administration servlet for logging - * subsystem. This servlet is responsible to serve - * logging administrative operation such as configuration - * parameter updates and log retriever. - * + * A class representings an administration servlet for logging subsystem. This + * servlet is responsible to serve logging administrative operation such as + * configuration parameter updates and log retriever. + * * @version $Revision$, $Date$ */ public class LogAdminServlet extends AdminServlet { @@ -70,11 +67,11 @@ public class LogAdminServlet extends AdminServlet { private final static String SIGNED_AUDIT_LOG_TYPE = "SignedAudit"; private final static String LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT = - "LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT_3"; + "LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT_3"; private final static String LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE = - "LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE_4"; + "LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE_4"; private final static String LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE = - "LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE_4"; + "LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE_4"; /** * Constructs Log servlet. @@ -114,15 +111,15 @@ public class LogAdminServlet extends AdminServlet { * Serves HTTP admin request. */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { super.service(req, resp); String op = req.getParameter(Constants.OP_TYPE); if (op == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), + null, resp); return; } @@ -138,8 +135,8 @@ public class LogAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } try { @@ -155,8 +152,8 @@ public class LogAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } @@ -169,17 +166,17 @@ public class LogAdminServlet extends AdminServlet { } else if (scope.equals(ScopeDef.SC_GENERAL)) { getGeneralConfig(req, resp); } else { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else if (op.equals(OpDef.OP_DELETE)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } @@ -190,17 +187,17 @@ public class LogAdminServlet extends AdminServlet { delLogInst(req, resp, scope); return; } else { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else if (op.equals(OpDef.OP_ADD)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } @@ -211,9 +208,9 @@ public class LogAdminServlet extends AdminServlet { addLogInst(req, resp, scope); return; } else { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else if (op.equals(OpDef.OP_MODIFY)) { @@ -221,8 +218,8 @@ public class LogAdminServlet extends AdminServlet { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } @@ -232,17 +229,17 @@ public class LogAdminServlet extends AdminServlet { } else if (scope.equals(ScopeDef.SC_GENERAL)) { setGeneralConfig(req, resp); } else { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else if (op.equals(OpDef.OP_SEARCH)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_LOG_IMPLS)) { @@ -268,13 +265,13 @@ public class LogAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } ILogEventListener loginst = - mSys.getLogInstance(instName); + mSys.getLogInstance(instName); if (loginst != null) { NameValuePairs nvps = loginst.retrieveLogContent(toHashtable(req)); @@ -296,12 +293,12 @@ public class LogAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } ILogEventListener loginst = - mSys.getLogInstance(instName); + mSys.getLogInstance(instName); if (loginst != null) { NameValuePairs nvps = loginst.retrieveLogList(toHashtable(req)); @@ -310,15 +307,15 @@ public class LogAdminServlet extends AdminServlet { } return; } else { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } else { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), + null, resp); return; } } @@ -329,15 +326,15 @@ public class LogAdminServlet extends AdminServlet { System.out.println("XXX >>>" + e.toString() + "<<<"); e.printStackTrace(); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), + null, resp); } return; } - private synchronized void listLogInsts(HttpServletRequest req, - HttpServletResponse resp, boolean all) throws ServletException, + private synchronized void listLogInsts(HttpServletRequest req, + HttpServletResponse resp, boolean all) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -351,9 +348,9 @@ public class LogAdminServlet extends AdminServlet { if (value == null) continue; String pName = mSys.getLogPluginName(value); - LogPlugin pClass = (LogPlugin) - mSys.getLogPlugins().get(pName); - String c = pClass.getClassPath(); + LogPlugin pClass = (LogPlugin) + mSys.getLogPlugins().get(pName); + String c = pClass.getClassPath(); // not show ntEventlog here if (all || (!all && !c.endsWith("NTEventLog"))) @@ -363,12 +360,12 @@ public class LogAdminServlet extends AdminServlet { return; } - /** - * retrieve extended plugin info such as brief description, type info - * from logging + /** + * retrieve extended plugin info such as brief description, type info from + * logging */ private void getExtendedPluginInfo(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); @@ -381,10 +378,10 @@ public class LogAdminServlet extends AdminServlet { sendResponse(SUCCESS, null, params, resp); } - private NameValuePairs getExtendedPluginInfo(Locale locale, String implType, String implName) { - IExtendedPluginInfo ext_info = null; + private NameValuePairs getExtendedPluginInfo(Locale locale, String implType, String implName) { + IExtendedPluginInfo ext_info = null; Object impl = null; - LogPlugin lp = (LogPlugin) mSys.getLogPlugins().get(implName); + LogPlugin lp = (LogPlugin) mSys.getLogPlugins().get(implName); if (lp != null) { impl = getClassByNameAsExtendedPluginInfo(lp.getClassPath()); @@ -410,11 +407,12 @@ public class LogAdminServlet extends AdminServlet { /** * Add log plug-in * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when * configuring signedAudit * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of the log's substore @@ -423,9 +421,9 @@ public class LogAdminServlet extends AdminServlet { * @exception EBaseException an error has occurred */ @SuppressWarnings("unchecked") - private synchronized void addLogPlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void addLogPlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -443,7 +441,7 @@ public class LogAdminServlet extends AdminServlet { } if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { @@ -457,8 +455,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -476,8 +474,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ILL_PLUGIN_ID", id)).toString(), - null, resp); + new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_ILL_PLUGIN_ID", id)).toString(), + null, resp); return; } @@ -496,8 +494,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_NULL_CLASS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_NULL_CLASS"), + null, resp); return; } @@ -505,7 +503,7 @@ public class LogAdminServlet extends AdminServlet { destStore = mConfig.getSubStore("log"); IConfigStore instancesConfig = - destStore.getSubStore("impl"); + destStore.getSubStore("impl"); // Does the class exist? Class<ILogEventListener> newImpl = null; @@ -525,8 +523,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_NO_CLASS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_NO_CLASS"), + null, resp); return; } catch (IllegalArgumentException e) { // store a message in the signed audit log file @@ -541,8 +539,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_NO_CLASS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_NO_CLASS"), + null, resp); return; } @@ -561,11 +559,12 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ILL_CLASS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_ILL_CLASS"), + null, resp); return; } - } catch (NullPointerException e) { // unlikely, only if newImpl null. + } catch (NullPointerException e) { // unlikely, only if newImpl + // null. // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( @@ -578,8 +577,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ILL_CLASS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_ILL_CLASS"), + null, resp); return; } @@ -591,7 +590,7 @@ public class LogAdminServlet extends AdminServlet { try { mConfig.commit(true); } catch (EBaseException e) { - //System.out.println("SRVLT_FAIL_COMMIT"); + // System.out.println("SRVLT_FAIL_COMMIT"); // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { @@ -605,8 +604,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -631,17 +630,17 @@ public class LogAdminServlet extends AdminServlet { sendResponse(SUCCESS, null, params, resp); return; // } catch( EBaseException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit1; + // // rethrow the specific exception to be handled later + // throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -655,17 +654,17 @@ public class LogAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } @@ -682,11 +681,12 @@ public class LogAdminServlet extends AdminServlet { /** * Add log instance * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when * configuring signedAudit * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of the log's substore @@ -694,9 +694,9 @@ public class LogAdminServlet extends AdminServlet { * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void addLogInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void addLogInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -726,8 +726,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -743,8 +743,8 @@ public class LogAdminServlet extends AdminServlet { audit(auditMessage); } - sendResponse(ERROR, "Invalid ID '" + id + "'", - null, resp); + sendResponse(ERROR, "Invalid ID '" + id + "'", + null, resp); return; } @@ -761,8 +761,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ILL_INST_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_ILL_INST_ID"), + null, resp); return; } @@ -783,15 +783,15 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ADD_MISSING_PARAMS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_ADD_MISSING_PARAMS"), + null, resp); return; } // check if implementation exists. LogPlugin plugin = - (LogPlugin) mSys.getLogPlugins().get( - implname); + (LogPlugin) mSys.getLogPlugins().get( + implname); if (plugin == null) { // store a message in the signed audit log file @@ -806,17 +806,17 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - new ELogPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_PLUGIN_NOT_FOUND",implname)).toString(), - null, resp); + new ELogPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_PLUGIN_NOT_FOUND", implname)).toString(), + null, resp); return; } Vector<String> configParams = mSys.getLogDefaultParams(implname); IConfigStore destStore = - mConfig.getSubStore("log"); + mConfig.getSubStore("log"); IConfigStore instancesConfig = - destStore.getSubStore("instance"); + destStore.getSubStore("instance"); IConfigStore substore = instancesConfig.makeSubStore(id); if (configParams != null) { @@ -826,17 +826,17 @@ public class LogAdminServlet extends AdminServlet { String val = req.getParameter(kv.substring(0, index)); if (val == null) { - substore.put(kv.substring(0, index), - kv.substring(index + 1)); + substore.put(kv.substring(0, index), + kv.substring(index + 1)); } else { - substore.put(kv.substring(0, index), - val); + substore.put(kv.substring(0, index), + val); } } } substore.put("pluginName", implname); - // Fix Blackflag Bug #615603: Currently, although expiring log + // Fix Blackflag Bug #615603: Currently, although expiring log // files is no longer supported, it is still a required parameter // that must be present during the creation and modification of // custom log plugins. @@ -864,8 +864,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), - null, resp); + new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), + null, resp); return; } catch (InstantiationException e) { instancesConfig.removeSubStore(id); @@ -882,8 +882,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), - null, resp); + new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { instancesConfig.removeSubStore(id); @@ -900,8 +900,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), - null, resp); + new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), + null, resp); return; } @@ -962,8 +962,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -988,17 +988,17 @@ public class LogAdminServlet extends AdminServlet { sendResponse(SUCCESS, null, params, resp); return; // } catch( EBaseException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit1; + // // rethrow the specific exception to be handled later + // throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -1012,42 +1012,42 @@ public class LogAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } - private synchronized void listLogPlugins(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void listLogPlugins(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration<String> e = mSys.getLogPlugins().keys(); while (e.hasMoreElements()) { String name = (String) e.nextElement(); - LogPlugin value = (LogPlugin) - mSys.getLogPlugins().get(name); + LogPlugin value = (LogPlugin) + mSys.getLogPlugins().get(name); // get Description - String c = value.getClassPath(); + String c = value.getClassPath(); String desc = "unknown"; try { ILogEventListener lp = (ILogEventListener) - Class.forName(c).newInstance(); + Class.forName(c).newInstance(); desc = lp.getDescription(); } catch (Exception exp) { - sendResponse(ERROR, exp.toString(), null, - resp); + sendResponse(ERROR, exp.toString(), null, + resp); return; } params.add(name, value.getClassPath() + "," + desc); @@ -1069,11 +1069,12 @@ public class LogAdminServlet extends AdminServlet { /** * Delete log instance * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when * configuring signedAudit * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of the log's substore @@ -1081,9 +1082,9 @@ public class LogAdminServlet extends AdminServlet { * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void delLogInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void delLogInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1102,7 +1103,7 @@ public class LogAdminServlet extends AdminServlet { } if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { @@ -1116,8 +1117,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -1135,31 +1136,31 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - new ELogNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_INSTANCE_NOT_FOUND",id)).toString(), - null, resp); + new ELogNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_INSTANCE_NOT_FOUND", id)).toString(), + null, resp); return; } // only remove from memory // cannot shutdown because we don't keep track of whether it's - // being used. + // being used. ILogEventListener logInst = (ILogEventListener) - mSys.getLogInstance(id); + mSys.getLogInstance(id); mSys.getLogInsts().remove((Object) id); // remove the configuration. IConfigStore destStore = - mConfig.getSubStore("log"); + mConfig.getSubStore("log"); IConfigStore instancesConfig = - destStore.getSubStore("instance"); + destStore.getSubStore("instance"); instancesConfig.removeSubStore(id); // commiting try { mConfig.commit(true); } catch (EBaseException e) { - //System.out.println("SRVLT_FAIL_COMMIT"); + // System.out.println("SRVLT_FAIL_COMMIT"); // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { @@ -1173,8 +1174,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -1192,17 +1193,17 @@ public class LogAdminServlet extends AdminServlet { sendResponse(SUCCESS, null, params, resp); return; // } catch( EBaseException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit1; + // // rethrow the specific exception to be handled later + // throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -1216,28 +1217,29 @@ public class LogAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } /** * Delete log plug-in * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when * configuring signedAudit * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of the log's substore @@ -1245,9 +1247,9 @@ public class LogAdminServlet extends AdminServlet { * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void delLogPlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void delLogPlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1266,7 +1268,7 @@ public class LogAdminServlet extends AdminServlet { } if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { @@ -1280,8 +1282,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -1298,15 +1300,14 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - new ELogPluginNotFound(CMS.getUserMessage(getLocale(req),"CMS_LOG_PLUGIN_NOT_FOUND",id)).toString(), - null, resp); + new ELogPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_PLUGIN_NOT_FOUND", id)).toString(), + null, resp); return; } // first check if any instances from this log // DON'T remove log if any instance - for (Enumeration<String> e = mSys.getLogInsts().keys(); - e.hasMoreElements();) { + for (Enumeration<String> e = mSys.getLogInsts().keys(); e.hasMoreElements();) { String name = (String) e.nextElement(); ILogEventListener log = mSys.getLogInstance(name); @@ -1323,19 +1324,19 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_IN_USE"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_IN_USE"), + null, resp); return; } } - + // then delete this log mSys.getLogPlugins().remove((Object) id); IConfigStore destStore = - mConfig.getSubStore("log"); + mConfig.getSubStore("log"); IConfigStore instancesConfig = - destStore.getSubStore("impl"); + destStore.getSubStore("impl"); instancesConfig.removeSubStore(id); // commiting @@ -1354,8 +1355,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -1373,17 +1374,17 @@ public class LogAdminServlet extends AdminServlet { sendResponse(SUCCESS, null, params, resp); return; // } catch( EBaseException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit1; + // // rethrow the specific exception to be handled later + // throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -1397,35 +1398,36 @@ public class LogAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } /** * Modify log instance * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when * configuring signedAudit * <li>signed.audit LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE used when log file - * name (including any path changes) for any of audit, system, transaction, + * name (including any path changes) for any of audit, system, transaction, * or other customized log file change is attempted (authorization should * not allow, but make sure it's written after the attempt) * <li>signed.audit LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE used when log * expiration time change is attempted (authorization should not allow, but * make sure it's written after the attempt) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of the log's substore @@ -1433,9 +1435,9 @@ public class LogAdminServlet extends AdminServlet { * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void modLogInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void modLogInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1476,7 +1478,7 @@ public class LogAdminServlet extends AdminServlet { } if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { @@ -1490,8 +1492,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -1509,8 +1511,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ILL_INST_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_ILL_INST_ID"), + null, resp); return; } @@ -1530,14 +1532,14 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ADD_MISSING_PARAMS"), + CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_ADD_MISSING_PARAMS"), - null, resp); + null, resp); return; } // get plugin for implementation LogPlugin plugin = - (LogPlugin) mSys.getLogPlugins().get(implname); + (LogPlugin) mSys.getLogPlugins().get(implname); if (plugin == null) { // store a message in the signed audit log file @@ -1552,14 +1554,14 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - new ELogPluginNotFound(CMS.getUserMessage(getLocale(req),"CMS_LOG_PLUGIN_NOT_FOUND",implname)).toString(), null, resp); + new ELogPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_PLUGIN_NOT_FOUND", implname)).toString(), null, resp); return; } // save old instance substore params in case new one fails. ILogEventListener oldinst = - (ILogEventListener) mSys.getLogInstance(id); + (ILogEventListener) mSys.getLogInstance(id); Vector<String> oldConfigParms = oldinst.getInstanceParams(); NameValuePairs saveParams = new NameValuePairs(); @@ -1571,7 +1573,7 @@ public class LogAdminServlet extends AdminServlet { int index = kv.indexOf('='); saveParams.add(kv.substring(0, index), - kv.substring(index + 1)); + kv.substring(index + 1)); } } @@ -1580,27 +1582,27 @@ public class LogAdminServlet extends AdminServlet { // remove old substore. IConfigStore destStore = - mConfig.getSubStore("log"); + mConfig.getSubStore("log"); IConfigStore instancesConfig = - destStore.getSubStore("instance"); + destStore.getSubStore("instance"); // create new substore. Vector<String> configParams = mSys.getLogInstanceParams(id); - //instancesConfig.removeSubStore(id); + // instancesConfig.removeSubStore(id); IConfigStore substore = instancesConfig.makeSubStore(id); substore.put("pluginName", implname); - // Fix Blackflag Bug #615603: Currently, although expiring log + // Fix Blackflag Bug #615603: Currently, although expiring log // files is no longer supported, it is still a required parameter // that must be present during the creation and modification of // custom log plugins. substore.put("expirationTime", "0"); - // IMPORTANT: save a copy of the original log file path + // IMPORTANT: save a copy of the original log file path origLogPath = substore.getString(Constants.PR_LOG_FILENAME); newLogPath = origLogPath; @@ -1612,7 +1614,7 @@ public class LogAdminServlet extends AdminServlet { newLogPath = ""; } - // IMPORTANT: save a copy of the original log expiration time + // IMPORTANT: save a copy of the original log expiration time origExpirationTime = substore.getString( Constants.PR_LOG_EXPIRED_TIME); newExpirationTime = origExpirationTime; @@ -1627,16 +1629,15 @@ public class LogAdminServlet extends AdminServlet { if (configParams != null) { for (int i = 0; i < configParams.size(); i++) { - AUTHZ_RES_NAME = + AUTHZ_RES_NAME = "certServer.log.configuration"; String kv = (String) configParams.elementAt(i); int index = kv.indexOf('='); String key = kv.substring(0, index); String val = req.getParameter(key); - if - (key.equals("level")) { - if (val.equals(ILogger.LL_DEBUG_STRING)) + if (key.equals("level")) { + if (val.equals(ILogger.LL_DEBUG_STRING)) val = "0"; else if (val.equals(ILogger.LL_INFO_STRING)) val = "1"; @@ -1653,9 +1654,8 @@ public class LogAdminServlet extends AdminServlet { } - if - (key.equals("rolloverInterval")) { - if (val.equals("Hourly")) + if (key.equals("rolloverInterval")) { + if (val.equals("Hourly")) val = Integer.toString(60 * 60); else if (val.equals("Daily")) val = Integer.toString(60 * 60 * 24); @@ -1667,8 +1667,7 @@ public class LogAdminServlet extends AdminServlet { val = Integer.toString(60 * 60 * 24 * 365); } - if - (key.equals(Constants.PR_LOG_TYPE)) { + if (key.equals(Constants.PR_LOG_TYPE)) { type = val; } @@ -1679,7 +1678,7 @@ public class LogAdminServlet extends AdminServlet { val = val.trim(); newLogPath = val; if (!val.equals(origVal.trim())) { - AUTHZ_RES_NAME = + AUTHZ_RES_NAME = "certServer.log.configuration.fileName"; mOp = "modify"; if ((mToken = super.authorize(req)) == null) { @@ -1709,58 +1708,45 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); - return; - } - } - } -/* - if (key.equals("expirationTime")) { - String origVal = substore.getString(key); - - val = val.trim(); - newExpirationTime = val; - if (!val.equals(origVal.trim())) { - if (id.equals(SIGNED_AUDIT_LOG_TYPE)) { - AUTHZ_RES_NAME = - "certServer.log.configuration.signedAudit.expirationTime"; - } - mOp = "modify"; - if ((mToken = super.authorize(req)) == null) { - // store a message in the signed audit log - // file (regardless of logType) - if (!(newExpirationTime.equals(origExpirationTime))) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, - auditSubjectID, - ILogger.FAILURE, - logType, - newExpirationTime); - - audit(auditMessage); - } - - // store a message in the signed audit log - // file - if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); - - audit(auditMessage); - } - - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } } } -*/ + /* + * if (key.equals("expirationTime")) { String origVal = + * substore.getString(key); + * + * val = val.trim(); newExpirationTime = val; if + * (!val.equals(origVal.trim())) { if + * (id.equals(SIGNED_AUDIT_LOG_TYPE)) { AUTHZ_RES_NAME = + * "certServer.log.configuration.signedAudit.expirationTime" + * ; } mOp = "modify"; if ((mToken = + * super.authorize(req)) == null) { // store a message + * in the signed audit log // file (regardless of + * logType) if + * (!(newExpirationTime.equals(origExpirationTime))) { + * auditMessage = CMS.getLogMessage( + * LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, + * auditSubjectID, ILogger.FAILURE, logType, + * newExpirationTime); + * + * audit(auditMessage); } + * + * // store a message in the signed audit log // file if + * (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { + * auditMessage = CMS.getLogMessage( + * LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + * auditSubjectID, ILogger.FAILURE, auditParams(req)); + * + * audit(auditMessage); } + * + * sendResponse(ERROR, + * CMS.getUserMessage(getLocale(req), + * "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; + * } } } + */ substore.put(key, val); } } @@ -1772,7 +1758,7 @@ public class LogAdminServlet extends AdminServlet { ILogEventListener newMgrInst = null; try { - newMgrInst = (ILogEventListener) + newMgrInst = (ILogEventListener) Class.forName(className).newInstance(); } catch (ClassNotFoundException e) { // check to see if the log file path parameter was changed @@ -1800,16 +1786,13 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file // (regardless of logType) /* - if (!(newExpirationTime.equals(origExpirationTime))) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, - auditSubjectID, - ILogger.FAILURE, - logType, - newExpirationTime); - - audit(auditMessage); - }*/ + * if (!(newExpirationTime.equals(origExpirationTime))) { + * auditMessage = CMS.getLogMessage( + * LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, auditSubjectID, + * ILogger.FAILURE, logType, newExpirationTime); + * + * audit(auditMessage); } + */ // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { @@ -1823,15 +1806,15 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), - null, resp); + new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), + null, resp); return; } catch (InstantiationException e) { // check to see if the log file path parameter was changed newLogPath = auditCheckLogPath(req); // check to see if the log expiration time parameter was changed - //newExpirationTime = auditCheckLogExpirationTime(req); + // newExpirationTime = auditCheckLogExpirationTime(req); restore(instancesConfig, id, saveParams); @@ -1850,16 +1833,14 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file // (regardless of logType) - /*if (!(newExpirationTime.equals(origExpirationTime))) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, - auditSubjectID, - ILogger.FAILURE, - logType, - newExpirationTime); - - audit(auditMessage); - }*/ + /* + * if (!(newExpirationTime.equals(origExpirationTime))) { + * auditMessage = CMS.getLogMessage( + * LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, auditSubjectID, + * ILogger.FAILURE, logType, newExpirationTime); + * + * audit(auditMessage); } + */ // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { @@ -1873,15 +1854,15 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), - null, resp); + new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { // check to see if the log file path parameter was changed newLogPath = auditCheckLogPath(req); // check to see if the log expiration time parameter was changed - //newExpirationTime = auditCheckLogExpirationTime(req); + // newExpirationTime = auditCheckLogExpirationTime(req); restore(instancesConfig, id, saveParams); @@ -1900,16 +1881,14 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file // (regardless of logType) - /* if (!(newExpirationTime.equals(origExpirationTime))) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, - auditSubjectID, - ILogger.FAILURE, - logType, - newExpirationTime); - - audit(auditMessage); - } */ + /* + * if (!(newExpirationTime.equals(origExpirationTime))) { + * auditMessage = CMS.getLogMessage( + * LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, auditSubjectID, + * ILogger.FAILURE, logType, newExpirationTime); + * + * audit(auditMessage); } + */ // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { @@ -1923,13 +1902,13 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), - null, resp); + new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), + null, resp); return; } // initialize the log - // initialized ok. commiting + // initialized ok. commiting try { mConfig.commit(true); } catch (EBaseException e) { @@ -1941,7 +1920,7 @@ public class LogAdminServlet extends AdminServlet { // clean up. restore(instancesConfig, id, saveParams); - //System.out.println("SRVLT_FAIL_COMMIT"); + // System.out.println("SRVLT_FAIL_COMMIT"); // store a message in the signed audit log file // (regardless of logType) @@ -1958,16 +1937,14 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file // (regardless of logType) - /* if (!(newExpirationTime.equals(origExpirationTime))) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, - auditSubjectID, - ILogger.FAILURE, - logType, - newExpirationTime); - - audit(auditMessage); - }*/ + /* + * if (!(newExpirationTime.equals(origExpirationTime))) { + * auditMessage = CMS.getLogMessage( + * LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, auditSubjectID, + * ILogger.FAILURE, logType, newExpirationTime); + * + * audit(auditMessage); } + */ // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { @@ -1981,18 +1958,19 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } // commited ok. replace instance. - // REMOVED - we didn't do anything to shut off the old instance - // so, it will still be running at this point. You'd have two - // log isntances writing to the same file - this would be a big PROBLEM!!! + // REMOVED - we didn't do anything to shut off the old instance + // so, it will still be running at this point. You'd have two + // log isntances writing to the same file - this would be a big + // PROBLEM!!! - //mSys.getLogInsts().put(id, newMgrInst); + // mSys.getLogInsts().put(id, newMgrInst); NameValuePairs params = new NameValuePairs(); @@ -2000,7 +1978,7 @@ public class LogAdminServlet extends AdminServlet { newLogPath = auditCheckLogPath(req); // check to see if the log expiration time parameter was changed - //newExpirationTime = auditCheckLogExpirationTime(req); + // newExpirationTime = auditCheckLogExpirationTime(req); // store a message in the signed audit log file // (regardless of logType) @@ -2017,16 +1995,14 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file // (regardless of logType) - /*if (!(newExpirationTime.equals(origExpirationTime))) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, - auditSubjectID, - ILogger.SUCCESS, - logType, - newExpirationTime); - - audit(auditMessage); - }*/ + /* + * if (!(newExpirationTime.equals(origExpirationTime))) { + * auditMessage = CMS.getLogMessage( + * LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, auditSubjectID, + * ILogger.SUCCESS, logType, newExpirationTime); + * + * audit(auditMessage); } + */ // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { @@ -2063,16 +2039,14 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file // (regardless of logType) - /* if (!(newExpirationTime.equals(origExpirationTime))) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, - auditSubjectID, - ILogger.FAILURE, - logType, - newExpirationTime); - - audit(auditMessage); - } */ + /* + * if (!(newExpirationTime.equals(origExpirationTime))) { + * auditMessage = CMS.getLogMessage( + * LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, auditSubjectID, + * ILogger.FAILURE, logType, newExpirationTime); + * + * audit(auditMessage); } + */ // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { @@ -2109,16 +2083,14 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file // (regardless of logType) - /*if (!(newExpirationTime.equals(origExpirationTime))) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, - auditSubjectID, - ILogger.FAILURE, - logType, - newExpirationTime); - - audit(auditMessage); - }*/ + /* + * if (!(newExpirationTime.equals(origExpirationTime))) { + * auditMessage = CMS.getLogMessage( + * LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, auditSubjectID, + * ILogger.FAILURE, logType, newExpirationTime); + * + * audit(auditMessage); } + */ // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { @@ -2134,74 +2106,73 @@ public class LogAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // check to see if the log file path parameter was changed - // newLogPath = auditCheckLogPath( req ); + // // check to see if the log file path parameter was changed + // newLogPath = auditCheckLogPath( req ); // - // // check to see if the log expiration time parameter was changed - // newExpirationTime = auditCheckLogExpirationTime( req ); + // // check to see if the log expiration time parameter was changed + // newExpirationTime = auditCheckLogExpirationTime( req ); // - // // store a message in the signed audit log file - // // (regardless of logType) - // if( !( newLogPath.equals( origLogPath ) ) ) { - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE, - // auditSubjectID, - // ILogger.FAILURE, - // logType, - // newLogPath ); + // // store a message in the signed audit log file + // // (regardless of logType) + // if( !( newLogPath.equals( origLogPath ) ) ) { + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE, + // auditSubjectID, + // ILogger.FAILURE, + // logType, + // newLogPath ); // - // audit( auditMessage ); - // } + // audit( auditMessage ); + // } // - // // store a message in the signed audit log file - // // (regardless of logType) - // if( !( newExpirationTime.equals( origExpirationTime ) ) ) { - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, - // auditSubjectID, - // ILogger.FAILURE, - // logType, - // newExpirationTime ); + // // store a message in the signed audit log file + // // (regardless of logType) + // if( !( newExpirationTime.equals( origExpirationTime ) ) ) { + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, + // auditSubjectID, + // ILogger.FAILURE, + // logType, + // newExpirationTime ); // - // audit( auditMessage ); - // } + // audit( auditMessage ); + // } // - // // store a message in the signed audit log file - // if( logType.equals( SIGNED_AUDIT_LOG_TYPE ) ) { - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // if( logType.equals( SIGNED_AUDIT_LOG_TYPE ) ) { + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); - // } + // audit( auditMessage ); + // } // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } /** - * used for getting the required configuration parameters (with - * possible default values) for a particular plugin - * implementation name specified in the RS_ID. Actually, there is - * no logic in here to set any default value here...there's no - * default value for any parameter in this log subsystem - * at this point. Later, if we do have one (or some), it can be - * added. The interface remains the same. + * used for getting the required configuration parameters (with possible + * default values) for a particular plugin implementation name specified in + * the RS_ID. Actually, there is no logic in here to set any default value + * here...there's no default value for any parameter in this log subsystem + * at this point. Later, if we do have one (or some), it can be added. The + * interface remains the same. */ - private synchronized void getConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private synchronized void getConfig(HttpServletRequest req, + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String implname = req.getParameter(Constants.RS_ID); if (implname == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -2218,8 +2189,8 @@ public class LogAdminServlet extends AdminServlet { if (index == -1) { params.add(kv, ""); } else { - params.add(kv.substring(0, index), - kv.substring(index + 1)); + params.add(kv.substring(0, index), + kv.substring(index + 1)); } } } @@ -2227,43 +2198,43 @@ public class LogAdminServlet extends AdminServlet { return; } - private synchronized void getInstConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void getInstConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // does log instance exist? if (mSys.getLogInsts().containsKey(id) == false) { sendResponse(ERROR, - new ELogNotFound(CMS.getUserMessage(getLocale(req),"CMS_LOG_INSTANCE_NOT_FOUND",id)).toString(), - null, resp); + new ELogNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_INSTANCE_NOT_FOUND", id)).toString(), + null, resp); return; } ILogEventListener logInst = (ILogEventListener) - mSys.getLogInstance(id); + mSys.getLogInstance(id); Vector<String> configParams = logInst.getInstanceParams(); NameValuePairs params = new NameValuePairs(); - params.add(Constants.PR_LOG_IMPL_NAME, - getLogPluginName(logInst)); + params.add(Constants.PR_LOG_IMPL_NAME, + getLogPluginName(logInst)); // implName is always required so always send it. if (configParams != null) { for (int i = 0; i < configParams.size(); i++) { String kv = (String) configParams.elementAt(i); int index = kv.indexOf('='); - params.add(kv.substring(0, index), - kv.substring(index + 1)); + params.add(kv.substring(0, index), + kv.substring(index + 1)); } } @@ -2272,8 +2243,8 @@ public class LogAdminServlet extends AdminServlet { } // convenience routine. - private static void restore(IConfigStore store, - String id, NameValuePairs saveParams) { + private static void restore(IConfigStore store, + String id, NameValuePairs saveParams) { store.removeSubStore(id); IConfigStore rstore = store.makeSubStore(id); @@ -2283,17 +2254,17 @@ public class LogAdminServlet extends AdminServlet { String key = (String) keys.nextElement(); String value = saveParams.getValue(key); - if (value != null) + if (value != null) rstore.put(key, value); } } /** * Signed Audit Check Log Path - * + * * This method is called to extract the log file path. * <P> - * + * * @param req http servlet request * @return a string containing the log file path */ @@ -2311,7 +2282,7 @@ public class LogAdminServlet extends AdminServlet { } private void getGeneralConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -2327,11 +2298,11 @@ public class LogAdminServlet extends AdminServlet { } private void setGeneralConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { @SuppressWarnings("unchecked") - Enumeration<String> enum1 = req.getParameterNames(); + Enumeration<String> enum1 = req.getParameterNames(); boolean restart = false; while (enum1.hasMoreElements()) { @@ -2353,7 +2324,7 @@ public class LogAdminServlet extends AdminServlet { CMS.debug("setGeneralConfig: Invalid value for " + Constants.PR_DEBUG_LOG_LEVEL + ": " + value); throw new EBaseException("Invalid value for " + Constants.PR_DEBUG_LOG_LEVEL); } - } + } } mConfig.commit(true); @@ -2365,4 +2336,3 @@ public class LogAdminServlet extends AdminServlet { } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/OCSPAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/OCSPAdminServlet.java index 152b364f..263878f0 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/OCSPAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/OCSPAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -39,13 +38,11 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.ocsp.IOCSPAuthority; import com.netscape.certsrv.ocsp.IOCSPStore; - /** - * A class representings an administration servlet for Certificate - * Authority. This servlet is responsible to serve OCSP - * administrative operations such as configuration parameter - * updates. - * + * A class representings an administration servlet for Certificate Authority. + * This servlet is responsible to serve OCSP administrative operations such as + * configuration parameter updates. + * * @version $Revision$, $Date$ */ public class OCSPAdminServlet extends AdminServlet { @@ -60,7 +57,7 @@ public class OCSPAdminServlet extends AdminServlet { private final static String INFO = "OCSPAdminServlet"; private final static String LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE = - "LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE_3"; + "LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE_3"; private IOCSPAuthority mOCSP = null; @@ -84,33 +81,33 @@ public class OCSPAdminServlet extends AdminServlet { } /** - * Serves HTTP request. Each request is authenticated to - * the authenticate manager. + * Serves HTTP request. Each request is authenticated to the authenticate + * manager. */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { super.service(req, resp); - - //get all operational flags + + // get all operational flags String op = req.getParameter(Constants.OP_TYPE); String scope = req.getParameter(Constants.OP_SCOPE); - //check operational flags + // check operational flags if ((op == null) || (scope == null)) { sendResponse(1, "Invalid Protocol", null, resp); return; - } + } super.authenticate(req); - + try { AUTHZ_RES_NAME = "certServer.ocsp.configuration"; if (scope.equals(ScopeDef.SC_EXTENDED_PLUGIN_INFO)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } try { @@ -126,8 +123,8 @@ public class OCSPAdminServlet extends AdminServlet { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } setDefaultStore(req, resp); @@ -139,8 +136,8 @@ public class OCSPAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_GENERAL)) { @@ -154,8 +151,8 @@ public class OCSPAdminServlet extends AdminServlet { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_GENERAL)) { @@ -169,8 +166,8 @@ public class OCSPAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_OCSPSTORES_RULES)) { @@ -185,11 +182,11 @@ public class OCSPAdminServlet extends AdminServlet { } /** - * retrieve extended plugin info such as brief description, - * type info from CRL extensions + * retrieve extended plugin info such as brief description, type info from + * CRL extensions */ private void getExtendedPluginInfo(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); int colon = id.indexOf(':'); @@ -198,7 +195,7 @@ public class OCSPAdminServlet extends AdminServlet { String implName = id.substring(colon + 1); NameValuePairs params = - getExtendedPluginInfo(getLocale(req), implType, implName); + getExtendedPluginInfo(getLocale(req), implType, implName); sendResponse(SUCCESS, null, params, resp); } @@ -229,12 +226,13 @@ public class OCSPAdminServlet extends AdminServlet { /** * Set default OCSP store * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE used when * configuring OCSP profile (everything under Online Certificate Status * Manager) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred @@ -242,8 +240,8 @@ public class OCSPAdminServlet extends AdminServlet { * @exception EBaseException an error has occurred */ private void setDefaultStore(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -253,7 +251,7 @@ public class OCSPAdminServlet extends AdminServlet { String id = req.getParameter(Constants.RS_ID); mOCSP.getConfigStore().putString(IOCSPAuthority.PROP_DEF_STORE_ID, - id); + id); commit(true); // store a message in the signed audit log file @@ -291,23 +289,23 @@ public class OCSPAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } private void getOCSPStoresConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); IOCSPStore store = mOCSP.getOCSPStore(id); @@ -319,12 +317,13 @@ public class OCSPAdminServlet extends AdminServlet { /** * Set OCSP store configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE used when * configuring OCSP profile (everything under Online Certificate Status * Manager) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred @@ -332,8 +331,8 @@ public class OCSPAdminServlet extends AdminServlet { * @exception EBaseException an error has occurred */ private void setOCSPStoresConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -403,23 +402,23 @@ public class OCSPAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } private void listOCSPStoresConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); IConfigStore config = mOCSP.getConfigStore(); String defStore = config.getString(IOCSPAuthority.PROP_DEF_STORE_ID); @@ -439,7 +438,7 @@ public class OCSPAdminServlet extends AdminServlet { } private void getGeneralConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -451,7 +450,7 @@ public class OCSPAdminServlet extends AdminServlet { private void getSigningAlgConfig(NameValuePairs params) { params.add(Constants.PR_DEFAULT_ALGORITHM, - mOCSP.getDefaultAlgorithm()); + mOCSP.getDefaultAlgorithm()); String[] algorithms = mOCSP.getOCSPSigningAlgorithms(); StringBuffer algorStr = new StringBuffer(); @@ -460,7 +459,7 @@ public class OCSPAdminServlet extends AdminServlet { algorStr.append(algorithms[i]); else algorStr.append(":"); - algorStr.append(algorithms[i]); + algorStr.append(algorithms[i]); } params.add(Constants.PR_ALL_ALGORITHMS, algorStr.toString()); } @@ -468,12 +467,13 @@ public class OCSPAdminServlet extends AdminServlet { /** * Set general OCSP configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE used when * configuring OCSP profile (everything under Online Certificate Status * Manager) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred @@ -481,7 +481,7 @@ public class OCSPAdminServlet extends AdminServlet { * @exception EBaseException an error has occurred */ private void setGeneralConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String auditMessage = null; @@ -538,7 +538,7 @@ public class OCSPAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; - + } } -} +} diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/PolicyAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/PolicyAdminServlet.java index 10a768a2..2216c2c3 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/PolicyAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/PolicyAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.IOException; import java.util.Enumeration; import java.util.Hashtable; @@ -44,14 +43,12 @@ import com.netscape.certsrv.policy.IPolicyProcessor; import com.netscape.certsrv.policy.IPolicyRule; import com.netscape.certsrv.ra.IRegistrationAuthority; - /** * This class is an administration servlet for policy management. - * - * Each service (CA, KRA, RA) should be responsible - * for registering an instance of this with the remote - * administration subsystem. - * + * + * Each service (CA, KRA, RA) should be responsible for registering an instance + * of this with the remote administration subsystem. + * * @version $Revision$, $Date$ */ public class PolicyAdminServlet extends AdminServlet { @@ -63,8 +60,8 @@ public class PolicyAdminServlet extends AdminServlet { public final static String PROP_AUTHORITY = "authority"; private final static String INFO = "PolicyAdminServlet"; - private final static String PW_PASSWORD_CACHE_ADD = - "PASSWORD_CACHE_ADD"; + private final static String PW_PASSWORD_CACHE_ADD = + "PASSWORD_CACHE_ADD"; public final static String PROP_PREDICATE = "predicate"; private IPolicyProcessor mProcessor = null; @@ -85,7 +82,7 @@ public class PolicyAdminServlet extends AdminServlet { public static String MISSING_POLICY_ORDERING = "Missing policy ordering"; private final static String LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY = - "LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY_3"; + "LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY_3"; /** * Constructs administration servlet. @@ -102,7 +99,7 @@ public class PolicyAdminServlet extends AdminServlet { String authority = config.getInitParameter(PROP_AUTHORITY); String policyStatus = null; - CMS.debug( "PolicyAdminServlet: In Policy Admin Servlet init!" ); + CMS.debug("PolicyAdminServlet: In Policy Admin Servlet init!"); // CMS 6.1 began utilizing the "Certificate Profiles" framework // instead of the legacy "Certificate Policies" framework. @@ -112,22 +109,22 @@ public class PolicyAdminServlet extends AdminServlet { // that this legacy "Certificate Policies" framework would be // deprecated and disabled by default (see Bugzilla Bug #472597). // - // NOTE: The "Certificate Policies" framework ONLY applied to - // to CA, KRA, and legacy RA (pre-CMS 7.0) subsystems. + // NOTE: The "Certificate Policies" framework ONLY applied to + // to CA, KRA, and legacy RA (pre-CMS 7.0) subsystems. // - // Further, the "PolicyAdminServlet.java" servlet is ONLY used - // by the CA Console for the following: + // Further, the "PolicyAdminServlet.java" servlet is ONLY used + // by the CA Console for the following: // - // SERVLET-NAME URL-PATTERN - // ==================================================== - // capolicy ca/capolicy + // SERVLET-NAME URL-PATTERN + // ==================================================== + // capolicy ca/capolicy // - // Finally, the "PolicyAdminServlet.java" servlet is ONLY used - // by the KRA Console for the following: + // Finally, the "PolicyAdminServlet.java" servlet is ONLY used + // by the KRA Console for the following: // - // SERVLET-NAME URL-PATTERN - // ==================================================== - // krapolicy kra/krapolicy + // SERVLET-NAME URL-PATTERN + // ==================================================== + // krapolicy kra/krapolicy // if (authority != null) mAuthority = (IAuthority) CMS.getSubsystem(authority); @@ -138,28 +135,28 @@ public class PolicyAdminServlet extends AdminServlet { policyStatus = ICertificateAuthority.ID + "." + "Policy" + "." + IPolicyProcessor.PROP_ENABLE; - if( mConfig.getBoolean( policyStatus, true ) == true ) { - // NOTE: If "ca.Policy.enable=<boolean>" is missing, - // then the referenced instance existed prior - // to this name=value pair existing in its - // 'CS.cfg' file, and thus we err on the - // side that the user may still need to - // use the policy framework. - CMS.debug( "PolicyAdminServlet::init " + if (mConfig.getBoolean(policyStatus, true) == true) { + // NOTE: If "ca.Policy.enable=<boolean>" is missing, + // then the referenced instance existed prior + // to this name=value pair existing in its + // 'CS.cfg' file, and thus we err on the + // side that the user may still need to + // use the policy framework. + CMS.debug("PolicyAdminServlet::init " + "Certificate Policy Framework (deprecated) " - + "is ENABLED" ); + + "is ENABLED"); } else { - // CS 8.1 Default: ca.Policy.enable=false - CMS.debug( "PolicyAdminServlet::init " + // CS 8.1 Default: ca.Policy.enable=false + CMS.debug("PolicyAdminServlet::init " + "Certificate Policy Framework (deprecated) " - + "is DISABLED" ); - return; + + "is DISABLED"); + return; } - } catch( EBaseException e ) { - throw new ServletException( authority + } catch (EBaseException e) { + throw new ServletException(authority + " does not have a " + "master policy switch called '" - + policyStatus + "'" ); + + policyStatus + "'"); } } else if (mAuthority instanceof IRegistrationAuthority) { // this refers to the legacy RA (pre-CMS 7.0) @@ -167,34 +164,34 @@ public class PolicyAdminServlet extends AdminServlet { } else if (mAuthority instanceof IKeyRecoveryAuthority) { mProcessor = ((IKeyRecoveryAuthority) mAuthority).getPolicyProcessor(); try { - policyStatus = IKeyRecoveryAuthority.ID + policyStatus = IKeyRecoveryAuthority.ID + "." + "Policy" + "." + IPolicyProcessor.PROP_ENABLE; - if( mConfig.getBoolean( policyStatus, true ) == true ) { - // NOTE: If "kra.Policy.enable=<boolean>" is missing, - // then the referenced instance existed prior - // to this name=value pair existing in its - // 'CS.cfg' file, and thus we err on the - // side that the user may still need to - // use the policy framework. - CMS.debug( "PolicyAdminServlet::init " + if (mConfig.getBoolean(policyStatus, true) == true) { + // NOTE: If "kra.Policy.enable=<boolean>" is missing, + // then the referenced instance existed prior + // to this name=value pair existing in its + // 'CS.cfg' file, and thus we err on the + // side that the user may still need to + // use the policy framework. + CMS.debug("PolicyAdminServlet::init " + "Certificate Policy Framework (deprecated) " - + "is ENABLED" ); + + "is ENABLED"); } else { - // CS 8.1 Default: kra.Policy.enable=false - CMS.debug( "PolicyAdminServlet::init " + // CS 8.1 Default: kra.Policy.enable=false + CMS.debug("PolicyAdminServlet::init " + "Certificate Policy Framework (deprecated) " - + "is DISABLED" ); - return; + + "is DISABLED"); + return; } - } catch( EBaseException e ) { - throw new ServletException( authority + } catch (EBaseException e) { + throw new ServletException(authority + " does not have a " + "master policy switch called '" - + policyStatus + "'" ); + + policyStatus + "'"); } - } else - throw new ServletException(authority + " does not have policy processor!"); + } else + throw new ServletException(authority + " does not have policy processor!"); } /** @@ -204,15 +201,15 @@ public class PolicyAdminServlet extends AdminServlet { return INFO; } - /** - * retrieve extended plugin info such as brief description, type info - * from policy, authentication, - * need to add: listener, mapper and publishing plugins + /** + * retrieve extended plugin info such as brief description, type info from + * policy, authentication, need to add: listener, mapper and publishing + * plugins */ private void getExtendedPluginInfo(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { - + if (!readAuthorize(req, resp)) return; String id = req.getParameter(Constants.RS_ID); @@ -248,27 +245,27 @@ public class PolicyAdminServlet extends AdminServlet { ext_info = (IExtendedPluginInfo) impl; } } - + NameValuePairs nvps = null; - + if (ext_info == null) { nvps = new NameValuePairs(); } else { nvps = convertStringArrayToNVPairs(ext_info.getExtendedPluginInfo(locale)); } - + return nvps; } public NameValuePairs getExtendedPluginInfo(Locale locale, String pluginType, - String implName, - String instName) { + String implName, + String instName) { IExtendedPluginInfo ext_info = null; Object impl = null; IPolicyRule policy = mProcessor.getPolicyInstance(instName); - + impl = policy; if (impl == null) { impl = mProcessor.getPolicyImpl(implName); @@ -313,8 +310,8 @@ public class PolicyAdminServlet extends AdminServlet { * Serves HTTP admin request. */ public void service(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { super.service(req, resp); super.authenticate(req); @@ -332,30 +329,30 @@ public class PolicyAdminServlet extends AdminServlet { } catch (EBaseException e) { sendResponse(ERROR, e.toString(getLocale(req)), null, resp); return; - } + } } else sendResponse(ERROR, INVALID_POLICY_SCOPE, null, resp); } - private boolean readAuthorize(HttpServletRequest req, - HttpServletResponse resp) throws IOException { + private boolean readAuthorize(HttpServletRequest req, + HttpServletResponse resp) throws IOException { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return false; } return true; } - private boolean modifyAuthorize(HttpServletRequest req, - HttpServletResponse resp) throws IOException { + private boolean modifyAuthorize(HttpServletRequest req, + HttpServletResponse resp) throws IOException { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return false; } return true; @@ -365,8 +362,8 @@ public class PolicyAdminServlet extends AdminServlet { * Process Policy Implementation Management. */ public void processPolicyImplMgmt(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); @@ -388,12 +385,12 @@ public class PolicyAdminServlet extends AdminServlet { addPolicyImpl(req, resp); } else sendResponse(ERROR, INVALID_POLICY_IMPL_OP, - null, resp); + null, resp); } public void processPolicyRuleMgmt(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); @@ -424,17 +421,17 @@ public class PolicyAdminServlet extends AdminServlet { modifyPolicyInstance(req, resp); } else sendResponse(ERROR, INVALID_POLICY_IMPL_OP, - null, resp); + null, resp); } public void listPolicyImpls(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { Enumeration policyImplNames = mProcessor.getPolicyImplsInfo(); Enumeration policyImpls = mProcessor.getPolicyImpls(); if (policyImplNames == null || - policyImpls == null) { + policyImpls == null) { sendResponse(ERROR, INVALID_POLICY_IMPL_CONFIG, null, resp); return; } @@ -443,12 +440,12 @@ public class PolicyAdminServlet extends AdminServlet { NameValuePairs nvp = new NameValuePairs(); while (policyImplNames.hasMoreElements() && - policyImpls.hasMoreElements()) { + policyImpls.hasMoreElements()) { String id = (String) policyImplNames.nextElement(); IPolicyRule impl = (IPolicyRule) - policyImpls.nextElement(); + policyImpls.nextElement(); String className = - impl.getClass().getName(); + impl.getClass().getName(); String desc = impl.getDescription(); nvp.add(id, className + "," + desc); @@ -457,8 +454,8 @@ public class PolicyAdminServlet extends AdminServlet { } public void listPolicyInstances(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { Enumeration instancesInfo = mProcessor.getPolicyInstancesInfo(); if (instancesInfo == null) { @@ -475,7 +472,7 @@ public class PolicyAdminServlet extends AdminServlet { int i = info.indexOf(";"); nvp.add(info.substring(0, i), info.substring(i + 1)); - + } sendResponse(SUCCESS, null, nvp, resp); } @@ -483,19 +480,20 @@ public class PolicyAdminServlet extends AdminServlet { /** * Delete policy implementation * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when * configuring cert policy constraints and extensions * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void deletePolicyImpl(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -533,7 +531,7 @@ public class PolicyAdminServlet extends AdminServlet { sendResponse(SUCCESS, null, null, resp); } catch (Exception e) { - //e.printStackTrace(); + // e.printStackTrace(); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -559,23 +557,23 @@ public class PolicyAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } public void getPolicyImplConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get the policy impl id. String id = req.getParameter(Constants.RS_ID); @@ -604,19 +602,20 @@ public class PolicyAdminServlet extends AdminServlet { /** * Add policy implementation * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when * configuring cert policy constraints and extensions * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void addPolicyImpl(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -693,36 +692,37 @@ public class PolicyAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Delete policy instance * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when * configuring cert policy constraints and extensions * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void deletePolicyInstance(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -760,7 +760,7 @@ public class PolicyAdminServlet extends AdminServlet { sendResponse(SUCCESS, null, null, resp); } catch (Exception e) { - //e.printStackTrace(); + // e.printStackTrace(); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -786,23 +786,23 @@ public class PolicyAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } public void getPolicyInstanceConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get the policy rule id. String id = req.getParameter(Constants.RS_ID).trim(); @@ -836,7 +836,7 @@ public class PolicyAdminServlet extends AdminServlet { } public void - putUserPWPair(String combo) { + putUserPWPair(String combo) { int semicolon; semicolon = combo.indexOf(";"); @@ -849,19 +849,20 @@ public class PolicyAdminServlet extends AdminServlet { /** * Add policy instance * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when * configuring cert policy constraints and extensions * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void addPolicyInstance(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -988,36 +989,37 @@ public class PolicyAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Change ordering of policy instances * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when * configuring cert policy constraints and extensions * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void changePolicyInstanceOrdering(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1025,7 +1027,7 @@ public class PolicyAdminServlet extends AdminServlet { // to the signed audit log and stored as failures try { String policyOrder = - req.getParameter(Constants.PR_POLICY_ORDER); + req.getParameter(Constants.PR_POLICY_ORDER); if (policyOrder == null) { // store a message in the signed audit log file @@ -1078,36 +1080,37 @@ public class PolicyAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Modify policy instance * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when * configuring cert policy constraints and extensions * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void modifyPolicyInstance(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1179,7 +1182,7 @@ public class PolicyAdminServlet extends AdminServlet { sendResponse(ERROR, INVALID_POLICY_IMPL_ID, null, resp); return; } - // XXX + // XXX for (Enumeration n = req.getParameterNames(); n.hasMoreElements();) { String p = (String) n.nextElement(); String l = (String) req.getParameter(p); @@ -1189,15 +1192,10 @@ public class PolicyAdminServlet extends AdminServlet { } /* - for(Enumeration e = v.elements(); e.hasMoreElements(); ) - { - String nv = (String)e.nextElement(); - int index = nv.indexOf("="); - String key = nv.substring(0, index); - val = req.getParameter(key); - if (val != null) - ht.put(key, val); - } + * for(Enumeration e = v.elements(); e.hasMoreElements(); ) { String + * nv = (String)e.nextElement(); int index = nv.indexOf("="); String + * key = nv.substring(0, index); val = req.getParameter(key); if + * (val != null) ht.put(key, val); } */ try { @@ -1238,18 +1236,17 @@ public class PolicyAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java index 9c83a30c..02eafb28 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.File; import java.io.IOException; import java.util.Enumeration; @@ -53,14 +52,12 @@ import com.netscape.certsrv.registry.IPluginInfo; import com.netscape.certsrv.registry.IPluginRegistry; import com.netscape.cms.profile.common.ProfilePolicy; - /** * This class is an administration servlet for policy management. - * - * Each service (CA, KRA, RA) should be responsible - * for registering an instance of this with the remote - * administration subsystem. - * + * + * Each service (CA, KRA, RA) should be responsible for registering an instance + * of this with the remote administration subsystem. + * * @version $Revision$, $Date$ */ public class ProfileAdminServlet extends AdminServlet { @@ -72,8 +69,8 @@ public class ProfileAdminServlet extends AdminServlet { public final static String PROP_AUTHORITY = "authority"; private final static String INFO = "ProfileAdminServlet"; - private final static String PW_PASSWORD_CACHE_ADD = - "PASSWORD_CACHE_ADD"; + private final static String PW_PASSWORD_CACHE_ADD = + "PASSWORD_CACHE_ADD"; public final static String PROP_PREDICATE = "predicate"; private IAuthority mAuthority = null; @@ -97,7 +94,7 @@ public class ProfileAdminServlet extends AdminServlet { public static String BAD_CONFIGURATION_VAL = "Invalid configuration value."; private final static String LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE = - "LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE_3"; + "LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE_3"; /** * Constructs administration servlet. @@ -130,8 +127,8 @@ public class ProfileAdminServlet extends AdminServlet { * Serves HTTP admin request. */ public void service(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { super.service(req, resp); super.authenticate(req); @@ -139,7 +136,7 @@ public class ProfileAdminServlet extends AdminServlet { AUTHZ_RES_NAME = "certServer.profile.configuration"; String scope = req.getParameter(Constants.OP_SCOPE); - CMS.debug("ProfileAdminServlet: service scope: " + scope); + CMS.debug("ProfileAdminServlet: service scope: " + scope); if (scope.equals(ScopeDef.SC_PROFILE_RULES)) { processProfileRuleMgmt(req, resp); } else if (scope.equals(ScopeDef.SC_PROFILE_POLICIES)) { @@ -162,33 +159,33 @@ public class ProfileAdminServlet extends AdminServlet { sendResponse(ERROR, INVALID_POLICY_SCOPE, null, resp); } - private boolean readAuthorize(HttpServletRequest req, - HttpServletResponse resp) throws IOException { + private boolean readAuthorize(HttpServletRequest req, + HttpServletResponse resp) throws IOException { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return false; } return true; } - private boolean modifyAuthorize(HttpServletRequest req, - HttpServletResponse resp) throws IOException { + private boolean modifyAuthorize(HttpServletRequest req, + HttpServletResponse resp) throws IOException { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return false; } return true; } public void processProfilePolicy(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); @@ -208,8 +205,8 @@ public class ProfileAdminServlet extends AdminServlet { } public void processProfileInput(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); String scope = super.getParameter(req, Constants.OP_SCOPE); @@ -230,8 +227,8 @@ public class ProfileAdminServlet extends AdminServlet { } public void processProfileOutput(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); String scope = super.getParameter(req, Constants.OP_SCOPE); @@ -252,8 +249,8 @@ public class ProfileAdminServlet extends AdminServlet { } public void processProfileInputConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); @@ -269,8 +266,8 @@ public class ProfileAdminServlet extends AdminServlet { } public void processProfileOutputConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); @@ -286,8 +283,8 @@ public class ProfileAdminServlet extends AdminServlet { } public void processPolicyDefaultConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); @@ -307,8 +304,8 @@ public class ProfileAdminServlet extends AdminServlet { } public void processPolicyConstraintConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); @@ -332,8 +329,8 @@ public class ProfileAdminServlet extends AdminServlet { * Process Policy Implementation Management. */ public void processPolicyImplMgmt(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); @@ -343,12 +340,12 @@ public class ProfileAdminServlet extends AdminServlet { listProfileImpls(req, resp); } else sendResponse(ERROR, INVALID_POLICY_IMPL_OP, - null, resp); + null, resp); } public void processProfileRuleMgmt(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); @@ -374,15 +371,15 @@ public class ProfileAdminServlet extends AdminServlet { modifyProfileInstance(req, resp); } else sendResponse(ERROR, INVALID_POLICY_IMPL_OP, - null, resp); + null, resp); } /** * Lists all registered profile impementations */ public void listProfileImpls(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { Enumeration<String> impls = mRegistry.getIds("profile"); NameValuePairs nvp = new NameValuePairs(); @@ -391,29 +388,30 @@ public class ProfileAdminServlet extends AdminServlet { String id = (String) impls.nextElement(); IPluginInfo info = mRegistry.getPluginInfo("profile", id); - nvp.add(id, info.getClassName() + "," + - info.getDescription(getLocale(req))); - } + nvp.add(id, info.getClassName() + "," + + info.getDescription(getLocale(req))); + } sendResponse(SUCCESS, null, nvp, resp); } /** * Add policy profile * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void addProfilePolicy(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -451,10 +449,10 @@ public class ProfileAdminServlet extends AdminServlet { if (mProfileSub.isProfileEnable(profileId)) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), - "CMS_PROFILE_CREATE_POLICY_FAILED", - "Profile is currently enabled"), - null, resp); + CMS.getUserMessage(getLocale(req), + "CMS_PROFILE_CREATE_POLICY_FAILED", + "Profile is currently enabled"), + null, resp); return; } @@ -466,27 +464,27 @@ public class ProfileAdminServlet extends AdminServlet { try { if (!isValidId(setId)) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), - "CMS_PROFILE_CREATE_POLICY_FAILED", - "Invalid set id " + setId), - null, resp); - return; + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), + "CMS_PROFILE_CREATE_POLICY_FAILED", + "Invalid set id " + setId), + null, resp); + return; } if (!isValidId(pId)) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), - "CMS_PROFILE_CREATE_POLICY_FAILED", - "Invalid policy id " + pId), - null, resp); - return; + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), + "CMS_PROFILE_CREATE_POLICY_FAILED", + "Invalid policy id " + pId), + null, resp); + return; } policy = profile.createProfilePolicy(setId, pId, defImpl, conImpl); } catch (EBaseException e1) { // error CMS.debug("ProfileAdminServlet: addProfilePolicy " + - e1.toString()); + e1.toString()); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -498,9 +496,9 @@ public class ProfileAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_PROFILE_CREATE_POLICY_FAILED", - e1.toString()), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_PROFILE_CREATE_POLICY_FAILED", + e1.toString()), + null, resp); return; } NameValuePairs nvp = new NameValuePairs(); @@ -528,37 +526,38 @@ public class ProfileAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Add profile input * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void addProfileInput(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -594,11 +593,11 @@ public class ProfileAdminServlet extends AdminServlet { IProfileInput input = null; @SuppressWarnings("unchecked") - Enumeration<String> names = req.getParameterNames(); + Enumeration<String> names = req.getParameterNames(); NameValuePairs nvps = new NameValuePairs(); while (names.hasMoreElements()) { - String name = names.nextElement(); + String name = names.nextElement(); if (name.equals("OP_SCOPE")) continue; @@ -623,9 +622,9 @@ public class ProfileAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_PROFILE_CREATE_INPUT_FAILED", - e1.toString()), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_PROFILE_CREATE_INPUT_FAILED", + e1.toString()), + null, resp); return; } @@ -655,37 +654,38 @@ public class ProfileAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Add profile output * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void addProfileOutput(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -721,11 +721,11 @@ public class ProfileAdminServlet extends AdminServlet { IProfileOutput output = null; @SuppressWarnings("unchecked") - Enumeration<String> names = req.getParameterNames(); + Enumeration<String> names = req.getParameterNames(); NameValuePairs nvps = new NameValuePairs(); while (names.hasMoreElements()) { - String name = names.nextElement(); + String name = names.nextElement(); if (name.equals("OP_SCOPE")) continue; @@ -751,9 +751,9 @@ public class ProfileAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_PROFILE_CREATE_OUTPUT_FAILED", - e1.toString()), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_PROFILE_CREATE_OUTPUT_FAILED", + e1.toString()), + null, resp); return; } @@ -783,37 +783,38 @@ public class ProfileAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Delete policy profile * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void deleteProfilePolicy(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -823,10 +824,10 @@ public class ProfileAdminServlet extends AdminServlet { String profileId = ""; String policyId = ""; @SuppressWarnings("unchecked") - Enumeration<String> names = req.getParameterNames(); + Enumeration<String> names = req.getParameterNames(); while (names.hasMoreElements()) { - String name = names.nextElement(); + String name = names.nextElement(); if (name.equals("OP_SCOPE")) continue; @@ -904,37 +905,38 @@ public class ProfileAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Delete profile input * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void deleteProfileInput(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -944,7 +946,7 @@ public class ProfileAdminServlet extends AdminServlet { String profileId = ""; String inputId = ""; @SuppressWarnings("unchecked") - Enumeration<String> names = req.getParameterNames(); + Enumeration<String> names = req.getParameterNames(); while (names.hasMoreElements()) { String name = names.nextElement(); @@ -1022,37 +1024,38 @@ public class ProfileAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Delete profile output * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void deleteProfileOutput(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1062,7 +1065,7 @@ public class ProfileAdminServlet extends AdminServlet { String profileId = ""; String outputId = ""; @SuppressWarnings("unchecked") - Enumeration<String> names = req.getParameterNames(); + Enumeration<String> names = req.getParameterNames(); while (names.hasMoreElements()) { String name = (String) names.nextElement(); @@ -1140,37 +1143,38 @@ public class ProfileAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Add default policy profile configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void addPolicyDefaultConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1201,7 +1205,7 @@ public class ProfileAdminServlet extends AdminServlet { sendResponse(ERROR, null, null, resp); return; - } + } StringTokenizer ss = new StringTokenizer(policyId, ":"); String setId = ss.nextToken(); @@ -1210,9 +1214,9 @@ public class ProfileAdminServlet extends AdminServlet { IProfilePolicy policy = profile.getProfilePolicy(setId, pId); IPolicyDefault def = policy.getDefault(); IConfigStore defConfig = def.getConfigStore(); - + @SuppressWarnings("unchecked") - Enumeration<String> names = req.getParameterNames(); + Enumeration<String> names = req.getParameterNames(); while (names.hasMoreElements()) { String name = (String) names.nextElement(); @@ -1224,18 +1228,20 @@ public class ProfileAdminServlet extends AdminServlet { if (name.equals("RS_ID")) continue; try { - def.setConfig(name,req.getParameter(name)); + def.setConfig(name, req.getParameter(name)); } catch (EPropertyException e) { - CMS.debug("ProfileAdminServlet: modifyPolicyDefConfig setConfig exception."); - try { - profile.deleteProfilePolicy(setId, pId); - } catch (Exception e11) {} - sendResponse(ERROR,BAD_CONFIGURATION_VAL,null,resp); - return; + CMS.debug("ProfileAdminServlet: modifyPolicyDefConfig setConfig exception."); + try { + profile.deleteProfilePolicy(setId, pId); + } catch (Exception e11) { + } + sendResponse(ERROR, BAD_CONFIGURATION_VAL, null, resp); + return; } - // defConfig.putString("params." + name, req.getParameter(name)); + // defConfig.putString("params." + name, + // req.getParameter(name)); } try { profile.getConfigStore().commit(false); @@ -1277,37 +1283,38 @@ public class ProfileAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Add policy constraints profile configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void addPolicyConstraintConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1338,7 +1345,7 @@ public class ProfileAdminServlet extends AdminServlet { sendResponse(ERROR, null, null, resp); return; - } + } StringTokenizer ss = new StringTokenizer(policyId, ":"); String setId = ss.nextToken(); @@ -1349,10 +1356,10 @@ public class ProfileAdminServlet extends AdminServlet { IConfigStore conConfig = con.getConfigStore(); @SuppressWarnings("unchecked") - Enumeration<String> names = req.getParameterNames(); + Enumeration<String> names = req.getParameterNames(); while (names.hasMoreElements()) { - String name = names.nextElement(); + String name = names.nextElement(); if (name.equals("OP_SCOPE")) continue; @@ -1362,18 +1369,20 @@ public class ProfileAdminServlet extends AdminServlet { continue; try { - con.setConfig(name,req.getParameter(name)); + con.setConfig(name, req.getParameter(name)); } catch (EPropertyException e) { - CMS.debug("ProfileAdminServlet: addPolicyConstraintsConfig setConfig exception."); - try { - profile.deleteProfilePolicy(setId, pId); - } catch (Exception e11) {} - sendResponse(ERROR,BAD_CONFIGURATION_VAL,null,resp); - return; + CMS.debug("ProfileAdminServlet: addPolicyConstraintsConfig setConfig exception."); + try { + profile.deleteProfilePolicy(setId, pId); + } catch (Exception e11) { + } + sendResponse(ERROR, BAD_CONFIGURATION_VAL, null, resp); + return; } - // conConfig.putString("params." + name, req.getParameter(name)); + // conConfig.putString("params." + name, + // req.getParameter(name)); } try { profile.getConfigStore().commit(false); @@ -1416,37 +1425,38 @@ public class ProfileAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Modify default policy profile configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void modifyPolicyDefaultConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1477,7 +1487,7 @@ public class ProfileAdminServlet extends AdminServlet { sendResponse(ERROR, null, null, resp); return; - } + } StringTokenizer ss = new StringTokenizer(policyId, ":"); String setId = ss.nextToken(); @@ -1485,9 +1495,9 @@ public class ProfileAdminServlet extends AdminServlet { IProfilePolicy policy = profile.getProfilePolicy(setId, pId); IPolicyDefault def = policy.getDefault(); IConfigStore defConfig = def.getConfigStore(); - + @SuppressWarnings("unchecked") - Enumeration<String> names = req.getParameterNames(); + Enumeration<String> names = req.getParameterNames(); while (names.hasMoreElements()) { String name = (String) names.nextElement(); @@ -1499,15 +1509,16 @@ public class ProfileAdminServlet extends AdminServlet { if (name.equals("RS_ID")) continue; try { - def.setConfig(name,req.getParameter(name)); + def.setConfig(name, req.getParameter(name)); } catch (EPropertyException e) { - CMS.debug("ProfileAdminServlet: modifyPolicyDefConfig setConfig exception."); - sendResponse(ERROR,BAD_CONFIGURATION_VAL,null,resp); - return; + CMS.debug("ProfileAdminServlet: modifyPolicyDefConfig setConfig exception."); + sendResponse(ERROR, BAD_CONFIGURATION_VAL, null, resp); + return; } - // defConfig.putString("params." + name, req.getParameter(name)); + // defConfig.putString("params." + name, + // req.getParameter(name)); } try { profile.getConfigStore().commit(false); @@ -1549,37 +1560,38 @@ public class ProfileAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Modify profile input configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void modifyInputConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1616,7 +1628,7 @@ public class ProfileAdminServlet extends AdminServlet { IConfigStore inputConfig = input.getConfigStore(); @SuppressWarnings("unchecked") - Enumeration<String> names = req.getParameterNames(); + Enumeration<String> names = req.getParameterNames(); while (names.hasMoreElements()) { String name = (String) names.nextElement(); @@ -1669,37 +1681,38 @@ public class ProfileAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Modify profile output configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void modifyOutputConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1736,7 +1749,7 @@ public class ProfileAdminServlet extends AdminServlet { IConfigStore outputConfig = output.getConfigStore(); @SuppressWarnings("unchecked") - Enumeration<String> names = req.getParameterNames(); + Enumeration<String> names = req.getParameterNames(); while (names.hasMoreElements()) { String name = (String) names.nextElement(); @@ -1748,7 +1761,7 @@ public class ProfileAdminServlet extends AdminServlet { if (name.equals("RS_ID")) continue; outputConfig.putString("params." + name, - req.getParameter(name)); + req.getParameter(name)); } try { profile.getConfigStore().commit(false); @@ -1790,37 +1803,38 @@ public class ProfileAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Modify policy constraints profile configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void modifyPolicyConstraintConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1851,7 +1865,7 @@ public class ProfileAdminServlet extends AdminServlet { sendResponse(ERROR, null, null, resp); return; - } + } StringTokenizer ss = new StringTokenizer(policyId, ":"); String setId = ss.nextToken(); @@ -1861,9 +1875,9 @@ public class ProfileAdminServlet extends AdminServlet { IConfigStore conConfig = con.getConfigStore(); @SuppressWarnings("unchecked") - Enumeration<String> names = req.getParameterNames(); + Enumeration<String> names = req.getParameterNames(); - CMS.debug("ProfileAdminServlet: modifyPolicyConstraintConfig policy " + policy + " con " + con); + CMS.debug("ProfileAdminServlet: modifyPolicyConstraintConfig policy " + policy + " con " + con); while (names.hasMoreElements()) { String name = (String) names.nextElement(); @@ -1874,17 +1888,19 @@ public class ProfileAdminServlet extends AdminServlet { if (name.equals("RS_ID")) continue; - // CMS.debug("ProfileAdminServlet: modifyPolicyConstraintConfig name" + name + " val " + req.getParameter(name)); + // CMS.debug("ProfileAdminServlet: modifyPolicyConstraintConfig name" + // + name + " val " + req.getParameter(name)); try { - con.setConfig(name,req.getParameter(name)); + con.setConfig(name, req.getParameter(name)); } catch (EPropertyException e) { - CMS.debug("ProfileAdminServlet: modifyPolicyConstraintsConfig setConfig exception."); - sendResponse(ERROR,BAD_CONFIGURATION_VAL,null,resp); - return; + CMS.debug("ProfileAdminServlet: modifyPolicyConstraintsConfig setConfig exception."); + sendResponse(ERROR, BAD_CONFIGURATION_VAL, null, resp); + return; } - //conConfig.putString("params." + name, req.getParameter(name)); + // conConfig.putString("params." + name, + // req.getParameter(name)); } try { profile.getConfigStore().commit(false); @@ -1927,23 +1943,23 @@ public class ProfileAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } public void getPolicyDefaultConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String id = req.getParameter(Constants.RS_ID); StringTokenizer st = new StringTokenizer(id, ";"); @@ -1955,9 +1971,9 @@ public class ProfileAdminServlet extends AdminServlet { try { profile = mProfileSub.getProfile(profileId); } catch (EBaseException e1) { - CMS.debug( "ProfileAdminServlet::getPolicyDefaultConfig() - " + - "profile is null!" ); - throw new ServletException( e1.toString() ); + CMS.debug("ProfileAdminServlet::getPolicyDefaultConfig() - " + + "profile is null!"); + throw new ServletException(e1.toString()); } IProfilePolicy policy = null; @@ -1987,15 +2003,15 @@ public class ProfileAdminServlet extends AdminServlet { } public void getPolicyConstraintConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String id = req.getParameter(Constants.RS_ID); String constraintsList = req.getParameter(Constants.PR_CONSTRAINTS_LIST); // this one gets called when one of the elements in the default list get // selected, then it returns the list of supported constraintsPolicy if (constraintsList != null) { - + } StringTokenizer st = new StringTokenizer(id, ";"); @@ -2007,9 +2023,9 @@ public class ProfileAdminServlet extends AdminServlet { try { profile = mProfileSub.getProfile(profileId); } catch (EBaseException e1) { - CMS.debug( "ProfileAdminServlet::getPolicyConstraintConfig() - " + - "profile is null!" ); - throw new ServletException( e1.toString() ); + CMS.debug("ProfileAdminServlet::getPolicyConstraintConfig() - " + + "profile is null!"); + throw new ServletException(e1.toString()); } StringTokenizer ss = new StringTokenizer(policyId, ":"); @@ -2035,8 +2051,8 @@ public class ProfileAdminServlet extends AdminServlet { } public void getProfilePolicy(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String id = req.getParameter(Constants.RS_ID); // only allow profile retrival if it is disabled @@ -2046,9 +2062,9 @@ public class ProfileAdminServlet extends AdminServlet { try { profile = mProfileSub.getProfile(id); } catch (EBaseException e1) { - CMS.debug( "ProfileAdminServlet::getProfilePolicy() - " + - "profile is null!" ); - throw new ServletException( e1.toString() ); + CMS.debug("ProfileAdminServlet::getProfilePolicy() - " + + "profile is null!"); + throw new ServletException(e1.toString()); } NameValuePairs nvp = new NameValuePairs(); @@ -2070,9 +2086,9 @@ public class ProfileAdminServlet extends AdminServlet { IPolicyConstraint con = policy.getConstraint(); IConfigStore conConfig = con.getConfigStore(); - nvp.add(setId + ":" + policy.getId(), - def.getName(getLocale(req)) + ";" + - con.getName(getLocale(req))); + nvp.add(setId + ":" + policy.getId(), + def.getName(getLocale(req)) + ";" + + con.getName(getLocale(req))); } } @@ -2080,17 +2096,17 @@ public class ProfileAdminServlet extends AdminServlet { } public void getProfileOutput(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String id = req.getParameter(Constants.RS_ID); IProfile profile = null; try { profile = mProfileSub.getProfile(id); } catch (EBaseException e1) { - CMS.debug( "ProfileAdminServlet::getProfileOutput() - " + - "profile is null!" ); - throw new ServletException( e1.toString() ); + CMS.debug("ProfileAdminServlet::getProfileOutput() - " + + "profile is null!"); + throw new ServletException(e1.toString()); } NameValuePairs nvp = new NameValuePairs(); @@ -2107,17 +2123,17 @@ public class ProfileAdminServlet extends AdminServlet { } public void getProfileInput(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String id = req.getParameter(Constants.RS_ID); IProfile profile = null; try { profile = mProfileSub.getProfile(id); } catch (EBaseException e1) { - CMS.debug( "ProfileAdminServlet::getProfileInput() - " + - "profile is null!" ); - throw new ServletException( e1.toString() ); + CMS.debug("ProfileAdminServlet::getProfileInput() - " + + "profile is null!"); + throw new ServletException(e1.toString()); } NameValuePairs nvp = new NameValuePairs(); @@ -2134,9 +2150,9 @@ public class ProfileAdminServlet extends AdminServlet { } public void getInputConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { - + HttpServletResponse resp) + throws ServletException, IOException { + String id = req.getParameter(Constants.RS_ID); StringTokenizer st = new StringTokenizer(id, ";"); String profileId = st.nextToken(); @@ -2146,9 +2162,9 @@ public class ProfileAdminServlet extends AdminServlet { try { profile = mProfileSub.getProfile(profileId); } catch (EBaseException e1) { - CMS.debug( "ProfileAdminServlet::getInputConfig() - " + - "profile is null!" ); - throw new ServletException( e1.toString() ); + CMS.debug("ProfileAdminServlet::getInputConfig() - " + + "profile is null!"); + throw new ServletException(e1.toString()); } IProfileInput profileInput = null; @@ -2160,14 +2176,14 @@ public class ProfileAdminServlet extends AdminServlet { while (names.hasMoreElements()) { String name = names.nextElement(); IDescriptor desc = profileInput.getConfigDescriptor( - getLocale(req), name); + getLocale(req), name); if (desc == null) { nvp.add(name, ";" + ";" + profileInput.getConfig(name)); } else { - nvp.add(name, desc.getSyntax() + ";" + + nvp.add(name, desc.getSyntax() + ";" + getNonNull(desc.getConstraint()) + ";" + desc.getDescription(getLocale(req)) + ";" + - profileInput.getConfig(name)); + profileInput.getConfig(name)); } } @@ -2175,8 +2191,8 @@ public class ProfileAdminServlet extends AdminServlet { } public void getOutputConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String id = req.getParameter(Constants.RS_ID); StringTokenizer st = new StringTokenizer(id, ";"); @@ -2187,9 +2203,9 @@ public class ProfileAdminServlet extends AdminServlet { try { profile = mProfileSub.getProfile(profileId); } catch (EBaseException e1) { - CMS.debug( "ProfileAdminServlet::getOutputConfig() - " + - "profile is null!" ); - throw new ServletException( e1.toString() ); + CMS.debug("ProfileAdminServlet::getOutputConfig() - " + + "profile is null!"); + throw new ServletException(e1.toString()); } IProfileOutput profileOutput = null; @@ -2201,14 +2217,14 @@ public class ProfileAdminServlet extends AdminServlet { while (names.hasMoreElements()) { String name = names.nextElement(); IDescriptor desc = profileOutput.getConfigDescriptor( - getLocale(req), name); + getLocale(req), name); if (desc == null) { nvp.add(name, ";" + ";" + profileOutput.getConfig(name)); } else { - nvp.add(name, desc.getSyntax() + ";" + + nvp.add(name, desc.getSyntax() + ";" + getNonNull(desc.getConstraint()) + ";" + desc.getDescription(getLocale(req)) + ";" + - profileOutput.getConfig(name)); + profileOutput.getConfig(name)); } } @@ -2216,14 +2232,14 @@ public class ProfileAdminServlet extends AdminServlet { } public void listProfileInstances(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { NameValuePairs nvp = new NameValuePairs(); Enumeration<String> e = mProfileSub.getProfileIds(); while (e.hasMoreElements()) { - String profileId = e.nextElement(); + String profileId = e.nextElement(); IProfile profile = null; try { @@ -2231,7 +2247,7 @@ public class ProfileAdminServlet extends AdminServlet { } catch (EBaseException e1) { // error } - + String status = null; if (mProfileSub.isProfileEnable(profileId)) { @@ -2247,8 +2263,8 @@ public class ProfileAdminServlet extends AdminServlet { } public void getProfileInstanceConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String id = req.getParameter(Constants.RS_ID); IProfile profile = null; @@ -2256,9 +2272,9 @@ public class ProfileAdminServlet extends AdminServlet { try { profile = mProfileSub.getProfile(id); } catch (EBaseException e1) { - CMS.debug( "ProfileAdminServlet::getProfileInstanceConfig() - " + - "profile is null!" ); - throw new ServletException( e1.toString() ); + CMS.debug("ProfileAdminServlet::getProfileInstanceConfig() - " + + "profile is null!"); + throw new ServletException(e1.toString()); } NameValuePairs nvp = new NameValuePairs(); @@ -2285,20 +2301,21 @@ public class ProfileAdminServlet extends AdminServlet { /** * Delete profile instance * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void deleteProfileInstance(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -2324,14 +2341,14 @@ public class ProfileAdminServlet extends AdminServlet { String config = null; - ISubsystem subsystem = CMS.getSubsystem("ca"); + ISubsystem subsystem = CMS.getSubsystem("ca"); String subname = "ca"; - if (subsystem == null) - subname = "ra"; + if (subsystem == null) + subname = "ra"; try { - config = CMS.getConfigStore().getString("instanceRoot") + + config = CMS.getConfigStore().getString("instanceRoot") + "/profiles/" + subname + "/" + id + ".cfg"; } catch (EBaseException e) { // store a message in the signed audit log file @@ -2346,7 +2363,7 @@ public class ProfileAdminServlet extends AdminServlet { sendResponse(ERROR, null, null, resp); return; } - + try { mProfileSub.deleteProfile(id, config); } catch (EProfileException e) { @@ -2386,22 +2403,22 @@ public class ProfileAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } public void - putUserPWPair(String combo) { + putUserPWPair(String combo) { int semicolon; semicolon = combo.indexOf(";"); @@ -2411,12 +2428,11 @@ public class ProfileAdminServlet extends AdminServlet { CMS.putPasswordCache(user, pw); } - public boolean isValidId(String id) - { + public boolean isValidId(String id) { for (int i = 0; i < id.length(); i++) { - char c = id.charAt(i); - if (!Character.isLetterOrDigit(c)) - return false; + char c = id.charAt(i); + if (!Character.isLetterOrDigit(c)) + return false; } return true; } @@ -2424,20 +2440,21 @@ public class ProfileAdminServlet extends AdminServlet { /** * Add profile instance * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void addProfileInstance(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -2465,14 +2482,14 @@ public class ProfileAdminServlet extends AdminServlet { IProfile p = null; try { - p = mProfileSub.getProfile(id); + p = mProfileSub.getProfile(id); } catch (EProfileException e1) { } if (p != null) { sendResponse(ERROR, POLICY_INST_ID_ALREADY_USED, null, resp); return; } - + String impl = req.getParameter("impl"); String name = req.getParameter("name"); String desc = req.getParameter("desc"); @@ -2516,8 +2533,8 @@ public class ProfileAdminServlet extends AdminServlet { profile = mProfileSub.createProfile(id, impl, info.getClassName(), config); - profile.setName(getLocale(req), name); - profile.setDescription(getLocale(req), name); + profile.setName(getLocale(req), name); + profile.setDescription(getLocale(req), name); if (visible != null && visible.equals("true")) { profile.setVisible(true); } else { @@ -2528,10 +2545,10 @@ public class ProfileAdminServlet extends AdminServlet { mProfileSub.createProfileConfig(id, impl, config); if (profile instanceof IProfileEx) { - // populates profile specific plugins such as - // policies, inputs and outputs - ((IProfileEx)profile).populate(); - } + // populates profile specific plugins such as + // policies, inputs and outputs + ((IProfileEx) profile).populate(); + } } catch (Exception e) { CMS.debug("ProfileAdminServlet: " + e.toString()); @@ -2571,37 +2588,38 @@ public class ProfileAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Modify profile instance * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void modifyProfileInstance(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -2656,7 +2674,7 @@ public class ProfileAdminServlet extends AdminServlet { audit(auditMessage); try { - profile.getConfigStore().commit(false); + profile.getConfigStore().commit(false); } catch (Exception e) { } @@ -2674,25 +2692,24 @@ public class ProfileAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } - protected String getNonNull(String s) { - if (s == null) - return ""; - return s; - } + protected String getNonNull(String s) { + if (s == null) + return ""; + return s; + } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java index 2842542e..b71bf4f1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -68,12 +67,11 @@ import com.netscape.certsrv.publish.RulePlugin; import com.netscape.certsrv.security.ICryptoSubsystem; import com.netscape.cmsutil.password.IPasswordStore; - /** - * A class representing an publishing servlet for the - * Publishing subsystem. This servlet is responsible - * to serve configuration requests for the Publishing subsystem. - * + * A class representing an publishing servlet for the Publishing subsystem. This + * servlet is responsible to serve configuration requests for the Publishing + * subsystem. + * * @version $Revision$, $Date$ */ public class PublisherAdminServlet extends AdminServlet { @@ -85,8 +83,8 @@ public class PublisherAdminServlet extends AdminServlet { public final static String PROP_AUTHORITY = "authority"; private final static String INFO = "PublisherAdminServlet"; - private final static String PW_TAG_CA_LDAP_PUBLISHING = - "CA LDAP Publishing"; + private final static String PW_TAG_CA_LDAP_PUBLISHING = + "CA LDAP Publishing"; public final static String NOMAPPER = "<NONE>"; private IPublisherProcessor mProcessor = null; private IAuthority mAuth = null; @@ -110,22 +108,22 @@ public class PublisherAdminServlet extends AdminServlet { if (mAuth != null) if (mAuth instanceof ICertificateAuthority) { mProcessor = ((ICertificateAuthority) mAuth).getPublisherProcessor(); - } else - throw new ServletException(authority + " does not have publishing processor!"); + } else + throw new ServletException(authority + " does not have publishing processor!"); } /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** * Serves HTTP admin request. */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { super.service(req, resp); CMS.debug("PublisherAdminServlet: in service"); @@ -133,14 +131,14 @@ public class PublisherAdminServlet extends AdminServlet { String op = req.getParameter(Constants.OP_TYPE); if (op == null) { - //System.out.println("SRVLT_INVALID_PROTOCOL"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), - null, resp); + // System.out.println("SRVLT_INVALID_PROTOCOL"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), + null, resp); return; } - // for the rest + // for the rest try { super.authenticate(req); @@ -149,8 +147,8 @@ public class PublisherAdminServlet extends AdminServlet { return; } } catch (IOException e) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req),"CMS_ADMIN_SRVLT_AUTHS_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"), + null, resp); return; } try { @@ -160,8 +158,8 @@ public class PublisherAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_LDAP)) { @@ -188,13 +186,13 @@ public class PublisherAdminServlet extends AdminServlet { } else if (scope.equals(ScopeDef.SC_RULE_RULES)) { getRuleInstConfig(req, resp); return; - } + } } else if (op.equals(OpDef.OP_MODIFY)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_LDAP)) { @@ -214,20 +212,20 @@ public class PublisherAdminServlet extends AdminServlet { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_LDAP)) { testSetLDAPDest(req, resp); return; - } + } } else if (op.equals(OpDef.OP_SEARCH)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_PUBLISHER_IMPLS)) { @@ -242,7 +240,7 @@ public class PublisherAdminServlet extends AdminServlet { } else if (scope.equals(ScopeDef.SC_MAPPER_RULES)) { listMapperInsts(req, resp); return; - } else if (scope.equals(ScopeDef.SC_RULE_IMPLS)) { + } else if (scope.equals(ScopeDef.SC_RULE_IMPLS)) { listRulePlugins(req, resp); return; } else if (scope.equals(ScopeDef.SC_RULE_RULES)) { @@ -253,8 +251,8 @@ public class PublisherAdminServlet extends AdminServlet { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_PUBLISHER_IMPLS)) { @@ -275,13 +273,13 @@ public class PublisherAdminServlet extends AdminServlet { } else if (scope.equals(ScopeDef.SC_RULE_RULES)) { addRuleInst(req, resp, scope); return; - } + } } else if (op.equals(OpDef.OP_DELETE)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_PUBLISHER_IMPLS)) { @@ -304,31 +302,31 @@ public class PublisherAdminServlet extends AdminServlet { return; } } else { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), + null, resp); return; } } else { - //System.out.println("SRVLT_INVALID_OP_SCOPE"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + // System.out.println("SRVLT_INVALID_OP_SCOPE"); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } catch (EBaseException e) { sendResponse(ERROR, e.toString(getLocale(req)), null, resp); return; - } - //System.out.println("SRVLT_FAIL_PERFORM 2"); + } + // System.out.println("SRVLT_FAIL_PERFORM 2"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"), + null, resp); return; } private IExtendedPluginInfo getExtendedPluginInfo(IPublisherProcessor - p) { + p) { Enumeration mappers = p.getMapperInsts().keys(); Enumeration publishers = p.getPublisherInsts().keys(); @@ -337,11 +335,11 @@ public class PublisherAdminServlet extends AdminServlet { for (; mappers.hasMoreElements();) { String name = (String) mappers.nextElement(); - if (map.length()== 0) { - map.append(name); + if (map.length() == 0) { + map.append(name); } else { - map.append(","); - map.append(name); + map.append(","); + map.append(name); } } StringBuffer publish = new StringBuffer(); @@ -374,17 +372,17 @@ public class PublisherAdminServlet extends AdminServlet { // Should get the registered rules from processor // instead of plugin - // OLD: impl = getClassByNameAsExtendedPluginInfo(plugin.getClassPath()); + // OLD: impl = + // getClassByNameAsExtendedPluginInfo(plugin.getClassPath()); impl = getExtendedPluginInfo(p_processor); } else if (implType.equals(Constants.PR_EXT_PLUGIN_IMPLTYPE_MAPPER)) { IPublisherProcessor p_processor = mProcessor; Plugin plugin = (Plugin) p_processor.getMapperPlugins().get(implName - ); + ); impl = getClassByNameAsExtendedPluginInfo(plugin.getClassPath()); - } else if (implType.equals(Constants.PR_EXT_PLUGIN_IMPLTYPE_PUBLISHER) - ) { + } else if (implType.equals(Constants.PR_EXT_PLUGIN_IMPLTYPE_PUBLISHER)) { IPublisherProcessor p_processor = mProcessor; Plugin plugin = (Plugin) p_processor.getPublisherPlugins().get(implName); @@ -408,13 +406,13 @@ public class PublisherAdminServlet extends AdminServlet { } - /** - * retrieve extended plugin info such as brief description, type info - * from policy, authentication, - * need to add: listener, mapper and publishing plugins + /** + * retrieve extended plugin info such as brief description, type info from + * policy, authentication, need to add: listener, mapper and publishing + * plugins */ private void getExtendedPluginInfo(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); @@ -423,14 +421,14 @@ public class PublisherAdminServlet extends AdminServlet { String implType = id.substring(0, colon); String implName = id.substring(colon + 1); - NameValuePairs params = - getExtendedPluginInfo(getLocale(req), implType, implName); + NameValuePairs params = + getExtendedPluginInfo(getLocale(req), implType, implName); sendResponse(SUCCESS, null, params, resp); } - + private void getLDAPDest(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); IConfigStore config = mAuth.getConfigStore(); @@ -482,34 +480,34 @@ public class PublisherAdminServlet extends AdminServlet { params.add(name, value); } } - params.add(Constants.PR_PUBLISHING_ENABLE, - publishcfg.getString(IPublisherProcessor.PROP_ENABLE, Constants.FALSE)); + params.add(Constants.PR_PUBLISHING_ENABLE, + publishcfg.getString(IPublisherProcessor.PROP_ENABLE, Constants.FALSE)); params.add(Constants.PR_PUBLISHING_QUEUE_ENABLE, - publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_ENABLE, Constants.TRUE)); + publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_ENABLE, Constants.TRUE)); params.add(Constants.PR_PUBLISHING_QUEUE_THREADS, - publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_THREADS, "3")); + publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_THREADS, "3")); params.add(Constants.PR_PUBLISHING_QUEUE_PAGE_SIZE, - publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_PAGE_SIZE, "40")); + publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_PAGE_SIZE, "40")); params.add(Constants.PR_PUBLISHING_QUEUE_PRIORITY, - publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_PRIORITY, "0")); + publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_PRIORITY, "0")); params.add(Constants.PR_PUBLISHING_QUEUE_STATUS, - publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_STATUS, "200")); - params.add(Constants.PR_ENABLE, - ldapcfg.getString(IPublisherProcessor.PROP_ENABLE, Constants.FALSE)); + publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_STATUS, "200")); + params.add(Constants.PR_ENABLE, + ldapcfg.getString(IPublisherProcessor.PROP_ENABLE, Constants.FALSE)); sendResponse(SUCCESS, null, params, resp); } private void setLDAPDest(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); - //Save New Settings to the config file + // Save New Settings to the config file IConfigStore config = mAuth.getConfigStore(); IConfigStore publishcfg = config.getSubStore(IPublisherProcessor.PROP_PUBLISH_SUBSTORE); IConfigStore ldapcfg = publishcfg.getSubStore(IPublisherProcessor.PROP_LDAP_PUBLISH_SUBSTORE); IConfigStore ldap = ldapcfg.getSubStore(IPublisherProcessor.PROP_LDAP); - //set enable flag + // set enable flag publishcfg.putString(IPublisherProcessor.PROP_ENABLE, req.getParameter(Constants.PR_PUBLISHING_ENABLE)); String enable = req.getParameter(Constants.PR_ENABLE); @@ -518,8 +516,8 @@ public class PublisherAdminServlet extends AdminServlet { // need to disable the ldap module here mProcessor.setLdapConnModule(null); } - - //set reset of the parameters + + // set reset of the parameters Enumeration e = req.getParameterNames(); String pwd = null; @@ -536,9 +534,9 @@ public class PublisherAdminServlet extends AdminServlet { continue; if (name.equals(Constants.PR_PUBLISHING_ENABLE)) continue; - // don't store password in the config file. - if (name.equals(Constants.PR_BIND_PASSWD)) - continue; // old style password read from config. + // don't store password in the config file. + if (name.equals(Constants.PR_BIND_PASSWD)) + continue; // old style password read from config. if (name.equals(Constants.PR_DIRECTORY_MANAGER_PWD)) { pwd = req.getParameter(name); continue; @@ -567,40 +565,36 @@ public class PublisherAdminServlet extends AdminServlet { /* Don't enter the publishing pw into the config store */ ldap.putString(name, req.getParameter(name)); } - + commit(true); - /* Do a "PUT" of the new pw to the watchdog" - ** do not remove - cfu - if (pwd != null) - CMS.putPasswordCache(PW_TAG_CA_LDAP_PUBLISHING, pwd); + /* + * Do a "PUT" of the new pw to the watchdog"* do not remove - cfu if + * (pwd != null) CMS.putPasswordCache(PW_TAG_CA_LDAP_PUBLISHING, pwd); */ // support publishing dirsrv with different pwd than internaldb // update passwordFile String prompt = ldap.getString(Constants.PR_BINDPWD_PROMPT); IPasswordStore pwdStore = CMS.getPasswordStore(); - CMS.debug("PublisherAdminServlet: setLDAPDest(): saving password for "+ prompt + " to password file"); + CMS.debug("PublisherAdminServlet: setLDAPDest(): saving password for " + prompt + " to password file"); pwdStore.putPassword(prompt, pwd); pwdStore.commit(); CMS.debug("PublisherAdminServlet: setLDAPDest(): password saved"); -/* we'll shut down and restart the PublisherProcessor instead - // what a hack to do this without require restart server -// ILdapAuthInfo authInfo = CMS.getLdapAuthInfo(); - ILdapConnModule connModule = mProcessor.getLdapConnModule(); - ILdapAuthInfo authInfo = null; - if (connModule != null) { - authInfo = connModule.getLdapAuthInfo(); - } - -// authInfo.addPassword(PW_TAG_CA_LDAP_PUBLISHING, pwd); - if (authInfo != null) { - CMS.debug("PublisherAdminServlet: setLDAPDest(): adding password to memory cache"); - authInfo.addPassword(prompt, pwd); - } else - CMS.debug("PublisherAdminServlet: setLDAPDest(): authInfo null"); -*/ + /* + * we'll shut down and restart the PublisherProcessor instead // what a + * hack to do this without require restart server // ILdapAuthInfo + * authInfo = CMS.getLdapAuthInfo(); ILdapConnModule connModule = + * mProcessor.getLdapConnModule(); ILdapAuthInfo authInfo = null; if + * (connModule != null) { authInfo = connModule.getLdapAuthInfo(); } + * + * // authInfo.addPassword(PW_TAG_CA_LDAP_PUBLISHING, pwd); if (authInfo + * != null) { CMS.debug( + * "PublisherAdminServlet: setLDAPDest(): adding password to memory cache" + * ); authInfo.addPassword(prompt, pwd); } else + * CMS.debug("PublisherAdminServlet: setLDAPDest(): authInfo null"); + */ try { CMS.debug("PublisherAdminServlet: setLDAPDest(): restarting publishing processor"); @@ -613,24 +607,24 @@ public class PublisherAdminServlet extends AdminServlet { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_RES_LDAP", ex.toString())); } - //XXX See if we can dynamically in B2 + // XXX See if we can dynamically in B2 sendResponse(SUCCESS, null, null, resp); } private void testSetLDAPDest(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); CMS.debug("PublisherAdmineServlet: in testSetLDAPDest"); - //Save New Settings to the config file + // Save New Settings to the config file IConfigStore config = mAuth.getConfigStore(); IConfigStore publishcfg = config.getSubStore(IPublisherProcessor.PROP_PUBLISH_SUBSTORE); IConfigStore ldapcfg = publishcfg.getSubStore(IPublisherProcessor.PROP_LDAP_PUBLISH_SUBSTORE); IConfigStore ldap = ldapcfg.getSubStore(IPublisherProcessor.PROP_LDAP); - //set enable flag - publishcfg.putString(IPublisherProcessor.PROP_ENABLE, - req.getParameter(Constants.PR_PUBLISHING_ENABLE)); + // set enable flag + publishcfg.putString(IPublisherProcessor.PROP_ENABLE, + req.getParameter(Constants.PR_PUBLISHING_ENABLE)); String ldapPublish = req.getParameter(Constants.PR_ENABLE); ldapcfg.putString(IPublisherProcessor.PROP_ENABLE, ldapPublish); @@ -639,7 +633,7 @@ public class PublisherAdminServlet extends AdminServlet { mProcessor.setLdapConnModule(null); } - //set reset of the parameters + // set reset of the parameters Enumeration e = req.getParameterNames(); String pwd = null; @@ -656,9 +650,9 @@ public class PublisherAdminServlet extends AdminServlet { continue; if (name.equals(Constants.PR_PUBLISHING_ENABLE)) continue; - // don't store password in the config file. - if (name.equals(Constants.PR_BIND_PASSWD)) - continue; // old style password read from config. + // don't store password in the config file. + if (name.equals(Constants.PR_BIND_PASSWD)) + continue; // old style password read from config. if (name.equals(Constants.PR_DIRECTORY_MANAGER_PWD)) { pwd = req.getParameter(name); continue; @@ -687,25 +681,25 @@ public class PublisherAdminServlet extends AdminServlet { /* Don't enter the publishing pw into the config store */ ldap.putString(name, req.getParameter(name)); } - + // test before commit if (publishcfg.getBoolean(IPublisherProcessor.PROP_ENABLE) && - ldapcfg.getBoolean(IPublisherProcessor.PROP_ENABLE)) { - params.add("title", - "You've attempted to configure CMS to connect" + - " to a LDAP directory. The connection status is" + - " as follows:\n \n"); + ldapcfg.getBoolean(IPublisherProcessor.PROP_ENABLE)) { + params.add("title", + "You've attempted to configure CMS to connect" + + " to a LDAP directory. The connection status is" + + " as follows:\n \n"); LDAPConnection conn = null; ILdapConnInfo connInfo = - CMS.getLdapConnInfo(ldap.getSubStore( - ILdapBoundConnFactory.PROP_LDAPCONNINFO)); - //LdapAuthInfo authInfo = - //new LdapAuthInfo(ldap.getSubStore( - // ILdapBoundConnFactory.PROP_LDAPAUTHINFO)); - String host = connInfo.getHost(); + CMS.getLdapConnInfo(ldap.getSubStore( + ILdapBoundConnFactory.PROP_LDAPCONNINFO)); + // LdapAuthInfo authInfo = + // new LdapAuthInfo(ldap.getSubStore( + // ILdapBoundConnFactory.PROP_LDAPAUTHINFO)); + String host = connInfo.getHost(); int port = connInfo.getPort(); boolean secure = connInfo.getSecure(); - //int authType = authInfo.getAuthType(); + // int authType = authInfo.getAuthType(); String authType = ldap.getSubStore( ILdapBoundConnFactory.PROP_LDAPAUTHINFO).getString(ILdapAuthInfo.PROP_LDAPAUTHTYPE); int version = connInfo.getVersion(); @@ -714,57 +708,57 @@ public class PublisherAdminServlet extends AdminServlet { if (authType.equals(ILdapAuthInfo.LDAP_SSLCLIENTAUTH_STR)) { try { - //certNickName = authInfo.getParms()[0]; + // certNickName = authInfo.getParms()[0]; certNickName = ldap.getSubStore( ILdapBoundConnFactory.PROP_LDAPAUTHINFO).getString(ILdapAuthInfo.PROP_CLIENTCERTNICKNAME); conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory( certNickName)); CMS.debug("Publishing Test certNickName=" + certNickName); - params.add(Constants.PR_CONN_INITED, - "Create ssl LDAPConnection with certificate: " + - certNickName + dashes(70 - 44 - certNickName.length()) + " Success"); + params.add(Constants.PR_CONN_INITED, + "Create ssl LDAPConnection with certificate: " + + certNickName + dashes(70 - 44 - certNickName.length()) + " Success"); } catch (Exception ex) { - params.add(Constants.PR_CONN_INIT_FAIL, - "Create ssl LDAPConnection with certificate: " + - certNickName + dashes(70 - 44 - certNickName.length()) + " failure\n" + " exception: " + ex); - params.add(Constants.PR_SAVE_NOT, - "\n \nIf the problem is not fixed then LDAP publishing will fail.\n" + - "Do you want to save the configuration anyway?"); + params.add(Constants.PR_CONN_INIT_FAIL, + "Create ssl LDAPConnection with certificate: " + + certNickName + dashes(70 - 44 - certNickName.length()) + " failure\n" + " exception: " + ex); + params.add(Constants.PR_SAVE_NOT, + "\n \nIf the problem is not fixed then LDAP publishing will fail.\n" + + "Do you want to save the configuration anyway?"); sendResponse(SUCCESS, null, params, resp); return; } try { conn.connect(host, port); - params.add(Constants.PR_CONN_OK, - "Connect to directory server " + - host + " at port " + port + - dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Success"); - params.add(Constants.PR_AUTH_OK, - "Authentication: SSL client authentication" + - dashes(70 - 41) + " Success" + - "\nBind to the directory as: " + certNickName + - dashes(70 - 26 - certNickName.length()) + " Success"); + params.add(Constants.PR_CONN_OK, + "Connect to directory server " + + host + " at port " + port + + dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Success"); + params.add(Constants.PR_AUTH_OK, + "Authentication: SSL client authentication" + + dashes(70 - 41) + " Success" + + "\nBind to the directory as: " + certNickName + + dashes(70 - 26 - certNickName.length()) + " Success"); } catch (LDAPException ex) { if (ex.getLDAPResultCode() == LDAPException.UNAVAILABLE) { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. - params.add(Constants.PR_CONN_FAIL, - "Connect to directory server " + - host + " at port " + port + - dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + - " Failure\n" + - " error: server unavailable"); + params.add(Constants.PR_CONN_FAIL, + "Connect to directory server " + + host + " at port " + port + + dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + + " Failure\n" + + " error: server unavailable"); } else { - params.add(Constants.PR_CONN_FAIL, - "Connect to directory server " + - host + " at port " + port + - dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + - " Failure"); + params.add(Constants.PR_CONN_FAIL, + "Connect to directory server " + + host + " at port " + port + + dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + + " Failure"); } - params.add(Constants.PR_SAVE_NOT, - "\n \nIf the problem is not fixed then " + - "LDAP publishing will fail.\n" + - "Do you want to save the configuration anyway?"); + params.add(Constants.PR_SAVE_NOT, + "\n \nIf the problem is not fixed then " + + "LDAP publishing will fail.\n" + + "Do you want to save the configuration anyway?"); sendResponse(SUCCESS, null, params, resp); return; } @@ -773,99 +767,97 @@ public class PublisherAdminServlet extends AdminServlet { if (secure) { conn = new LDAPConnection( CMS.getLdapJssSSLSocketFactory()); - params.add(Constants.PR_CONN_INITED, - "Create ssl LDAPConnection" + - dashes(70 - 25) + " Success"); + params.add(Constants.PR_CONN_INITED, + "Create ssl LDAPConnection" + + dashes(70 - 25) + " Success"); } else { conn = new LDAPConnection(); - params.add(Constants.PR_CONN_INITED, - "Create LDAPConnection" + - dashes(70 - 21) + " Success"); + params.add(Constants.PR_CONN_INITED, + "Create LDAPConnection" + + dashes(70 - 21) + " Success"); } } catch (Exception ex) { - params.add(Constants.PR_CONN_INIT_FAIL, - "Create LDAPConnection" + - dashes(70 - 21) + " Failure\n" + - "exception: " + ex); - params.add(Constants.PR_SAVE_NOT, - "\n \nIf the problem is not fixed then " + - "LDAP publishing will fail.\n" + - "Do you want to save the configuration anyway?"); + params.add(Constants.PR_CONN_INIT_FAIL, + "Create LDAPConnection" + + dashes(70 - 21) + " Failure\n" + + "exception: " + ex); + params.add(Constants.PR_SAVE_NOT, + "\n \nIf the problem is not fixed then " + + "LDAP publishing will fail.\n" + + "Do you want to save the configuration anyway?"); sendResponse(SUCCESS, null, params, resp); return; } try { conn.connect(host, port); - params.add(Constants.PR_CONN_OK, - "Connect to directory server " + - host + " at port " + port + - dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Success"); + params.add(Constants.PR_CONN_OK, + "Connect to directory server " + + host + " at port " + port + + dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Success"); } catch (LDAPException ex) { if (ex.getLDAPResultCode() == LDAPException.UNAVAILABLE) { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. - params.add(Constants.PR_CONN_FAIL, - "Connect to directory server " + - host + " at port " + port + - dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Failure" + - "\nerror: server unavailable"); + params.add(Constants.PR_CONN_FAIL, + "Connect to directory server " + + host + " at port " + port + + dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Failure" + + "\nerror: server unavailable"); } else { - params.add(Constants.PR_CONN_FAIL, - "Connect to directory server " + - host + " at port " + port + - dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Failure" + - "\nexception: " + ex); + params.add(Constants.PR_CONN_FAIL, + "Connect to directory server " + + host + " at port " + port + + dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Failure" + + "\nexception: " + ex); } - params.add(Constants.PR_SAVE_NOT, - "\n \nIf the problem is not fixed then " + - "LDAP publishing will fail.\n" + - "Do you want to save the configuration anyway?"); + params.add(Constants.PR_SAVE_NOT, + "\n \nIf the problem is not fixed then " + + "LDAP publishing will fail.\n" + + "Do you want to save the configuration anyway?"); sendResponse(SUCCESS, null, params, resp); return; } try { - //bindAs = authInfo.getParms()[0]; + // bindAs = authInfo.getParms()[0]; bindAs = ldap.getSubStore( ILdapBoundConnFactory.PROP_LDAPAUTHINFO).getString(ILdapAuthInfo.PROP_BINDDN); conn.authenticate(version, bindAs, pwd); - params.add(Constants.PR_AUTH_OK, - "Authentication: Basic authentication" + - dashes(70 - 36) + " Success" + - "\nBind to the directory as: " + bindAs + - dashes(70 - 26 - bindAs.length()) + " Success"); + params.add(Constants.PR_AUTH_OK, + "Authentication: Basic authentication" + + dashes(70 - 36) + " Success" + + "\nBind to the directory as: " + bindAs + + dashes(70 - 26 - bindAs.length()) + " Success"); } catch (LDAPException ex) { - if (ex.getLDAPResultCode() == - LDAPException.NO_SUCH_OBJECT) { - params.add(Constants.PR_AUTH_FAIL, - "Authentication: Basic authentication" + - dashes(70 - 36) + "Failure" + - "\nBind to the directory as: " + bindAs + - dashes(70 - 26 - bindAs.length()) + - "Failure" + "\nThe object doesn't exist. " + - "Please correct the value assigned in the" + - " \"Directory manager DN\" field."); - } else if (ex.getLDAPResultCode() == - LDAPException.INVALID_CREDENTIALS) { - params.add(Constants.PR_AUTH_FAIL, - "Authentication: Basic authentication" + - dashes(70 - 36) + " Failure" + - "\nBind to the directory as: " + bindAs + - dashes(70 - 26 - bindAs.length()) + - " Failure" + "\nInvalid password. " + - "Please correct the value assigned in the" + - " \"Password\" field."); + if (ex.getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT) { + params.add(Constants.PR_AUTH_FAIL, + "Authentication: Basic authentication" + + dashes(70 - 36) + "Failure" + + "\nBind to the directory as: " + bindAs + + dashes(70 - 26 - bindAs.length()) + + "Failure" + "\nThe object doesn't exist. " + + "Please correct the value assigned in the" + + " \"Directory manager DN\" field."); + } else if (ex.getLDAPResultCode() == LDAPException.INVALID_CREDENTIALS) { + params.add(Constants.PR_AUTH_FAIL, + "Authentication: Basic authentication" + + dashes(70 - 36) + " Failure" + + "\nBind to the directory as: " + bindAs + + dashes(70 - 26 - bindAs.length()) + + " Failure" + "\nInvalid password. " + + "Please correct the value assigned in the" + + " \"Password\" field."); } else { - params.add(Constants.PR_AUTH_FAIL, - "Authentication: Basic authentication" + - dashes(70 - 36) + " Failure" + - "\nBind to the directory as: " + bindAs + - dashes(70 - 26 - bindAs.length()) + - " Failure"); + params.add(Constants.PR_AUTH_FAIL, + "Authentication: Basic authentication" + + dashes(70 - 36) + " Failure" + + "\nBind to the directory as: " + bindAs + + dashes(70 - 26 - bindAs.length()) + + " Failure"); } - params.add(Constants.PR_SAVE_NOT, - "\n \nIf the problem is not fixed then " + - "LDAP publishing will fail.\n" + - "Do you want to save the configuration anyway?"); + params.add(Constants.PR_SAVE_NOT, + "\n \nIf the problem is not fixed then " + + "LDAP publishing will fail.\n" + + "Do you want to save the configuration anyway?"); sendResponse(SUCCESS, null, params, resp); return; } @@ -873,55 +865,55 @@ public class PublisherAdminServlet extends AdminServlet { } - //commit(true); + // commit(true); if (ldapcfg.getBoolean(IPublisherProcessor.PROP_ENABLE) && - pwd != null) { + pwd != null) { - /* Do a "PUT" of the new pw to the watchdog" - ** do not remove - cfu - CMS.putPasswordCache(PW_TAG_CA_LDAP_PUBLISHING, pwd); + /* + * Do a "PUT" of the new pw to the watchdog"* do not remove - cfu + * CMS.putPasswordCache(PW_TAG_CA_LDAP_PUBLISHING, pwd); */ // support publishing dirsrv with different pwd than internaldb // update passwordFile String prompt = ldap.getString(Constants.PR_BINDPWD_PROMPT); IPasswordStore pwdStore = CMS.getPasswordStore(); - CMS.debug("PublisherAdminServlet: testSetLDAPDest(): saving password for "+ - prompt + " to password file"); + CMS.debug("PublisherAdminServlet: testSetLDAPDest(): saving password for " + + prompt + " to password file"); pwdStore.putPassword(prompt, pwd); pwdStore.commit(); CMS.debug("PublisherAdminServlet: testSetLDAPDest(): password saved"); -/* we'll shut down and restart the PublisherProcessor instead - // what a hack to do this without require restart server -// ILdapAuthInfo authInfo = CMS.getLdapAuthInfo(); - ILdapConnModule connModule = mProcessor.getLdapConnModule(); - ILdapAuthInfo authInfo = null; - if (connModule != null) { - authInfo = connModule.getLdapAuthInfo(); - } else - CMS.debug("PublisherAdminServlet: testSetLDAPDest(): connModule null"); - -// authInfo.addPassword(PW_TAG_CA_LDAP_PUBLISHING, pwd); - if (authInfo != null) { - CMS.debug("PublisherAdminServlet: testSetLDAPDest(): adding password to memory cache"); - authInfo.addPassword(prompt, pwd); - } else - CMS.debug("PublisherAdminServlet: testSetLDAPDest(): authInfo null"); -*/ + /* + * we'll shut down and restart the PublisherProcessor instead // + * what a hack to do this without require restart server // + * ILdapAuthInfo authInfo = CMS.getLdapAuthInfo(); ILdapConnModule + * connModule = mProcessor.getLdapConnModule(); ILdapAuthInfo + * authInfo = null; if (connModule != null) { authInfo = + * connModule.getLdapAuthInfo(); } else + * CMS.debug("PublisherAdminServlet: testSetLDAPDest(): connModule null" + * ); + * + * // authInfo.addPassword(PW_TAG_CA_LDAP_PUBLISHING, pwd); if + * (authInfo != null) { CMS.debug( + * "PublisherAdminServlet: testSetLDAPDest(): adding password to memory cache" + * ); authInfo.addPassword(prompt, pwd); } else + * CMS.debug("PublisherAdminServlet: testSetLDAPDest(): authInfo null" + * ); + */ } - //params.add(Constants.PR_SAVE_OK, - // "\n \nConfiguration changes are now committed."); + // params.add(Constants.PR_SAVE_OK, + // "\n \nConfiguration changes are now committed."); mProcessor.shutdown(); if (publishcfg.getBoolean(IPublisherProcessor.PROP_ENABLE)) { mProcessor.startup(); - //params.add("restarted", "Publishing is restarted."); + // params.add("restarted", "Publishing is restarted."); if (ldapcfg.getBoolean(IPublisherProcessor.PROP_ENABLE)) { ICertAuthority authority = (ICertAuthority) mProcessor.getAuthority(); - if (!(authority instanceof ICertificateAuthority)) + if (!(authority instanceof ICertificateAuthority)) return; ICertificateAuthority ca = (ICertificateAuthority) authority; @@ -929,26 +921,26 @@ public class PublisherAdminServlet extends AdminServlet { try { mProcessor.publishCACert(ca.getCACert()); CMS.debug("PublisherAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_PUB_CA_CERT")); - params.add("publishCA", - "CA certificate is published."); + params.add("publishCA", + "CA certificate is published."); } catch (Exception ex) { // exception not thrown - not seen as a fatal error. - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_NO_PUB_CA_CERT", ex.toString())); - params.add("publishCA", - "Failed to publish CA certificate."); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_NO_PUB_CA_CERT", ex.toString())); + params.add("publishCA", + "Failed to publish CA certificate."); int index = ex.toString().indexOf("Failed to create CA"); if (index > -1) { params.add("createError", - ex.toString().substring(index)); + ex.toString().substring(index)); } mProcessor.shutdown(); // Do you want to enable LDAP publishing anyway - params.add(Constants.PR_SAVE_NOT, - "\n \nIf the problem is not fixed then " + - "the CA certificate won't be published.\n" + - "Do you want to enable LDAP publishing anyway?"); + params.add(Constants.PR_SAVE_NOT, + "\n \nIf the problem is not fixed then " + + "the CA certificate won't be published.\n" + + "Do you want to enable LDAP publishing anyway?"); sendResponse(SUCCESS, null, params, resp); return; @@ -958,65 +950,65 @@ public class PublisherAdminServlet extends AdminServlet { CMS.debug("PublisherAdminServlet: about to update CRL"); ca.publishCRLNow(); CMS.debug(CMS.getLogMessage("ADMIN_SRVLT_PUB_CRL")); - params.add("publishCRL", - "CRL is published."); + params.add("publishCRL", + "CRL is published."); } catch (Exception ex) { // exception not thrown - not seen as a fatal error. - log(ILogger.LL_FAILURE, - "Could not publish crl " + ex.toString()); - params.add("publishCRL", - "Failed to publish CRL."); + log(ILogger.LL_FAILURE, + "Could not publish crl " + ex.toString()); + params.add("publishCRL", + "Failed to publish CRL."); mProcessor.shutdown(); // Do you want to enable LDAP publishing anyway - params.add(Constants.PR_SAVE_NOT, - "\n \nIf the problem is not fixed then " + - "the CRL won't be published.\n" + - "Do you want to enable LDAP publishing anyway?"); + params.add(Constants.PR_SAVE_NOT, + "\n \nIf the problem is not fixed then " + + "the CRL won't be published.\n" + + "Do you want to enable LDAP publishing anyway?"); sendResponse(SUCCESS, null, params, resp); return; } } commit(true); - params.add(Constants.PR_SAVE_OK, - "\n \nConfiguration changes are now committed."); + params.add(Constants.PR_SAVE_OK, + "\n \nConfiguration changes are now committed."); params.add("restarted", "Publishing is restarted."); } else { commit(true); - params.add(Constants.PR_SAVE_OK, - "\n \nConfiguration changes are now committed."); - params.add("stopped", - "Publishing is stopped."); + params.add(Constants.PR_SAVE_OK, + "\n \nConfiguration changes are now committed."); + params.add("stopped", + "Publishing is stopped."); } - //XXX See if we can dynamically in B2 + // XXX See if we can dynamically in B2 sendResponse(SUCCESS, null, params, resp); } - private synchronized void addMapperPlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void addMapperPlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // is the manager id unique? if (mProcessor.getMapperPlugins().containsKey((Object) id)) { sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req),"CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(), + null, resp); return; } String classPath = req.getParameter(Constants.PR_MAPPER_CLASS); if (classPath == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req),"CMS_LDAP_SRVLT_NULL_CLASS"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_NULL_CLASS"), null, resp); return; } @@ -1057,10 +1049,10 @@ public class PublisherAdminServlet extends AdminServlet { try { mConfig.commit(true); } catch (EBaseException e) { - //System.out.println("SRVLT_FAIL_COMMIT"); + // System.out.println("SRVLT_FAIL_COMMIT"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -1068,8 +1060,8 @@ public class PublisherAdminServlet extends AdminServlet { MapperPlugin plugin = new MapperPlugin(id, classPath); mProcessor.getMapperPlugins().put(id, plugin); - mProcessor.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_MAPPER_ADDED", "")); + mProcessor.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_MAPPER_ADDED", "")); NameValuePairs params = new NameValuePairs(); @@ -1087,27 +1079,27 @@ public class PublisherAdminServlet extends AdminServlet { return true; } - private synchronized void addMapperInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void addMapperInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } if (!isValidID(id)) { - sendResponse(ERROR, "Invalid ID '" + id + "'", - null, resp); + sendResponse(ERROR, "Invalid ID '" + id + "'", + null, resp); return; } if (mProcessor.getMapperInsts().containsKey((Object) id)) { sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id), - null, resp); + null, resp); return; } @@ -1122,13 +1114,13 @@ public class PublisherAdminServlet extends AdminServlet { // check if implementation exists. MapperPlugin plugin = - (MapperPlugin) mProcessor.getMapperPlugins().get( - implname); + (MapperPlugin) mProcessor.getMapperPlugins().get( + implname); if (plugin == null) { sendResponse(ERROR, - new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", implname)).toString(), - null, resp); + new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", implname)).toString(), + null, resp); return; } @@ -1145,11 +1137,11 @@ public class PublisherAdminServlet extends AdminServlet { String val = req.getParameter(kv.substring(0, index)); if (val == null) { - substore.put(kv.substring(0, index), - kv.substring(index + 1)); + substore.put(kv.substring(0, index), + kv.substring(index + 1)); } else { - substore.put(kv.substring(0, index), - val); + substore.put(kv.substring(0, index), + val); } } } @@ -1165,20 +1157,20 @@ public class PublisherAdminServlet extends AdminServlet { // cleanup instancesConfig.removeSubStore(id); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (InstantiationException e) { instancesConfig.removeSubStore(id); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { instancesConfig.removeSubStore(id); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } @@ -1203,46 +1195,46 @@ public class PublisherAdminServlet extends AdminServlet { // clean up. instancesConfig.removeSubStore(id); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } // inited and commited ok. now add mapper instance to list. mProcessor.getMapperInsts().put(id, new MapperProxy(true, mapperInst)); - mProcessor.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_MAPPER_INST_ADDED", id)); + mProcessor.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_MAPPER_INST_ADDED", id)); NameValuePairs params = new NameValuePairs(); params.add(Constants.PR_MAPPER_IMPL_NAME, implname); sendResponse(SUCCESS, null, params, resp); return; - } + } - private synchronized void listMapperPlugins(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void listMapperPlugins(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration e = mProcessor.getMapperPlugins().keys(); while (e.hasMoreElements()) { String name = (String) e.nextElement(); - MapperPlugin value = (MapperPlugin) - mProcessor.getMapperPlugins().get(name); + MapperPlugin value = (MapperPlugin) + mProcessor.getMapperPlugins().get(name); // get Description - String c = value.getClassPath(); + String c = value.getClassPath(); String desc = "unknown"; try { ILdapMapper lp = (ILdapMapper) - Class.forName(c).newInstance(); + Class.forName(c).newInstance(); desc = lp.getDescription(); } catch (Exception exp) { - sendResponse(ERROR, exp.toString(), null, - resp); + sendResponse(ERROR, exp.toString(), null, + resp); return; } params.add(name, value.getClassPath() + "," + desc); @@ -1261,8 +1253,8 @@ public class PublisherAdminServlet extends AdminServlet { } } - private synchronized void listMapperInsts(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void listMapperInsts(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -1278,40 +1270,40 @@ public class PublisherAdminServlet extends AdminServlet { return; } - private synchronized void delMapperInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void delMapperInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // does a`mapper instance exist? if (mProcessor.getMapperInsts().containsKey(id) == false) { sendResponse(ERROR, - new EMapperNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_NOT_FOUND", id)).toString(), - null, resp); + new EMapperNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_NOT_FOUND", id)).toString(), + null, resp); return; } // only remove from memory // cannot shutdown because we don't keep track of whether it's - // being used. + // being used. ILdapMapper mapperInst = (ILdapMapper) - mProcessor.getMapperInstance(id); + mProcessor.getMapperInstance(id); mProcessor.getMapperInsts().remove((Object) id); // remove the configuration. IConfigStore destStore = - mConfig.getSubStore( - mAuth.getId() + ".publish.mapper"); + mConfig.getSubStore( + mAuth.getId() + ".publish.mapper"); IConfigStore instancesConfig = destStore.getSubStore("instance"); instancesConfig.removeSubStore(id); @@ -1319,41 +1311,40 @@ public class PublisherAdminServlet extends AdminServlet { try { mConfig.commit(true); } catch (EBaseException e) { - //System.out.println("SRVLT_FAIL_COMMIT"); + // System.out.println("SRVLT_FAIL_COMMIT"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } sendResponse(SUCCESS, null, params, resp); return; - } + } - private synchronized void delMapperPlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void delMapperPlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } if (mProcessor.getMapperPlugins().containsKey(id) == false) { sendResponse(ERROR, - new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", id)).toString(), - null, resp); + new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", id)).toString(), + null, resp); return; } // first check if any instances from this mapper // DON'T remove mapper if any instance - for (Enumeration e = mProcessor.getMapperInsts().keys(); - e.hasMoreElements();) { + for (Enumeration e = mProcessor.getMapperInsts().keys(); e.hasMoreElements();) { String name = (String) e.nextElement(); ILdapMapper mapper = mProcessor.getMapperInstance(name); @@ -1362,15 +1353,15 @@ public class PublisherAdminServlet extends AdminServlet { return; } } - + // then delete this mapper mProcessor.getMapperPlugins().remove((Object) id); IConfigStore destStore = - mConfig.getSubStore( - mAuth.getId() + ".publish.mapper"); + mConfig.getSubStore( + mAuth.getId() + ".publish.mapper"); IConfigStore instancesConfig = - destStore.getSubStore("impl"); + destStore.getSubStore("impl"); instancesConfig.removeSubStore(id); // commiting @@ -1378,26 +1369,26 @@ public class PublisherAdminServlet extends AdminServlet { mConfig.commit(true); } catch (EBaseException e) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } sendResponse(SUCCESS, null, params, resp); return; - } + } - private synchronized void getMapperConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private synchronized void getMapperConfig(HttpServletRequest req, + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String implname = req.getParameter(Constants.RS_ID); if (implname == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -1411,50 +1402,50 @@ public class PublisherAdminServlet extends AdminServlet { String kv = (String) configParams.elementAt(i); int index = kv.indexOf('='); - params.add(kv.substring(0, index), - kv.substring(index + 1)); + params.add(kv.substring(0, index), + kv.substring(index + 1)); } } sendResponse(0, null, params, resp); return; } - private synchronized void getMapperInstConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void getMapperInstConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // does mapper instance exist? if (mProcessor.getMapperInsts().containsKey(id) == false) { sendResponse(ERROR, - new EMapperNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_NOT_FOUND", id)).toString(), - null, resp); + new EMapperNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_NOT_FOUND", id)).toString(), + null, resp); return; } ILdapMapper mapperInst = (ILdapMapper) - mProcessor.getMapperInstance(id); + mProcessor.getMapperInstance(id); Vector configParams = mapperInst.getInstanceParams(); NameValuePairs params = new NameValuePairs(); - params.add(Constants.PR_MAPPER_IMPL_NAME, - getMapperPluginName(mapperInst)); + params.add(Constants.PR_MAPPER_IMPL_NAME, + getMapperPluginName(mapperInst)); // implName is always required so always send it. if (configParams != null) { for (int i = 0; i < configParams.size(); i++) { String kv = (String) configParams.elementAt(i); int index = kv.indexOf('='); - params.add(kv.substring(0, index), - kv.substring(index + 1)); + params.add(kv.substring(0, index), + kv.substring(index + 1)); } } @@ -1462,24 +1453,24 @@ public class PublisherAdminServlet extends AdminServlet { return; } - private synchronized void modMapperInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void modMapperInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // Does the manager instance exist? if (!mProcessor.getMapperInsts().containsKey((Object) id)) { sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id), - null, resp); + null, resp); return; } @@ -1492,19 +1483,19 @@ public class PublisherAdminServlet extends AdminServlet { } // get plugin for implementation MapperPlugin plugin = - (MapperPlugin) mProcessor.getMapperPlugins().get(implname); + (MapperPlugin) mProcessor.getMapperPlugins().get(implname); if (plugin == null) { sendResponse(ERROR, - new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", implname)).toString(), - null, resp); + new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", implname)).toString(), + null, resp); return; } // save old instance substore params in case new one fails. ILdapMapper oldinst = - (ILdapMapper) mProcessor.getMapperInstance(id); + (ILdapMapper) mProcessor.getMapperInstance(id); Vector oldConfigParms = oldinst.getInstanceParams(); NameValuePairs saveParams = new NameValuePairs(); @@ -1516,7 +1507,7 @@ public class PublisherAdminServlet extends AdminServlet { int index = kv.indexOf('='); saveParams.add(kv.substring(0, index), - kv.substring(index + 1)); + kv.substring(index + 1)); } } @@ -1525,8 +1516,8 @@ public class PublisherAdminServlet extends AdminServlet { // remove old substore. IConfigStore destStore = - mConfig.getSubStore(mAuth.getId() + - ".publish.mapper"); + mConfig.getSubStore(mAuth.getId() + + ".publish.mapper"); IConfigStore instancesConfig = destStore.getSubStore("instance"); // create new substore. @@ -1557,26 +1548,26 @@ public class PublisherAdminServlet extends AdminServlet { ILdapMapper newMgrInst = null; try { - newMgrInst = (ILdapMapper) + newMgrInst = (ILdapMapper) Class.forName(className).newInstance(); } catch (ClassNotFoundException e) { // cleanup restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (InstantiationException e) { restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } // initialize the mapper @@ -1586,26 +1577,26 @@ public class PublisherAdminServlet extends AdminServlet { } catch (EBaseException e) { // don't commit in this case and cleanup the new substore. restore(instancesConfig, id, saveParams); - sendResponse(ERROR, e.toString(getLocale(req)), null, - resp); + sendResponse(ERROR, e.toString(getLocale(req)), null, + resp); return; } catch (Throwable e) { restore(instancesConfig, id, saveParams); - sendResponse(ERROR, e.toString(), null, - resp); + sendResponse(ERROR, e.toString(), null, + resp); return; } - // initialized ok. commiting + // initialized ok. commiting try { mConfig.commit(true); } catch (EBaseException e) { // clean up. restore(instancesConfig, id, saveParams); - //System.out.println("SRVLT_FAIL_COMMIT"); + // System.out.println("SRVLT_FAIL_COMMIT"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -1614,31 +1605,31 @@ public class PublisherAdminServlet extends AdminServlet { mProcessor.getMapperInsts().put(id, new MapperProxy(true, newMgrInst)); mProcessor.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_MAPPER_REPLACED", id)); + CMS.getLogMessage("ADMIN_SRVLT_MAPPER_REPLACED", id)); NameValuePairs params = new NameValuePairs(); sendResponse(SUCCESS, null, params, resp); return; } - private synchronized void addRulePlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void addRulePlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // is the rule id unique? if (mProcessor.getRulePlugins().containsKey((Object) id)) { sendResponse(ERROR, - new ELdapException(CMS.getUserMessage("CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(getLocale(req)), - null, resp); + new ELdapException(CMS.getUserMessage("CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(getLocale(req)), + null, resp); return; } @@ -1687,10 +1678,10 @@ public class PublisherAdminServlet extends AdminServlet { try { mConfig.commit(true); } catch (EBaseException e) { - //System.out.println("SRVLT_FAIL_COMMIT"); + // System.out.println("SRVLT_FAIL_COMMIT"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -1698,8 +1689,8 @@ public class PublisherAdminServlet extends AdminServlet { RulePlugin plugin = new RulePlugin(id, classPath); mProcessor.getRulePlugins().put(id, plugin); - mProcessor.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_RULE_PLUG_ADDED", id)); + mProcessor.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_RULE_PLUG_ADDED", id)); NameValuePairs params = new NameValuePairs(); @@ -1707,26 +1698,26 @@ public class PublisherAdminServlet extends AdminServlet { return; } - private synchronized void addRuleInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void addRuleInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } if (!isValidID(id)) { - sendResponse(ERROR, "Invalid ID '" + id + "'", - null, resp); + sendResponse(ERROR, "Invalid ID '" + id + "'", + null, resp); return; } if (mProcessor.getRuleInsts().containsKey((Object) id)) { sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id), - null, resp); + null, resp); return; } @@ -1741,23 +1732,23 @@ public class PublisherAdminServlet extends AdminServlet { // check if implementation exists. RulePlugin plugin = - (RulePlugin) mProcessor.getRulePlugins().get( - implname); + (RulePlugin) mProcessor.getRulePlugins().get( + implname); if (plugin == null) { sendResponse(ERROR, - new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(), - null, resp); + new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(), + null, resp); return; } Vector configParams = mProcessor.getRuleDefaultParams(implname); IConfigStore destStore = - mConfig.getSubStore(mAuth.getId() - + ".publish.rule"); + mConfig.getSubStore(mAuth.getId() + + ".publish.rule"); IConfigStore instancesConfig = - destStore.getSubStore("instance"); + destStore.getSubStore("instance"); IConfigStore substore = instancesConfig.makeSubStore(id); if (configParams != null) { @@ -1767,13 +1758,13 @@ public class PublisherAdminServlet extends AdminServlet { String val = req.getParameter(kv.substring(0, index)); if (val == null) { - substore.put(kv.substring(0, index), - kv.substring(index + 1)); + substore.put(kv.substring(0, index), + kv.substring(index + 1)); } else { if (val.equals(NOMAPPER)) val = ""; - substore.put(kv.substring(0, index), - val); + substore.put(kv.substring(0, index), + val); } } } @@ -1789,20 +1780,20 @@ public class PublisherAdminServlet extends AdminServlet { // cleanup instancesConfig.removeSubStore(id); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (InstantiationException e) { instancesConfig.removeSubStore(id); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { instancesConfig.removeSubStore(id); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } @@ -1828,40 +1819,40 @@ public class PublisherAdminServlet extends AdminServlet { // clean up. instancesConfig.removeSubStore(id); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } // inited and commited ok. now add manager instance to list. mProcessor.getRuleInsts().put(id, ruleInst); - mProcessor.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_RULE_INST_ADDED", id)); + mProcessor.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_RULE_INST_ADDED", id)); NameValuePairs params = new NameValuePairs(); params.add(Constants.PR_RULE_IMPL_NAME, implname); sendResponse(SUCCESS, null, params, resp); return; - } + } - private synchronized void listRulePlugins(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void listRulePlugins(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration e = mProcessor.getRulePlugins().keys(); while (e.hasMoreElements()) { String name = (String) e.nextElement(); - RulePlugin value = (RulePlugin) - mProcessor.getRulePlugins().get(name); + RulePlugin value = (RulePlugin) + mProcessor.getRulePlugins().get(name); // get Description - String c = value.getClassPath(); + String c = value.getClassPath(); String desc = "unknown"; try { ILdapRule lp = (ILdapRule) - Class.forName(c).newInstance(); + Class.forName(c).newInstance(); desc = lp.getDescription(); } catch (Exception exp) { @@ -1872,8 +1863,8 @@ public class PublisherAdminServlet extends AdminServlet { return; } - private synchronized void listRuleInsts(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void listRuleInsts(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String insts = null; @@ -1881,8 +1872,8 @@ public class PublisherAdminServlet extends AdminServlet { for (; e.hasMoreElements();) { String name = (String) e.nextElement(); - ILdapRule value = (ILdapRule) - mProcessor.getRuleInsts().get((Object) name); + ILdapRule value = (ILdapRule) + mProcessor.getRuleInsts().get((Object) name); String enabled = value.enabled() ? "enabled" : "disabled"; params.add(name, value.getInstanceName() + ";visible;" + enabled); @@ -1901,47 +1892,46 @@ public class PublisherAdminServlet extends AdminServlet { } } - private synchronized void delRulePlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void delRulePlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // does rule exist? if (mProcessor.getRulePlugins().containsKey(id) == false) { sendResponse(ERROR, - new ERulePluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_RULE_PLUGIN_NOT_FOUND", id)).toString(), - null, resp); + new ERulePluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_RULE_PLUGIN_NOT_FOUND", id)).toString(), + null, resp); return; } // first check if any instances from this rule // DON'T remove rule if any instance - for (Enumeration e = mProcessor.getRuleInsts().elements(); - e.hasMoreElements();) { - ILdapRule rule = (ILdapRule) - e.nextElement(); + for (Enumeration e = mProcessor.getRuleInsts().elements(); e.hasMoreElements();) { + ILdapRule rule = (ILdapRule) + e.nextElement(); if (id.equals(getRulePluginName(rule))) { sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_IN_USE"), null, resp); return; } } - + // then delete this rule mProcessor.getRulePlugins().remove((Object) id); IConfigStore destStore = - mConfig.getSubStore( - mAuth.getId() + ".rule"); + mConfig.getSubStore( + mAuth.getId() + ".rule"); IConfigStore instancesConfig = destStore.getSubStore("impl"); instancesConfig.removeSubStore(id); @@ -1950,26 +1940,26 @@ public class PublisherAdminServlet extends AdminServlet { mConfig.commit(true); } catch (EBaseException e) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } sendResponse(SUCCESS, null, params, resp); return; - } + } - private synchronized void delRuleInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void delRuleInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -1978,23 +1968,23 @@ public class PublisherAdminServlet extends AdminServlet { // does rule instance exist? if (mProcessor.getRuleInsts().containsKey(id) == false) { sendResponse(ERROR, - new ERuleNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_RULE_NOT_FOUND", id)).toString(), - null, resp); + new ERuleNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_RULE_NOT_FOUND", id)).toString(), + null, resp); return; } // only remove from memory // cannot shutdown because we don't keep track of whether it's - // being used. + // being used. ILdapRule ruleInst = (ILdapRule) - mProcessor.getRuleInsts().get(id); + mProcessor.getRuleInsts().get(id); mProcessor.getRuleInsts().remove((Object) id); // remove the configuration. IConfigStore destStore = - mConfig.getSubStore( - mAuth.getId() + ".publish.rule"); + mConfig.getSubStore( + mAuth.getId() + ".publish.rule"); IConfigStore instancesConfig = destStore.getSubStore("instance"); instancesConfig.removeSubStore(id); @@ -2002,26 +1992,26 @@ public class PublisherAdminServlet extends AdminServlet { try { mConfig.commit(true); } catch (EBaseException e) { - //System.out.println("SRVLT_FAIL_COMMIT"); + // System.out.println("SRVLT_FAIL_COMMIT"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } sendResponse(SUCCESS, null, params, resp); return; - } + } - private synchronized void getRuleConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private synchronized void getRuleConfig(HttpServletRequest req, + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String implname = req.getParameter(Constants.RS_ID); if (implname == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -2035,50 +2025,50 @@ public class PublisherAdminServlet extends AdminServlet { String kv = (String) configParams.elementAt(i); int index = kv.indexOf('='); - params.add(kv.substring(0, index), - kv.substring(index + 1)); + params.add(kv.substring(0, index), + kv.substring(index + 1)); } } sendResponse(0, null, params, resp); return; } - private synchronized void getRuleInstConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void getRuleInstConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // does rule instance exist? if (mProcessor.getRuleInsts().containsKey(id) == false) { sendResponse(ERROR, - new ERuleNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_RULE_NOT_FOUND", id)).toString(), - null, resp); + new ERuleNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_RULE_NOT_FOUND", id)).toString(), + null, resp); return; } ILdapRule ruleInst = (ILdapRule) - mProcessor.getRuleInsts().get(id); + mProcessor.getRuleInsts().get(id); Vector configParams = ruleInst.getInstanceParams(); NameValuePairs params = new NameValuePairs(); - params.add(Constants.PR_RULE_IMPL_NAME, - getRulePluginName(ruleInst)); + params.add(Constants.PR_RULE_IMPL_NAME, + getRulePluginName(ruleInst)); // implName is always required so always send it. if (configParams != null) { for (int i = 0; i < configParams.size(); i++) { String kv = (String) configParams.elementAt(i); int index = kv.indexOf('='); - params.add(kv.substring(0, index), - kv.substring(index + 1)); + params.add(kv.substring(0, index), + kv.substring(index + 1)); } } @@ -2086,23 +2076,23 @@ public class PublisherAdminServlet extends AdminServlet { return; } - private synchronized void modRuleInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void modRuleInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // Does the manager instance exist? if (!mProcessor.getRuleInsts().containsKey((Object) id)) { sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id), - null, resp); + null, resp); return; } @@ -2114,22 +2104,23 @@ public class PublisherAdminServlet extends AdminServlet { return; } - // get plugin for implementation + // get plugin for implementation RulePlugin plugin = - (RulePlugin) mProcessor.getRulePlugins().get(implname); + (RulePlugin) mProcessor.getRulePlugins().get(implname); if (plugin == null) { sendResponse(ERROR, - //new ERulePluginNotFound(implname).toString(getLocale(req)), - "", - null, resp); + // new + // ERulePluginNotFound(implname).toString(getLocale(req)), + "", + null, resp); return; } - // save old instance substore params in case new one fails. + // save old instance substore params in case new one fails. - ILdapRule oldinst = - (ILdapRule) mProcessor.getRuleInsts().get((Object) id); + ILdapRule oldinst = + (ILdapRule) mProcessor.getRuleInsts().get((Object) id); Vector oldConfigParms = oldinst.getInstanceParams(); NameValuePairs saveParams = new NameValuePairs(); @@ -2141,7 +2132,7 @@ public class PublisherAdminServlet extends AdminServlet { int index = kv.indexOf('='); saveParams.add(kv.substring(0, index), - kv.substring(index + 1)); + kv.substring(index + 1)); } } @@ -2150,8 +2141,8 @@ public class PublisherAdminServlet extends AdminServlet { // remove old substore. IConfigStore destStore = - mConfig.getSubStore( - mAuth.getId() + ".publish.rule"); + mConfig.getSubStore( + mAuth.getId() + ".publish.rule"); IConfigStore instancesConfig = destStore.getSubStore("instance"); // create new substore. @@ -2171,8 +2162,8 @@ public class PublisherAdminServlet extends AdminServlet { String val = req.getParameter(key); if (val == null) { - substore.put(key, - kv.substring(index + 1)); + substore.put(key, + kv.substring(index + 1)); } else { if (val.equals(NOMAPPER)) val = ""; @@ -2192,20 +2183,20 @@ public class PublisherAdminServlet extends AdminServlet { // cleanup restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (InstantiationException e) { restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } @@ -2224,16 +2215,16 @@ public class PublisherAdminServlet extends AdminServlet { return; } - // initialized ok. commiting + // initialized ok. commiting try { mConfig.commit(true); } catch (EBaseException e) { // clean up. restore(instancesConfig, id, saveParams); - //System.out.println("SRVLT_FAIL_COMMIT"); + // System.out.println("SRVLT_FAIL_COMMIT"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -2241,40 +2232,40 @@ public class PublisherAdminServlet extends AdminServlet { mProcessor.getRuleInsts().put(id, newRuleInst); - mProcessor.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_RULE_INST_REP", id)); + mProcessor.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_RULE_INST_REP", id)); NameValuePairs params = new NameValuePairs(); sendResponse(SUCCESS, null, params, resp); return; } - private synchronized void addPublisherPlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void addPublisherPlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // is the manager id unique? if (mProcessor.getPublisherPlugins().containsKey((Object) id)) { sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(), + null, resp); return; } String classPath = req.getParameter(Constants.PR_PUBLISHER_CLASS); if (classPath == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req),"CMS_LDAP_SRVLT_NULL_CLASS"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_NULL_CLASS"), null, resp); return; } @@ -2316,10 +2307,10 @@ public class PublisherAdminServlet extends AdminServlet { try { mConfig.commit(true); } catch (EBaseException e) { - //System.out.println("SRVLT_FAIL_COMMIT"); + // System.out.println("SRVLT_FAIL_COMMIT"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -2327,8 +2318,8 @@ public class PublisherAdminServlet extends AdminServlet { PublisherPlugin plugin = new PublisherPlugin(id, classPath); mProcessor.getPublisherPlugins().put(id, plugin); - mProcessor.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_PUB_PLUG_ADDED", id)); + mProcessor.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_PUB_PLUG_ADDED", id)); NameValuePairs params = new NameValuePairs(); @@ -2336,28 +2327,28 @@ public class PublisherAdminServlet extends AdminServlet { return; } - private synchronized void addPublisherInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void addPublisherInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } if (!isValidID(id)) { - sendResponse(ERROR, "Invalid ID '" + id + "'", - null, resp); + sendResponse(ERROR, "Invalid ID '" + id + "'", + null, resp); return; } if (mProcessor.getPublisherInsts().containsKey((Object) id)) { sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id), - null, resp); + null, resp); return; } @@ -2372,20 +2363,20 @@ public class PublisherAdminServlet extends AdminServlet { // check if implementation exists. PublisherPlugin plugin = - (PublisherPlugin) mProcessor.getPublisherPlugins().get( - implname); + (PublisherPlugin) mProcessor.getPublisherPlugins().get( + implname); if (plugin == null) { sendResponse(ERROR, - new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(), - null, resp); + new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(), + null, resp); return; } Vector configParams = mProcessor.getPublisherDefaultParams(implname); IConfigStore destStore = - mConfig.getSubStore(mAuth.getId() + ".publish.publisher"); + mConfig.getSubStore(mAuth.getId() + ".publish.publisher"); IConfigStore instancesConfig = destStore.getSubStore("instance"); IConfigStore substore = instancesConfig.makeSubStore(id); @@ -2404,15 +2395,15 @@ public class PublisherAdminServlet extends AdminServlet { if (index == -1) { substore.put(kv, ""); } else { - substore.put(kv.substring(0, index), - kv.substring(index + 1)); + substore.put(kv.substring(0, index), + kv.substring(index + 1)); } } else { if (index == -1) { substore.put(kv, val); } else { - substore.put(kv.substring(0, index), - val); + substore.put(kv.substring(0, index), + val); } } } @@ -2429,20 +2420,20 @@ public class PublisherAdminServlet extends AdminServlet { // cleanup instancesConfig.removeSubStore(id); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (InstantiationException e) { instancesConfig.removeSubStore(id); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { instancesConfig.removeSubStore(id); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } @@ -2467,16 +2458,16 @@ public class PublisherAdminServlet extends AdminServlet { // clean up. instancesConfig.removeSubStore(id); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } // inited and commited ok. now add manager instance to list. mProcessor.getPublisherInsts().put(id, new PublisherProxy(true, publisherInst)); - mProcessor.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_PUB_INST_ADDED", id)); + mProcessor.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_PUB_INST_ADDED", id)); NameValuePairs params = new NameValuePairs(); @@ -2485,8 +2476,8 @@ public class PublisherAdminServlet extends AdminServlet { return; } - private synchronized void listPublisherPlugins(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void listPublisherPlugins(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -2494,15 +2485,15 @@ public class PublisherAdminServlet extends AdminServlet { while (e.hasMoreElements()) { String name = (String) e.nextElement(); - PublisherPlugin value = (PublisherPlugin) - mProcessor.getPublisherPlugins().get(name); + PublisherPlugin value = (PublisherPlugin) + mProcessor.getPublisherPlugins().get(name); // get Description - String c = value.getClassPath(); + String c = value.getClassPath(); String desc = "unknown"; try { ILdapPublisher lp = (ILdapPublisher) - Class.forName(c).newInstance(); + Class.forName(c).newInstance(); desc = lp.getDescription(); } catch (Exception exp) { @@ -2523,8 +2514,8 @@ public class PublisherAdminServlet extends AdminServlet { } } - private synchronized void listPublisherInsts(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void listPublisherInsts(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -2543,48 +2534,47 @@ public class PublisherAdminServlet extends AdminServlet { return; } - private synchronized void delPublisherPlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, + private synchronized void delPublisherPlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // does publisher exist? if (mProcessor.getPublisherPlugins().containsKey(id) == false) { sendResponse(ERROR, - new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", id)).toString(), - null, resp); + new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", id)).toString(), + null, resp); return; } // first check if any instances from this publisher // DON'T remove publisher if any instance - for (Enumeration e = mProcessor.getPublisherInsts().keys(); - e.hasMoreElements();) { + for (Enumeration e = mProcessor.getPublisherInsts().keys(); e.hasMoreElements();) { String name = (String) e.nextElement(); - ILdapPublisher publisher = - mProcessor.getPublisherInstance(name); + ILdapPublisher publisher = + mProcessor.getPublisherInstance(name); if (id.equals(getPublisherPluginName(publisher))) { sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_IN_USE"), null, resp); return; } } - + // then delete this publisher mProcessor.getPublisherPlugins().remove((Object) id); IConfigStore destStore = - mConfig.getSubStore(mAuth.getId() + ".publish.publisher"); + mConfig.getSubStore(mAuth.getId() + ".publish.publisher"); IConfigStore instancesConfig = destStore.getSubStore("impl"); instancesConfig.removeSubStore(id); @@ -2593,8 +2583,8 @@ public class PublisherAdminServlet extends AdminServlet { mConfig.commit(true); } catch (EBaseException e) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -2602,18 +2592,18 @@ public class PublisherAdminServlet extends AdminServlet { return; } - private synchronized void delPublisherInst(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, + private synchronized void delPublisherInst(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -2622,21 +2612,21 @@ public class PublisherAdminServlet extends AdminServlet { // does publisher instance exist? if (mProcessor.getPublisherInsts().containsKey(id) == false) { sendResponse(ERROR, - new EPublisherNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_NOT_FOUND", id)).toString(), - null, resp); + new EPublisherNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_NOT_FOUND", id)).toString(), + null, resp); return; } // only remove from memory // cannot shutdown because we don't keep track of whether it's - // being used. + // being used. ILdapPublisher publisherInst = mProcessor.getPublisherInstance(id); mProcessor.getPublisherInsts().remove((Object) id); // remove the configuration. IConfigStore destStore = - mConfig.getSubStore(mAuth.getId() + ".publish.publisher"); + mConfig.getSubStore(mAuth.getId() + ".publish.publisher"); IConfigStore instancesConfig = destStore.getSubStore("instance"); instancesConfig.removeSubStore(id); @@ -2644,10 +2634,10 @@ public class PublisherAdminServlet extends AdminServlet { try { mConfig.commit(true); } catch (EBaseException e) { - //System.out.println("SRVLT_FAIL_COMMIT"); + // System.out.println("SRVLT_FAIL_COMMIT"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } sendResponse(SUCCESS, null, params, resp); @@ -2655,25 +2645,24 @@ public class PublisherAdminServlet extends AdminServlet { } /** - * used for getting the required configuration parameters (with - * possible default values) for a particular plugin - * implementation name specified in the RS_ID. Actually, there is - * no logic in here to set any default value here...there's no - * default value for any parameter in this publishing subsystem - * at this point. Later, if we do have one (or some), it can be - * added. The interface remains the same. + * used for getting the required configuration parameters (with possible + * default values) for a particular plugin implementation name specified in + * the RS_ID. Actually, there is no logic in here to set any default value + * here...there's no default value for any parameter in this publishing + * subsystem at this point. Later, if we do have one (or some), it can be + * added. The interface remains the same. */ - private synchronized void getConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private synchronized void getConfig(HttpServletRequest req, + HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String implname = req.getParameter(Constants.RS_ID); if (implname == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -2690,8 +2679,8 @@ public class PublisherAdminServlet extends AdminServlet { if (index == -1) { params.add(kv, ""); } else { - params.add(kv.substring(0, index), - kv.substring(index + 1)); + params.add(kv.substring(0, index), + kv.substring(index + 1)); } } } @@ -2699,43 +2688,43 @@ public class PublisherAdminServlet extends AdminServlet { return; } - private synchronized void getInstConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void getInstConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // does publisher instance exist? if (mProcessor.getPublisherInsts().containsKey(id) == false) { sendResponse(ERROR, - new EPublisherNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_NOT_FOUND", id)).toString(), - null, resp); + new EPublisherNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_NOT_FOUND", id)).toString(), + null, resp); return; } ILdapPublisher publisherInst = (ILdapPublisher) - mProcessor.getPublisherInstance(id); + mProcessor.getPublisherInstance(id); Vector configParams = publisherInst.getInstanceParams(); NameValuePairs params = new NameValuePairs(); - params.add(Constants.PR_PUBLISHER_IMPL_NAME, - getPublisherPluginName(publisherInst)); + params.add(Constants.PR_PUBLISHER_IMPL_NAME, + getPublisherPluginName(publisherInst)); // implName is always required so always send it. if (configParams != null) { for (int i = 0; i < configParams.size(); i++) { String kv = (String) configParams.elementAt(i); int index = kv.indexOf('='); - params.add(kv.substring(0, index), - kv.substring(index + 1)); + params.add(kv.substring(0, index), + kv.substring(index + 1)); } } @@ -2744,33 +2733,31 @@ public class PublisherAdminServlet extends AdminServlet { } /** - * Modify publisher instance. - * This will actually create a new instance with new configuration - * parameters and replace the old instance, if the new instance - * created and initialized successfully. - * The old instance is left running. so this is very expensive. - * Restart of server recommended. + * Modify publisher instance. This will actually create a new instance with + * new configuration parameters and replace the old instance, if the new + * instance created and initialized successfully. The old instance is left + * running. so this is very expensive. Restart of server recommended. */ - private synchronized void modPublisherInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void modPublisherInst(HttpServletRequest req, + HttpServletResponse resp, String scope) + throws ServletException, IOException, EBaseException { // expensive operation. String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // Does the manager instance exist? if (!mProcessor.getPublisherInsts().containsKey((Object) id)) { sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id), - null, resp); + null, resp); return; } @@ -2782,18 +2769,18 @@ public class PublisherAdminServlet extends AdminServlet { return; } - // get plugin for implementation + // get plugin for implementation PublisherPlugin plugin = - (PublisherPlugin) mProcessor.getPublisherPlugins().get(implname); + (PublisherPlugin) mProcessor.getPublisherPlugins().get(implname); if (plugin == null) { sendResponse(ERROR, - new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(), - null, resp); + new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(), + null, resp); return; } - // save old instance substore params in case new one fails. + // save old instance substore params in case new one fails. ILdapPublisher oldinst = mProcessor.getPublisherInstance(id); Vector oldConfigParms = oldinst.getInstanceParams(); @@ -2813,8 +2800,8 @@ public class PublisherAdminServlet extends AdminServlet { pubType = "crl"; } - saveParams.add(kv.substring(0, index), - kv.substring(index + 1)); + saveParams.add(kv.substring(0, index), + kv.substring(index + 1)); } } } @@ -2824,7 +2811,7 @@ public class PublisherAdminServlet extends AdminServlet { // remove old substore. IConfigStore destStore = - mConfig.getSubStore(mAuth.getId() + ".publish.publisher"); + mConfig.getSubStore(mAuth.getId() + ".publish.publisher"); IConfigStore instancesConfig = destStore.getSubStore("instance"); // get objects added and deleted @@ -2859,9 +2846,9 @@ public class PublisherAdminServlet extends AdminServlet { } // process any changes to the ldap object class definitions - if (pubType.equals("cacert")) { + if (pubType.equals("cacert")) { processChangedOC(saveParams, substore, "caObjectClass"); - substore.put("pubtype", "cacert"); + substore.put("pubtype", "cacert"); } if (pubType.equals("crl")) { @@ -2880,20 +2867,20 @@ public class PublisherAdminServlet extends AdminServlet { // cleanup restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (InstantiationException e) { restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } @@ -2912,16 +2899,16 @@ public class PublisherAdminServlet extends AdminServlet { return; } - // initialized ok. commiting + // initialized ok. commiting try { mConfig.commit(true); } catch (EBaseException e) { // clean up. restore(instancesConfig, id, saveParams); - //System.out.println("SRVLT_FAIL_COMMIT"); + // System.out.println("SRVLT_FAIL_COMMIT"); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), + null, resp); return; } @@ -2929,8 +2916,8 @@ public class PublisherAdminServlet extends AdminServlet { mProcessor.getPublisherInsts().put(id, new PublisherProxy(true, newMgrInst)); - mProcessor.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_PUB_INST_REP", id)); + mProcessor.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_PUB_INST_REP", id)); NameValuePairs params = new NameValuePairs(); @@ -2938,54 +2925,57 @@ public class PublisherAdminServlet extends AdminServlet { return; } - // convenience function - takes list1, list2. Returns what is in list1 + // convenience function - takes list1, list2. Returns what is in list1 // but not in list2 private String[] getExtras(String[] list1, String[] list2) { - Vector <String> extras = new Vector<String>(); - for (int i=0; i< list1.length; i++) { - boolean match=false; - for (int j=0; j < list2.length; j++) { - if ((list1[i].trim()).equalsIgnoreCase(list2[j].trim())) { - match = true; - break; - } - } - if (!match) extras.add(list1[i].trim()); - } - - return (String[])extras.toArray(new String[extras.size()]); + Vector<String> extras = new Vector<String>(); + for (int i = 0; i < list1.length; i++) { + boolean match = false; + for (int j = 0; j < list2.length; j++) { + if ((list1[i].trim()).equalsIgnoreCase(list2[j].trim())) { + match = true; + break; + } + } + if (!match) + extras.add(list1[i].trim()); + } + + return (String[]) extras.toArray(new String[extras.size()]); } - // convenience function - takes list1, list2. Concatenates the two + // convenience function - takes list1, list2. Concatenates the two // lists removing duplicates private String[] joinLists(String[] list1, String[] list2) { - Vector <String> sum = new Vector<String>(); - for (int i=0; i< list1.length; i++) { - sum.add(list1[i]); - } - - for (int i=0; i < list2.length; i++) { - boolean match=false; - for (int j=0; j < list1.length; j++) { - if ((list2[i].trim()).equalsIgnoreCase(list1[j].trim())) { - match = true; - break; - } - } - if (!match) sum.add(list2[i].trim()); - } - - return (String[])sum.toArray(new String[sum.size()]); + Vector<String> sum = new Vector<String>(); + for (int i = 0; i < list1.length; i++) { + sum.add(list1[i]); + } + + for (int i = 0; i < list2.length; i++) { + boolean match = false; + for (int j = 0; j < list1.length; j++) { + if ((list2[i].trim()).equalsIgnoreCase(list1[j].trim())) { + match = true; + break; + } + } + if (!match) + sum.add(list2[i].trim()); + } + + return (String[]) sum.toArray(new String[sum.size()]); } // convenience funtion. Takes a string array and delimiter // and returns a String with the concatenation private static String join(String[] s, String delimiter) { - if (s.length == 0) return ""; + if (s.length == 0) + return ""; StringBuffer buffer = new StringBuffer(s[0]); if (s.length > 1) { - for (int i=1; i< s.length; i++) { + for (int i = 1; i < s.length; i++) { buffer.append(delimiter).append(s[i].trim()); } } @@ -3005,36 +2995,38 @@ public class PublisherAdminServlet extends AdminServlet { oldAdded = saveParams.getValue(objName + "Added"); oldDeleted = saveParams.getValue(objName + "Deleted"); - if ((oldOC == null) || (newOC == null)) return; - if (oldOC.equalsIgnoreCase(newOC)) return; + if ((oldOC == null) || (newOC == null)) + return; + if (oldOC.equalsIgnoreCase(newOC)) + return; - String [] oldList = oldOC.split(","); - String [] newList = newOC.split(","); - String [] deletedList = getExtras(oldList, newList); - String [] addedList = getExtras(newList, oldList); + String[] oldList = oldOC.split(","); + String[] newList = newOC.split(","); + String[] deletedList = getExtras(oldList, newList); + String[] addedList = getExtras(newList, oldList); // CMS.debug("addedList = " + join(addedList, ",")); // CMS.debug("deletedList = " + join(deletedList, ",")); - if ((addedList.length ==0) && (deletedList.length == 0)) - return; // no changes + if ((addedList.length == 0) && (deletedList.length == 0)) + return; // no changes if (oldAdded != null) { // CMS.debug("oldAdded is " + oldAdded); - String [] oldAddedList = oldAdded.split(","); + String[] oldAddedList = oldAdded.split(","); addedList = joinLists(addedList, oldAddedList); } if (oldDeleted != null) { // CMS.debug("oldDeleted is " + oldDeleted); - String [] oldDeletedList = oldDeleted.split(","); + String[] oldDeletedList = oldDeleted.split(","); deletedList = joinLists(deletedList, oldDeletedList); } String[] addedList1 = getExtras(addedList, deletedList); String[] deletedList1 = getExtras(deletedList, addedList); - //create the final strings and write to config + // create the final strings and write to config String addedListStr = join(addedList1, ","); String deletedListStr = join(deletedList1, ","); @@ -3046,8 +3038,8 @@ public class PublisherAdminServlet extends AdminServlet { } // convenience routine. - private static void restore(IConfigStore store, - String id, NameValuePairs saveParams) { + private static void restore(IConfigStore store, + String id, NameValuePairs saveParams) { store.removeSubStore(id); IConfigStore rstore = store.makeSubStore(id); @@ -3057,7 +3049,7 @@ public class PublisherAdminServlet extends AdminServlet { String key = (String) keys.nextElement(); String value = saveParams.getValue(key); - if (value != null) + if (value != null) rstore.put(key, value); } } @@ -3078,7 +3070,7 @@ public class PublisherAdminServlet extends AdminServlet { public void log(int level, String msg) { if (mLogger == null) return; - mLogger.log(ILogger.EV_SYSTEM, - ILogger.S_LDAP, level, "PublishingAdminServlet: " + msg); + mLogger.log(ILogger.EV_SYSTEM, + ILogger.S_LDAP, level, "PublishingAdminServlet: " + msg); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/RAAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/RAAdminServlet.java index 35bbb91a..ddea62d6 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/RAAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/RAAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.IOException; import java.util.Enumeration; @@ -36,13 +35,11 @@ import com.netscape.certsrv.common.ScopeDef; import com.netscape.certsrv.ra.IRegistrationAuthority; import com.netscape.certsrv.request.IRequestListener; - /** - * A class representings an administration servlet for Registration - * Authority. This servlet is responsible to serve RA - * administrative operations such as configuration parameter - * updates. - * + * A class representings an administration servlet for Registration Authority. + * This servlet is responsible to serve RA administrative operations such as + * configuration parameter updates. + * * @version $Revision$, $Date$ */ public class RAAdminServlet extends AdminServlet { @@ -53,15 +50,17 @@ public class RAAdminServlet extends AdminServlet { protected static final String PROP_ENABLED = "enabled"; - /*========================================================== - * variables - *==========================================================*/ + /* + * ========================================================== variables + * ========================================================== + */ private final static String INFO = "RAAdminServlet"; private IRegistrationAuthority mRA = null; - /*========================================================== - * constructors - *==========================================================*/ + /* + * ========================================================== constructors + * ========================================================== + */ /** * Constructs RA servlet. @@ -70,9 +69,10 @@ public class RAAdminServlet extends AdminServlet { super(); } - /*========================================================== - * public methods - *==========================================================*/ + /* + * ========================================================== public methods + * ========================================================== + */ /** * Initializes this servlet. @@ -90,35 +90,35 @@ public class RAAdminServlet extends AdminServlet { } /** - * Serves HTTP request. Each request is authenticated to - * the authenticate manager. + * Serves HTTP request. Each request is authenticated to the authenticate + * manager. */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { super.service(req, resp); - //get all operational flags + // get all operational flags String op = req.getParameter(Constants.OP_TYPE); String scope = req.getParameter(Constants.OP_SCOPE); - //check operational flags + // check operational flags if ((op == null) || (scope == null)) { sendResponse(1, "Invalid Protocol", null, resp); return; } - //authenticate the user + // authenticate the user super.authenticate(req); - //perform services + // perform services try { AUTHZ_RES_NAME = "certServer.ra.configuration"; if (op.equals(OpDef.OP_READ)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_GENERAL)) { @@ -144,8 +144,8 @@ public class RAAdminServlet extends AdminServlet { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_GENERAL)) { @@ -157,7 +157,7 @@ public class RAAdminServlet extends AdminServlet { } else if (scope.equals(ScopeDef.SC_NOTIFICATION_REQ_COMP)) { setNotificationReqCompConfig(req, resp); return; - }else if (scope.equals(ScopeDef.SC_NOTIFICATION_REV_COMP)) { + } else if (scope.equals(ScopeDef.SC_NOTIFICATION_REV_COMP)) { setNotificationRevCompConfig(req, resp); return; } else if (scope.equals(ScopeDef.SC_NOTIFICATION_RIQ)) { @@ -169,22 +169,23 @@ public class RAAdminServlet extends AdminServlet { } } } catch (Exception e) { - //System.out.println("XXX >>>" + e.toString() + "<<<"); + // System.out.println("XXX >>>" + e.toString() + "<<<"); sendResponse(1, "Unknown operation", null, resp); } return; } - /*========================================================== - * private methods - *==========================================================*/ - + /* + * ========================================================== private + * methods========================================================== + */ + /* * handle getting completion (cert issued) notification config info */ private void getNotificationCompConfig(HttpServletRequest req, - HttpServletResponse resp, IConfigStore rc) throws ServletException, + HttpServletResponse resp, IConfigStore rc) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration e = req.getParameterNames(); @@ -203,19 +204,19 @@ public class RAAdminServlet extends AdminServlet { params.add(name, rc.getString(name, "")); } - params.add(Constants.PR_ENABLE, - rc.getString(PROP_ENABLED, Constants.FALSE)); - //System.out.println("Send: "+params.toString()); + params.add(Constants.PR_ENABLE, + rc.getString(PROP_ENABLED, Constants.FALSE)); + // System.out.println("Send: "+params.toString()); sendResponse(SUCCESS, null, params, resp); } private void getNotificationReqCompConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { IConfigStore config = mRA.getConfigStore(); IConfigStore nc = - config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); + config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); IConfigStore rc = nc.getSubStore(IRegistrationAuthority.PROP_CERT_ISSUED_SUBSTORE); @@ -224,12 +225,12 @@ public class RAAdminServlet extends AdminServlet { } private void getNotificationRevCompConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { IConfigStore config = mRA.getConfigStore(); IConfigStore nc = - config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); + config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); IConfigStore rc = nc.getSubStore(IRegistrationAuthority.PROP_CERT_REVOKED_SUBSTORE); @@ -241,14 +242,14 @@ public class RAAdminServlet extends AdminServlet { * handle getting request in queue notification config info */ private void getNotificationRIQConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); IConfigStore config = mRA.getConfigStore(); IConfigStore nc = - config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); + config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); IConfigStore riq = nc.getSubStore(IRegistrationAuthority.PROP_REQ_IN_Q_SUBSTORE); @@ -268,9 +269,9 @@ public class RAAdminServlet extends AdminServlet { params.add(name, riq.getString(name, "")); } - params.add(Constants.PR_ENABLE, - riq.getString(PROP_ENABLED, Constants.FALSE)); - //System.out.println("Send: "+params.toString()); + params.add(Constants.PR_ENABLE, + riq.getString(PROP_ENABLED, Constants.FALSE)); + // System.out.println("Send: "+params.toString()); sendResponse(SUCCESS, null, params, resp); } @@ -278,15 +279,15 @@ public class RAAdminServlet extends AdminServlet { * handle setting request in queue notification config info */ private void setNotificationRIQConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { IConfigStore config = mRA.getConfigStore(); IConfigStore nc = - config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); + config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); IConfigStore riq = nc.getSubStore(IRegistrationAuthority.PROP_REQ_IN_Q_SUBSTORE); - //set rest of the parameters + // set rest of the parameters Enumeration e = req.getParameterNames(); while (e.hasMoreElements()) { @@ -321,9 +322,9 @@ public class RAAdminServlet extends AdminServlet { * handle setting request complete notification config info */ private void setNotificationCompConfig(HttpServletRequest req, - HttpServletResponse resp, IConfigStore rc, IRequestListener thisListener) throws ServletException, + HttpServletResponse resp, IConfigStore rc, IRequestListener thisListener) throws ServletException, IOException, EBaseException { - //set rest of the parameters + // set rest of the parameters Enumeration e = req.getParameterNames(); while (e.hasMoreElements()) { @@ -355,24 +356,24 @@ public class RAAdminServlet extends AdminServlet { } private void setNotificationReqCompConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { IConfigStore config = mRA.getConfigStore(); IConfigStore nc = - config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); + config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); IConfigStore rc = nc.getSubStore(IRegistrationAuthority.PROP_CERT_ISSUED_SUBSTORE); setNotificationCompConfig(req, resp, rc, mRA.getCertIssuedListener()); - + } private void setNotificationRevCompConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { IConfigStore config = mRA.getConfigStore(); IConfigStore nc = - config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); + config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); IConfigStore rc = nc.getSubStore(IRegistrationAuthority.PROP_CERT_REVOKED_SUBSTORE); @@ -380,7 +381,7 @@ public class RAAdminServlet extends AdminServlet { } private void getConnectorConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { IConfigStore raConfig = mRA.getConfigStore(); IConfigStore connectorConfig = raConfig.getSubStore("connector"); @@ -395,15 +396,10 @@ public class RAAdminServlet extends AdminServlet { } /* - Enumeration enum = req.getParameterNames(); - NameValuePairs params = new NameValuePairs(); - while (enum.hasMoreElements()) { - String key = (String)enum.nextElement(); - if (key.equals("RS_ID")) { - String val = req.getParameter(key); - if (val.equals("CA Connector")) - } - } + * Enumeration enum = req.getParameterNames(); NameValuePairs params = + * new NameValuePairs(); while (enum.hasMoreElements()) { String key = + * (String)enum.nextElement(); if (key.equals("RS_ID")) { String val = + * req.getParameter(key); if (val.equals("CA Connector")) } } */ Enumeration enum1 = req.getParameterNames(); @@ -427,13 +423,13 @@ public class RAAdminServlet extends AdminServlet { } private void setConnectorConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { IConfigStore raConfig = mRA.getConfigStore(); IConfigStore connectorConfig = raConfig.getSubStore("connector"); IConfigStore caConnectorConfig = null; - // String nickname = raConfig.getString("certNickname", ""); + // String nickname = raConfig.getString("certNickname", ""); if (isCAConnector(req)) { caConnectorConfig = connectorConfig.getSubStore("CA"); @@ -455,12 +451,10 @@ public class RAAdminServlet extends AdminServlet { continue; if (name.equals(Constants.OP_SCOPE)) continue; -/* - if (name.equals("nickName")) { - caConnectorConfig.putString(name, nickname); - continue; - } -*/ + /* + * if (name.equals("nickName")) { + * caConnectorConfig.putString(name, nickname); continue; } + */ caConnectorConfig.putString(name, req.getParameter(name)); } } @@ -526,50 +520,41 @@ public class RAAdminServlet extends AdminServlet { return false; } - //reading the RA general information + // reading the RA general information private void readGeneralConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); /* - ISubsystem eeGateway = - SubsystemRegistry.getInstance().get("eeGateway"); - String value = "false"; - if (eeGateway != null) { - IConfigStore eeConfig = eeGateway.getConfigStore(); - if (eeConfig != null) - value = eeConfig.getString("enabled", "true"); - } - params.add(Constants.PR_EE_ENABLED, value); + * ISubsystem eeGateway = + * SubsystemRegistry.getInstance().get("eeGateway"); String value = + * "false"; if (eeGateway != null) { IConfigStore eeConfig = + * eeGateway.getConfigStore(); if (eeConfig != null) value = + * eeConfig.getString("enabled", "true"); } + * params.add(Constants.PR_EE_ENABLED, value); */ - + sendResponse(SUCCESS, null, params, resp); } - //mdify RA General Information + // mdify RA General Information private void modifyGeneralConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { /* - ISubsystem eeGateway = - SubsystemRegistry.getInstance().get("eeGateway"); - IConfigStore eeConfig = null; - if (eeGateway != null) - eeConfig = eeGateway.getConfigStore(); - - Enumeration enum = req.getParameterNames(); - while (enum.hasMoreElements()) { - String key = (String)enum.nextElement(); - if (key.equals(Constants.PR_EE_ENABLED)) { - if (eeConfig != null) - eeConfig.putString("enabled", - req.getParameter(Constants.PR_EE_ENABLED)); - } - } - + * ISubsystem eeGateway = + * SubsystemRegistry.getInstance().get("eeGateway"); IConfigStore + * eeConfig = null; if (eeGateway != null) eeConfig = + * eeGateway.getConfigStore(); + * + * Enumeration enum = req.getParameterNames(); while + * (enum.hasMoreElements()) { String key = (String)enum.nextElement(); + * if (key.equals(Constants.PR_EE_ENABLED)) { if (eeConfig != null) + * eeConfig.putString("enabled", + * req.getParameter(Constants.PR_EE_ENABLED)); } } */ sendResponse(RESTART, null, null, resp); commit(true); diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/RegistryAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/RegistryAdminServlet.java index 7605eb2e..36cc7100 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/RegistryAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/RegistryAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.IOException; import java.util.Enumeration; @@ -41,7 +40,7 @@ import com.netscape.certsrv.registry.IPluginRegistry; /** * This implements the administration servlet for registry subsystem. - * + * * @version $Revision$, $Date$ */ public class RegistryAdminServlet extends AdminServlet { @@ -53,8 +52,8 @@ public class RegistryAdminServlet extends AdminServlet { public final static String PROP_AUTHORITY = "authority"; private final static String INFO = "RegistryAdminServlet"; - private final static String PW_PASSWORD_CACHE_ADD = - "PASSWORD_CACHE_ADD"; + private final static String PW_PASSWORD_CACHE_ADD = + "PASSWORD_CACHE_ADD"; public final static String PROP_PREDICATE = "predicate"; private IAuthority mAuthority = null; @@ -104,8 +103,8 @@ public class RegistryAdminServlet extends AdminServlet { * Serves HTTP admin request. */ public void service(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { super.service(req, resp); super.authenticate(req); @@ -113,7 +112,7 @@ public class RegistryAdminServlet extends AdminServlet { AUTHZ_RES_NAME = "certServer.registry.configuration"; String scope = req.getParameter(Constants.OP_SCOPE); String op = req.getParameter(Constants.OP_TYPE); - + if (scope.equals(ScopeDef.SC_SUPPORTED_CONSTRAINTPOLICIES)) { if (op.equals(OpDef.OP_READ)) if (!readAuthorize(req, resp)) @@ -124,25 +123,25 @@ public class RegistryAdminServlet extends AdminServlet { } } - private boolean readAuthorize(HttpServletRequest req, - HttpServletResponse resp) throws IOException { + private boolean readAuthorize(HttpServletRequest req, + HttpServletResponse resp) throws IOException { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return false; } return true; } - private boolean modifyAuthorize(HttpServletRequest req, - HttpServletResponse resp) throws IOException { + private boolean modifyAuthorize(HttpServletRequest req, + HttpServletResponse resp) throws IOException { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return false; } return true; @@ -152,8 +151,8 @@ public class RegistryAdminServlet extends AdminServlet { * Process Policy Implementation Management. */ public void processImplMgmt(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); String scope = req.getParameter(Constants.OP_SCOPE); @@ -176,16 +175,16 @@ public class RegistryAdminServlet extends AdminServlet { addImpl(req, resp); } else sendResponse(ERROR, INVALID_POLICY_IMPL_OP, - null, resp); + null, resp); } public void addImpl(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get the policy impl id. String id = req.getParameter(Constants.RS_ID); - String scope = req.getParameter(Constants.OP_SCOPE); + String scope = req.getParameter(Constants.OP_SCOPE); String classPath = req.getParameter(Constants.PR_POLICY_CLASS); String desc = req.getParameter(Constants.PR_POLICY_DESC); @@ -198,17 +197,17 @@ public class RegistryAdminServlet extends AdminServlet { IPluginInfo info = mRegistry.createPluginInfo(id, desc, classPath); try { - mRegistry.addPluginInfo(scope, id, info); + mRegistry.addPluginInfo(scope, id, info); } catch (Exception e) { - CMS.debug(e.toString()); + CMS.debug(e.toString()); } sendResponse(SUCCESS, null, nvp, resp); } public void deleteImpl(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get the policy impl id. String id = req.getParameter(Constants.RS_ID); @@ -225,13 +224,13 @@ public class RegistryAdminServlet extends AdminServlet { sendResponse(ERROR, MISSING_POLICY_IMPL_ID, null, resp); return; } - + NameValuePairs nvp = new NameValuePairs(); try { - mRegistry.removePluginInfo(scope, id); + mRegistry.removePluginInfo(scope, id); } catch (Exception e) { - CMS.debug(e.toString()); + CMS.debug(e.toString()); } sendResponse(SUCCESS, null, nvp, resp); @@ -241,26 +240,26 @@ public class RegistryAdminServlet extends AdminServlet { * Lists all registered profile impementations */ public void listImpls(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { String scope = req.getParameter(Constants.OP_SCOPE); Enumeration<String> impls = mRegistry.getIds(scope); NameValuePairs nvp = new NameValuePairs(); while (impls.hasMoreElements()) { - String id = impls.nextElement(); + String id = impls.nextElement(); IPluginInfo info = mRegistry.getPluginInfo(scope, id); - nvp.add(id, info.getClassName() + "," + - info.getDescription(getLocale(req)) + "," + info.getName(getLocale(req))); - } + nvp.add(id, info.getClassName() + "," + + info.getDescription(getLocale(req)) + "," + info.getName(getLocale(req))); + } sendResponse(SUCCESS, null, nvp, resp); } - public void getSupportedConstraintPolicies(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException { + public void getSupportedConstraintPolicies(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException { String id = req.getParameter(Constants.RS_ID); if (id == null) { @@ -273,7 +272,7 @@ public class RegistryAdminServlet extends AdminServlet { IPluginInfo info = mRegistry.getPluginInfo("defaultPolicy", id); String className = info.getClassName(); IPolicyDefault policyDefaultClass = (IPolicyDefault) - Class.forName(className).newInstance(); + Class.forName(className).newInstance(); if (policyDefaultClass != null) { Enumeration<String> impls = mRegistry.getIds("constraintPolicy"); @@ -283,14 +282,14 @@ public class RegistryAdminServlet extends AdminServlet { IPluginInfo constraintInfo = mRegistry.getPluginInfo( "constraintPolicy", constraintID); IPolicyConstraint policyConstraintClass = (IPolicyConstraint) - Class.forName(constraintInfo.getClassName()).newInstance(); + Class.forName(constraintInfo.getClassName()).newInstance(); CMS.debug("RegistryAdminServlet: getSUpportedConstraint " + constraintInfo.getClassName()); if (policyConstraintClass.isApplicable(policyDefaultClass)) { CMS.debug("RegistryAdminServlet: getSUpportedConstraint isApplicable " + constraintInfo.getClassName()); nvp.add(constraintID, constraintInfo.getClassName() + "," + - constraintInfo.getDescription(getLocale(req)) + "," + constraintInfo.getName(getLocale(req))); + constraintInfo.getDescription(getLocale(req)) + "," + constraintInfo.getName(getLocale(req))); } } } @@ -302,8 +301,8 @@ public class RegistryAdminServlet extends AdminServlet { } public void getProfileImplConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) + throws ServletException, IOException { // Get the policy impl id. String id = req.getParameter(Constants.RS_ID); @@ -320,7 +319,7 @@ public class RegistryAdminServlet extends AdminServlet { sendResponse(ERROR, MISSING_POLICY_IMPL_ID, null, resp); return; } - + NameValuePairs nvp = new NameValuePairs(); String className = info.getClassName(); @@ -337,19 +336,19 @@ public class RegistryAdminServlet extends AdminServlet { if (names != null) { while (names.hasMoreElements()) { String name = names.nextElement(); - CMS.debug("RegistryAdminServlet: getProfileImpl descriptor " + name); + CMS.debug("RegistryAdminServlet: getProfileImpl descriptor " + name); IDescriptor desc = template.getConfigDescriptor(getLocale(req), name); if (desc != null) { - try { - String value = getNonNull(desc.getSyntax()) + ";" + getNonNull(desc.getConstraint()) + ";" + desc.getDescription(getLocale(req)) + ";" + getNonNull(desc.getDefaultValue()); - - CMS.debug("RegistryAdminServlet: getProfileImpl " + value); - nvp.add(name, value); - } catch (Exception e) { - - CMS.debug("RegistryAdminServlet: getProfileImpl skipped descriptor for " + name); - } + try { + String value = getNonNull(desc.getSyntax()) + ";" + getNonNull(desc.getConstraint()) + ";" + desc.getDescription(getLocale(req)) + ";" + getNonNull(desc.getDefaultValue()); + + CMS.debug("RegistryAdminServlet: getProfileImpl " + value); + nvp.add(name, value); + } catch (Exception e) { + + CMS.debug("RegistryAdminServlet: getProfileImpl skipped descriptor for " + name); + } } else { CMS.debug("RegistryAdminServlet: getProfileImpl cannot find descriptor for " + name); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java index fe8d1826..4074ba9f 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.IOException; import java.security.cert.CertificateException; import java.security.cert.CertificateExpiredException; @@ -58,16 +57,14 @@ import com.netscape.certsrv.usrgrp.IUGSubsystem; import com.netscape.certsrv.usrgrp.IUser; import com.netscape.cmsutil.util.Cert; - /** - * A class representing an administration servlet for - * User/Group Manager. It communicates with client - * SDK to allow remote administration of User/Group + * A class representing an administration servlet for User/Group Manager. It + * communicates with client SDK to allow remote administration of User/Group * manager. - * - * This servlet will be registered to remote - * administration subsystem by usrgrp manager. - * + * + * This servlet will be registered to remote administration subsystem by usrgrp + * manager. + * * @version $Revision$, $Date$ */ public class UsrGrpAdminServlet extends AdminServlet { @@ -83,22 +80,21 @@ public class UsrGrpAdminServlet extends AdminServlet { private final static String RES_OCSP_GROUP = "certServer.ocsp.group"; private final static String RES_TKS_GROUP = "certServer.tks.group"; private final static String SYSTEM_USER = "$System$"; - // private final static String RES_GROUP = "root.common.goldfish"; + // private final static String RES_GROUP = "root.common.goldfish"; private final static String BACK_SLASH = "\\"; private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE = - "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; + "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; private IUGSubsystem mMgr = null; private IAuthzSubsystem mAuthz = null; - private static String [] mMultiRoleGroupEnforceList = null; - private final static String MULTI_ROLE_ENABLE= "multiroles.enable"; + private static String[] mMultiRoleGroupEnforceList = null; + private final static String MULTI_ROLE_ENABLE = "multiroles.enable"; private final static String MULTI_ROLE_ENFORCE_GROUP_LIST = "multiroles.false.groupEnforceList"; - /** * Constructs User/Group manager servlet. */ @@ -126,7 +122,7 @@ public class UsrGrpAdminServlet extends AdminServlet { * Serves incoming User/Group management request. */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { super.service(req, resp); String scope = super.getParameter(req, Constants.OP_SCOPE); @@ -134,9 +130,9 @@ public class UsrGrpAdminServlet extends AdminServlet { if (op == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_INVALID_PROTOCOL")); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), - null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), + null, resp); return; } @@ -148,63 +144,57 @@ public class UsrGrpAdminServlet extends AdminServlet { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_AUTHS")); sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"), - null, resp); + null, resp); return; } // authorization // temporary test before servlets are exposed with authtoken /* - SessionContext sc = SessionContext.getContext(); - AuthToken authToken = (AuthToken) sc.get(SessionContext.AUTH_TOKEN); - - AuthzToken authzTok = null; - CMS.debug("UserGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_CHECK_AUTHZ_SUB")); - // hardcoded for now .. just testing - try { - authzTok = mAuthz.authorize("DirAclAuthz", authToken, RES_GROUP, "read"); - } catch (EBaseException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTH_CALL_FAIL",e.toString())); - } - if (AuthzToken.AUTHZ_STATUS_FAIL.equals(authzTok.get(AuthzToken.TOKEN_AUTHZ_STATUS))) { - // audit would have been needed here if this weren't just a test... - - log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_AUTHS")); - - sendResponse(ERROR, - MessageFormatter.getLocalizedString( - getLocale(req), - AdminResources.class.getName(), - AdminResources.SRVLT_FAIL_AUTHS), - null, resp); - return; - } + * SessionContext sc = SessionContext.getContext(); AuthToken authToken + * = (AuthToken) sc.get(SessionContext.AUTH_TOKEN); + * + * AuthzToken authzTok = null; CMS.debug("UserGrpAdminServlet: " + + * CMS.getLogMessage("ADMIN_SRVLT_CHECK_AUTHZ_SUB")); // hardcoded for + * now .. just testing try { authzTok = mAuthz.authorize("DirAclAuthz", + * authToken, RES_GROUP, "read"); } catch (EBaseException e) { + * log(ILogger.LL_FAILURE, + * CMS.getLogMessage("ADMIN_SRVLT_AUTH_CALL_FAIL",e.toString())); } if + * (AuthzToken + * .AUTHZ_STATUS_FAIL.equals(authzTok.get(AuthzToken.TOKEN_AUTHZ_STATUS + * ))) { // audit would have been needed here if this weren't just a + * test... + * + * log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_AUTHS")); + * + * sendResponse(ERROR, MessageFormatter.getLocalizedString( + * getLocale(req), AdminResources.class.getName(), + * AdminResources.SRVLT_FAIL_AUTHS), null, resp); return; } */ - try { ISubsystem subsystem = CMS.getSubsystem("ca"); - if (subsystem != null) + if (subsystem != null) AUTHZ_RES_NAME = RES_CA_GROUP; subsystem = CMS.getSubsystem("ra"); - if (subsystem != null) + if (subsystem != null) AUTHZ_RES_NAME = RES_RA_GROUP; subsystem = CMS.getSubsystem("kra"); - if (subsystem != null) + if (subsystem != null) AUTHZ_RES_NAME = RES_KRA_GROUP; subsystem = CMS.getSubsystem("ocsp"); - if (subsystem != null) + if (subsystem != null) AUTHZ_RES_NAME = RES_OCSP_GROUP; subsystem = CMS.getSubsystem("tks"); - if (subsystem != null) + if (subsystem != null) AUTHZ_RES_NAME = RES_TKS_GROUP; if (scope != null) { if (scope.equals(ScopeDef.SC_USER_TYPE)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } @@ -216,8 +206,8 @@ public class UsrGrpAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_GROUPS)) { @@ -234,8 +224,8 @@ public class UsrGrpAdminServlet extends AdminServlet { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_GROUPS)) { @@ -252,8 +242,8 @@ public class UsrGrpAdminServlet extends AdminServlet { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_GROUPS)) { @@ -270,8 +260,8 @@ public class UsrGrpAdminServlet extends AdminServlet { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_GROUPS)) { @@ -285,8 +275,8 @@ public class UsrGrpAdminServlet extends AdminServlet { mOp = "read"; if ((mToken = super.authorize(req)) == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_GROUPS)) { @@ -296,11 +286,11 @@ public class UsrGrpAdminServlet extends AdminServlet { findUsers(req, resp); return; } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_INVALID_OP_SCOPE")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_INVALID_OP_SCOPE")); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), + null, resp); return; } } @@ -308,21 +298,21 @@ public class UsrGrpAdminServlet extends AdminServlet { } catch (EBaseException e) { log(ILogger.LL_FAILURE, e.toString()); sendResponse(ERROR, e.toString(getLocale(req)), - null, resp); + null, resp); return; } catch (Exception e) { log(ILogger.LL_FAILURE, e.toString()); log(ILogger.LL_FAILURE, CMS.getLogMessage(" ADMIN_SRVLT_FAIL_PERFORM")); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"), + null, resp); return; } } private void getUserType(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { String id = super.getParameter(req, Constants.RS_ID); IUser user = mMgr.getUser(id); @@ -337,14 +327,14 @@ public class UsrGrpAdminServlet extends AdminServlet { } /** - * Searches for users in LDAP directory. List uids only - * + * Searches for users in LDAP directory. List uids only + * * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#user-admin + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#user-admin */ - private synchronized void findUsers(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void findUsers(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -355,7 +345,7 @@ public class UsrGrpAdminServlet extends AdminServlet { e = mMgr.listUsers("*"); } catch (Exception ex) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp); return; } @@ -383,27 +373,26 @@ public class UsrGrpAdminServlet extends AdminServlet { } /** - * List user information. Certificates covered in a separate - * protocol for findUserCerts(). List of group memberships are - * also provided. - * + * List user information. Certificates covered in a separate protocol for + * findUserCerts(). List of group memberships are also provided. + * * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#user-admin + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#user-admin */ - private synchronized void findUser(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void findUser(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { - //get id first + // get id first String id = super.getParameter(req, Constants.RS_ID); if (id == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -416,7 +405,7 @@ public class UsrGrpAdminServlet extends AdminServlet { } catch (Exception e) { e.printStackTrace(); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp); return; } @@ -427,7 +416,7 @@ public class UsrGrpAdminServlet extends AdminServlet { params.add(Constants.PR_USER_STATE, user.getState()); // get list of groups, and get a list of those that this - // uid belongs to + // uid belongs to Enumeration e = null; try { @@ -435,7 +424,7 @@ public class UsrGrpAdminServlet extends AdminServlet { } catch (Exception ex) { ex.printStackTrace(); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp); return; } @@ -445,7 +434,7 @@ public class UsrGrpAdminServlet extends AdminServlet { IGroup group = (IGroup) e.nextElement(); if (group.isMember(id) == true) { - if (grpString.length()!=0) { + if (grpString.length() != 0) { grpString.append(","); } grpString.append(group.getGroupID()); @@ -461,31 +450,31 @@ public class UsrGrpAdminServlet extends AdminServlet { log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_USER_NOT_EXIST")); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp); return; } /** * List user certificate(s) - * + * * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#user-admin + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#user-admin */ - private synchronized void findUserCerts(HttpServletRequest req, - HttpServletResponse resp, Locale clientLocale) - throws ServletException, + private synchronized void findUserCerts(HttpServletRequest req, + HttpServletResponse resp, Locale clientLocale) + throws ServletException, IOException, EBaseException { - //get id first + // get id first String id = super.getParameter(req, Constants.RS_ID); if (id == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -498,7 +487,7 @@ public class UsrGrpAdminServlet extends AdminServlet { } catch (Exception e) { e.printStackTrace(); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp); return; } @@ -506,23 +495,23 @@ public class UsrGrpAdminServlet extends AdminServlet { log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_USER_NOT_EXIST")); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp); return; } X509Certificate[] certs = - (X509Certificate[]) user.getX509Certificates(); + (X509Certificate[]) user.getX509Certificates(); if (certs != null) { for (int i = 0; i < certs.length; i++) { ICertPrettyPrint print = CMS.getCertPrettyPrint(certs[i]); - // add base64 encoding - String base64 = CMS.getEncodedCert(certs[i]); - + // add base64 encoding + String base64 = CMS.getEncodedCert(certs[i]); + // pretty print certs params.add(getCertificateString(certs[i]), - print.toString(clientLocale) + "\n" + base64); + print.toString(clientLocale) + "\n" + base64); } sendResponse(SUCCESS, null, params, resp); return; @@ -542,18 +531,18 @@ public class UsrGrpAdminServlet extends AdminServlet { // note that it did not represent a certificate fully return cert.getVersion() + ";" + cert.getSerialNumber().toString() + - ";" + cert.getIssuerDN() + ";" + cert.getSubjectDN(); + ";" + cert.getIssuerDN() + ";" + cert.getSubjectDN(); } /** * Searchess for groups in LDAP server - * + * * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#group + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#group */ - private synchronized void findGroups(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void findGroups(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -582,25 +571,24 @@ public class UsrGrpAdminServlet extends AdminServlet { } /** - * finds a group - * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#user-admin + * finds a group Request/Response Syntax: + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#user-admin */ - private synchronized void findGroup(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void findGroup(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); - //get id first + // get id first String id = super.getParameter(req, Constants.RS_ID); if (id == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -619,14 +607,14 @@ public class UsrGrpAdminServlet extends AdminServlet { params.add(Constants.PR_GROUP_GROUP, group.getGroupID()); params.add(Constants.PR_GROUP_DESC, - group.getDescription()); + group.getDescription()); Enumeration members = group.getMemberNames(); StringBuffer membersString = new StringBuffer(); if (members != null) { while (members.hasMoreElements()) { - if (membersString.length()!=0) { + if (membersString.length() != 0) { membersString.append(", "); } @@ -644,7 +632,7 @@ public class UsrGrpAdminServlet extends AdminServlet { log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST")); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_GROUP_NOT_EXIST"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_GROUP_NOT_EXIST"), null, resp); return; } @@ -653,24 +641,25 @@ public class UsrGrpAdminServlet extends AdminServlet { /** * Adds a new user to LDAP server * <P> - * + * * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#user-admin + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#user-admin * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring * role information (anything under users/groups) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void addUser(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void addUser(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String auditMessage = null; @@ -694,8 +683,8 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -713,8 +702,8 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_RS_ID_BS"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_RS_ID_BS"), + null, resp); return; } @@ -732,8 +721,8 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_SPECIAL_ID", id), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_SPECIAL_ID", id), + null, resp); return; } @@ -756,7 +745,7 @@ public class UsrGrpAdminServlet extends AdminServlet { sendResponse(ERROR, msg, null, resp); return; - } else + } else user.setFullName(fname); String email = super.getParameter(req, Constants.PR_USER_EMAIL); @@ -783,7 +772,7 @@ public class UsrGrpAdminServlet extends AdminServlet { throw new EUsrGrpException(passwdCheck.getReason(pword)); - //UsrGrpResources.BAD_PASSWD); + // UsrGrpResources.BAD_PASSWD); } user.setPassword(pword); @@ -835,10 +824,10 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp); return; } - + if (e.hasMoreElements()) { IGroup group = (IGroup) e.nextElement(); @@ -858,18 +847,18 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp); return; } } // for audit log SessionContext sContext = SessionContext.getContext(); String adminId = (String) sContext.get(SessionContext.USER_ID); - + mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP, - AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT, - new Object[] {adminId, id, groupName} - ); + AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT, + new Object[] { adminId, id, groupName } + ); } NameValuePairs params = new NameValuePairs(); @@ -899,10 +888,10 @@ public class UsrGrpAdminServlet extends AdminServlet { if (user.getUserID() == null) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED_1", "uid"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED_1", "uid"), null, resp); } else { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp); } return; } catch (LDAPException e) { @@ -920,7 +909,7 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp); return; } catch (Exception e) { log(ILogger.LL_FAILURE, e.toString()); @@ -935,7 +924,7 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp); return; } } catch (EBaseException eAudit1) { @@ -963,41 +952,42 @@ public class UsrGrpAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } /** * Adds a certificate to a user * <P> - * + * * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#user-admin + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#user-admin * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring * role information (anything under users/groups) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void addUserCert(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void addUserCert(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String auditMessage = null; @@ -1021,8 +1011,8 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -1068,7 +1058,7 @@ public class UsrGrpAdminServlet extends AdminServlet { try { CryptoManager manager = CryptoManager.getInstance(); - + PKCS7 pkcs7 = new PKCS7(p7Cert); X509Certificate p7certs[] = pkcs7.getCertificates(); @@ -1084,7 +1074,7 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp); return; } // fix for 370099 - cert ordering can not be assumed @@ -1095,7 +1085,7 @@ public class UsrGrpAdminServlet extends AdminServlet { // the ordering if (p7certs[0].getSubjectDN().toString().equals( p7certs[0].getIssuerDN().toString()) && - (p7certs.length == 1)) { + (p7certs.length == 1)) { certs[0] = p7certs[0]; CMS.debug("UsrGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_SINGLE_CERT_IMPORT")); } else if (p7certs[0].getIssuerDN().toString().equals(p7certs[1].getSubjectDN().toString())) { @@ -1119,7 +1109,7 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp); return; } @@ -1140,8 +1130,8 @@ public class UsrGrpAdminServlet extends AdminServlet { for (j = jBegin; j < jEnd; j++) { CMS.debug("UsrGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_CERT_IN_CHAIN", String.valueOf(j), String.valueOf(p7certs[j].getSubjectDN()))); org.mozilla.jss.crypto.X509Certificate leafCert = - null; - + null; + leafCert = manager.importCACertPackage(p7certs[j].getEncoded()); @@ -1152,10 +1142,10 @@ public class UsrGrpAdminServlet extends AdminServlet { } if (leafCert instanceof InternalCertificate) { - ((InternalCertificate) leafCert).setSSLTrust( - InternalCertificate.VALID_CA | - InternalCertificate.TRUSTED_CA | - InternalCertificate.TRUSTED_CLIENT_CA); + ((InternalCertificate) leafCert).setSSLTrust( + InternalCertificate.VALID_CA | + InternalCertificate.TRUSTED_CA | + InternalCertificate.TRUSTED_CLIENT_CA); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NOT_INTERNAL_CERT", String.valueOf(p7certs[j].getSubjectDN()))); @@ -1163,13 +1153,15 @@ public class UsrGrpAdminServlet extends AdminServlet { } /* - } catch (CryptoManager.UserCertConflictException ex) { - // got a "user cert" in the chain, most likely the CA - // cert of this instance, which has a private key. Ignore - log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_PKS7_IGNORED", ex.toString())); - */ + * } catch (CryptoManager.UserCertConflictException ex) { // + * got a "user cert" in the chain, most likely the CA // + * cert of this instance, which has a private key. Ignore + * log(ILogger.LL_FAILURE, + * CMS.getLogMessage("ADMIN_SRVLT_PKS7_IGNORED", + * ex.toString())); + */ } catch (Exception ex) { - //----- + // ----- log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_CERT_ERROR", ex.toString())); // store a message in the signed audit log file @@ -1182,7 +1174,7 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp); return; } } catch (Exception e) { @@ -1198,7 +1190,7 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_O_ERROR"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_O_ERROR"), null, resp); return; } @@ -1236,10 +1228,10 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_EXPIRED"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_EXPIRED"), null, resp); return; } catch (CertificateNotYetValidException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_CERT_NOT_YET_VALID", + log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_CERT_NOT_YET_VALID", String.valueOf(certs[0].getSubjectDN()))); // store a message in the signed audit log file @@ -1252,7 +1244,7 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_NOT_YET_VALID"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_NOT_YET_VALID"), null, resp); return; } catch (LDAPException e) { @@ -1265,13 +1257,12 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); - if (e.getLDAPResultCode() == - LDAPException.ATTRIBUTE_OR_VALUE_EXISTS) { + if (e.getLDAPResultCode() == LDAPException.ATTRIBUTE_OR_VALUE_EXISTS) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_CERT_EXISTS"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_CERT_EXISTS"), null, resp); } else { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp); } return; } catch (Exception e) { @@ -1287,21 +1278,21 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp); return; } // } catch( EBaseException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit1; + // // rethrow the specific exception to be handled later + // throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -1315,45 +1306,46 @@ public class UsrGrpAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } /** * Removes a certificate for a user * <P> - * + * * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#user-admin + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#user-admin * <P> - * + * * In this method, "certDN" is actually a combination of version, - * serialNumber, issuerDN, and SubjectDN. + * serialNumber, issuerDN, and SubjectDN. * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring * role information (anything under users/groups) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void modifyUserCert(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void modifyUserCert(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String auditMessage = null; @@ -1377,8 +1369,8 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -1431,21 +1423,21 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp); return; } // } catch( EBaseException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit1; + // // rethrow the specific exception to be handled later + // throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -1459,44 +1451,44 @@ public class UsrGrpAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } /** - * removes a user. user not removed if belongs to any group - * (Administrators should remove the user from "uniquemember" of - * any group he/she belongs to before trying to remove the user - * itself. + * removes a user. user not removed if belongs to any group (Administrators + * should remove the user from "uniquemember" of any group he/she belongs to + * before trying to remove the user itself. * <P> - * + * * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#user-admin + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#user-admin * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring * role information (anything under users/groups) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void removeUser(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void removeUser(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String auditMessage = null; @@ -1505,7 +1497,7 @@ public class UsrGrpAdminServlet extends AdminServlet { // ensure that any low-level exceptions are reported // to the signed audit log and stored as failures try { - //get id first + // get id first String id = super.getParameter(req, Constants.RS_ID); boolean mustDelete = false; int index = 0; @@ -1528,8 +1520,8 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } // get list of groups, and see if uid belongs to any @@ -1570,8 +1562,8 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_FAIL_USER_RMV_G"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_FAIL_USER_RMV_G"), + null, resp); return; } } @@ -1604,7 +1596,7 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_FAIL_USER_RMV"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_FAIL_USER_RMV"), null, resp); return; } } catch (EBaseException eAudit1) { @@ -1632,41 +1624,42 @@ public class UsrGrpAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } /** * Adds a new group in local scope. * <P> - * + * * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#group + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#group * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring * role information (anything under users/groups) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void addGroup(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void addGroup(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String auditMessage = null; @@ -1675,7 +1668,7 @@ public class UsrGrpAdminServlet extends AdminServlet { // ensure that any low-level exceptions are reported // to the signed audit log and stored as failures try { - //get id first + // get id first String id = super.getParameter(req, Constants.RS_ID); if (id == null) { @@ -1691,8 +1684,8 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -1743,8 +1736,8 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_GROUP_ADD_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_GROUP_ADD_FAILED"), + null, resp); return; } } catch (EBaseException eAudit1) { @@ -1772,41 +1765,42 @@ public class UsrGrpAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } /** * removes a group * <P> - * + * * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#group + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#group * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring * role information (anything under users/groups) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void removeGroup(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void removeGroup(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String auditMessage = null; @@ -1815,7 +1809,7 @@ public class UsrGrpAdminServlet extends AdminServlet { // ensure that any low-level exceptions are reported // to the signed audit log and stored as failures try { - //get id first + // get id first String id = super.getParameter(req, Constants.RS_ID); if (id == null) { @@ -1831,8 +1825,8 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -1875,44 +1869,45 @@ public class UsrGrpAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } /** * modifies a group * <P> - * - * last person of the super power group "Certificate - * Server Administrators" can never be removed. + * + * last person of the super power group "Certificate Server Administrators" + * can never be removed. * <P> - * - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#group + * + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#group * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring * role information (anything under users/groups) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void modifyGroup(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void modifyGroup(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String auditMessage = null; @@ -1921,7 +1916,7 @@ public class UsrGrpAdminServlet extends AdminServlet { // ensure that any low-level exceptions are reported // to the signed audit log and stored as failures try { - //get id first + // get id first String id = super.getParameter(req, Constants.RS_ID); if (id == null) { @@ -1937,8 +1932,8 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -1968,7 +1963,7 @@ public class UsrGrpAdminServlet extends AdminServlet { if (multiRole) { group.addMemberName(memberName); } else { - if( isGroupInMultiRoleEnforceList(groupName)) { + if (isGroupInMultiRoleEnforceList(groupName)) { if (!isDuplicate(groupName, memberName)) { group.addMemberName(memberName); } else { @@ -2019,8 +2014,8 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_GROUP_MODIFY_FAILED"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_GROUP_MODIFY_FAILED"), + null, resp); return; } } catch (EBaseException eAudit1) { @@ -2048,50 +2043,49 @@ public class UsrGrpAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } - private boolean isGroupInMultiRoleEnforceList(String groupName) - { + private boolean isGroupInMultiRoleEnforceList(String groupName) { String groupList = null; if (groupName == null || groupName.equals("")) { return true; } if (mMultiRoleGroupEnforceList == null) { - try { - groupList = mConfig.getString(MULTI_ROLE_ENFORCE_GROUP_LIST); - } catch (Exception e) { - } - - if (groupList != null && !groupList.equals("")) { - mMultiRoleGroupEnforceList = groupList.split(","); - for (int j = 0 ; j < mMultiRoleGroupEnforceList.length; j++) { - mMultiRoleGroupEnforceList[j] = mMultiRoleGroupEnforceList[j].trim(); - } - } - } - - if (mMultiRoleGroupEnforceList == null) - return true; - - for (int i = 0; i < mMultiRoleGroupEnforceList.length; i++) { - if (groupName.equals(mMultiRoleGroupEnforceList[i])) { - return true; - } - } - return false; + try { + groupList = mConfig.getString(MULTI_ROLE_ENFORCE_GROUP_LIST); + } catch (Exception e) { + } + + if (groupList != null && !groupList.equals("")) { + mMultiRoleGroupEnforceList = groupList.split(","); + for (int j = 0; j < mMultiRoleGroupEnforceList.length; j++) { + mMultiRoleGroupEnforceList[j] = mMultiRoleGroupEnforceList[j].trim(); + } + } + } + + if (mMultiRoleGroupEnforceList == null) + return true; + + for (int i = 0; i < mMultiRoleGroupEnforceList.length; i++) { + if (groupName.equals(mMultiRoleGroupEnforceList[i])) { + return true; + } + } + return false; } private boolean isDuplicate(String groupName, String memberName) { @@ -2100,7 +2094,7 @@ public class UsrGrpAdminServlet extends AdminServlet { // Let's not mess with users that are already a member of this group boolean isMember = false; try { - isMember = mMgr.isMemberOf(memberName,groupName); + isMember = mMgr.isMemberOf(memberName, groupName); } catch (Exception e) { } @@ -2134,24 +2128,25 @@ public class UsrGrpAdminServlet extends AdminServlet { /** * Modifies an existing user in local scope. * <P> - * + * * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#user-admin + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#user-admin * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring * role information (anything under users/groups) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void modifyUser(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, + private synchronized void modifyUser(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String auditMessage = null; @@ -2160,7 +2155,7 @@ public class UsrGrpAdminServlet extends AdminServlet { // ensure that any low-level exceptions are reported // to the signed audit log and stored as failures try { - //get id first + // get id first String id = super.getParameter(req, Constants.RS_ID); if (id == null) { @@ -2176,8 +2171,8 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), + null, resp); return; } @@ -2186,7 +2181,7 @@ public class UsrGrpAdminServlet extends AdminServlet { if ((fname == null) || (fname.length() == 0)) { String msg = - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED", "full name"); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED", "full name"); log(ILogger.LL_FAILURE, msg); @@ -2226,7 +2221,7 @@ public class UsrGrpAdminServlet extends AdminServlet { throw new EUsrGrpException(passwdCheck.getReason(pword)); - //UsrGrpResources.BAD_PASSWD); + // UsrGrpResources.BAD_PASSWD); } user.setPassword(pword); @@ -2270,7 +2265,7 @@ public class UsrGrpAdminServlet extends AdminServlet { audit(auditMessage); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp); return; } } catch (EBaseException eAudit1) { @@ -2298,17 +2293,17 @@ public class UsrGrpAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } @@ -2316,6 +2311,6 @@ public class UsrGrpAdminServlet extends AdminServlet { if (mLogger == null) return; mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_USRGRP, - level, "UsrGrpAdminServlet: " + msg); + level, "UsrGrpAdminServlet: " + msg); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java index 696b091e..7df37706 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java @@ -99,10 +99,9 @@ import com.netscape.cms.servlet.common.ICMSTemplateFiller; import com.netscape.cms.servlet.common.Utils; import com.netscape.cmsutil.xml.XMLObject; - /** * This is the base class of all CS servlet. - * + * * @version $Revision$, $Date$ */ public abstract class CMSServlet extends HttpServlet { @@ -127,76 +126,55 @@ public abstract class CMSServlet extends HttpServlet { public final static String AUTHZ_CONFIG_STORE = "authz"; public final static String AUTHZ_SRC_XML = "web.xml"; public final static String PROP_AUTHZ_MGR = "AuthzMgr"; - public final static String PROP_ACL = "ACLinfo"; + public final static String PROP_ACL = "ACLinfo"; public final static String AUTHZ_MGR_BASIC = "BasicAclAuthz"; public final static String AUTHZ_MGR_LDAP = "DirAclAuthz"; private final static String FAILED = "1"; private final static String HDR_LANG = "accept-language"; - - // final error message - if error and exception templates don't work + + // final error message - if error and exception templates don't work // send out this text string directly to output. public final static String PROP_FINAL_ERROR_MSG = "finalErrorMsg"; public final static String ERROR_MSG_TOKEN = "$ERROR_MSG"; - public final static String FINAL_ERROR_MSG = - "<HTML>\n" + - "<BODY BGCOLOR=white>\n" + - "<P>\n" + - "The Certificate System has encountered " + - "an unrecoverable error.\n" + - "<P>\n" + - "Error Message:<BR>\n" + - "<I>$ERROR_MSG</I>\n" + - "<P>\n" + - "Please contact your local administrator for assistance.\n" + - "</BODY>\n" + - "</HTML>\n"; + public final static String FINAL_ERROR_MSG = + "<HTML>\n" + + "<BODY BGCOLOR=white>\n" + + "<P>\n" + + "The Certificate System has encountered " + + "an unrecoverable error.\n" + + "<P>\n" + + "Error Message:<BR>\n" + + "<I>$ERROR_MSG</I>\n" + + "<P>\n" + + "Please contact your local administrator for assistance.\n" + + "</BODY>\n" + + "</HTML>\n"; // properties from configuration. - protected final static String - PROP_UNAUTHORIZED_TEMPLATE = "unauthorizedTemplate"; - protected final static String - UNAUTHORIZED_TEMPLATE = "/GenUnauthorized.template"; - protected final static String - PROP_SUCCESS_TEMPLATE = "successTemplate"; - protected final static String - SUCCESS_TEMPLATE = "/GenSuccess.template"; - protected final static String - PROP_PENDING_TEMPLATE = "pendingTemplate"; - protected final static String - PENDING_TEMPLATE = "/GenPending.template"; - protected final static String - PROP_SVC_PENDING_TEMPLATE = "svcpendingTemplate"; - protected final static String - SVC_PENDING_TEMPLATE = "/GenSvcPending.template"; - protected final static String - PROP_REJECTED_TEMPLATE = "rejectedTemplate"; - protected final static String - REJECTED_TEMPLATE = "/GenRejected.template"; - protected final static String - PROP_ERROR_TEMPLATE = "errorTemplate"; - protected final static String - ERROR_TEMPLATE = "/GenError.template"; - protected final static String - PROP_EXCEPTION_TEMPLATE = "unexpectedErrorTemplate"; - protected final static String - EXCEPTION_TEMPLATE = "/GenUnexpectedError.template"; - - private final static String - PROP_UNAUTHOR_TEMPLATE_FILLER = "unauthorizedTemplateFiller"; - protected final static String - PROP_SUCCESS_TEMPLATE_FILLER = "successTemplateFiller"; - private final static String - PROP_ERROR_TEMPLATE_FILLER = "errorTemplateFiller"; - private final static String - PROP_PENDING_TEMPLATE_FILLER = "pendingTemplateFiller"; - private final static String - PROP_SVC_PENDING_TEMPLATE_FILLER = "svcpendingTemplateFiller"; - private final static String - PROP_REJECTED_TEMPLATE_FILLER = "rejectedTemplateFiller"; - private final static String - PROP_EXCEPTION_TEMPLATE_FILLER = "exceptionTemplateFiller"; + protected final static String PROP_UNAUTHORIZED_TEMPLATE = "unauthorizedTemplate"; + protected final static String UNAUTHORIZED_TEMPLATE = "/GenUnauthorized.template"; + protected final static String PROP_SUCCESS_TEMPLATE = "successTemplate"; + protected final static String SUCCESS_TEMPLATE = "/GenSuccess.template"; + protected final static String PROP_PENDING_TEMPLATE = "pendingTemplate"; + protected final static String PENDING_TEMPLATE = "/GenPending.template"; + protected final static String PROP_SVC_PENDING_TEMPLATE = "svcpendingTemplate"; + protected final static String SVC_PENDING_TEMPLATE = "/GenSvcPending.template"; + protected final static String PROP_REJECTED_TEMPLATE = "rejectedTemplate"; + protected final static String REJECTED_TEMPLATE = "/GenRejected.template"; + protected final static String PROP_ERROR_TEMPLATE = "errorTemplate"; + protected final static String ERROR_TEMPLATE = "/GenError.template"; + protected final static String PROP_EXCEPTION_TEMPLATE = "unexpectedErrorTemplate"; + protected final static String EXCEPTION_TEMPLATE = "/GenUnexpectedError.template"; + + private final static String PROP_UNAUTHOR_TEMPLATE_FILLER = "unauthorizedTemplateFiller"; + protected final static String PROP_SUCCESS_TEMPLATE_FILLER = "successTemplateFiller"; + private final static String PROP_ERROR_TEMPLATE_FILLER = "errorTemplateFiller"; + private final static String PROP_PENDING_TEMPLATE_FILLER = "pendingTemplateFiller"; + private final static String PROP_SVC_PENDING_TEMPLATE_FILLER = "svcpendingTemplateFiller"; + private final static String PROP_REJECTED_TEMPLATE_FILLER = "rejectedTemplateFiller"; + private final static String PROP_EXCEPTION_TEMPLATE_FILLER = "exceptionTemplateFiller"; protected final static String RA_AGENT_GROUP = "Registration Manager Agents"; protected final static String CA_AGENT_GROUP = "Certificate Manager Agents"; @@ -206,25 +184,18 @@ public abstract class CMSServlet extends HttpServlet { protected final static String ADMIN_GROUP = "Administrators"; // default http params NOT to save in request.(config values added to list ) - private static final String - PROP_DONT_SAVE_HTTP_PARAMS = "dontSaveHttpParams"; - private static final String[] - DONT_SAVE_HTTP_PARAMS = { "pwd", "password", "passwd", + private static final String PROP_DONT_SAVE_HTTP_PARAMS = "dontSaveHttpParams"; + private static final String[] DONT_SAVE_HTTP_PARAMS = { "pwd", "password", "passwd", "challengePassword", "confirmChallengePassword" }; // default http headers to save in request. (config values added to list) - private static final String - PROP_SAVE_HTTP_HEADERS = "saveHttpHeaders"; - private static final String[] - SAVE_HTTP_HEADERS = { "accept-language", "user-agent", }; + private static final String PROP_SAVE_HTTP_HEADERS = "saveHttpHeaders"; + private static final String[] SAVE_HTTP_HEADERS = { "accept-language", "user-agent", }; // request prefixes to distinguish from other request attributes. - public static final String - PFX_HTTP_HEADER = "HTTP_HEADER"; - public static final String - PFX_HTTP_PARAM = "HTTP_PARAM"; - public static final String - PFX_AUTH_TOKEN = "AUTH_TOKEN"; + public static final String PFX_HTTP_HEADER = "HTTP_HEADER"; + public static final String PFX_HTTP_PARAM = "HTTP_PARAM"; + public static final String PFX_AUTH_TOKEN = "AUTH_TOKEN"; /* input http params */ protected final static String AUTHMGR_PARAM = "authenticator"; @@ -232,10 +203,10 @@ public abstract class CMSServlet extends HttpServlet { /* fixed credential passed to auth managers */ protected final static String CERT_AUTH_CRED = "sslClientCert"; - public static final String CERT_ATTR = - "javax.servlet.request.X509Certificate"; + public static final String CERT_ATTR = + "javax.servlet.request.X509Certificate"; - // members. + // members. protected boolean mRenderResult = true; protected String mFinalErrorMsg = FINAL_ERROR_MSG; @@ -243,7 +214,7 @@ public abstract class CMSServlet extends HttpServlet { protected ServletConfig mServletConfig = null; protected ServletContext mServletContext = null; - private CMSFileLoader mFileLoader = null; + private CMSFileLoader mFileLoader = null; protected Vector<String> mDontSaveHttpParams = new Vector<String>(); protected Vector<String> mSaveHttpHeaders = new Vector<String>(); @@ -251,14 +222,14 @@ public abstract class CMSServlet extends HttpServlet { protected String mId = null; protected IConfigStore mConfig = null; - // the authority, RA, CA, KRA this servlet is serving. + // the authority, RA, CA, KRA this servlet is serving. protected IAuthority mAuthority = null; protected IRequestQueue mRequestQueue = null; // system logger. protected ILogger mLogger = CMS.getLogger(); protected int mLogCategory = ILogger.S_OTHER; - private MessageDigest mSHADigest = null; + private MessageDigest mSHADigest = null; protected String mGetClientCert = "false"; protected String mAuthMgr = null; @@ -270,18 +241,18 @@ public abstract class CMSServlet extends HttpServlet { protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); protected String mOutputTemplatePath = null; private IUGSubsystem mUG = (IUGSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_UG); + CMS.getSubsystem(CMS.SUBSYSTEM_UG); private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL = - "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4"; + "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4"; private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS = - "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3"; + "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3"; private final static String LOGGING_SIGNED_AUDIT_AUTHZ_FAIL = - "LOGGING_SIGNED_AUDIT_AUTHZ_FAIL_4"; + "LOGGING_SIGNED_AUDIT_AUTHZ_FAIL_4"; private final static String LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS = - "LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS_4"; + "LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS_4"; private final static String LOGGING_SIGNED_AUDIT_ROLE_ASSUME = - "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3"; + "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3"; public CMSServlet() { } @@ -328,33 +299,33 @@ public abstract class CMSServlet extends HttpServlet { if (mAuthority != null) mRequestQueue = mAuthority.getRequestQueue(); - // set default templates. + // set default templates. setDefaultTemplates(sc); // for logging to the right authority category. if (mAuthority == null) { mLogCategory = ILogger.S_OTHER; } else { - if (mAuthority instanceof ICertificateAuthority) + if (mAuthority instanceof ICertificateAuthority) mLogCategory = ILogger.S_CA; - else if (mAuthority instanceof IRegistrationAuthority) + else if (mAuthority instanceof IRegistrationAuthority) mLogCategory = ILogger.S_RA; - else if (mAuthority instanceof IKeyRecoveryAuthority) + else if (mAuthority instanceof IKeyRecoveryAuthority) mLogCategory = ILogger.S_KRA; - else + else mLogCategory = ILogger.S_OTHER; } try { - // get final error message. + // get final error message. // used when templates can't even be loaded. - String eMsg = - sc.getInitParameter(PROP_FINAL_ERROR_MSG); + String eMsg = + sc.getInitParameter(PROP_FINAL_ERROR_MSG); if (eMsg != null) mFinalErrorMsg = eMsg; - // get any configured templates. + // get any configured templates. Enumeration<CMSLoadTemplate> templs = mTemplates.elements(); while (templs.hasMoreElements()) { @@ -363,13 +334,13 @@ public abstract class CMSServlet extends HttpServlet { if (templ == null || templ.mPropName == null) { continue; } - String tName = - sc.getInitParameter(templ.mPropName); + String tName = + sc.getInitParameter(templ.mPropName); if (tName != null) templ.mTemplateName = tName; - String fillerName = - sc.getInitParameter(templ.mFillerPropName); + String fillerName = + sc.getInitParameter(templ.mFillerPropName); if (fillerName != null) { ICMSTemplateFiller filler = newFillerObject(fillerName); @@ -379,32 +350,32 @@ public abstract class CMSServlet extends HttpServlet { } } - // get http params NOT to store in a IRequest and - // get http headers TO store in a IRequest. + // get http params NOT to store in a IRequest and + // get http headers TO store in a IRequest. getDontSaveHttpParams(sc); getSaveHttpHeaders(sc); } catch (Exception e) { - // should never occur since we provide defaults above. - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_CONF_TEMP_PARAMS", - e.toString())); + // should never occur since we provide defaults above. + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_CONF_TEMP_PARAMS", + e.toString())); throw new ServletException(e.toString()); } try { mSHADigest = MessageDigest.getInstance("SHA1"); } catch (NoSuchAlgorithmException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_CONF_TEMP_PARAMS", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_CONF_TEMP_PARAMS", + e.toString())); throw new ServletException(e.toString()); } } - + public String getId() { return mId; } - + public String getAuthMgr() { return mAuthMgr; } @@ -416,44 +387,43 @@ public abstract class CMSServlet extends HttpServlet { return false; } - public void outputHttpParameters(HttpServletRequest httpReq) - { - CMS.debug("CMSServlet:service() uri = " + httpReq.getRequestURI()); + public void outputHttpParameters(HttpServletRequest httpReq) { + CMS.debug("CMSServlet:service() uri = " + httpReq.getRequestURI()); Enumeration<?> paramNames = httpReq.getParameterNames(); while (paramNames.hasMoreElements()) { - String pn = (String)paramNames.nextElement(); + String pn = (String) paramNames.nextElement(); // added this facility so that password can be hidden, - // all sensitive parameters should be prefixed with + // all sensitive parameters should be prefixed with // __ (double underscores); however, in the event that // a security parameter slips through, we perform multiple // additional checks to insure that it is NOT displayed - if( pn.startsWith("__") || - pn.endsWith("password") || - pn.endsWith("passwd") || - pn.endsWith("pwd") || - pn.equalsIgnoreCase("admin_password_again") || - pn.equalsIgnoreCase("directoryManagerPwd") || - pn.equalsIgnoreCase("bindpassword") || - pn.equalsIgnoreCase("bindpwd") || - pn.equalsIgnoreCase("passwd") || - pn.equalsIgnoreCase("password") || - pn.equalsIgnoreCase("pin") || - pn.equalsIgnoreCase("pwd") || - pn.equalsIgnoreCase("pwdagain") || - pn.startsWith("p12Password") || - pn.equalsIgnoreCase("uPasswd") ) { - CMS.debug("CMSServlet::service() param name='" + pn + - "' value='(sensitive)'" ); + if (pn.startsWith("__") || + pn.endsWith("password") || + pn.endsWith("passwd") || + pn.endsWith("pwd") || + pn.equalsIgnoreCase("admin_password_again") || + pn.equalsIgnoreCase("directoryManagerPwd") || + pn.equalsIgnoreCase("bindpassword") || + pn.equalsIgnoreCase("bindpwd") || + pn.equalsIgnoreCase("passwd") || + pn.equalsIgnoreCase("password") || + pn.equalsIgnoreCase("pin") || + pn.equalsIgnoreCase("pwd") || + pn.equalsIgnoreCase("pwdagain") || + pn.startsWith("p12Password") || + pn.equalsIgnoreCase("uPasswd")) { + CMS.debug("CMSServlet::service() param name='" + pn + + "' value='(sensitive)'"); } else { - CMS.debug("CMSServlet::service() param name='" + pn + - "' value='" + httpReq.getParameter(pn) + "'" ); + CMS.debug("CMSServlet::service() param name='" + pn + + "' value='" + httpReq.getParameter(pn) + "'"); } } } - public void service(HttpServletRequest httpReq, - HttpServletResponse httpResp) - throws ServletException, IOException { + public void service(HttpServletRequest httpReq, + HttpServletResponse httpResp) + throws ServletException, IOException { boolean running_state = CMS.isInRunningState(); @@ -473,16 +443,16 @@ public abstract class CMSServlet extends HttpServlet { httpReq.setCharacterEncoding("UTF-8"); if (CMS.debugOn()) { - outputHttpParameters(httpReq); + outputHttpParameters(httpReq); } CMS.debug("CMSServlet: " + mId + " start to service."); String className = this.getClass().getName(); - // get a cms request + // get a cms request CMSRequest cmsRequest = newCMSRequest(); - // set argblock - cmsRequest.setHttpParams(CMS.createArgBlock("http-request-params",toHashtable(httpReq))); + // set argblock + cmsRequest.setHttpParams(CMS.createArgBlock("http-request-params", toHashtable(httpReq))); // set http request cmsRequest.setHttpReq(httpReq); @@ -516,21 +486,22 @@ public abstract class CMSServlet extends HttpServlet { renderResult(cmsRequest); SessionContext.releaseContext(); return; - } + } long startTime = CMS.getCurrentDate().getTime(); process(cmsRequest); renderResult(cmsRequest); Date endDate = CMS.getCurrentDate(); long endTime = endDate.getTime(); if (CMS.debugOn()) { - CMS.debug(CMS.DEBUG_INFORM, "CMSServlet: curDate=" + endDate + " id=" + mId + " time=" + (endTime - startTime)); + CMS.debug(CMS.DEBUG_INFORM, "CMSServlet: curDate=" + endDate + " id=" + mId + " time=" + (endTime - startTime)); } iCommandQueue.unRegisterProccess((Object) cmsRequest, (Object) this); } catch (EBaseException e) { iCommandQueue.unRegisterProccess((Object) cmsRequest, (Object) this); - // ByteArrayOutputStream os = new ByteArrayOutputStream(); for debugging only + // ByteArrayOutputStream os = new ByteArrayOutputStream(); for + // debugging only // PrintStream ps = new PrintStream(os); - //e.printStackTrace(ps); + // e.printStackTrace(ps); log(e.toString()); renderException(cmsRequest, e); } catch (Exception ex) { @@ -551,39 +522,38 @@ public abstract class CMSServlet extends HttpServlet { /** * Create a new CMSRequest object. This should be overriden by servlets - * implementing different types of request - * @return a new CMSRequest object + * implementing different types of request + * + * @return a new CMSRequest object */ protected CMSRequest newCMSRequest() { return new CMSRequest(); } /** - * process an HTTP request. Servlets must override this with their - * own implementation - * @throws EBaseException if the servlet was unable to satisfactorily - * process the request + * process an HTTP request. Servlets must override this with their own + * implementation + * + * @throws EBaseException if the servlet was unable to satisfactorily + * process the request */ - protected void process(CMSRequest cmsRequest) - throws EBaseException - { + protected void process(CMSRequest cmsRequest) + throws EBaseException { } - /** - * Output a template. - * If an error occurs while outputing the template the exception template - * is used to display the error. + * Output a template. If an error occurs while outputing the template the + * exception template is used to display the error. * * @param cmsReq the CS request */ protected void renderResult(CMSRequest cmsReq) - throws IOException { + throws IOException { if (!mRenderResult) return; Integer status = cmsReq.getStatus(); - + CMSLoadTemplate ltempl = (CMSLoadTemplate) mTemplates.get(status); if (ltempl == null || ltempl.mTemplateName == null) { @@ -594,13 +564,12 @@ public abstract class CMSServlet extends HttpServlet { renderTemplate(cmsReq, ltempl.mTemplateName, filler); } - + private static final String PRESERVED = "preserved"; public static final String TEMPLATE_NAME = "templateName"; - + protected void outputArgBlockAsXML(XMLObject xmlObj, Node parent, - String argBlockName, IArgBlock argBlock) - { + String argBlockName, IArgBlock argBlock) { Node argBlockContainer = xmlObj.createContainer(parent, argBlockName); if (argBlock != null) { @@ -614,15 +583,14 @@ public abstract class CMSServlet extends HttpServlet { } } - protected void outputXML(HttpServletResponse httpResp, CMSTemplateParams params) - { + protected void outputXML(HttpServletResponse httpResp, CMSTemplateParams params) { XMLObject xmlObj = null; try { xmlObj = new XMLObject(); Node root = xmlObj.createRoot("xml"); outputArgBlockAsXML(xmlObj, root, "header", params.getHeader()); - outputArgBlockAsXML(xmlObj, root, "fixed", params.getFixed()); + outputArgBlockAsXML(xmlObj, root, "fixed", params.getFixed()); Enumeration<IArgBlock> records = params.queryRecords(); Node recordsNode = xmlObj.createContainer(root, "records"); @@ -645,14 +613,14 @@ public abstract class CMSServlet extends HttpServlet { } protected void renderTemplate( - CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) - throws IOException { + CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) + throws IOException { try { IArgBlock httpParams = cmsReq.getHttpParams(); Locale[] locale = new Locale[1]; CMSTemplate template = - getTemplate(templateName, cmsReq.getHttpReq(), locale); + getTemplate(templateName, cmsReq.getHttpReq(), locale); CMSTemplateParams templateParams = null; if (filler != null) { @@ -670,20 +638,20 @@ public abstract class CMSServlet extends HttpServlet { } if (httpParams != null) { - String httpTemplateName = - httpParams.getValueAsString( - TEMPLATE_NAME, null); + String httpTemplateName = + httpParams.getValueAsString( + TEMPLATE_NAME, null); if (httpTemplateName != null) { templateName = httpTemplateName; } } - if (templateParams == null) + if (templateParams == null) templateParams = new CMSTemplateParams(null, null); - // #359630 - // inject preserved http parameter into the template + // #359630 + // inject preserved http parameter into the template if (httpParams != null) { String preserved = httpParams.getValueAsString( PRESERVED, null); @@ -704,40 +672,40 @@ public abstract class CMSServlet extends HttpServlet { cmsReq.getHttpResp().setContentLength(bos.size()); bos.writeTo(cmsReq.getHttpResp().getOutputStream()); } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_TEMPLATE", templateName, e.toString())); - renderException(cmsReq, - new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_TEMPLATE", templateName, e.toString())); + renderException(cmsReq, + new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"))); return; } } /** - * Output exception (unexpected error) template - * This is different from other templates in that if an exception occurs - * while rendering the exception a message is printed out directly. - * If the message gets an error an IOException is thrown. - * In others if an exception occurs while rendering the template the - * exception template (this) is called. + * Output exception (unexpected error) template This is different from other + * templates in that if an exception occurs while rendering the exception a + * message is printed out directly. If the message gets an error an + * IOException is thrown. In others if an exception occurs while rendering + * the template the exception template (this) is called. * <p> + * * @param cmsReq the CS request to pass to template filler if any. * @param e the unexpected exception */ - protected void renderException(CMSRequest cmsReq, EBaseException e) - throws IOException { + protected void renderException(CMSRequest cmsReq, EBaseException e) + throws IOException { try { Locale[] locale = new Locale[1]; - CMSLoadTemplate loadTempl = - (CMSLoadTemplate) mTemplates.get(CMSRequest.EXCEPTION); - CMSTemplate template = getTemplate(loadTempl.mTemplateName, + CMSLoadTemplate loadTempl = + (CMSLoadTemplate) mTemplates.get(CMSRequest.EXCEPTION); + CMSTemplate template = getTemplate(loadTempl.mTemplateName, cmsReq.getHttpReq(), locale); ICMSTemplateFiller filler = loadTempl.mFiller; CMSTemplateParams templateParams = null; // When an exception occurs the exit is non-local which probably // will leave the requestStatus value set to something other - // than CMSRequest.EXCEPTION, so force the requestStatus to - // EXCEPTION since it must be that if we're here. + // than CMSRequest.EXCEPTION, so force the requestStatus to + // EXCEPTION since it must be that if we're here. cmsReq.setStatus(CMSRequest.EXCEPTION); if (filler != null) { @@ -749,7 +717,7 @@ public abstract class CMSServlet extends HttpServlet { } if (e != null) { templateParams.getFixed().set( - ICMSTemplateFiller.EXCEPTION, e.toString(locale[0])); + ICMSTemplateFiller.EXCEPTION, e.toString(locale[0])); } // just output arg blocks as XML @@ -772,25 +740,25 @@ public abstract class CMSServlet extends HttpServlet { } } - public void renderFinalError(CMSRequest cmsReq, Exception ex) - throws IOException { - // this template is the last resort for all other unexpected - // errors in other templates so we can only output text. + public void renderFinalError(CMSRequest cmsReq, Exception ex) + throws IOException { + // this template is the last resort for all other unexpected + // errors in other templates so we can only output text. HttpServletResponse httpResp = cmsReq.getHttpResp(); httpResp.setContentType("text/html"); ServletOutputStream out = httpResp.getOutputStream(); - - // replace $ERRORMSG with exception message if included. + + // replace $ERRORMSG with exception message if included. String finalErrMsg = mFinalErrorMsg; int tokenIdx = mFinalErrorMsg.indexOf(ERROR_MSG_TOKEN); if (tokenIdx != -1) { - finalErrMsg = + finalErrMsg = mFinalErrorMsg.substring(0, tokenIdx) + - ex.toString() + - mFinalErrorMsg.substring( - tokenIdx + ERROR_MSG_TOKEN.length()); + ex.toString() + + mFinalErrorMsg.substring( + tokenIdx + ERROR_MSG_TOKEN.length()); } out.println(finalErrMsg); return; @@ -803,31 +771,23 @@ public abstract class CMSServlet extends HttpServlet { SSLSocket s = null; /* - try { - s = (SSLSocket) ((HTTPRequest) httpReq).getConnection().getSocket(); - } catch (ClassCastException e) { - CMS.getLogger().log( - ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_SSL_NO_INVALIDATE")); - // ignore. - return; - } - try { - s.invalidateSession(); - s.resetHandshake(); - }catch (SocketException se) { - } + * try { s = (SSLSocket) ((HTTPRequest) + * httpReq).getConnection().getSocket(); } catch (ClassCastException e) + * { CMS.getLogger().log( ILogger.EV_SYSTEM, ILogger.S_OTHER, + * ILogger.LL_WARN, CMS.getLogMessage("CMSGW_SSL_NO_INVALIDATE")); // + * ignore. return; } try { s.invalidateSession(); s.resetHandshake(); + * }catch (SocketException se) { } */ return; } /** - * construct a authentication credentials to pass into authentication + * construct a authentication credentials to pass into authentication * manager. */ public static AuthCredentials getAuthCreds( - IAuthManager authMgr, IArgBlock argBlock, X509Certificate clientCert) - throws EBaseException { + IAuthManager authMgr, IArgBlock argBlock, X509Certificate clientCert) + throws EBaseException { // get credentials from http parameters. String[] reqCreds = authMgr.getRequiredCreds(); AuthCredentials creds = new AuthCredentials(); @@ -837,8 +797,8 @@ public abstract class CMSServlet extends HttpServlet { if (reqCred.equals(IAuthManager.CRED_SSL_CLIENT_CERT)) { // cert could be null; - creds.set(reqCred, new X509Certificate[] { clientCert} - ); + creds.set(reqCred, new X509Certificate[] { clientCert } + ); } else { String value = argBlock.getValueAsString(reqCred); @@ -854,19 +814,19 @@ public abstract class CMSServlet extends HttpServlet { /** * get ssl client authenticated certificate */ - protected X509Certificate - getSSLClientCertificate(HttpServletRequest httpReq) - throws EBaseException { + protected X509Certificate + getSSLClientCertificate(HttpServletRequest httpReq) + throws EBaseException { X509Certificate cert = null; - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_INFO, - CMS.getLogMessage("CMSGW_GETTING_SSL_CLIENT_CERT")); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_INFO, + CMS.getLogMessage("CMSGW_GETTING_SSL_CLIENT_CERT")); - // iws60 support Java Servlet Spec V2.2, attribute + // iws60 support Java Servlet Spec V2.2, attribute // javax.servlet.request.X509Certificate now contains array // of X509Certificates instead of one X509Certificate object - X509Certificate[] allCerts = (X509Certificate[]) httpReq.getAttribute(CERT_ATTR); + X509Certificate[] allCerts = (X509Certificate[]) httpReq.getAttribute(CERT_ATTR); if (allCerts == null || allCerts.length == 0) { throw new EBaseException("You did not provide a valid certificate for this operation"); @@ -876,10 +836,10 @@ public abstract class CMSServlet extends HttpServlet { if (cert == null) { // just don't have a cert. - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL")); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL")); return null; - } + } // convert to sun's x509 cert interface. try { @@ -888,53 +848,53 @@ public abstract class CMSServlet extends HttpServlet { cert = new X509CertImpl(certEncoded); } catch (CertificateEncodingException e) { mLogger.log( - ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL_ENCODE", e.getMessage())); + ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL_ENCODE", e.getMessage())); return null; } catch (CertificateException e) { mLogger.log( - ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL_DECODE", e.getMessage())); + ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL_DECODE", e.getMessage())); return null; } - return cert; + return cert; } /** * get a template based on result status. */ protected CMSTemplate getTemplate( - String templateName, HttpServletRequest httpReq, Locale[] locale) - throws EBaseException, IOException { + String templateName, HttpServletRequest httpReq, Locale[] locale) + throws EBaseException, IOException { // this converts to system dependent file seperator char. if (mServletConfig == null) { - CMS.debug( "CMSServlet:getTemplate() - mServletConfig is null!" ); + CMS.debug("CMSServlet:getTemplate() - mServletConfig is null!"); return null; } if (mServletConfig.getServletContext() == null) { } if (templateName == null) { } - String realpath = - mServletConfig.getServletContext().getRealPath("/" + templateName); + String realpath = + mServletConfig.getServletContext().getRealPath("/" + templateName); if (realpath == null) { mLogger.log( - ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_FIND_TEMPLATE", templateName)); + ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NO_FIND_TEMPLATE", templateName)); throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } File realpathFile = new File(realpath); - File templateFile = - getLangFile(httpReq, realpathFile, locale); + File templateFile = + getLangFile(httpReq, realpathFile, locale); String charSet = httpReq.getCharacterEncoding(); if (charSet == null) { charSet = "UTF8"; } - CMSTemplate template = - (CMSTemplate) mFileLoader.getCMSFile(templateFile, charSet); + CMSTemplate template = + (CMSTemplate) mFileLoader.getCMSFile(templateFile, charSet); return template; } @@ -943,13 +903,13 @@ public abstract class CMSServlet extends HttpServlet { * log according to authority category. */ protected void log(int event, int level, String msg) { - mLogger.log(event, mLogCategory, level, - "Servlet " + mId + ": " + msg); + mLogger.log(event, mLogCategory, level, + "Servlet " + mId + ": " + msg); } protected void log(int level, String msg) { - mLogger.log(ILogger.EV_SYSTEM, mLogCategory, level, - "Servlet " + mId + ": " + msg); + mLogger.log(ILogger.EV_SYSTEM, mLogCategory, level, + "Servlet " + mId + ": " + msg); } /** @@ -965,8 +925,8 @@ public abstract class CMSServlet extends HttpServlet { dontSaveParams = sc.getInitParameter( PROP_DONT_SAVE_HTTP_PARAMS); if (dontSaveParams != null) { - StringTokenizer params = - new StringTokenizer(dontSaveParams, ","); + StringTokenizer params = + new StringTokenizer(dontSaveParams, ","); while (params.hasMoreTokens()) { String param = params.nextToken(); @@ -976,8 +936,8 @@ public abstract class CMSServlet extends HttpServlet { } } catch (Exception e) { // should never happen - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_NO_CONFIG_VALUE", PROP_DONT_SAVE_HTTP_PARAMS, e.toString())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_NO_CONFIG_VALUE", PROP_DONT_SAVE_HTTP_PARAMS, e.toString())); // default just in case. for (int i = 0; i < DONT_SAVE_HTTP_PARAMS.length; i++) { mDontSaveHttpParams.addElement(DONT_SAVE_HTTP_PARAMS[i]); @@ -997,12 +957,12 @@ public abstract class CMSServlet extends HttpServlet { } // now get from config file if there's more. - String saveHeaders = - sc.getInitParameter(PROP_SAVE_HTTP_HEADERS); + String saveHeaders = + sc.getInitParameter(PROP_SAVE_HTTP_HEADERS); - if (saveHeaders != null) { - StringTokenizer headers = - new StringTokenizer(saveHeaders, ","); + if (saveHeaders != null) { + StringTokenizer headers = + new StringTokenizer(saveHeaders, ","); while (headers.hasMoreTokens()) { String hdr = headers.nextToken(); @@ -1021,8 +981,8 @@ public abstract class CMSServlet extends HttpServlet { * save http headers in a IRequest. */ protected void saveHttpHeaders( - HttpServletRequest httpReq, IRequest req) - throws EBaseException { + HttpServletRequest httpReq, IRequest req) + throws EBaseException { Hashtable<String, String> headers = new Hashtable<String, String>(); Enumeration<String> hdrs = mSaveHttpHeaders.elements(); @@ -1041,7 +1001,7 @@ public abstract class CMSServlet extends HttpServlet { * save http headers in a IRequest. */ protected void saveHttpParams( - IArgBlock httpParams, IRequest req) { + IArgBlock httpParams, IRequest req) { Hashtable<String, String> saveParams = new Hashtable<String, String>(); Enumeration<String> names = httpParams.elements(); @@ -1075,14 +1035,14 @@ public abstract class CMSServlet extends HttpServlet { * handy routine for getting a cert record given a serial number. */ protected ICertRecord getCertRecord(BigInteger serialNo) { - if (mAuthority == null || - !(mAuthority instanceof ICertificateAuthority)) { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_NON_CERT_AUTH")); + if (mAuthority == null || + !(mAuthority instanceof ICertificateAuthority)) { + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_NON_CERT_AUTH")); return null; } - ICertificateRepository certdb = - (ICertificateRepository) ((ICertificateAuthority) mAuthority).getCertificateRepository(); + ICertificateRepository certdb = + (ICertificateRepository) ((ICertificateAuthority) mAuthority).getCertificateRepository(); if (certdb == null) { log(ILogger.LL_WARN, CMS.getLogMessage("CMSGW_CERT_DB_NULL", mAuthority.toString())); @@ -1093,16 +1053,16 @@ public abstract class CMSServlet extends HttpServlet { try { certRecord = certdb.readCertificateRecord(serialNo); } catch (EBaseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_CERT_REC", serialNo.toString(16), e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NO_CERT_REC", serialNo.toString(16), e.toString())); return null; } return certRecord; } /** - * handy routine for validating if a cert is from this CA. - * mAuthority must be a CA. + * handy routine for validating if a cert is from this CA. mAuthority must + * be a CA. */ protected boolean isCertFromCA(X509Certificate cert) { BigInteger serialno = cert.getSerialNumber(); @@ -1114,8 +1074,8 @@ public abstract class CMSServlet extends HttpServlet { } /** - * handy routine for checking if a list of certs is from this CA. - * mAuthortiy must be a CA. + * handy routine for checking if a list of certs is from this CA. mAuthortiy + * must be a CA. */ protected boolean areCertsFromCA(X509Certificate[] certs) { for (int i = certs.length - 1; i >= 0; i--) { @@ -1126,18 +1086,18 @@ public abstract class CMSServlet extends HttpServlet { } /** - * handy routine for getting a certificate from the certificate - * repository. mAuthority must be a CA. + * handy routine for getting a certificate from the certificate repository. + * mAuthority must be a CA. */ protected X509Certificate getX509Certificate(BigInteger serialNo) { - if (mAuthority == null || - !(mAuthority instanceof ICertificateAuthority)) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NOT_CERT_AUTH")); + if (mAuthority == null || + !(mAuthority instanceof ICertificateAuthority)) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NOT_CERT_AUTH")); return null; } - ICertificateRepository certdb = - (ICertificateRepository) ((ICertificateAuthority) mAuthority).getCertificateRepository(); + ICertificateRepository certdb = + (ICertificateRepository) ((ICertificateAuthority) mAuthority).getCertificateRepository(); if (certdb == null) { log(ILogger.LL_WARN, CMS.getLogMessage("CMSGW_CERT_DB_NULL", mAuthority.toString())); @@ -1148,15 +1108,16 @@ public abstract class CMSServlet extends HttpServlet { try { cert = certdb.getX509Certificate(serialNo); } catch (EBaseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_CERT_REC", serialNo.toString(16), e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NO_CERT_REC", serialNo.toString(16), e.toString())); return null; } return cert; } /** - * instantiate a new filler from a class name, + * instantiate a new filler from a class name, + * * @return null if can't be instantiated, new instance otherwise. */ protected ICMSTemplateFiller newFillerObject(String fillerClass) { @@ -1169,8 +1130,8 @@ public abstract class CMSServlet extends HttpServlet { if ((e instanceof RuntimeException)) { throw (RuntimeException) e; } else { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_CANT_LOAD_FILLER", fillerClass, e.toString())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_CANT_LOAD_FILLER", fillerClass, e.toString())); return null; } } @@ -1178,18 +1139,17 @@ public abstract class CMSServlet extends HttpServlet { } /** - * set default templates. - * subclasses can override, and should override at least the success - * template + * set default templates. subclasses can override, and should override at + * least the success template */ protected void setDefaultTemplates(ServletConfig sc) { // Subclasses should override these for diff templates and params in - // their constructors. - // Set a template name to null to not use these standard ones. - // When template name is set to null nothing will be displayed. + // their constructors. + // Set a template name to null to not use these standard ones. + // When template name is set to null nothing will be displayed. // Servlet is assumed to have rendered its own output. - // The only exception is the unexpected error template where the - // default one will always be used if template name is null. + // The only exception is the unexpected error template where the + // default one will always be used if template name is null. String successTemplate = null; String errorTemplate = null; String unauthorizedTemplate = null; @@ -1210,17 +1170,17 @@ public abstract class CMSServlet extends HttpServlet { if (successTemplate == null) { successTemplate = SUCCESS_TEMPLATE; if (gateway != null) - //successTemplate = "/"+gateway+successTemplate; - successTemplate = "/"+gateway+successTemplate; + // successTemplate = "/"+gateway+successTemplate; + successTemplate = "/" + gateway + successTemplate; } errorTemplate = sc.getInitParameter( PROP_ERROR_TEMPLATE); if (errorTemplate == null) { errorTemplate = ERROR_TEMPLATE; - if (gateway != null) - //errorTemplate = "/"+gateway+errorTemplate; - errorTemplate = "/"+gateway+errorTemplate; + if (gateway != null) + // errorTemplate = "/"+gateway+errorTemplate; + errorTemplate = "/" + gateway + errorTemplate; } unauthorizedTemplate = sc.getInitParameter( @@ -1228,8 +1188,8 @@ public abstract class CMSServlet extends HttpServlet { if (unauthorizedTemplate == null) { unauthorizedTemplate = UNAUTHORIZED_TEMPLATE; if (gateway != null) - //unauthorizedTemplate = "/"+gateway+unauthorizedTemplate; - unauthorizedTemplate = "/"+gateway+unauthorizedTemplate; + // unauthorizedTemplate = "/"+gateway+unauthorizedTemplate; + unauthorizedTemplate = "/" + gateway + unauthorizedTemplate; } pendingTemplate = sc.getInitParameter( @@ -1237,8 +1197,8 @@ public abstract class CMSServlet extends HttpServlet { if (pendingTemplate == null) { pendingTemplate = PENDING_TEMPLATE; if (gateway != null) - //pendingTemplate = "/"+gateway+pendingTemplate; - pendingTemplate = "/"+gateway+pendingTemplate; + // pendingTemplate = "/"+gateway+pendingTemplate; + pendingTemplate = "/" + gateway + pendingTemplate; } svcpendingTemplate = sc.getInitParameter( @@ -1246,8 +1206,8 @@ public abstract class CMSServlet extends HttpServlet { if (svcpendingTemplate == null) { svcpendingTemplate = SVC_PENDING_TEMPLATE; if (gateway != null) - //svcpendingTemplate = "/"+gateway+svcpendingTemplate; - svcpendingTemplate = "/"+gateway+svcpendingTemplate; + // svcpendingTemplate = "/"+gateway+svcpendingTemplate; + svcpendingTemplate = "/" + gateway + svcpendingTemplate; } rejectedTemplate = sc.getInitParameter( @@ -1255,8 +1215,8 @@ public abstract class CMSServlet extends HttpServlet { if (rejectedTemplate == null) { rejectedTemplate = REJECTED_TEMPLATE; if (gateway != null) - //rejectedTemplate = "/"+gateway+rejectedTemplate; - rejectedTemplate = "/"+gateway+rejectedTemplate; + // rejectedTemplate = "/"+gateway+rejectedTemplate; + rejectedTemplate = "/" + gateway + rejectedTemplate; } unexpectedErrorTemplate = sc.getInitParameter( @@ -1264,51 +1224,52 @@ public abstract class CMSServlet extends HttpServlet { if (unexpectedErrorTemplate == null) { unexpectedErrorTemplate = EXCEPTION_TEMPLATE; if (gateway != null) - //unexpectedErrorTemplate = "/"+gateway+unexpectedErrorTemplate; - unexpectedErrorTemplate = "/"+gateway+unexpectedErrorTemplate; + // unexpectedErrorTemplate = + // "/"+gateway+unexpectedErrorTemplate; + unexpectedErrorTemplate = "/" + gateway + unexpectedErrorTemplate; } } catch (Exception e) { - // this should never happen. - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(), - mId)); + // this should never happen. + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(), + mId)); } mTemplates.put( - CMSRequest.UNAUTHORIZED, - new CMSLoadTemplate( - PROP_UNAUTHORIZED_TEMPLATE, PROP_UNAUTHOR_TEMPLATE_FILLER, - unauthorizedTemplate, null)); + CMSRequest.UNAUTHORIZED, + new CMSLoadTemplate( + PROP_UNAUTHORIZED_TEMPLATE, PROP_UNAUTHOR_TEMPLATE_FILLER, + unauthorizedTemplate, null)); mTemplates.put( - CMSRequest.SUCCESS, - new CMSLoadTemplate( - PROP_SUCCESS_TEMPLATE, PROP_SUCCESS_TEMPLATE_FILLER, - successTemplate, new GenSuccessTemplateFiller())); + CMSRequest.SUCCESS, + new CMSLoadTemplate( + PROP_SUCCESS_TEMPLATE, PROP_SUCCESS_TEMPLATE_FILLER, + successTemplate, new GenSuccessTemplateFiller())); mTemplates.put( - CMSRequest.PENDING, - new CMSLoadTemplate( - PROP_PENDING_TEMPLATE, PROP_PENDING_TEMPLATE_FILLER, - pendingTemplate, new GenPendingTemplateFiller())); + CMSRequest.PENDING, + new CMSLoadTemplate( + PROP_PENDING_TEMPLATE, PROP_PENDING_TEMPLATE_FILLER, + pendingTemplate, new GenPendingTemplateFiller())); mTemplates.put( - CMSRequest.SVC_PENDING, - new CMSLoadTemplate( - PROP_SVC_PENDING_TEMPLATE, PROP_SVC_PENDING_TEMPLATE_FILLER, - svcpendingTemplate, new GenSvcPendingTemplateFiller())); + CMSRequest.SVC_PENDING, + new CMSLoadTemplate( + PROP_SVC_PENDING_TEMPLATE, PROP_SVC_PENDING_TEMPLATE_FILLER, + svcpendingTemplate, new GenSvcPendingTemplateFiller())); mTemplates.put( - CMSRequest.REJECTED, - new CMSLoadTemplate( - PROP_REJECTED_TEMPLATE, PROP_REJECTED_TEMPLATE_FILLER, - rejectedTemplate, new GenRejectedTemplateFiller())); + CMSRequest.REJECTED, + new CMSLoadTemplate( + PROP_REJECTED_TEMPLATE, PROP_REJECTED_TEMPLATE_FILLER, + rejectedTemplate, new GenRejectedTemplateFiller())); mTemplates.put( - CMSRequest.ERROR, - new CMSLoadTemplate( - PROP_ERROR_TEMPLATE, PROP_ERROR_TEMPLATE_FILLER, - errorTemplate, new GenErrorTemplateFiller())); + CMSRequest.ERROR, + new CMSLoadTemplate( + PROP_ERROR_TEMPLATE, PROP_ERROR_TEMPLATE_FILLER, + errorTemplate, new GenErrorTemplateFiller())); mTemplates.put( - CMSRequest.EXCEPTION, - new CMSLoadTemplate( - PROP_EXCEPTION_TEMPLATE, PROP_EXCEPTION_TEMPLATE_FILLER, - unexpectedErrorTemplate, new GenUnexpectedErrorTemplateFiller())); + CMSRequest.EXCEPTION, + new CMSLoadTemplate( + PROP_EXCEPTION_TEMPLATE, PROP_EXCEPTION_TEMPLATE_FILLER, + unexpectedErrorTemplate, new GenUnexpectedErrorTemplateFiller())); } /** @@ -1317,8 +1278,8 @@ public abstract class CMSServlet extends HttpServlet { public static boolean clientIsNav(HttpServletRequest httpReq) { String useragent = httpReq.getHeader("user-agent"); - if (useragent.startsWith("Mozilla") && - useragent.indexOf("MSIE") == -1) + if (useragent.startsWith("Mozilla") && + useragent.indexOf("MSIE") == -1) return true; return false; } @@ -1339,40 +1300,36 @@ public abstract class CMSServlet extends HttpServlet { * set using cartman JS. (no other way to tell) */ private static String CMMF_RESPONSE = "cmmfResponse"; + public static boolean doCMMFResponse(IArgBlock httpParams) { if (httpParams.getValueAsBoolean(CMMF_RESPONSE, false)) return true; - else + else return false; } private static final String IMPORT_CERT = "importCert"; private static final String IMPORT_CHAIN = "importCAChain"; private static final String IMPORT_CERT_MIME_TYPE = "importCertMimeType"; - // default mime type - private static final String - NS_X509_USER_CERT = "application/x-x509-user-cert"; - private static final String - NS_X509_EMAIL_CERT = "application/x-x509-email-cert"; + // default mime type + private static final String NS_X509_USER_CERT = "application/x-x509-user-cert"; + private static final String NS_X509_EMAIL_CERT = "application/x-x509-email-cert"; // CMC mime types - public static final String - SIMPLE_ENROLLMENT_REQUEST = "application/pkcs10"; - public static final String - SIMPLE_ENROLLMENT_RESPONSE = "application/pkcs7-mime"; - public static final String - FULL_ENROLLMENT_REQUEST = "application/pkcs7-mime"; - public static final String - FULL_ENROLLMENT_RESPONSE = "application/pkcs7-mime"; + public static final String SIMPLE_ENROLLMENT_REQUEST = "application/pkcs10"; + public static final String SIMPLE_ENROLLMENT_RESPONSE = "application/pkcs7-mime"; + public static final String FULL_ENROLLMENT_REQUEST = "application/pkcs7-mime"; + public static final String FULL_ENROLLMENT_RESPONSE = "application/pkcs7-mime"; /** * handy routine to check if client want full enrollment response */ public static String FULL_RESPONSE = "fullResponse"; + public static boolean doFullResponse(IArgBlock httpParams) { if (httpParams.getValueAsBoolean(FULL_RESPONSE, false)) return true; - else + else return false; } @@ -1381,23 +1338,23 @@ public abstract class CMSServlet extends HttpServlet { * @return true if import cert directly is true and import cert. */ protected boolean checkImportCertToNav( - HttpServletResponse httpResp, IArgBlock httpParams, X509CertImpl cert) - throws EBaseException { + HttpServletResponse httpResp, IArgBlock httpParams, X509CertImpl cert) + throws EBaseException { if (!httpParams.getValueAsBoolean(IMPORT_CERT, false)) { return false; } boolean importCAChain = - httpParams.getValueAsBoolean(IMPORT_CHAIN, true); + httpParams.getValueAsBoolean(IMPORT_CHAIN, true); // XXX Temporary workaround because of problem with passing Mime type boolean emailCert = - httpParams.getValueAsBoolean("emailCert", false); + httpParams.getValueAsBoolean("emailCert", false); String importMimeType = (emailCert) ? - httpParams.getValueAsString(IMPORT_CERT_MIME_TYPE, NS_X509_EMAIL_CERT) : - httpParams.getValueAsString(IMPORT_CERT_MIME_TYPE, NS_X509_USER_CERT); + httpParams.getValueAsString(IMPORT_CERT_MIME_TYPE, NS_X509_EMAIL_CERT) : + httpParams.getValueAsString(IMPORT_CERT_MIME_TYPE, NS_X509_USER_CERT); - // String importMimeType = - // httpParams.getValueAsString( - // IMPORT_CERT_MIME_TYPE, NS_X509_USER_CERT); + // String importMimeType = + // httpParams.getValueAsString( + // IMPORT_CERT_MIME_TYPE, NS_X509_USER_CERT); importCertToNav(httpResp, cert, importMimeType, importCAChain); return true; } @@ -1406,17 +1363,17 @@ public abstract class CMSServlet extends HttpServlet { * handy routine to import cert to old navigator in nav mime type. */ public void importCertToNav( - HttpServletResponse httpResp, X509CertImpl cert, - String contentType, boolean importCAChain) - throws EBaseException { + HttpServletResponse httpResp, X509CertImpl cert, + String contentType, boolean importCAChain) + throws EBaseException { ServletOutputStream out = null; byte[] encoding = null; - CMS.debug("CMSServlet: importCertToNav " + - "contentType=" + contentType + " " + + CMS.debug("CMSServlet: importCertToNav " + + "contentType=" + contentType + " " + "importCAChain=" + importCAChain); - try { - out = httpResp.getOutputStream(); + try { + out = httpResp.getOutputStream(); // CA chain. if (importCAChain) { CertificateChain caChain = null; @@ -1426,9 +1383,9 @@ public abstract class CMSServlet extends HttpServlet { caChain = ((ICertAuthority) mAuthority).getCACertChain(); caCerts = caChain.getChain(); - // set user + CA cert chain in pkcs7 - X509CertImpl[] userChain = - new X509CertImpl[caCerts.length + 1]; + // set user + CA cert chain in pkcs7 + X509CertImpl[] userChain = + new X509CertImpl[caCerts.length + 1]; userChain[0] = cert; int m = 1, n = 0; @@ -1437,8 +1394,8 @@ public abstract class CMSServlet extends HttpServlet { userChain[m] = (X509CertImpl) caCerts[n]; /* - System.out.println( - m+"th Cert "+userChain[m].toString()); + * System.out.println( + * m+"th Cert "+userChain[m].toString()); */ } p7 = new PKCS7(new AlgorithmId[0], @@ -1456,16 +1413,16 @@ public abstract class CMSServlet extends HttpServlet { } httpResp.setContentType(contentType); out.write(encoding); - } catch (IOException e) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_RET_CERT_IMPORT_ERR", e.toString())); + } catch (IOException e) { + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_RET_CERT_IMPORT_ERR", e.toString())); throw new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_RETURNING_CERT")); } catch (CertificateEncodingException e) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_ENCODED_IMP_CERT", e.toString())); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NO_ENCODED_IMP_CERT", e.toString())); throw new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT")); } @@ -1511,75 +1468,76 @@ public abstract class CMSServlet extends HttpServlet { * handy routine for getting agent's relative path */ protected String getRelPath(IAuthority authority) { - if (authority instanceof ICertificateAuthority) + if (authority instanceof ICertificateAuthority) return "ca/"; - else if (authority instanceof IRegistrationAuthority) + else if (authority instanceof IRegistrationAuthority) return "ra/"; - else if (authority instanceof IKeyRecoveryAuthority) + else if (authority instanceof IKeyRecoveryAuthority) return "kra/"; - else + else return "/"; } /** - * A system certificate such as the CA signing certificate - * should not be allowed to delete. - * The main purpose is to avoid revoking the self signed + * A system certificate such as the CA signing certificate should not be + * allowed to delete. The main purpose is to avoid revoking the self signed * CA certificate accidentially. */ protected boolean isSystemCertificate(BigInteger serialNo) { if (!(mAuthority instanceof ICertificateAuthority)) { return false; } - X509Certificate caCert = - ((ICertificateAuthority)mAuthority).getCACert(); + X509Certificate caCert = + ((ICertificateAuthority) mAuthority).getCACert(); if (caCert != null) { - /* only check this if we are self-signed */ - if (caCert.getSubjectDN().equals(caCert.getIssuerDN())) { - if (caCert.getSerialNumber().equals(serialNo)) { - return true; + /* only check this if we are self-signed */ + if (caCert.getSubjectDN().equals(caCert.getIssuerDN())) { + if (caCert.getSerialNumber().equals(serialNo)) { + return true; + } } - } } return false; } /** * make a CRL entry from a serial number and revocation reason. + * * @return a RevokedCertImpl that can be entered in a CRL. */ protected RevokedCertImpl formCRLEntry( - BigInteger serialNo, RevocationReason reason) - throws EBaseException { + BigInteger serialNo, RevocationReason reason) + throws EBaseException { CRLReasonExtension reasonExt = new CRLReasonExtension(reason); CRLExtensions crlentryexts = new CRLExtensions(); try { crlentryexts.set(CRLReasonExtension.class.getSimpleName(), reasonExt); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_CRL_REASON", reason.toString(), e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_CRL_REASON", reason.toString(), e.toString())); throw new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_SETTING_CRLREASON")); } - RevokedCertImpl crlentry = - new RevokedCertImpl(serialNo, CMS.getCurrentDate(), crlentryexts); + RevokedCertImpl crlentry = + new RevokedCertImpl(serialNo, CMS.getCurrentDate(), crlentryexts); return crlentry; } /** * check if a certificate (serial number) is revoked on a CA. + * * @return true if cert is marked revoked in the CA's database. - * @return false if cert is not marked revoked. + * @return false if cert is not marked revoked. */ - protected boolean certIsRevoked(BigInteger serialNum) - throws EBaseException { + protected boolean certIsRevoked(BigInteger serialNum) + throws EBaseException { ICertRecord certRecord = getCertRecord(serialNum); if (certRecord == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_BAD_CERT_SER_NUM", String.valueOf(serialNum))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_BAD_CERT_SER_NUM", String.valueOf(serialNum))); throw new ECMSGWException( CMS.getLogMessage("CMSGW_INVALID_CERT")); } @@ -1590,7 +1548,7 @@ public abstract class CMSServlet extends HttpServlet { public static String generateSalt() { Random rnd = new Random(); - String salt = new Integer( rnd.nextInt() ).toString(); + String salt = new Integer(rnd.nextInt()).toString(); return salt; } @@ -1608,8 +1566,8 @@ public abstract class CMSServlet extends HttpServlet { * @param locale array of at least one to be filled with locale found. */ public static File getLangFile( - HttpServletRequest req, File realpathFile, Locale[] locale) - throws IOException { + HttpServletRequest req, File realpathFile, Locale[] locale) + throws IOException { File file = null; String acceptLang = req.getHeader("accept-language"); @@ -1626,7 +1584,7 @@ public abstract class CMSServlet extends HttpServlet { } String name = realpathFile.getName(); - if (name == null) { // filename should never be null. + if (name == null) { // filename should never be null. throw new IOException("file has no name"); } int i; @@ -1655,8 +1613,8 @@ public abstract class CMSServlet extends HttpServlet { } String langfilepath = - parent + File.separatorChar + - lang + File.separatorChar + name; + parent + File.separatorChar + + lang + File.separatorChar + name; file = new File(langfilepath); if (file.exists()) { @@ -1688,18 +1646,18 @@ public abstract class CMSServlet extends HttpServlet { } public IAuthToken authenticate(CMSRequest req) - throws EBaseException { + throws EBaseException { return authenticate(req, mAuthMgr); } public IAuthToken authenticate(HttpServletRequest httpReq) - throws EBaseException { + throws EBaseException { return authenticate(httpReq, mAuthMgr); } - public IAuthToken authenticate(CMSRequest req, String authMgrName) - throws EBaseException { - IAuthToken authToken = authenticate(req.getHttpReq(), + public IAuthToken authenticate(CMSRequest req, String authMgrName) + throws EBaseException { + IAuthToken authToken = authenticate(req.getHttpReq(), authMgrName); saveAuthToken(authToken, req.getIRequest()); @@ -1709,19 +1667,19 @@ public abstract class CMSServlet extends HttpServlet { /** * Authentication * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_FAIL used when authentication - * fails (in case of SSL-client auth, only webserver env can pick up the - * SSL violation; CS authMgr can pick up cert mis-match, so this event - * is used) - * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_SUCCESS used when authentication - * succeeded + * fails (in case of SSL-client auth, only webserver env can pick up the SSL + * violation; CS authMgr can pick up cert mis-match, so this event is used) + * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_SUCCESS used when + * authentication succeeded * </ul> + * * @exception EBaseException an error has occurred */ public IAuthToken authenticate(HttpServletRequest httpReq, String authMgrName) - throws EBaseException { + throws EBaseException { String auditMessage = null; String auditSubjectID = ILogger.UNIDENTIFIED; String auditAuthMgrID = ILogger.UNIDENTIFIED; @@ -1750,19 +1708,19 @@ public abstract class CMSServlet extends HttpServlet { // // check ssl client authentication if specified. // - X509Certificate clientCert = null; + X509Certificate clientCert = null; - if (getClientCert != null && getClientCert.equals("true")) { + if (getClientCert != null && getClientCert.equals("true")) { CMS.debug("CMSServlet: retrieving SSL certificate"); clientCert = getSSLClientCertificate(httpReq); } // // check authentication by auth manager if any. - // + // if (authMgrName == null) { - // Fixed Blackflag Bug #613900: Since this code block does + // Fixed Blackflag Bug #613900: Since this code block does // NOT actually constitute an authentication failure, but // rather the case in which a given servlet has been correctly // configured to NOT require an authentication manager, the @@ -1795,10 +1753,10 @@ public abstract class CMSServlet extends HttpServlet { } AuthToken authToken = CMSGateway.checkAuthManager(httpReq, httpArgs, - clientCert, + clientCert, authMgrName); if (authToken == null) { - return null; + return null; } String userid = authToken.getInString(IAuthToken.USER_ID); @@ -1807,7 +1765,7 @@ public abstract class CMSServlet extends HttpServlet { if (userid != null) { ctx.put(SessionContext.USER_ID, userid); } - + // reset the "auditSubjectID" auditSubjectID = auditSubjectID(); @@ -1828,7 +1786,7 @@ public abstract class CMSServlet extends HttpServlet { auditSubjectID, ILogger.FAILURE, auditAuthMgrID, - auditUID); + auditUID); audit(auditMessage); // rethrow the specific exception to be handled later @@ -1837,7 +1795,7 @@ public abstract class CMSServlet extends HttpServlet { } public AuthzToken authorize(String authzMgrName, String resource, IAuthToken authToken, - String exp) throws EBaseException { + String exp) throws EBaseException { AuthzToken authzToken = null; String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1911,29 +1869,30 @@ public abstract class CMSServlet extends HttpServlet { /** * Authorize must occur after Authenticate * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_FAIL used when authorization * has failed - * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS used when authorization - * is successful - * <li>signed.audit LOGGING_SIGNED_AUDIT_ROLE_ASSUME used when user assumes a - * role (in current CS that's when one accesses a role port) + * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS used when + * authorization is successful + * <li>signed.audit LOGGING_SIGNED_AUDIT_ROLE_ASSUME used when user assumes + * a role (in current CS that's when one accesses a role port) * </ul> + * * @param authzMgrName string representing the name of the authorization - * manager + * manager * @param authToken the authentication token * @param resource a string representing the ACL resource id as defined in - * the ACL resource list + * the ACL resource list * @param operation a string representing one of the operations as defined - * within the ACL statement (e. g. - "read" for an ACL statement containing - * "(read,write)") + * within the ACL statement (e. g. - "read" for an ACL statement + * containing "(read,write)") * @exception EBaseException an error has occurred * @return the authorization token */ public AuthzToken authorize(String authzMgrName, IAuthToken authToken, - String resource, String operation) - throws EBaseException { + String resource, String operation) + throws EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditGroupID = auditGroupID(); @@ -1941,19 +1900,18 @@ public abstract class CMSServlet extends HttpServlet { String auditACLResource = resource; String auditOperation = operation; - SessionContext auditContext = SessionContext.getExistingContext(); String authManagerId = null; - if(auditContext != null) { + if (auditContext != null) { authManagerId = (String) auditContext.get(SessionContext.AUTH_MANAGER_ID); - - if(authManagerId != null && authManagerId.equals("TokenAuth")) { - if (auditSubjectID.equals(ILogger.NONROLEUSER) || - auditSubjectID.equals(ILogger.UNIDENTIFIED)) { - CMS.debug("CMSServlet: in authorize... TokenAuth auditSubjectID unavailable, changing to auditGroupID"); - auditID = auditGroupID; - } + + if (authManagerId != null && authManagerId.equals("TokenAuth")) { + if (auditSubjectID.equals(ILogger.NONROLEUSER) || + auditSubjectID.equals(ILogger.UNIDENTIFIED)) { + CMS.debug("CMSServlet: in authorize... TokenAuth auditSubjectID unavailable, changing to auditGroupID"); + auditID = auditGroupID; + } } } @@ -1968,7 +1926,7 @@ public abstract class CMSServlet extends HttpServlet { } if (authzMgrName == null) { - // Fixed Blackflag Bug #613900: Since this code block does + // Fixed Blackflag Bug #613900: Since this code block does // NOT actually constitute an authorization failure, but // rather the case in which a given servlet has been correctly // configured to NOT require an authorization manager, the @@ -2073,11 +2031,11 @@ public abstract class CMSServlet extends HttpServlet { /** * Signed Audit Log - * - * This method is inherited by all extended "CMSServlet"s, - * and is called to store messages to the signed audit log. + * + * This method is inherited by all extended "CMSServlet"s, and is called to + * store messages to the signed audit log. * <P> - * + * * @param msg signed audit log message */ protected void audit(String msg) { @@ -2089,20 +2047,19 @@ public abstract class CMSServlet extends HttpServlet { } mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + null, + ILogger.S_SIGNED_AUDIT, + ILogger.LL_SECURITY, + msg); } /** * Signed Audit Log Subject ID - * - * This method is inherited by all extended "CMSServlet"s, - * and is called to obtain the "SubjectID" for - * a signed audit log message. + * + * This method is inherited by all extended "CMSServlet"s, and is called to + * obtain the "SubjectID" for a signed audit log message. * <P> - * + * * @return id string containing the signed audit log message SubjectID */ protected String auditSubjectID() { @@ -2137,12 +2094,11 @@ public abstract class CMSServlet extends HttpServlet { /** * Signed Audit Log Group ID - * - * This method is inherited by all extended "CMSServlet"s, - * and is called to obtain the "gid" for - * a signed audit log message. + * + * This method is inherited by all extended "CMSServlet"s, and is called to + * obtain the "gid" for a signed audit log message. * <P> - * + * * @return id string containing the signed audit log message SubjectID */ protected String auditGroupID() { @@ -2177,14 +2133,14 @@ public abstract class CMSServlet extends HttpServlet { /** * Signed Audit Groups - * - * This method is called to extract all "groups" associated - * with the "auditSubjectID()". + * + * This method is called to extract all "groups" associated with the + * "auditSubjectID()". * <P> - * + * * @param id string containing the signed audit log message SubjectID - * @return a delimited string of groups associated - * with the "auditSubjectID()" + * @return a delimited string of groups associated with the + * "auditSubjectID()" */ private String auditGroups(String SubjectID) { // if no signed audit object exists, bail @@ -2193,7 +2149,7 @@ public abstract class CMSServlet extends HttpServlet { } if ((SubjectID == null) || - (SubjectID.equals(ILogger.UNIDENTIFIED))) { + (SubjectID.equals(ILogger.UNIDENTIFIED))) { return ILogger.SIGNED_AUDIT_EMPTY_VALUE; } @@ -2211,7 +2167,7 @@ public abstract class CMSServlet extends HttpServlet { IGroup group = (IGroup) groups.nextElement(); if (group.isMember(SubjectID) == true) { - if (membersString.length()!= 0) { + if (membersString.length() != 0) { membersString.append(", "); } @@ -2219,7 +2175,7 @@ public abstract class CMSServlet extends HttpServlet { } } - if (membersString.length()!=0) { + if (membersString.length() != 0) { return membersString.toString(); } else { return ILogger.SIGNED_AUDIT_EMPTY_VALUE; @@ -2243,18 +2199,18 @@ public abstract class CMSServlet extends HttpServlet { return locale; } - protected void outputResult(HttpServletResponse httpResp, - String contentType, byte[] content) { + protected void outputResult(HttpServletResponse httpResp, + String contentType, byte[] content) { try { OutputStream os = httpResp.getOutputStream(); - + httpResp.setContentType(contentType); httpResp.setContentLength(content.length); os.write(content); os.flush(); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", e.toString())); + CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", e.toString())); return; } } @@ -2288,34 +2244,36 @@ public abstract class CMSServlet extends HttpServlet { } catch (Exception ee) { CMS.debug("Failed to send XML output to the server."); log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", ee.toString())); + CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", ee.toString())); } } - protected StringBuffer escapeValueRfc1779(String v, boolean doubleEscape) - { + protected StringBuffer escapeValueRfc1779(String v, boolean doubleEscape) { StringBuffer result = new StringBuffer(); // Do we need to escape any characters for (int i = 0; i < v.length(); i++) { int c = v.charAt(i); if (c == ',' || c == '=' || c == '+' || c == '<' || - c == '>' || c == '#' || c == ';' || c == '\r' || - c == '\n' || c == '\\' || c == '"') { - if ((c == 0x5c) && ((i+1) < v.length())) { - int nextC = v.charAt(i+1); + c == '>' || c == '#' || c == ';' || c == '\r' || + c == '\n' || c == '\\' || c == '"') { + if ((c == 0x5c) && ((i + 1) < v.length())) { + int nextC = v.charAt(i + 1); if ((c == 0x5c) && (nextC == ',' || nextC == '=' || nextC == '+' || nextC == '<' || nextC == '>' || nextC == '#' || nextC == ';' || nextC == '\r' || nextC == '\n' || nextC == '\\' || nextC == '"')) { - if (doubleEscape) result.append('\\'); + if (doubleEscape) + result.append('\\'); } else { result.append('\\'); - if (doubleEscape) result.append('\\'); + if (doubleEscape) + result.append('\\'); } } else { result.append('\\'); - if (doubleEscape) result.append('\\'); + if (doubleEscape) + result.append('\\'); } } if (c == '\r') { @@ -2323,11 +2281,10 @@ public abstract class CMSServlet extends HttpServlet { } else if (c == '\n') { result.append("0A"); } else { - result.append((char)c); + result.append((char) c); } } return result; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java index 64c59c5a..99e12555 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.base; - import java.io.File; import java.io.IOException; import java.io.PrintWriter; @@ -32,11 +31,10 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.EBaseException; import com.netscape.cmsutil.util.Utils; - /** - * This servlet is started by the web server at startup, and - * it starts the CMS framework. - * + * This servlet is started by the web server at startup, and it starts the CMS + * framework. + * * @version $Revision$, $Date$ */ public class CMSStartServlet extends HttpServlet { @@ -55,34 +53,34 @@ public class CMSStartServlet extends HttpServlet { if (!f.exists()) { int index = path.lastIndexOf("CS.cfg"); if (index != -1) { - old_path = path.substring(0, index)+"CMS.cfg"; + old_path = path.substring(0, index) + "CMS.cfg"; } File f1 = new File(old_path); if (f1.exists()) { // The following block of code moves "CMS.cfg" to "CS.cfg". try { - if( Utils.isNT() ) { + if (Utils.isNT()) { // NT is very picky on the path - Utils.exec( "copy " + - f1.getAbsolutePath().replace( '/', '\\' ) + + Utils.exec("copy " + + f1.getAbsolutePath().replace('/', '\\') + " " + - f.getAbsolutePath().replace( '/', '\\' ) ); + f.getAbsolutePath().replace('/', '\\')); } else { // Create a copy of the original file which // preserves the original file permissions. - Utils.exec( "cp -p " + f1.getAbsolutePath() + " " + - f.getAbsolutePath() ); + Utils.exec("cp -p " + f1.getAbsolutePath() + " " + + f.getAbsolutePath()); } // Remove the original file if and only if // the backup copy was successful. - if( f.exists() ) { + if (f.exists()) { f1.delete(); // Make certain that the new file has // the correct permissions. - if( !Utils.isNT() ) { - Utils.exec( "chmod 00660 " + f.getAbsolutePath() ); + if (!Utils.isNT()) { + Utils.exec("chmod 00660 " + f.getAbsolutePath()); } } } catch (Exception e) { @@ -96,7 +94,7 @@ public class CMSStartServlet extends HttpServlet { } public void doGet(HttpServletRequest req, HttpServletResponse res) - throws ServletException, IOException { + throws ServletException, IOException { res.setContentType("text/html"); PrintWriter out = res.getWriter(); diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/DisplayHtmlServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/DisplayHtmlServlet.java index 8d853f0b..7499c781 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/DisplayHtmlServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/DisplayHtmlServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.base; - import java.io.ByteArrayOutputStream; import java.io.File; import java.io.FileInputStream; @@ -33,10 +32,10 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * This is the servlet that displays the html page for the corresponding input id. - * + * This is the servlet that displays the html page for the corresponding input + * id. + * * @version $Revision$, $Date$ */ public class DisplayHtmlServlet extends CMSServlet { @@ -55,7 +54,7 @@ public class DisplayHtmlServlet extends CMSServlet { public void init(ServletConfig sc) throws ServletException { super.init(sc); - mHTMLPath = sc.getInitParameter(PROP_HTML_PATH); + mHTMLPath = sc.getInitParameter(PROP_HTML_PATH); mTemplates.remove(CMSRequest.SUCCESS); } @@ -68,18 +67,18 @@ public class DisplayHtmlServlet extends CMSServlet { IAuthToken authToken = authenticate(cmsReq); try { - String realpath = - mServletConfig.getServletContext().getRealPath("/" + mHTMLPath); + String realpath = + mServletConfig.getServletContext().getRealPath("/" + mHTMLPath); if (realpath == null) { mLogger.log( - ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_FIND_TEMPLATE", mHTMLPath)); - throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")) ; + ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NO_FIND_TEMPLATE", mHTMLPath)); + throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } File file = new File(realpath); long flen = file.length(); - byte[] bin = new byte[(int)flen]; + byte[] bin = new byte[(int) flen]; FileInputStream ins = new FileInputStream(file); int len = 0; @@ -92,9 +91,9 @@ public class DisplayHtmlServlet extends CMSServlet { ins.close(); bos.close(); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_TEMPLATE", mHTMLPath, e.toString())); - throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_TEMPLATE", mHTMLPath, e.toString())); + throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/DynamicVariablesServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/DynamicVariablesServlet.java index 9607fbe2..84fcf347 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/DynamicVariablesServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/DynamicVariablesServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.base; - import java.io.IOException; import java.util.Date; import java.util.Enumeration; @@ -39,14 +38,13 @@ import com.netscape.certsrv.authentication.IAuthToken; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; - /** - * Return some javascript to the request which contains the list of - * dynamic data in the CMS system. + * Return some javascript to the request which contains the list of dynamic data + * in the CMS system. * <p> - * This allows the requestor (browser) to make decisions about what - * to present in the UI, depending on how CMS is configured - * + * This allows the requestor (browser) to make decisions about what to present + * in the UI, depending on how CMS is configured + * * @version $Revision$, $Date$ */ public class DynamicVariablesServlet extends CMSServlet { @@ -83,10 +81,10 @@ public class DynamicVariablesServlet extends CMSServlet { private static final String VAR_CLA_CRL_URL_STRING = "clacrlurl()"; private static final Integer VAR_CLA_CRL_URL = Integer.valueOf(6); private String VAR_CLA_CRL_URL_VALUE = null; - + private String mAuthMgrCacheString = ""; - private long mAuthMgrCacheTime = 0; - private final int AUTHMGRCACHE = 10; //number of seconds to cache list of + private long mAuthMgrCacheTime = 0; + private final int AUTHMGRCACHE = 10; // number of seconds to cache list of // authmanagers for private Hashtable dynvars = null; private String mGetClientCert = "false"; @@ -99,7 +97,7 @@ public class DynamicVariablesServlet extends CMSServlet { IConfigStore config = CMS.getConfigStore().getSubStore(PROP_CLONING); try { - mCrlurl = + mCrlurl = config.getString(PROP_CRLURL, ""); } catch (EBaseException e) { } @@ -119,33 +117,38 @@ public class DynamicVariablesServlet extends CMSServlet { /** * Reads the following variables from the servlet config: * <ul> - * <li><strong>AuthMgr</strong> - the authentication manager to use to authenticate the request - * <li><strong>GetClientCert</strong> - whether to request client auth for this request - * <li><strong>authority</strong> - the authority (ca, ra, drm) to return to the client - * <li><strong>dynamicVariables</strong> - a string of the form: - * serverdate=serverdate(),subsystemname=subsystemname(), - * http=http(),authmgrs=authmgrs(),clacrlurl=clacrlurl() + * <li><strong>AuthMgr</strong> - the authentication manager to use to + * authenticate the request + * <li><strong>GetClientCert</strong> - whether to request client auth for + * this request + * <li><strong>authority</strong> - the authority (ca, ra, drm) to return to + * the client + * <li><strong>dynamicVariables</strong> - a string of the form: + * serverdate=serverdate(),subsystemname=subsystemname(), + * http=http(),authmgrs=authmgrs(),clacrlurl=clacrlurl() * </ul> - * The dynamicVariables string is parsed by splitting on commas. - * When services, the HTTP request provides a piece of javascript - * code as follows. + * The dynamicVariables string is parsed by splitting on commas. When + * services, the HTTP request provides a piece of javascript code as + * follows. * <p> * Each sub expression "lhs=rhs()" forms a javascript statement of the form - * <i>lhs=xxx;</i> Where lhs is xxx is the result of 'evaluating' the - * rhs. The possible values for the rhs() function are: + * <i>lhs=xxx;</i> Where lhs is xxx is the result of 'evaluating' the rhs. + * The possible values for the rhs() function are: * <ul> - * <li><strong>serverdate()</strong> - the timestamp of the server (used to ensure that the client - * clock is set correctly) + * <li><strong>serverdate()</strong> - the timestamp of the server (used to + * ensure that the client clock is set correctly) * <li><strong>subsystemname()</strong> - * <li><strong>http()</strong> - "true" or "false" - is this an http connection (as opposed to https) + * <li><strong>http()</strong> - "true" or "false" - is this an http + * connection (as opposed to https) * <li>authmgrs() - a comma separated list of authentication managers - * <li>clacrlurl() - the URL to get the CRL from, in the case of a Clone CA. This is - * defined in the CMS configuration parameter 'cloning.cloneMasterCrlUrl' + * <li>clacrlurl() - the URL to get the CRL from, in the case of a Clone CA. + * This is defined in the CMS configuration parameter + * 'cloning.cloneMasterCrlUrl' * </ul> + * * @see javax.servlet.Servlet#init(ServletConfig) */ - public void init(ServletConfig sc) throws ServletException { super.init(sc); mAuthMgr = sc.getInitParameter(PROP_AUTHMGR); @@ -194,8 +197,8 @@ public class DynamicVariablesServlet extends CMSServlet { } public void service(HttpServletRequest httpReq, - HttpServletResponse httpResp) - throws ServletException, IOException { + HttpServletResponse httpResp) + throws ServletException, IOException { boolean running_state = CMS.isInRunningState(); if (!running_state) @@ -214,7 +217,7 @@ public class DynamicVariablesServlet extends CMSServlet { httpResp.setContentType("application/x-javascript"); httpResp.setHeader("Pragma", "no-cache"); - + try { ServletOutputStream os = httpResp.getOutputStream(); diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/GetStats.java b/pki/base/common/src/com/netscape/cms/servlet/base/GetStats.java index 3b8f8bd4..b4f1aed1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/GetStats.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/GetStats.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.base; - import java.io.IOException; import java.util.Date; import java.util.Enumeration; @@ -43,10 +42,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Retrieve information. - * + * * @version $Revision$, $Date$ */ public class GetStats extends CMSServlet { @@ -62,9 +60,9 @@ public class GetStats extends CMSServlet { } /** - * initialize the servlet. This servlet uses the template - * file "getOCSPInfo.template" to render the result page. - * + * initialize the servlet. This servlet uses the template file + * "getOCSPInfo.template" to render the result page. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -79,14 +77,13 @@ public class GetStats extends CMSServlet { mTemplates.remove(CMSRequest.SUCCESS); } - /** - * Process the HTTP request. - * + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -98,10 +95,10 @@ public class GetStats extends CMSServlet { mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -118,10 +115,10 @@ public class GetStats extends CMSServlet { try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -130,12 +127,12 @@ public class GetStats extends CMSServlet { IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams argSet = new CMSTemplateParams(header, fixed); - IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats"); + IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats"); StatsEvent st = statsSub.getMainStatsEvent(); String op = httpReq.getParameter("op"); if (op != null && op.equals("clear")) { - statsSub.resetCounters(); + statsSub.resetCounters(); } header.addStringValue("startTime", statsSub.getStartTime().toString()); @@ -149,43 +146,42 @@ public class GetStats extends CMSServlet { form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); } cmsReq.setStatus(CMSRequest.SUCCESS); return; } - public String getSep(int level) - { - StringBuffer s = new StringBuffer(); - for (int i = 0; i < level; i++) { - s.append("-"); - } - return s.toString(); + public String getSep(int level) { + StringBuffer s = new StringBuffer(); + for (int i = 0; i < level; i++) { + s.append("-"); + } + return s.toString(); } public void parse(CMSTemplateParams argSet, StatsEvent st, int level) { Enumeration names = st.getSubEventNames(); while (names.hasMoreElements()) { - String name = (String)names.nextElement(); - StatsEvent subSt = st.getSubEvent(name); - - IArgBlock rarg = CMS.createArgBlock(); - rarg.addStringValue("name", getSep(level) + " " + subSt.getName()); - rarg.addLongValue("noOfOp", subSt.getNoOfOperations()); - rarg.addLongValue("timeTaken", subSt.getTimeTaken()); - rarg.addLongValue("max", subSt.getMax()); - rarg.addLongValue("min", subSt.getMin()); - rarg.addLongValue("percentage", subSt.getPercentage()); - rarg.addLongValue("avg", subSt.getAvg()); - rarg.addLongValue("stddev", subSt.getStdDev()); - argSet.addRepeatRecord(rarg); - - parse(argSet, subSt, level+1); + String name = (String) names.nextElement(); + StatsEvent subSt = st.getSubEvent(name); + + IArgBlock rarg = CMS.createArgBlock(); + rarg.addStringValue("name", getSep(level) + " " + subSt.getName()); + rarg.addLongValue("noOfOp", subSt.getNoOfOperations()); + rarg.addLongValue("timeTaken", subSt.getTimeTaken()); + rarg.addLongValue("max", subSt.getMax()); + rarg.addLongValue("min", subSt.getMin()); + rarg.addLongValue("percentage", subSt.getPercentage()); + rarg.addLongValue("avg", subSt.getAvg()); + rarg.addLongValue("stddev", subSt.getStdDev()); + argSet.addRepeatRecord(rarg); + + parse(argSet, subSt, level + 1); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/IndexServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/IndexServlet.java index 89179b57..a4b72121 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/IndexServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/IndexServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.base; - import java.io.IOException; import javax.servlet.ServletConfig; @@ -32,11 +31,9 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ECMSGWException; import com.netscape.cms.servlet.common.IndexTemplateFiller; - /** - * This is the servlet that builds the index page in - * various ports. - * + * This is the servlet that builds the index page in various ports. + * * @version $Revision$, $Date$ */ public class IndexServlet extends CMSServlet { @@ -68,10 +65,9 @@ public class IndexServlet extends CMSServlet { mTemplateName = sc.getInitParameter(PROP_TEMPLATE); /* - mTemplates.put(CMSRequest.SUCCESS, - new CMSLoadTemplate( - PROP_SUCCESS_TEMPLATE, PROP_SUCCESS_TEMPLATE_FILLER, - mTemplateName, new IndexTemplateFiller())); + * mTemplates.put(CMSRequest.SUCCESS, new CMSLoadTemplate( + * PROP_SUCCESS_TEMPLATE, PROP_SUCCESS_TEMPLATE_FILLER, mTemplateName, + * new IndexTemplateFiller())); */ mTemplates.remove(CMSRequest.SUCCESS); } @@ -91,26 +87,26 @@ public class IndexServlet extends CMSServlet { * Serves HTTP request. */ public void process(CMSRequest cmsReq) throws EBaseException { - if (CMSGateway.getEnableAdminEnroll() && - mAuthority != null && - mAuthority instanceof ICertificateAuthority) { + if (CMSGateway.getEnableAdminEnroll() && + mAuthority != null && + mAuthority instanceof ICertificateAuthority) { try { cmsReq.getHttpResp().sendRedirect("/ca/adminEnroll.html"); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAIL_REDIRECT_ADMIN_ENROLL", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_FAIL_REDIRECT_ADMIN_ENROLL", e.toString())); throw new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_REDIRECTING_ADMINENROLL1", - e.toString())); + e.toString())); } return; } else { try { renderTemplate( - cmsReq, mTemplateName, new IndexTemplateFiller()); + cmsReq, mTemplateName, new IndexTemplateFiller()); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAIL_RENDER_TEMPLATE", mTemplateName, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_FAIL_RENDER_TEMPLATE", mTemplateName, e.toString())); throw new ECMSGWException( CMS.getLogMessage("CMSG_ERROR_DISPLAY_TEMPLATE")); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/PortsServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/PortsServlet.java index 4c3dec80..6c84b88d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/PortsServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/PortsServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.base; - import java.io.IOException; import javax.servlet.ServletConfig; @@ -34,7 +33,7 @@ import com.netscape.cmsutil.xml.XMLObject; /** * This servlet returns port information. - * + * * @version $Revision$, $Date$ */ public class PortsServlet extends CMSServlet { @@ -50,7 +49,7 @@ public class PortsServlet extends CMSServlet { public void init(ServletConfig sc) throws ServletException { super.init(sc); - // override these to output directly ourselves. + // override these to output directly ourselves. mTemplates.remove(CMSRequest.SUCCESS); mTemplates.remove(CMSRequest.ERROR); } @@ -67,10 +66,10 @@ public class PortsServlet extends CMSServlet { String port = null; if (secure.equals("true")) - port = CMS.getEESSLPort(); + port = CMS.getEESSLPort(); else port = CMS.getEENonSSLPort(); - + try { XMLObject xmlObj = null; xmlObj = new XMLObject(); diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/ProxyServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/ProxyServlet.java index 15bfb306..382d8821 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/ProxyServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/ProxyServlet.java @@ -2,7 +2,6 @@ package com.netscape.cms.servlet.base; - import java.io.IOException; import java.util.HashMap; import java.util.Iterator; @@ -21,34 +20,29 @@ import javax.servlet.http.HttpServletResponse; import com.netscape.certsrv.apps.CMS; - /** * This is a servlet that proxies request to another servlet. - * - * SERVLET REDIRECTION - * Specify the URL of a servlet to forward the request to - * destServlet: /ee/ca/newservlet - * - * PARAMETER MAPPING - * In the servlet configuration (as an init-param in web.xml) you - * can optionally specify a value for the parameter 'parameterMap' - * which contains a list of HTTP parameters which should be - * translated to new names. * - * parameterMap: name1->newname1,name2->newname2 - * + * SERVLET REDIRECTION Specify the URL of a servlet to forward the request to + * destServlet: /ee/ca/newservlet + * + * PARAMETER MAPPING In the servlet configuration (as an init-param in web.xml) + * you can optionally specify a value for the parameter 'parameterMap' which + * contains a list of HTTP parameters which should be translated to new names. + * + * parameterMap: name1->newname1,name2->newname2 + * * Optionally, names can be set to static values: - * - * parameterMap: name1->name2=value - * - * Examples: - * Consider the following HTTP input parameters: - * vehicle:car make:ford model:explorer * - * The following config strings will have this effect: - * parameterMap: make->manufacturer,model->name=expedition,->suv=true - * output: vehicle:car manufactuer:ford model:expedition suv:true - * + * parameterMap: name1->name2=value + * + * Examples: Consider the following HTTP input parameters: vehicle:car make:ford + * model:explorer + * + * The following config strings will have this effect: parameterMap: + * make->manufacturer,model->name=expedition,->suv=true output: vehicle:car + * manufactuer:ford model:expedition suv:true + * * @version $Revision$, $Date$ */ public class ProxyServlet extends HttpServlet { @@ -64,40 +58,41 @@ public class ProxyServlet extends HttpServlet { private Vector mMatchStrings = new Vector(); private String mDestServletOnNoMatch = null; private String mAppendPathInfoOnNoMatch = null; - private Map mParamMap = new HashMap(); - private Map mParamValue = new HashMap(); + private Map mParamMap = new HashMap(); + private Map mParamValue = new HashMap(); public ProxyServlet() { } - private void parseParamTable(String s) { - if (s == null) return; - - String[] params = s.split(","); - for (int i=0;i<params.length;i++) { - String p = params[i]; - if (p != null) { - String[] paramNames = p.split("->"); - if (paramNames.length != 2) { - } - String from = paramNames[0]; - String to = paramNames[1]; - if (from != null && to != null) { - String[] splitTo = to.split("="); - String toName = splitTo[0]; - if (from.length() >0) { - mParamMap.put(from,toName); - } - if (splitTo.length == 2) { - String toValue = splitTo[1]; - String toValues[] = new String[1]; - toValues[0] = toValue; - mParamValue.put(toName,toValues); - } - } - } - } - } + private void parseParamTable(String s) { + if (s == null) + return; + + String[] params = s.split(","); + for (int i = 0; i < params.length; i++) { + String p = params[i]; + if (p != null) { + String[] paramNames = p.split("->"); + if (paramNames.length != 2) { + } + String from = paramNames[0]; + String to = paramNames[1]; + if (from != null && to != null) { + String[] splitTo = to.split("="); + String toName = splitTo[0]; + if (from.length() > 0) { + mParamMap.put(from, toName); + } + if (splitTo.length == 2) { + String toValue = splitTo[1]; + String toValues[] = new String[1]; + toValues[0] = toValue; + mParamValue.put(toName, toValues); + } + } + } + } + } public void init(ServletConfig sc) throws ServletException { super.init(sc); @@ -115,14 +110,13 @@ public class ProxyServlet extends HttpServlet { mAppendPathInfo = sc.getInitParameter("appendPathInfo"); mAppendPathInfoOnNoMatch = sc.getInitParameter("appendPathInfoOnNoMatch"); String map = sc.getInitParameter("parameterMap"); - if (map != null) { - parseParamTable(map); - } + if (map != null) { + parseParamTable(map); + } } public void service(HttpServletRequest req, HttpServletResponse res) throws - IOException, ServletException - { + IOException, ServletException { RequestDispatcher dispatcher = null; String dest = mDest; String uri = req.getRequestURI(); @@ -132,120 +126,118 @@ public class ProxyServlet extends HttpServlet { if (mMatchStrings.size() != 0) { boolean matched = false; for (int i = 0; i < mMatchStrings.size(); i++) { - String t = (String)mMatchStrings.elementAt(i); - if (uri.indexOf(t) != -1) { + String t = (String) mMatchStrings.elementAt(i); + if (uri.indexOf(t) != -1) { matched = true; } } if (!matched) { dest = mDestServletOnNoMatch; // append Path info for OCSP request in Get method - if (mAppendPathInfoOnNoMatch != null && - !mAppendPathInfoOnNoMatch.equals("")) { + if (mAppendPathInfoOnNoMatch != null && + !mAppendPathInfoOnNoMatch.equals("")) { dest = dest + uri.replace(mAppendPathInfoOnNoMatch, ""); } } } if (dest == null || dest.equals("")) { - // mapping everything - dest = uri; - dest = dest.replaceFirst(mSrcContext, ""); + // mapping everything + dest = uri; + dest = dest.replaceFirst(mSrcContext, ""); } if (mAppendPathInfo != null && !mAppendPathInfo.equals("")) { - dest = dest + uri.replace(mAppendPathInfo, ""); + dest = dest + uri.replace(mAppendPathInfo, ""); } if (mDestContext != null && !mDestContext.equals("")) { - dispatcher = getServletContext().getContext(mDestContext).getRequestDispatcher(dest); + dispatcher = getServletContext().getContext(mDestContext).getRequestDispatcher(dest); } else { - dispatcher = req.getRequestDispatcher(dest); + dispatcher = req.getRequestDispatcher(dest); } - // If a parameter map was specified - if (mParamMap != null && !mParamMap.isEmpty()) { - // Make a new wrapper with the new parameters - ProxyWrapper r = new ProxyWrapper(req); - r.setParameterMapAndValue(mParamMap,mParamValue); - req = r; - } - - dispatcher.forward(req, res); + // If a parameter map was specified + if (mParamMap != null && !mParamMap.isEmpty()) { + // Make a new wrapper with the new parameters + ProxyWrapper r = new ProxyWrapper(req); + r.setParameterMapAndValue(mParamMap, mParamValue); + req = r; + } + + dispatcher.forward(req, res); } } -class ProxyWrapper extends HttpServletRequestWrapper -{ - private Map mMap = null; - private Map mValueMap = null; - - public ProxyWrapper(HttpServletRequest req) - { - super(req); - } - - public void setParameterMapAndValue(Map m,Map v) - { - if (m != null) mMap = m; - if (v != null) mValueMap = v; - } - - public Map getParameterMap() - { - try { - // If we haven't specified any parameter mapping, just - // use the regular implementation - if (mMap == null) return super.getParameterMap(); - else { - // Make a new Map for us to put stuff in - Map n = new HashMap(); - // get the HTTP parameters the user supplied. - Map m = super.getParameterMap(); - Set s = m.entrySet(); - Iterator i = s.iterator(); - while (i.hasNext()) { - Map.Entry me = (Map.Entry) i.next(); - String name = (String) me.getKey(); - String[] values = (String[])(me.getValue()); - String newname = null; - if (name != null) { - newname = (String) mMap.get(name); - } - - // No mapping specified, just use existing name/value - if (newname == null || mValueMap == null) { - n.put(name,values); - } else { // new name specified - Object o = mValueMap.get(newname); - // check if new (static) value specified - if (o==null) { - n.put(newname,values); - } else { - String newvalues[] = (String[])mValueMap.get(newname); - n.put(newname,newvalues); - } - } - } - // Now, deal with static values set in the config - // which weren't set in the HTTP request - Set s2 = mValueMap.entrySet(); - Iterator i2 = s2.iterator(); - // Cycle through all the static values - while (i2.hasNext()) { - Map.Entry me2 = (Map.Entry) i2.next(); - String name2 = (String) me2.getKey(); - if (n.get(name2) == null) { - String[] values2 = (String[])me2.getValue(); - // If the parameter is not set in the map - // Set it now - n.put(name2,values2); - } - } - - return n; - } - } catch (NullPointerException npe) { - CMS.debug(npe); - return null; - } - } -} +class ProxyWrapper extends HttpServletRequestWrapper { + private Map mMap = null; + private Map mValueMap = null; + + public ProxyWrapper(HttpServletRequest req) { + super(req); + } + + public void setParameterMapAndValue(Map m, Map v) { + if (m != null) + mMap = m; + if (v != null) + mValueMap = v; + } + public Map getParameterMap() { + try { + // If we haven't specified any parameter mapping, just + // use the regular implementation + if (mMap == null) + return super.getParameterMap(); + else { + // Make a new Map for us to put stuff in + Map n = new HashMap(); + // get the HTTP parameters the user supplied. + Map m = super.getParameterMap(); + Set s = m.entrySet(); + Iterator i = s.iterator(); + while (i.hasNext()) { + Map.Entry me = (Map.Entry) i.next(); + String name = (String) me.getKey(); + String[] values = (String[]) (me.getValue()); + String newname = null; + if (name != null) { + newname = (String) mMap.get(name); + } + + // No mapping specified, just use existing name/value + if (newname == null || mValueMap == null) { + n.put(name, values); + } else { // new name specified + Object o = mValueMap.get(newname); + // check if new (static) value specified + if (o == null) { + n.put(newname, values); + } else { + String newvalues[] = (String[]) mValueMap.get(newname); + n.put(newname, newvalues); + } + } + } + // Now, deal with static values set in the config + // which weren't set in the HTTP request + Set s2 = mValueMap.entrySet(); + Iterator i2 = s2.iterator(); + // Cycle through all the static values + while (i2.hasNext()) { + Map.Entry me2 = (Map.Entry) i2.next(); + String name2 = (String) me2.getKey(); + if (n.get(name2) == null) { + String[] values2 = (String[]) me2.getValue(); + // If the parameter is not set in the map + // Set it now + n.put(name2, values2); + } + } + + return n; + } + } catch (NullPointerException npe) { + CMS.debug(npe); + return null; + } + } +} diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/SystemInfoServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/SystemInfoServlet.java index 5daac065..a708483f 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/SystemInfoServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/SystemInfoServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.base; - import java.io.IOException; import java.util.Date; @@ -30,15 +29,14 @@ import javax.servlet.http.HttpServletResponse; import com.netscape.certsrv.apps.CMS; /** - * Displays detailed information about java VM internals, including - * current JVM memory usage, and detailed information about each - * thread. + * Displays detailed information about java VM internals, including current JVM + * memory usage, and detailed information about each thread. * <p> * Also allows user to trigger a new garbage collection - * + * * @version $Revision$, $Date$ */ -public class SystemInfoServlet extends HttpServlet { +public class SystemInfoServlet extends HttpServlet { /** * @@ -53,21 +51,24 @@ public class SystemInfoServlet extends HttpServlet { } /** - * service the request, returning HTML to the client. - * This method has different behaviour depending on the - * value of the 'op' HTTP parameter. + * service the request, returning HTML to the client. This method has + * different behaviour depending on the value of the 'op' HTTP parameter. * <UL> - * <LI>op = <i>undefined</i> - display a menu with links to the other functionality of this servlet - * <li>op = gc - tell the JVM that we want to do a garbage collection and to run finalizers - * (@see java.lang.Runtime.getRuntime#gc() ) - * <li>op = general - display information about memory, and other JVM informatino - * <li>op = thread - display details about each thread. + * <LI>op = <i>undefined</i> - display a menu with links to the other + * functionality of this servlet + * <li>op = gc - tell the JVM that we want to do a garbage collection and to + * run finalizers (@see java.lang.Runtime.getRuntime#gc() ) + * <li>op = general - display information about memory, and other JVM + * informatino + * <li>op = thread - display details about each thread. * </UL> - * @see javax.servlet.http.HttpServlet#service(HttpServletRequest, HttpServletResponse) + * + * @see javax.servlet.http.HttpServlet#service(HttpServletRequest, + * HttpServletResponse) */ - public void service(HttpServletRequest request, - HttpServletResponse response) - throws ServletException, IOException { + public void service(HttpServletRequest request, + HttpServletResponse response) + throws ServletException, IOException { boolean collect = false; String op = request.getParameter("op"); @@ -83,9 +84,9 @@ public class SystemInfoServlet extends HttpServlet { } } - private void mainMenu(HttpServletRequest request, - HttpServletResponse response) - throws ServletException, IOException { + private void mainMenu(HttpServletRequest request, + HttpServletResponse response) + throws ServletException, IOException { response.getWriter().println("<HTML>"); response.getWriter().println("<H1>"); response.getWriter().println("<a href=" + request.getServletPath() + ">"); @@ -122,9 +123,9 @@ public class SystemInfoServlet extends HttpServlet { response.getWriter().println("</HTML>"); } - private void gc(HttpServletRequest request, - HttpServletResponse response) - throws ServletException, IOException { + private void gc(HttpServletRequest request, + HttpServletResponse response) + throws ServletException, IOException { java.lang.Runtime.getRuntime().gc(); java.lang.Runtime.getRuntime().runFinalization(); response.getWriter().println("<HTML>"); @@ -140,9 +141,9 @@ public class SystemInfoServlet extends HttpServlet { response.getWriter().println("</HTML>"); } - private void general(HttpServletRequest request, - HttpServletResponse response) - throws ServletException, IOException { + private void general(HttpServletRequest request, + HttpServletResponse response) + throws ServletException, IOException { response.getWriter().println("<HTML>"); response.getWriter().println("<H1>"); response.getWriter().println("<a href=" + request.getServletPath() + ">"); @@ -221,9 +222,9 @@ public class SystemInfoServlet extends HttpServlet { response.getWriter().println("</HTML>"); } - private void thread(HttpServletRequest request, - HttpServletResponse response) - throws ServletException, IOException { + private void thread(HttpServletRequest request, + HttpServletResponse response) + throws ServletException, IOException { response.getWriter().println("</table>"); response.getWriter().println("<HTML>"); response.getWriter().println("<H1>"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/UserInfo.java b/pki/base/common/src/com/netscape/cms/servlet/base/UserInfo.java index 02ab5b52..ca829561 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/UserInfo.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/UserInfo.java @@ -17,11 +17,10 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.base; - /** - * This class represents information about the client e.g. version, - * langauge, vendor. - * + * This class represents information about the client e.g. version, langauge, + * vendor. + * * @version $Revision$, $Date$ */ public class UserInfo { @@ -36,7 +35,7 @@ public class UserInfo { /** * Returns the user language. - * + * * @param s user language info from the browser * @return user language */ @@ -53,7 +52,7 @@ public class UserInfo { /** * Returns the user country. - * + * * @param s user language info from the browser * @return user country */ @@ -67,10 +66,10 @@ public class UserInfo { } return ""; } - + /** * Returns the users agent. - * + * * @param s user language info from the browser * @return user agent */ @@ -79,7 +78,7 @@ public class UserInfo { if (s.indexOf(MSIE) != -1) { return MSIE; } - + // Check for Netscape i.e. Mozilla if (s.indexOf(MOZILLA) != -1) { return MOZILLA; @@ -87,5 +86,5 @@ public class UserInfo { // Don't know agent. Return empty string. return ""; - } + } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java index 15d069e3..8b912032 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.math.BigInteger; import java.security.cert.CertificateException; @@ -67,10 +66,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Revoke a certificate with a CMC-formatted revocation request - * + * * @version $Revision$, $Date$ */ public class CMCRevReqServlet extends CMSServlet { @@ -83,7 +81,7 @@ public class CMCRevReqServlet extends CMSServlet { // revocation templates. private final static String TPL_FILE = "revocationResult.template"; public static final String CRED_CMC = "cmcRequest"; - + private ICertificateRepository mCertDB = null; private String mFormPath = null; private IRequestQueue mQueue = null; @@ -92,29 +90,28 @@ public class CMCRevReqServlet extends CMSServlet { private final static String REVOKE = "revoke"; private final static String ON_HOLD = "on-hold"; private final static int ON_HOLD_REASON = 6; - private final static String - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = - "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; - private final static String - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = - "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; - - // http params + private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = + "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; + private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = + "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; + + // http params public static final String SERIAL_NO = TOKEN_CERT_SERIAL; public static final String REASON_CODE = "reasonCode"; public static final String CHALLENGE_PHRASE = "challengePhrase"; // request attributes public static final String SERIALNO_ARRAY = "serialNoArray"; - + public CMCRevReqServlet() { super(); } - /** + /** * initialize the servlet. - * @param sc servlet configuration, read from the web.xml file - */ + * + * @param sc servlet configuration, read from the web.xml file + */ public void init(ServletConfig sc) throws ServletException { super.init(sc); @@ -136,26 +133,26 @@ public class CMCRevReqServlet extends CMSServlet { mFormPath = mOutputTemplatePath; } - - /** - * Process the HTTP request. - * - * <ul> - * <li>http.param cmcRequest the base-64 encoded CMC request - * </ul> - * @param cmsReq the object holding the request and response information + /** + * Process the HTTP request. + * + * <ul> + * <li>http.param cmcRequest the base-64 encoded CMC request + * </ul> + * + * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { String cmcAgentSerialNumber = null; IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest req = cmsReq.getHttpReq(); - HttpServletResponse resp = cmsReq.getHttpResp(); - + HttpServletResponse resp = cmsReq.getHttpResp(); + CMSTemplate form = null; Locale[] locale = new Locale[1]; -CMS.debug("**** mFormPath = "+mFormPath); + CMS.debug("**** mFormPath = " + mFormPath); try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { @@ -167,12 +164,11 @@ CMS.debug("**** mFormPath = "+mFormPath); IArgBlock header = CMS.createArgBlock(); IArgBlock ctx = CMS.createArgBlock(); CMSTemplateParams argSet = new CMSTemplateParams(header, ctx); - String cmc = (String) httpParams.get(CRED_CMC); if (cmc == null) { throw new EMissingCredential( - CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_CMC)); + CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_CMC)); } IAuthToken authToken = authenticate(cmsReq); @@ -189,10 +185,10 @@ CMS.debug("**** mFormPath = "+mFormPath); return; } - //IAuthToken authToken = getAuthToken(cmsReq); - //Object subject = authToken.get(CMCAuth.TOKEN_CERT_SERIAL); - //Object uid = authToken.get("uid"); - //=========================== + // IAuthToken authToken = getAuthToken(cmsReq); + // Object subject = authToken.get(CMCAuth.TOKEN_CERT_SERIAL); + // Object uid = authToken.get("uid"); + // =========================== String authMgr = AuditFormat.NOAUTH; BigInteger[] serialNoArray = null; @@ -200,8 +196,8 @@ CMS.debug("**** mFormPath = "+mFormPath); serialNoArray = authToken.getInBigIntegerArray(TOKEN_CERT_SERIAL); } - Integer reasonCode = Integer.valueOf(0); - if (authToken != null) { + Integer reasonCode = Integer.valueOf(0); + if (authToken != null) { reasonCode = authToken.getInInteger(REASON_CODE); } RevocationReason reason = RevocationReason.fromInt(reasonCode.intValue()); @@ -211,15 +207,15 @@ CMS.debug("**** mFormPath = "+mFormPath); String revokeAll = null; int verifiedRecordCount = 0; int totalRecordCount = 0; - + if (serialNoArray != null) { totalRecordCount = serialNoArray.length; verifiedRecordCount = serialNoArray.length; } - + X509CertImpl[] certs = null; - //for audit log. + // for audit log. String initiative = null; if (mAuthMgr != null && mAuthMgr.equals("CMCAuth")) { @@ -247,7 +243,7 @@ CMS.debug("**** mFormPath = "+mFormPath); IRequest getCertsChallengeReq = null; getCertsChallengeReq = mQueue.newRequest( - GETCERTS_FOR_CHALLENGE_REQUEST); + GETCERTS_FOR_CHALLENGE_REQUEST); getCertsChallengeReq.setExtData(SERIALNO_ARRAY, serialNoArray); mQueue.processRequest(getCertsChallengeReq); RequestStatus status = getCertsChallengeReq.getRequestStatus(); @@ -257,7 +253,7 @@ CMS.debug("**** mFormPath = "+mFormPath); header.addStringValue("request", getCertsChallengeReq.getRequestId().toString()); mRequestID = getCertsChallengeReq.getRequestId().toString(); } else { - log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_GET_CERT_CHALL_PWRD")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_GET_CERT_CHALL_PWRD")); } } @@ -268,22 +264,22 @@ CMS.debug("**** mFormPath = "+mFormPath); IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - serialNoArray[i], 16); + serialNoArray[i], 16); rarg.addStringValue("subject", - certs[i].getSubjectDN().toString()); + certs[i].getSubjectDN().toString()); rarg.addLongValue("validNotBefore", - certs[i].getNotBefore().getTime() / 1000); + certs[i].getNotBefore().getTime() / 1000); rarg.addLongValue("validNotAfter", - certs[i].getNotAfter().getTime() / 1000); - //argSet.addRepeatRecord(rarg); + certs[i].getNotAfter().getTime() / 1000); + // argSet.addRepeatRecord(rarg); } revokeAll = "(|(certRecordId=" + serialNoArray[0].toString() + "))"; - cmcAgentSerialNumber= authToken.getInString(IAuthManager.CRED_SSL_CLIENT_CERT); + cmcAgentSerialNumber = authToken.getInString(IAuthManager.CRED_SSL_CLIENT_CERT); process(argSet, header, reasonCode.intValue(), invalidityDate, initiative, req, resp, - verifiedRecordCount, revokeAll, totalRecordCount, - comments, locale[0],cmcAgentSerialNumber); - + verifiedRecordCount, revokeAll, totalRecordCount, + comments, locale[0], cmcAgentSerialNumber); + } else { header.addIntegerValue("totalRecordCount", 0); header.addIntegerValue("verifiedRecordCount", 0); @@ -292,7 +288,7 @@ CMS.debug("**** mFormPath = "+mFormPath); try { ServletOutputStream out = resp.getOutputStream(); - if ((serialNoArray== null) || (serialNoArray.length == 0)) { + if ((serialNoArray == null) || (serialNoArray.length == 0)) { cmsReq.setStatus(CMSRequest.ERROR); EBaseException ee = new EBaseException("No matched certificate is found"); @@ -300,16 +296,16 @@ CMS.debug("**** mFormPath = "+mFormPath); } else { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } } @@ -318,56 +314,57 @@ CMS.debug("**** mFormPath = "+mFormPath); * Process cert status change request using the Certificate Management * protocol using CMS (CMC) * <P> - * + * * (Certificate Request - an "EE" cert status change request) * <P> - * + * * (Certificate Request Processed - an "EE" cert status change request) * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when - * a cert status change request (e. g. - "revocation") is made (before + * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used + * when a cert status change request (e. g. - "revocation") is made (before * approval process) - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED - * used when a certificate status is changed (revoked, expired, on-hold, - * off-hold) + * <li>signed.audit + * LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a + * certificate status is changed (revoked, expired, on-hold, off-hold) * </ul> + * * @param argSet CMS template parameters * @param header argument block - * @param reason revocation reason (0 - Unspecified, 1 - Key compromised, - * 2 - CA key compromised; should not be used, 3 - Affiliation changed, - * 4 - Certificate superceded, 5 - Cessation of operation, or - * 6 - Certificate is on hold) + * @param reason revocation reason (0 - Unspecified, 1 - Key compromised, 2 + * - CA key compromised; should not be used, 3 - Affiliation + * changed, 4 - Certificate superceded, 5 - Cessation of + * operation, or 6 - Certificate is on hold) * @param invalidityDate certificate validity date * @param initiative string containing the audit format * @param req HTTP servlet request * @param resp HTTP servlet response * @param verifiedRecordCount number of verified records - * @param revokeAll string containing information on all of the - * certificates to be revoked + * @param revokeAll string containing information on all of the certificates + * to be revoked * @param totalRecordCount total number of records (verified and unverified) * @param comments string containing certificate comments * @param locale the system locale * @exception EBaseException an error has occurred */ private void process(CMSTemplateParams argSet, IArgBlock header, - int reason, Date invalidityDate, - String initiative, - HttpServletRequest req, - HttpServletResponse resp, - int verifiedRecordCount, - String revokeAll, - int totalRecordCount, - String comments, - Locale locale,String cmcAgentSerialNumber) - throws EBaseException { + int reason, Date invalidityDate, + String initiative, + HttpServletRequest req, + HttpServletResponse resp, + int verifiedRecordCount, + String revokeAll, + int totalRecordCount, + String comments, + Locale locale, String cmcAgentSerialNumber) + throws EBaseException { String eeSerialNumber = null; - if(cmcAgentSerialNumber!=null) { + if (cmcAgentSerialNumber != null) { eeSerialNumber = cmcAgentSerialNumber; - }else{ - X509CertImpl sslCert = ( X509CertImpl ) getSSLClientCertificate( req ); - if( sslCert != null ) { + } else { + X509CertImpl sslCert = (X509CertImpl) getSSLClientCertificate(req); + if (sslCert != null) { eeSerialNumber = sslCert.getSerialNumber().toString(); } } @@ -375,11 +372,11 @@ CMS.debug("**** mFormPath = "+mFormPath); boolean auditRequest = true; String auditMessage = null; String auditSubjectID = auditSubjectID(); - String auditRequesterID = auditRequesterID( req ); - String auditSerialNumber = auditSerialNumber( eeSerialNumber ); - String auditRequestType = auditRequestType( reason ); + String auditRequesterID = auditRequesterID(req); + String auditSerialNumber = auditSerialNumber(eeSerialNumber); + String auditRequestType = auditRequestType(reason); String auditApprovalStatus = ILogger.SIGNED_AUDIT_EMPTY_VALUE; - String auditReasonNum = String.valueOf( reason ); + String auditReasonNum = String.valueOf(reason); try { int count = 0; @@ -418,18 +415,18 @@ CMS.debug("**** mFormPath = "+mFormPath); IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - cert.getSerialNumber(), 16); + cert.getSerialNumber(), 16); if (rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) { rarg.addStringValue("error", "Certificate " + - cert.getSerialNumber().toString() + - " is already revoked."); + cert.getSerialNumber().toString() + + " is already revoked."); } else { oldCertsV.addElement(cert); RevokedCertImpl revCertImpl = - new RevokedCertImpl(cert.getSerialNumber(), - CMS.getCurrentDate(), entryExtn); + new RevokedCertImpl(cert.getSerialNumber(), + CMS.getCurrentDate(), entryExtn); revCertImplsV.addElement(revCertImpl); count++; @@ -441,14 +438,12 @@ CMS.debug("**** mFormPath = "+mFormPath); } else if (mAuthority instanceof IRegistrationAuthority) { String reqIdStr = null; - if (mRequestID != null && mRequestID.length() > 0) + if (mRequestID != null && mRequestID.length() > 0) reqIdStr = mRequestID; Vector<String> serialNumbers = new Vector<String>(); if (revokeAll != null && revokeAll.length() > 0) { - for (int i = revokeAll.indexOf('='); - i < revokeAll.length() && i > -1; - i = revokeAll.indexOf('=', i)) { + for (int i = revokeAll.indexOf('='); i < revokeAll.length() && i > -1; i = revokeAll.indexOf('=', i)) { if (i > -1) { i++; while (i < revokeAll.length() && revokeAll.charAt(i) == ' ') { @@ -457,8 +452,8 @@ CMS.debug("**** mFormPath = "+mFormPath); String legalDigits = "0123456789"; int j = i; - while (j < revokeAll.length() && - legalDigits.indexOf(revokeAll.charAt(j)) != -1) { + while (j < revokeAll.length() && + legalDigits.indexOf(revokeAll.charAt(j)) != -1) { j++; } if (j > i) { @@ -485,12 +480,12 @@ CMS.debug("**** mFormPath = "+mFormPath); IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - certs[i].getSerialNumber(), 16); + certs[i].getSerialNumber(), 16); oldCertsV.addElement(certs[i]); RevokedCertImpl revCertImpl = - new RevokedCertImpl(certs[i].getSerialNumber(), - CMS.getCurrentDate(), entryExtn); + new RevokedCertImpl(certs[i].getSerialNumber(), + CMS.getCurrentDate(), entryExtn); revCertImplsV.addElement(revCertImpl); count++; @@ -507,12 +502,12 @@ CMS.debug("**** mFormPath = "+mFormPath); IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - cert.getSerialNumber(), 16); + cert.getSerialNumber(), 16); oldCertsV.addElement(cert); RevokedCertImpl revCertImpl = - new RevokedCertImpl(cert.getSerialNumber(), - CMS.getCurrentDate(), entryExtn); + new RevokedCertImpl(cert.getSerialNumber(), + CMS.getCurrentDate(), entryExtn); revCertImplsV.addElement(revCertImpl); count++; @@ -533,7 +528,7 @@ CMS.debug("**** mFormPath = "+mFormPath); } IRequest revReq = - mQueue.newRequest(IRequest.REVOCATION_REQUEST); + mQueue.newRequest(IRequest.REVOCATION_REQUEST); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -573,29 +568,29 @@ CMS.debug("**** mFormPath = "+mFormPath); if (result.equals(IRequest.RES_ERROR)) { String[] svcErrors = - revReq.getExtDataInStringArray(IRequest.SVCERRORS); + revReq.getExtDataInStringArray(IRequest.SVCERRORS); if (svcErrors != null && svcErrors.length > 0) { for (int i = 0; i < svcErrors.length; i++) { String err = svcErrors[i]; if (err != null) { - //cmsReq.setErrorDescription(err); + // cmsReq.setErrorDescription(err); for (int j = 0; j < count; j++) { if (oldCerts[j] != null) { mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "completed with error: " + - err, - oldCerts[j].getSubjectDN(), - oldCerts[j].getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "completed with error: " + + err, + oldCerts[j].getSubjectDN(), + oldCerts[j].getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString() } + ); } } } @@ -608,23 +603,23 @@ CMS.debug("**** mFormPath = "+mFormPath); for (int j = 0; j < count; j++) { if (oldCerts[j] != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "completed", - oldCerts[j].getSubjectDN(), - oldCerts[j].getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "completed", + oldCerts[j].getSubjectDN(), + oldCerts[j].getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString() } + ); } } header.addStringValue("revoked", "yes"); Integer updateCRLResult = - revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); + revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); if (updateCRLResult != null) { header.addStringValue("updateCRL", "yes"); @@ -633,15 +628,15 @@ CMS.debug("**** mFormPath = "+mFormPath); } else { header.addStringValue("updateCRLSuccess", "no"); String crlError = - revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR); + revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR); if (crlError != null) header.addStringValue("updateCRLError", - crlError); + crlError); } // let known crl publishing status too. Integer publishCRLResult = - revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); + revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); if (publishCRLResult != null) { if (publishCRLResult.equals(IRequest.RES_SUCCESS)) { @@ -649,22 +644,22 @@ CMS.debug("**** mFormPath = "+mFormPath); } else { header.addStringValue("publishCRLSuccess", "no"); String publError = - revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); if (publError != null) header.addStringValue("publishCRLError", - publError); + publError); } } } if (mAuthority instanceof ICertificateAuthority) { // let known update and publish status of all crls. Enumeration<ICRLIssuingPoint> otherCRLs = - ((ICertificateAuthority) mAuthority).getCRLIssuingPoints(); + ((ICertificateAuthority) mAuthority).getCRLIssuingPoints(); while (otherCRLs.hasMoreElements()) { ICRLIssuingPoint crl = (ICRLIssuingPoint) - otherCRLs.nextElement(); + otherCRLs.nextElement(); String crlId = crl.getId(); if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL)) @@ -674,25 +669,25 @@ CMS.debug("**** mFormPath = "+mFormPath); if (updateResult != null) { if (updateResult.equals(IRequest.RES_SUCCESS)) { - CMS.debug("CMCRevReqServlet: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER", + CMS.debug("CMCRevReqServlet: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER", updateStatusStr)); header.addStringValue(updateStatusStr, "yes"); } else { String updateErrorStr = crl.getCrlUpdateErrorStr(); - CMS.debug("CMCRevReqServlet: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER_NO", + CMS.debug("CMCRevReqServlet: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER_NO", updateStatusStr)); header.addStringValue(updateStatusStr, "no"); String error = - revReq.getExtDataInString(updateErrorStr); + revReq.getExtDataInString(updateErrorStr); if (error != null) header.addStringValue(updateErrorStr, - error); + error); } String publishStatusStr = crl.getCrlPublishStatusStr(); Integer publishResult = - revReq.getExtDataInInteger(publishStatusStr); + revReq.getExtDataInInteger(publishStatusStr); if (publishResult == null) continue; @@ -700,15 +695,15 @@ CMS.debug("**** mFormPath = "+mFormPath); header.addStringValue(publishStatusStr, "yes"); } else { String publishErrorStr = - crl.getCrlPublishErrorStr(); + crl.getCrlPublishErrorStr(); header.addStringValue(publishStatusStr, "no"); String error = - revReq.getExtDataInString(publishErrorStr); + revReq.getExtDataInString(publishErrorStr); if (error != null) header.addStringValue( - publishErrorStr, error); + publishErrorStr, error); } } } @@ -717,7 +712,7 @@ CMS.debug("**** mFormPath = "+mFormPath); if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) { header.addStringValue("dirEnabled", "yes"); Integer[] ldapPublishStatus = - revReq.getExtDataInIntegerArray("ldapPublishStatus"); + revReq.getExtDataInIntegerArray("ldapPublishStatus"); int certsToUpdate = 0; int certsUpdated = 0; @@ -734,11 +729,11 @@ CMS.debug("**** mFormPath = "+mFormPath); // add crl publishing status. String publError = - revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); if (publError != null) { header.addStringValue("crlPublishError", - publError); + publError); } } else { header.addStringValue("dirEnabled", "no"); @@ -752,16 +747,16 @@ CMS.debug("**** mFormPath = "+mFormPath); for (int j = 0; j < count; j++) { if (oldCerts[j] != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "pending", - oldCerts[j].getSubjectDN(), - oldCerts[j].getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "pending", + oldCerts[j].getSubjectDN(), + oldCerts[j].getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString() } + ); } } @@ -771,7 +766,8 @@ CMS.debug("**** mFormPath = "+mFormPath); if (errors != null && errors.size() > 0) { for (int ii = 0; ii < errors.size(); ii++) { - errorStr.append(errors.elementAt(ii));; + errorStr.append(errors.elementAt(ii)); + ; } } header.addStringValue("error", errorStr.toString()); @@ -780,16 +776,16 @@ CMS.debug("**** mFormPath = "+mFormPath); for (int j = 0; j < count; j++) { if (oldCerts[j] != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - stat.toString(), - oldCerts[j].getSubjectDN(), - oldCerts[j].getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + stat.toString(), + oldCerts[j].getSubjectDN(), + oldCerts[j].getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString() } + ); } } } @@ -798,17 +794,17 @@ CMS.debug("**** mFormPath = "+mFormPath); // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) { + || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - auditSerialNumber, - auditRequestType, - auditReasonNum, - auditApprovalStatus); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + auditSerialNumber, + auditRequestType, + auditReasonNum, + auditApprovalStatus); audit(auditMessage); } @@ -818,12 +814,12 @@ CMS.debug("**** mFormPath = "+mFormPath); // store a "CERT_STATUS_CHANGE_REQUEST" failure // message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, - auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType); audit(auditMessage); } else { @@ -832,11 +828,10 @@ CMS.debug("**** mFormPath = "+mFormPath); // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) - { + || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, auditSubjectID, ILogger.FAILURE, auditRequesterID, @@ -857,12 +852,12 @@ CMS.debug("**** mFormPath = "+mFormPath); // store a "CERT_STATUS_CHANGE_REQUEST" failure // message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, - auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType); audit(auditMessage); } else { @@ -871,18 +866,17 @@ CMS.debug("**** mFormPath = "+mFormPath); // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) - { + || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, - auditRequestType, - auditReasonNum, - auditApprovalStatus); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType, + auditReasonNum, + auditApprovalStatus); audit(auditMessage); } @@ -891,18 +885,18 @@ CMS.debug("**** mFormPath = "+mFormPath); throw e; } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED", e.toString())); if (auditRequest) { // store a "CERT_STATUS_CHANGE_REQUEST" failure // message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, - auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType); audit(auditMessage); } else { @@ -911,18 +905,17 @@ CMS.debug("**** mFormPath = "+mFormPath); // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) - { + || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, - auditRequestType, - auditReasonNum, - auditApprovalStatus); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType, + auditReasonNum, + auditApprovalStatus); audit(auditMessage); } @@ -934,12 +927,12 @@ CMS.debug("**** mFormPath = "+mFormPath); // store a "CERT_STATUS_CHANGE_REQUEST" failure // message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, - auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType); audit(auditMessage); } else { @@ -948,18 +941,17 @@ CMS.debug("**** mFormPath = "+mFormPath); // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) - { + || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, - auditRequestType, - auditReasonNum, - auditApprovalStatus); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, + auditRequestType, + auditReasonNum, + auditApprovalStatus); audit(auditMessage); } @@ -973,11 +965,11 @@ CMS.debug("**** mFormPath = "+mFormPath); /** * Signed Audit Log Requester ID - * - * This method is called to obtain the "RequesterID" for - * a signed audit log message. + * + * This method is called to obtain the "RequesterID" for a signed audit log + * message. * <P> - * + * * @param req HTTP request * @return id string containing the signed audit log message RequesterID */ @@ -1003,11 +995,11 @@ CMS.debug("**** mFormPath = "+mFormPath); /** * Signed Audit Log Serial Number - * + * * This method is called to obtain the serial number of the certificate * whose status is to be changed for a signed audit log message. * <P> - * + * * @param eeSerialNumber a string containing the un-normalized serialNumber * @return id string containing the signed audit log message RequesterID */ @@ -1026,7 +1018,7 @@ CMS.debug("**** mFormPath = "+mFormPath); // convert it to hexadecimal serialNumber = "0x" + Integer.toHexString( - Integer.valueOf(serialNumber).intValue()); + Integer.valueOf(serialNumber).intValue()); } else { serialNumber = ILogger.SIGNED_AUDIT_EMPTY_VALUE; } @@ -1036,11 +1028,11 @@ CMS.debug("**** mFormPath = "+mFormPath); /** * Signed Audit Log Request Type - * - * This method is called to obtain the "Request Type" for - * a signed audit log message. + * + * This method is called to obtain the "Request Type" for a signed audit log + * message. * <P> - * + * * @param reason an integer denoting the revocation reason * @return string containing REVOKE or ON_HOLD */ @@ -1062,4 +1054,3 @@ CMS.debug("**** mFormPath = "+mFormPath); return requestType; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java b/pki/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java index 181e6e9c..f467652c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.math.BigInteger; import java.security.cert.CertificateException; @@ -66,11 +65,11 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * Takes the certificate info (serial number) and optional challenge phrase, creates a - * revocation request and submits it to the authority subsystem for processing - * + * Takes the certificate info (serial number) and optional challenge phrase, + * creates a revocation request and submits it to the authority subsystem for + * processing + * * @version $Revision$, $Date$ */ public class ChallengeRevocationServlet1 extends CMSServlet { @@ -89,7 +88,7 @@ public class ChallengeRevocationServlet1 extends CMSServlet { private IPublisherProcessor mPublisherProcessor = null; private String mRequestID = null; - // http params + // http params public static final String SERIAL_NO = TOKEN_CERT_SERIAL; public static final String REASON_CODE = "reasonCode"; public static final String CHALLENGE_PHRASE = "challengePhrase"; @@ -102,10 +101,10 @@ public class ChallengeRevocationServlet1 extends CMSServlet { } /** - * Initialize the servlet. This servlet uses the file - * revocationResult.template for the response - * - * @param sc servlet configuration, read from the web.xml file + * Initialize the servlet. This servlet uses the file + * revocationResult.template for the response + * + * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { super.init(sc); @@ -125,17 +124,17 @@ public class ChallengeRevocationServlet1 extends CMSServlet { mQueue = mAuthority.getRequestQueue(); } - /** - * Process the HTTP request. + /** + * Process the HTTP request. * <ul> * <li>http.param REASON_CODE the revocation reason - * <li>http.param b64eCertificate the base-64 encoded certificate to revoke + * <li>http.param b64eCertificate the base-64 encoded certificate to revoke * </ul> - * + * * @param cmsReq the object holding the request and response information */ - protected void process(CMSRequest cmsReq) - throws EBaseException { + protected void process(CMSRequest cmsReq) + throws EBaseException { IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest req = cmsReq.getHttpReq(); HttpServletResponse resp = cmsReq.getHttpResp(); @@ -159,27 +158,27 @@ public class ChallengeRevocationServlet1 extends CMSServlet { // for audit log IAuthToken authToken = authenticate(cmsReq); String authMgr = AuditFormat.NOAUTH; - + BigInteger[] serialNoArray = null; if (authToken != null) { serialNoArray = authToken.getInBigIntegerArray(SERIAL_NO); } // set revocation reason, default to unspecified if not set. - int reasonCode = - httpParams.getValueAsInt(REASON_CODE, 0); - // header.addIntegerValue("reason", reasonCode); + int reasonCode = + httpParams.getValueAsInt(REASON_CODE, 0); + // header.addIntegerValue("reason", reasonCode); RevocationReason reason = RevocationReason.fromInt(reasonCode); String comments = req.getParameter(IRequest.REQUESTOR_COMMENTS); Date invalidityDate = null; String revokeAll = null; - int totalRecordCount = (serialNoArray != null)? serialNoArray.length:0; - int verifiedRecordCount = (serialNoArray != null)? serialNoArray.length:0; + int totalRecordCount = (serialNoArray != null) ? serialNoArray.length : 0; + int verifiedRecordCount = (serialNoArray != null) ? serialNoArray.length : 0; X509CertImpl[] certs = null; - //for audit log. + // for audit log. String initiative = null; if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { @@ -198,11 +197,11 @@ public class ChallengeRevocationServlet1 extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, "revoke"); } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -222,7 +221,7 @@ public class ChallengeRevocationServlet1 extends CMSServlet { IRequest getCertsChallengeReq = null; getCertsChallengeReq = mQueue.newRequest( - GETCERTS_FOR_CHALLENGE_REQUEST); + GETCERTS_FOR_CHALLENGE_REQUEST); getCertsChallengeReq.setExtData(SERIALNO_ARRAY, serialNoArray); mQueue.processRequest(getCertsChallengeReq); RequestStatus status = getCertsChallengeReq.getRequestStatus(); @@ -232,7 +231,7 @@ public class ChallengeRevocationServlet1 extends CMSServlet { header.addStringValue("request", getCertsChallengeReq.getRequestId().toString()); mRequestID = getCertsChallengeReq.getRequestId().toString(); } else { - log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_GET_CERT_CHALL_PWRD")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_GET_CERT_CHALL_PWRD")); } } @@ -243,20 +242,20 @@ public class ChallengeRevocationServlet1 extends CMSServlet { IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - serialNoArray[i], 16); + serialNoArray[i], 16); rarg.addStringValue("subject", - certs[i].getSubjectDN().toString()); + certs[i].getSubjectDN().toString()); rarg.addLongValue("validNotBefore", - certs[i].getNotBefore().getTime() / 1000); + certs[i].getNotBefore().getTime() / 1000); rarg.addLongValue("validNotAfter", - certs[i].getNotAfter().getTime() / 1000); - //argSet.addRepeatRecord(rarg); + certs[i].getNotAfter().getTime() / 1000); + // argSet.addRepeatRecord(rarg); } revokeAll = "(|(certRecordId=" + serialNoArray[0].toString() + "))"; process(argSet, header, reasonCode, invalidityDate, initiative, req, resp, - verifiedRecordCount, revokeAll, totalRecordCount, - comments, locale[0]); + verifiedRecordCount, revokeAll, totalRecordCount, + comments, locale[0]); } else { header.addIntegerValue("totalRecordCount", 0); header.addIntegerValue("verifiedRecordCount", 0); @@ -265,10 +264,10 @@ public class ChallengeRevocationServlet1 extends CMSServlet { try { ServletOutputStream out = resp.getOutputStream(); - if( serialNoArray == null ) { - CMS.debug( "ChallengeRevcationServlet1::process() - " + - " serialNoArray is null!" ); - EBaseException ee = new EBaseException( "No matched certificate is found" ); + if (serialNoArray == null) { + CMS.debug("ChallengeRevcationServlet1::process() - " + + " serialNoArray is null!"); + EBaseException ee = new EBaseException("No matched certificate is found"); cmsReq.setError(ee); return; @@ -282,31 +281,31 @@ public class ChallengeRevocationServlet1 extends CMSServlet { } else { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } } private void process(CMSTemplateParams argSet, IArgBlock header, - int reason, Date invalidityDate, - String initiative, - HttpServletRequest req, - HttpServletResponse resp, - int verifiedRecordCount, - String revokeAll, - int totalRecordCount, - String comments, - Locale locale) - throws EBaseException { + int reason, Date invalidityDate, + String initiative, + HttpServletRequest req, + HttpServletResponse resp, + int verifiedRecordCount, + String revokeAll, + int totalRecordCount, + String comments, + Locale locale) + throws EBaseException { try { int count = 0; Vector<X509CertImpl> oldCertsV = new Vector<X509CertImpl>(); @@ -344,18 +343,18 @@ public class ChallengeRevocationServlet1 extends CMSServlet { IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - cert.getSerialNumber(), 16); + cert.getSerialNumber(), 16); if (rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) { rarg.addStringValue("error", "Certificate " + - cert.getSerialNumber().toString() + - " is already revoked."); + cert.getSerialNumber().toString() + + " is already revoked."); } else { oldCertsV.addElement(cert); RevokedCertImpl revCertImpl = - new RevokedCertImpl(cert.getSerialNumber(), - CMS.getCurrentDate(), entryExtn); + new RevokedCertImpl(cert.getSerialNumber(), + CMS.getCurrentDate(), entryExtn); revCertImplsV.addElement(revCertImpl); count++; @@ -367,14 +366,12 @@ public class ChallengeRevocationServlet1 extends CMSServlet { } else if (mAuthority instanceof IRegistrationAuthority) { String reqIdStr = null; - if (mRequestID != null && mRequestID.length() > 0) + if (mRequestID != null && mRequestID.length() > 0) reqIdStr = mRequestID; Vector<String> serialNumbers = new Vector<String>(); if (revokeAll != null && revokeAll.length() > 0) { - for (int i = revokeAll.indexOf('='); - i < revokeAll.length() && i > -1; - i = revokeAll.indexOf('=', i)) { + for (int i = revokeAll.indexOf('='); i < revokeAll.length() && i > -1; i = revokeAll.indexOf('=', i)) { if (i > -1) { i++; while (i < revokeAll.length() && revokeAll.charAt(i) == ' ') { @@ -383,8 +380,8 @@ public class ChallengeRevocationServlet1 extends CMSServlet { String legalDigits = "0123456789"; int j = i; - while (j < revokeAll.length() && - legalDigits.indexOf(revokeAll.charAt(j)) != -1) { + while (j < revokeAll.length() && + legalDigits.indexOf(revokeAll.charAt(j)) != -1) { j++; } if (j > i) { @@ -411,12 +408,12 @@ public class ChallengeRevocationServlet1 extends CMSServlet { IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - certs[i].getSerialNumber(), 16); + certs[i].getSerialNumber(), 16); oldCertsV.addElement(certs[i]); RevokedCertImpl revCertImpl = - new RevokedCertImpl(certs[i].getSerialNumber(), - CMS.getCurrentDate(), entryExtn); + new RevokedCertImpl(certs[i].getSerialNumber(), + CMS.getCurrentDate(), entryExtn); revCertImplsV.addElement(revCertImpl); count++; @@ -433,12 +430,12 @@ public class ChallengeRevocationServlet1 extends CMSServlet { IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - cert.getSerialNumber(), 16); + cert.getSerialNumber(), 16); oldCertsV.addElement(cert); RevokedCertImpl revCertImpl = - new RevokedCertImpl(cert.getSerialNumber(), - CMS.getCurrentDate(), entryExtn); + new RevokedCertImpl(cert.getSerialNumber(), + CMS.getCurrentDate(), entryExtn); revCertImplsV.addElement(revCertImpl); count++; @@ -459,7 +456,7 @@ public class ChallengeRevocationServlet1 extends CMSServlet { } IRequest revReq = - mQueue.newRequest(IRequest.REVOCATION_REQUEST); + mQueue.newRequest(IRequest.REVOCATION_REQUEST); revReq.setExtData(IRequest.CERT_INFO, revCertImpls); revReq.setExtData(IRequest.REQ_TYPE, IRequest.REVOCATION_REQUEST); @@ -479,29 +476,29 @@ public class ChallengeRevocationServlet1 extends CMSServlet { if (result.equals(IRequest.RES_ERROR)) { String[] svcErrors = - revReq.getExtDataInStringArray(IRequest.SVCERRORS); + revReq.getExtDataInStringArray(IRequest.SVCERRORS); if (svcErrors != null && svcErrors.length > 0) { for (int i = 0; i < svcErrors.length; i++) { String err = svcErrors[i]; if (err != null) { - //cmsReq.setErrorDescription(err); + // cmsReq.setErrorDescription(err); for (int j = 0; j < count; j++) { if (oldCerts[j] != null) { mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "completed with error: " + - err, - oldCerts[j].getSubjectDN(), - oldCerts[j].getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "completed with error: " + + err, + oldCerts[j].getSubjectDN(), + oldCerts[j].getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString() } + ); } } } @@ -514,23 +511,23 @@ public class ChallengeRevocationServlet1 extends CMSServlet { for (int j = 0; j < count; j++) { if (oldCerts[j] != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "completed", - oldCerts[j].getSubjectDN(), - oldCerts[j].getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "completed", + oldCerts[j].getSubjectDN(), + oldCerts[j].getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString() } + ); } } header.addStringValue("revoked", "yes"); Integer updateCRLResult = - revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); + revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); if (updateCRLResult != null) { header.addStringValue("updateCRL", "yes"); @@ -539,15 +536,15 @@ public class ChallengeRevocationServlet1 extends CMSServlet { } else { header.addStringValue("updateCRLSuccess", "no"); String crlError = - revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR); + revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR); if (crlError != null) header.addStringValue("updateCRLError", - crlError); + crlError); } // let known crl publishing status too. Integer publishCRLResult = - revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); + revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); if (publishCRLResult != null) { if (publishCRLResult.equals(IRequest.RES_SUCCESS)) { @@ -555,22 +552,22 @@ public class ChallengeRevocationServlet1 extends CMSServlet { } else { header.addStringValue("publishCRLSuccess", "no"); String publError = - revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); if (publError != null) header.addStringValue("publishCRLError", - publError); + publError); } } } if (mAuthority instanceof ICertificateAuthority) { // let known update and publish status of all crls. Enumeration<ICRLIssuingPoint> otherCRLs = - ((ICertificateAuthority) mAuthority).getCRLIssuingPoints(); + ((ICertificateAuthority) mAuthority).getCRLIssuingPoints(); while (otherCRLs.hasMoreElements()) { ICRLIssuingPoint crl = (ICRLIssuingPoint) - otherCRLs.nextElement(); + otherCRLs.nextElement(); String crlId = crl.getId(); if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL)) @@ -580,25 +577,25 @@ public class ChallengeRevocationServlet1 extends CMSServlet { if (updateResult != null) { if (updateResult.equals(IRequest.RES_SUCCESS)) { - CMS.debug("ChallengeRevcationServlet1: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER", + CMS.debug("ChallengeRevcationServlet1: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER", updateStatusStr)); header.addStringValue(updateStatusStr, "yes"); } else { String updateErrorStr = crl.getCrlUpdateErrorStr(); - CMS.debug("ChallengeRevcationServlet1: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER_NO", + CMS.debug("ChallengeRevcationServlet1: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER_NO", updateStatusStr)); header.addStringValue(updateStatusStr, "no"); String error = - revReq.getExtDataInString(updateErrorStr); + revReq.getExtDataInString(updateErrorStr); if (error != null) header.addStringValue(updateErrorStr, - error); + error); } String publishStatusStr = crl.getCrlPublishStatusStr(); Integer publishResult = - revReq.getExtDataInInteger(publishStatusStr); + revReq.getExtDataInInteger(publishStatusStr); if (publishResult == null) continue; @@ -606,15 +603,15 @@ public class ChallengeRevocationServlet1 extends CMSServlet { header.addStringValue(publishStatusStr, "yes"); } else { String publishErrorStr = - crl.getCrlPublishErrorStr(); + crl.getCrlPublishErrorStr(); header.addStringValue(publishStatusStr, "no"); String error = - revReq.getExtDataInString(publishErrorStr); + revReq.getExtDataInString(publishErrorStr); if (error != null) header.addStringValue( - publishErrorStr, error); + publishErrorStr, error); } } } @@ -623,7 +620,7 @@ public class ChallengeRevocationServlet1 extends CMSServlet { if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) { header.addStringValue("dirEnabled", "yes"); Integer[] ldapPublishStatus = - revReq.getExtDataInIntegerArray("ldapPublishStatus"); + revReq.getExtDataInIntegerArray("ldapPublishStatus"); int certsToUpdate = 0; int certsUpdated = 0; @@ -640,11 +637,11 @@ public class ChallengeRevocationServlet1 extends CMSServlet { // add crl publishing status. String publError = - revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); if (publError != null) { header.addStringValue("crlPublishError", - publError); + publError); } } else { header.addStringValue("dirEnabled", "no"); @@ -658,16 +655,16 @@ public class ChallengeRevocationServlet1 extends CMSServlet { for (int j = 0; j < count; j++) { if (oldCerts[j] != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "pending", - oldCerts[j].getSubjectDN(), - oldCerts[j].getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "pending", + oldCerts[j].getSubjectDN(), + oldCerts[j].getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString() } + ); } } @@ -686,16 +683,16 @@ public class ChallengeRevocationServlet1 extends CMSServlet { for (int j = 0; j < count; j++) { if (oldCerts[j] != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - stat.toString(), - oldCerts[j].getSubjectDN(), - oldCerts[j].getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + stat.toString(), + oldCerts[j].getSubjectDN(), + oldCerts[j].getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString() } + ); } } } @@ -706,7 +703,7 @@ public class ChallengeRevocationServlet1 extends CMSServlet { throw e; } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED", e.toString())); throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED")); } catch (Exception e) { e.printStackTrace(); @@ -715,4 +712,3 @@ public class ChallengeRevocationServlet1 extends CMSServlet { return; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/CloneRedirect.java b/pki/base/common/src/com/netscape/cms/servlet/cert/CloneRedirect.java index b3693a53..fb531759 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/CloneRedirect.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/CloneRedirect.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.util.Locale; @@ -39,12 +38,11 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * Redirect a request to the Master. This servlet is used in - * a clone when a requested service (such as CRL) is not available. - * It redirects the user to the master. - * + * Redirect a request to the Master. This servlet is used in a clone when a + * requested service (such as CRL) is not available. It redirects the user to + * the master. + * * @version $Revision$, $Date$ */ public class CloneRedirect extends CMSServlet { @@ -71,7 +69,8 @@ public class CloneRedirect extends CMSServlet { /** * Initialize the servlet. - * @param sc servlet configuration, read from the web.xml file + * + * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { super.init(sc); @@ -93,8 +92,8 @@ public class CloneRedirect extends CMSServlet { if (mAuthority instanceof ICertificateAuthority) mCA = (ICertificateAuthority) mAuthority; - - // override success to do output with our own template. + + // override success to do output with our own template. mTemplates.remove(CMSRequest.SUCCESS); } @@ -117,28 +116,28 @@ public class CloneRedirect extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); throw new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } - CMS.debug("CloneRedirect: " + CMS.getLogMessage("ADMIN_SRVLT_ADD_MASTER_URL", mNewUrl)); + CMS.debug("CloneRedirect: " + CMS.getLogMessage("ADMIN_SRVLT_ADD_MASTER_URL", mNewUrl)); header.addStringValue("masterURL", mNewUrl); try { ServletOutputStream out = resp.getOutputStream(); String xmlOutput = req.getParameter("xml"); - if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); - } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); - } + if (xmlOutput != null && xmlOutput.equals("true")) { + outputXML(resp, argSet); + } else { + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); + } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DirAuthServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DirAuthServlet.java index 0ccf7f18..03c909cc 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DirAuthServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DirAuthServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.util.Date; import java.util.Locale; @@ -45,10 +44,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * 'Face-to-face' certificate enrollment. - * + * * @version $Revision$, $Date$ */ public class DirAuthServlet extends CMSServlet { @@ -64,8 +62,9 @@ public class DirAuthServlet extends CMSServlet { super(); } - /** + /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -81,15 +80,14 @@ public class DirAuthServlet extends CMSServlet { mTemplates.remove(CMSRequest.SUCCESS); } - - /** + /** * Process the HTTP request. This servlet reads configuration information - * from the hashDirEnrollment configuration substore - * + * from the hashDirEnrollment configuration substore + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -112,8 +110,8 @@ public class DirAuthServlet extends CMSServlet { try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); cmsReq.setError(new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"))); cmsReq.setStatus(CMSRequest.ERROR); @@ -166,7 +164,7 @@ public class DirAuthServlet extends CMSServlet { printError(cmsReq, "2"); cmsReq.setStatus(CMSRequest.SUCCESS); return; - } + } mgr.setLastLogin(reqHost, currTime); @@ -176,11 +174,11 @@ public class DirAuthServlet extends CMSServlet { mgr.addAuthToken(pageID, authToken); - header.addStringValue("pageID", pageID); + header.addStringValue("pageID", pageID); header.addStringValue("uid", uid); header.addStringValue("fingerprint", mgr.hashFingerprint(reqHost, pageID, uid)); header.addStringValue("hostname", reqHost); - + try { ServletOutputStream out = httpResp.getOutputStream(); @@ -188,8 +186,8 @@ public class DirAuthServlet extends CMSServlet { form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); cmsReq.setError(new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"))); cmsReq.setStatus(CMSRequest.ERROR); @@ -199,7 +197,7 @@ public class DirAuthServlet extends CMSServlet { } private void printError(CMSRequest cmsReq, String errorCode) - throws EBaseException { + throws EBaseException { IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -219,7 +217,7 @@ public class DirAuthServlet extends CMSServlet { form = getTemplate(formPath, httpReq, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", formPath, e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", formPath, e.toString())); cmsReq.setError(new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"))); cmsReq.setStatus(CMSRequest.ERROR); @@ -234,7 +232,7 @@ public class DirAuthServlet extends CMSServlet { cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); cmsReq.setError(new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"))); cmsReq.setStatus(CMSRequest.ERROR); diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DisableEnrollResult.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DisableEnrollResult.java index 9f353312..a5cdc98e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DisableEnrollResult.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DisableEnrollResult.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.security.cert.X509Certificate; import java.util.Locale; @@ -45,10 +44,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * For Face-to-face enrollment, disable EE enrollment feature - * + * * @version $Revision$, $Date$ * @see com.netscape.cms.servlet.cert.EnableEnrollResult */ @@ -83,7 +81,7 @@ public class DisableEnrollResult extends CMSServlet { * Services the request */ protected void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -125,10 +123,10 @@ public class DisableEnrollResult extends CMSServlet { try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", mFormPath, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", mFormPath, e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -162,10 +160,10 @@ public class DisableEnrollResult extends CMSServlet { form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); } cmsReq.setStatus(CMSRequest.SUCCESS); diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java index ea62b9cb..2a32b594 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.ByteArrayOutputStream; import java.io.IOException; import java.math.BigInteger; @@ -67,13 +66,12 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Display detailed information about a certificate - * - * The template 'displayBySerial.template' is used to - * render the response for this servlet. - * + * + * The template 'displayBySerial.template' is used to render the response for + * this servlet. + * * @version $Revision$, $Date$ */ public class DisplayBySerial extends CMSServlet { @@ -99,6 +97,7 @@ public class DisplayBySerial extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -109,16 +108,16 @@ public class DisplayBySerial extends CMSServlet { try { mCACerts = ((ICertAuthority) mAuthority).getCACertChain().getChain(); } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CA_CHAIN_NOT_AVAILABLE")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CA_CHAIN_NOT_AVAILABLE")); } // coming from ee mForm1Path = "/" + mAuthority.getId() + "/" + TPL_FILE1; - - if (mOutputTemplatePath != null) + + if (mOutputTemplatePath != null) mForm1Path = mOutputTemplatePath; - // override success and error templates to null - + // override success and error templates to null - // handle templates locally. mTemplates.remove(CMSRequest.SUCCESS); } @@ -126,8 +125,8 @@ public class DisplayBySerial extends CMSServlet { /** * Serves HTTP request. The format of this request is as follows: * <ul> - * <li>http.param serialNumber Decimal serial number of certificate to display - * (or hex if serialNumber preceded by 0x) + * <li>http.param serialNumber Decimal serial number of certificate to + * display (or hex if serialNumber preceded by 0x) * </ul> */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -151,7 +150,7 @@ public class DisplayBySerial extends CMSServlet { mAuthzResourceName, "read"); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -170,8 +169,8 @@ public class DisplayBySerial extends CMSServlet { error = new ECMSGWException(CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mForm1Path, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mForm1Path, e.toString())); throw new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } catch (EDBRecordNotFoundException e) { @@ -185,15 +184,15 @@ public class DisplayBySerial extends CMSServlet { try { if (serialNumber.compareTo(MINUS_ONE) > 0) { - process(argSet, header, serialNumber, - req, resp, locale[0]); + process(argSet, header, serialNumber, + req, resp, locale[0]); } else { error = new ECMSGWException( CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUMBER")); } } catch (EBaseException e) { error = e; - } + } try { ServletOutputStream out = resp.getOutputStream(); @@ -201,19 +200,19 @@ public class DisplayBySerial extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", e.toString())); throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } @@ -223,53 +222,53 @@ public class DisplayBySerial extends CMSServlet { * Display information about a particular certificate */ private void process(CMSTemplateParams argSet, IArgBlock header, - BigInteger seq, HttpServletRequest req, - HttpServletResponse resp, - Locale locale) - throws EBaseException { + BigInteger seq, HttpServletRequest req, + HttpServletResponse resp, + Locale locale) + throws EBaseException { String certType[] = new String[1]; try { ICertRecord rec = getCertRecord(seq, certType); - + if (certType[0].equalsIgnoreCase("x509")) { processX509(argSet, header, seq, req, resp, locale); return; } } catch (EBaseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_DISP_BY_SERIAL", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_DISP_BY_SERIAL", e.toString())); throw e; } - + return; } - + private void processX509(CMSTemplateParams argSet, IArgBlock header, - BigInteger seq, HttpServletRequest req, - HttpServletResponse resp, - Locale locale) - throws EBaseException { + BigInteger seq, HttpServletRequest req, + HttpServletResponse resp, + Locale locale) + throws EBaseException { try { ICertRecord rec = (ICertRecord) mCertDB.readCertificateRecord(seq); - if (rec == null) { - CMS.debug("DisplayBySerial: failed to read record"); - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT")); + if (rec == null) { + CMS.debug("DisplayBySerial: failed to read record"); + throw new ECMSGWException( + CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT")); } X509CertImpl cert = rec.getCertificate(); - if (cert == null) { - CMS.debug("DisplayBySerial: no certificate in record"); - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT")); + if (cert == null) { + CMS.debug("DisplayBySerial: no certificate in record"); + throw new ECMSGWException( + CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT")); } try { X509CertInfo info = (X509CertInfo) cert.get(X509CertImpl.NAME + "." + X509CertImpl.INFO); - if (info == null) { - CMS.debug("DisplayBySerial: no info found"); - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT")); + if (info == null) { + CMS.debug("DisplayBySerial: no info found"); + throw new ECMSGWException( + CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT")); } CertificateExtensions extensions = (CertificateExtensions) info.get(X509CertInfo.EXTENSIONS); @@ -287,11 +286,11 @@ public class DisplayBySerial extends CMSServlet { } if (ext instanceof KeyUsageExtension) { KeyUsageExtension usage = - (KeyUsageExtension) ext; + (KeyUsageExtension) ext; try { if (((Boolean) usage.get(KeyUsageExtension.DIGITAL_SIGNATURE)).booleanValue() || - ((Boolean) usage.get(KeyUsageExtension.DATA_ENCIPHERMENT)).booleanValue()) + ((Boolean) usage.get(KeyUsageExtension.DATA_ENCIPHERMENT)).booleanValue()) emailCert = true; } catch (ArrayIndexOutOfBoundsException e) { // bug356108: @@ -321,8 +320,8 @@ public class DisplayBySerial extends CMSServlet { header.addBooleanValue("noCertImport", noCertImport); } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_PARSING_EXTENS", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_PARSING_EXTENS", e.toString())); } IRevocationInfo revocationInfo = rec.getRevocationInfo(); @@ -347,20 +346,16 @@ public class DisplayBySerial extends CMSServlet { ICertPrettyPrint certDetails = CMS.getCertPrettyPrint(cert); - header.addStringValue("certPrettyPrint", - certDetails.toString(locale)); + header.addStringValue("certPrettyPrint", + certDetails.toString(locale)); /* - String scheme = req.getScheme(); - if (scheme.equals("http") && connectionIsSSL(req)) - scheme = "https"; - String requestURI = req.getRequestURI(); - int i = requestURI.indexOf('?'); - String newRequestURI = - (i > -1)? requestURI.substring(0, i): requestURI; - header.addStringValue("serviceURL", scheme +"://"+ - req.getServerName() + ":"+ - req.getServerPort() + newRequestURI); + * String scheme = req.getScheme(); if (scheme.equals("http") && + * connectionIsSSL(req)) scheme = "https"; String requestURI = + * req.getRequestURI(); int i = requestURI.indexOf('?'); String + * newRequestURI = (i > -1)? requestURI.substring(0, i): requestURI; + * header.addStringValue("serviceURL", scheme +"://"+ + * req.getServerName() + ":"+ req.getServerPort() + newRequestURI); */ header.addStringValue("authorityid", mAuthority.getId()); @@ -369,8 +364,8 @@ public class DisplayBySerial extends CMSServlet { try { certFingerprints = CMS.getFingerPrints(cert); } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_DIGESTING_CERT", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_DIGESTING_CERT", e.toString())); } if (certFingerprints.length() > 0) header.addStringValue("certFingerprint", certFingerprints); @@ -382,12 +377,12 @@ public class DisplayBySerial extends CMSServlet { header.addStringValue("serialNumber", seq.toString(16)); /* - String userAgent = req.getHeader("user-agent"); - String agent = - (userAgent != null)? UserInfo.getUserAgent(userAgent): ""; + * String userAgent = req.getHeader("user-agent"); String agent = + * (userAgent != null)? UserInfo.getUserAgent(userAgent): ""; */ // Now formulate a PKCS#7 blob - X509CertImpl[] certsInChain = new X509CertImpl[1];; + X509CertImpl[] certsInChain = new X509CertImpl[1]; + ; if (mCACerts != null) { for (int i = 0; i < mCACerts.length; i++) { if (cert.equals(mCACerts[i])) { @@ -398,10 +393,10 @@ public class DisplayBySerial extends CMSServlet { certsInChain = new X509CertImpl[mCACerts.length + 1]; } } - + // Set the EE cert certsInChain[0] = cert; - + // Set the Ca certificate chain if (mCACerts != null) { for (int i = 0; i < mCACerts.length; i++) { @@ -414,43 +409,43 @@ public class DisplayBySerial extends CMSServlet { String p7Str; try { - PKCS7 p7 = new PKCS7(new AlgorithmId[0], + PKCS7 p7 = new PKCS7(new AlgorithmId[0], new ContentInfo(new byte[0]), certsInChain, new SignerInfo[0]); ByteArrayOutputStream bos = new ByteArrayOutputStream(); - p7.encodeSignedData(bos,false); + p7.encodeSignedData(bos, false); byte[] p7Bytes = bos.toByteArray(); - p7Str = com.netscape.osutil.OSUtil.BtoA(p7Bytes); + p7Str = com.netscape.osutil.OSUtil.BtoA(p7Bytes); header.addStringValue("pkcs7ChainBase64", p7Str); } catch (Exception e) { - //p7Str = "PKCS#7 B64 Encoding error - " + e.toString() - //+ "; Please contact your administrator"; - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_FORMING_PKCS7_1", e.toString())); + // p7Str = "PKCS#7 B64 Encoding error - " + e.toString() + // + "; Please contact your administrator"; + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_FORMING_PKCS7_1", e.toString())); throw new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_FORMING_PKCS7")); } } catch (EBaseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("MSGW_ERR_DISP_BY_SERIAL", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("MSGW_ERR_DISP_BY_SERIAL", e.toString())); throw e; } catch (CertificateEncodingException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_ENCODE_CERT", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_ENCODE_CERT", e.toString())); throw new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT")); } return; } - + private ICertRecord getCertRecord(BigInteger seq, String certtype[]) - throws EBaseException { + throws EBaseException { ICertRecord rec = null; - + try { rec = (ICertRecord) mCertDB.readCertificateRecord(seq); X509CertImpl x509cert = rec.getCertificate(); @@ -460,16 +455,16 @@ public class DisplayBySerial extends CMSServlet { return rec; } } catch (EBaseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_DISP_BY_SERIAL", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_DISP_BY_SERIAL", e.toString())); throw e; } - + return rec; } private BigInteger getSerialNumber(HttpServletRequest req) - throws NumberFormatException { + throws NumberFormatException { String serialNumString = req.getParameter("serialNumber"); if (serialNumString != null) { @@ -477,11 +472,10 @@ public class DisplayBySerial extends CMSServlet { if (serialNumString.startsWith("0x") || serialNumString.startsWith("0X")) { return new BigInteger(serialNumString.substring(2), 16); } else { - return new BigInteger(serialNumString); + return new BigInteger(serialNumString); } - } else { + } else { throw new NumberFormatException(); - } + } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayCRL.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayCRL.java index 3a5f3f06..cb0e1cf9 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayCRL.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayCRL.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.math.BigInteger; import java.security.cert.CRLException; @@ -50,10 +49,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Decode the CRL and display it to the requester. - * + * * @version $Revision$, $Date$ */ public class DisplayCRL extends CMSServlet { @@ -64,8 +62,8 @@ public class DisplayCRL extends CMSServlet { private static final long serialVersionUID = 1152016798229054027L; private final static String INFO = "DisplayCRL"; private final static String TPL_FILE = "displayCRL.template"; - //private final static String E_TPL_FILE = "error.template"; - //private final static String OUT_ERROR = "errorDetails"; + // private final static String E_TPL_FILE = "error.template"; + // private final static String OUT_ERROR = "errorDetails"; private String mFormPath = null; private ICertificateAuthority mCA = null; @@ -78,9 +76,10 @@ public class DisplayCRL extends CMSServlet { } /** - * Initialize the servlet. This servlet uses the 'displayCRL.template' file to - * to render the response to the client. - * @param sc servlet configuration, read from the web.xml file + * Initialize the servlet. This servlet uses the 'displayCRL.template' file + * to to render the response to the client. + * + * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { super.init(sc); @@ -96,15 +95,16 @@ public class DisplayCRL extends CMSServlet { } /** - * Process the HTTP request + * Process the HTTP request * <ul> - * <li>http.param crlIssuingPoint number - * <li>http.param crlDisplayType entireCRL or crlHeader or base64Encoded or deltaCRL - * <li>http.param pageStart which page to start displaying from - * <li>http.param pageSize number of entries to show per page + * <li>http.param crlIssuingPoint number + * <li>http.param crlDisplayType entireCRL or crlHeader or base64Encoded or + * deltaCRL + * <li>http.param pageStart which page to start displaying from + * <li>http.param pageSize number of entries to show per page * </ul> + * * @param cmsReq the Request to service. - */ public void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest req = cmsReq.getHttpReq(); @@ -132,8 +132,8 @@ public class DisplayCRL extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE_1", mFormPath, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE_1", mFormPath, e.toString())); throw new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } @@ -148,22 +148,22 @@ public class DisplayCRL extends CMSServlet { String crlIssuingPointId = req.getParameter("crlIssuingPoint"); process(argSet, header, req, resp, crlIssuingPointId, - locale[0]); + locale[0]); try { ServletOutputStream out = resp.getOutputStream(); String xmlOutput = req.getParameter("xml"); - if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); - } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); - } + if (xmlOutput != null && xmlOutput.equals("true")) { + outputXML(resp, argSet); + } else { + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); + } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", e.toString())); throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } } @@ -192,24 +192,25 @@ public class DisplayCRL extends CMSServlet { masterHost = CMS.getConfigStore().getString("master.ca.agent.host", ""); masterPort = CMS.getConfigStore().getString("master.ca.agent.port", ""); if (masterHost != null && masterHost.length() > 0 && - masterPort != null && masterPort.length() > 0) { + masterPort != null && masterPort.length() > 0) { clonedCA = true; ipNames = crlRepository.getIssuingPointsNames(); } } catch (EBaseException e) { } - + if (clonedCA) { if (crlIssuingPointId != null) { if (ipNames != null && ipNames.size() > 0) { int i; for (i = 0; i < ipNames.size(); i++) { - String ipName = (String)ipNames.elementAt(i); + String ipName = (String) ipNames.elementAt(i); if (crlIssuingPointId.equals(ipName)) { break; } } - if (i >= ipNames.size()) crlIssuingPointId = null; + if (i >= ipNames.size()) + crlIssuingPointId = null; } else { crlIssuingPointId = null; } @@ -226,13 +227,14 @@ public class DisplayCRL extends CMSServlet { isCRLCacheEnabled = ip.isCRLCacheEnabled(); break; } - if (!ips.hasMoreElements()) crlIssuingPointId = null; + if (!ips.hasMoreElements()) + crlIssuingPointId = null; } } } if (crlIssuingPointId == null) { header.addStringValue("error", - "Request to unspecified or non-existing CRL issuing point: "+ipId); + "Request to unspecified or non-existing CRL issuing point: " + ipId); return; } @@ -240,22 +242,23 @@ public class DisplayCRL extends CMSServlet { String crlDisplayType = req.getParameter("crlDisplayType"); - if (crlDisplayType == null) crlDisplayType = "cachedCRL"; + if (crlDisplayType == null) + crlDisplayType = "cachedCRL"; header.addStringValue("crlDisplayType", crlDisplayType); try { - crlRecord = + crlRecord = (ICRLIssuingPointRecord) mCA.getCRLRepository().readCRLIssuingPointRecord(crlIssuingPointId); } catch (EBaseException e) { header.addStringValue("error", e.toString(locale)); return; } if (crlRecord == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId)); - header.addStringValue("error", - new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString()); - return; + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId)); + header.addStringValue("error", + new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString()); + return; } header.addStringValue("crlIssuingPoint", crlIssuingPointId); @@ -283,10 +286,10 @@ public class DisplayCRL extends CMSServlet { byte[] crlbytes = crlRecord.getCRL(); if (crlbytes == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId)); - header.addStringValue("error", - new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString()); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId)); + header.addStringValue("error", + new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString()); return; } @@ -299,8 +302,8 @@ public class DisplayCRL extends CMSServlet { } catch (Exception e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_DECODE_CRL", e.toString())); - header.addStringValue("error", - new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString()); + header.addStringValue("error", + new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString()); } } @@ -320,24 +323,25 @@ public class DisplayCRL extends CMSServlet { long lPageStart = new Long(pageStart).longValue(); long lPageSize = new Long(pageSize).longValue(); - if (lPageStart < 1) lPageStart = 1; + if (lPageStart < 1) + lPageStart = 1; // if (lPageStart + lPageSize - lCRLSize > 1) - // lPageStart = lCRLSize - lPageSize + 1; + // lPageStart = lCRLSize - lPageSize + 1; header.addStringValue( - "crlPrettyPrint", crlDetails.toString(locale, - lCRLSize, lPageStart, lPageSize)); + "crlPrettyPrint", crlDetails.toString(locale, + lCRLSize, lPageStart, lPageSize)); header.addLongValue("pageStart", lPageStart); header.addLongValue("pageSize", lPageSize); } else { header.addStringValue( - "crlPrettyPrint", crlDetails.toString(locale)); + "crlPrettyPrint", crlDetails.toString(locale)); } } else if (crlDisplayType.equals("crlHeader")) { ICRLPrettyPrint crlDetails = CMS.getCRLPrettyPrint(crl); header.addStringValue( - "crlPrettyPrint", crlDetails.toString(locale, lCRLSize, 0, 0)); + "crlPrettyPrint", crlDetails.toString(locale, lCRLSize, 0, 0)); } else if (crlDisplayType.equals("base64Encoded")) { try { byte[] ba = crl.getEncoded(); @@ -377,14 +381,14 @@ public class DisplayCRL extends CMSServlet { } catch (CRLException e) { } } else if (crlDisplayType.equals("deltaCRL")) { - if ((clonedCA && crlRecord.getDeltaCRLSize() != null && - crlRecord.getDeltaCRLSize().longValue() > -1) || - (crlIP != null && crlIP.isDeltaCRLEnabled())) { + if ((clonedCA && crlRecord.getDeltaCRLSize() != null && + crlRecord.getDeltaCRLSize().longValue() > -1) || + (crlIP != null && crlIP.isDeltaCRLEnabled())) { byte[] deltaCRLBytes = crlRecord.getDeltaCRL(); if (deltaCRLBytes == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_NO_DELTA_CRL", crlIssuingPointId)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_NO_DELTA_CRL", crlIssuingPointId)); header.addStringValue("error", "Delta CRL is not available"); } else { X509CRLImpl deltaCRL = null; @@ -393,23 +397,23 @@ public class DisplayCRL extends CMSServlet { deltaCRL = new X509CRLImpl(deltaCRLBytes); } catch (Exception e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_DECODE_DELTA_CRL", e.toString())); - header.addStringValue("error", - new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString()); + header.addStringValue("error", + new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString()); } if (deltaCRL != null) { BigInteger crlNumber = crlRecord.getCRLNumber(); BigInteger deltaNumber = crlRecord.getDeltaCRLNumber(); if ((clonedCA && crlNumber != null && deltaNumber != null && - deltaNumber.compareTo(crlNumber) >= 0) || - (crlIP != null && crlIP.isThisCurrentDeltaCRL(deltaCRL))) { + deltaNumber.compareTo(crlNumber) >= 0) || + (crlIP != null && crlIP.isThisCurrentDeltaCRL(deltaCRL))) { header.addIntegerValue("deltaCRLSize", - deltaCRL.getNumberOfRevokedCertificates()); + deltaCRL.getNumberOfRevokedCertificates()); ICRLPrettyPrint crlDetails = CMS.getCRLPrettyPrint(deltaCRL); header.addStringValue( - "crlPrettyPrint", crlDetails.toString(locale, 0, 0, 0)); + "crlPrettyPrint", crlDetails.toString(locale, 0, 0, 0)); try { byte[] ba = deltaCRL.getEncoded(); @@ -455,8 +459,8 @@ public class DisplayCRL extends CMSServlet { } } else { header.addStringValue("error", "Delta CRL is not enabled for " + - crlIssuingPointId + - " issuing point"); + crlIssuingPointId + + " issuing point"); } } @@ -464,10 +468,10 @@ public class DisplayCRL extends CMSServlet { header.addStringValue("error", CMS.getUserMessage(locale, "CMS_GW_CRL_CACHE_IS_NOT_ENABLED", crlIssuingPointId)); header.addStringValue("crlPrettyPrint", CMS.getUserMessage(locale, "CMS_GW_CRL_CACHE_IS_NOT_ENABLED", crlIssuingPointId)); } else { - header.addStringValue("error", - new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString()); - header.addStringValue("crlPrettyPrint", - new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString()); + header.addStringValue("error", + new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString()); + header.addStringValue("crlPrettyPrint", + new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString()); } return; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayHashUserEnroll.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayHashUserEnroll.java index 6efda2bb..8d2be7a4 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayHashUserEnroll.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayHashUserEnroll.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.util.Date; import java.util.Locale; @@ -45,11 +44,10 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * Servlet to report the status, ie, the agent-initiated user - * enrollment is enabled or disabled. - * + * Servlet to report the status, ie, the agent-initiated user enrollment is + * enabled or disabled. + * * @version $Revision$, $Date$ */ public class DisplayHashUserEnroll extends CMSServlet { @@ -90,7 +88,7 @@ public class DisplayHashUserEnroll extends CMSServlet { * Services the request */ protected void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -117,7 +115,7 @@ public class DisplayHashUserEnroll extends CMSServlet { if (!(mAuthority instanceof IRegistrationAuthority)) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE")); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED"))); + CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -152,7 +150,7 @@ public class DisplayHashUserEnroll extends CMSServlet { printError(cmsReq, "2"); cmsReq.setStatus(CMSRequest.SUCCESS); return; - } + } mgr.setLastLogin(reqHost, currTime); @@ -162,10 +160,10 @@ public class DisplayHashUserEnroll extends CMSServlet { try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", mFormPath, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", mFormPath, e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -177,10 +175,10 @@ public class DisplayHashUserEnroll extends CMSServlet { form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); } cmsReq.setStatus(CMSRequest.SUCCESS); @@ -188,7 +186,7 @@ public class DisplayHashUserEnroll extends CMSServlet { } private void printError(CMSRequest cmsReq, String errorCode) - throws EBaseException { + throws EBaseException { IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -208,9 +206,9 @@ public class DisplayHashUserEnroll extends CMSServlet { form = getTemplate(formPath, httpReq, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", formPath, e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", formPath, e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -223,10 +221,10 @@ public class DisplayHashUserEnroll extends CMSServlet { cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", e.toString())); + CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java index 3c562d65..e95d6dbe 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; @@ -71,10 +70,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Revoke a Certificate - * + * * @version $Revision$, $Date$ */ public class DoRevoke extends CMSServlet { @@ -98,20 +96,19 @@ public class DoRevoke extends CMSServlet { private final static String REVOKE = "revoke"; private final static String ON_HOLD = "on-hold"; private final static int ON_HOLD_REASON = 6; - private final static String - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = - "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; - private final static String - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = - "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; + private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = + "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; + private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = + "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; public DoRevoke() { super(); } /** - * initialize the servlet. This servlet uses the template - * file "revocationResult.template" to render the result + * initialize the servlet. This servlet uses the template file + * "revocationResult.template" to render the result + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -145,16 +142,20 @@ public class DoRevoke extends CMSServlet { } /** - * Serves HTTP request. The http parameters used by this request are as follows: + * Serves HTTP request. The http parameters used by this request are as + * follows: + * * <pre> * serialNumber Serial number of certificate to revoke (in HEX) * revocationReason Revocation reason (Described below) * totalRecordCount [number] * verifiedRecordCount [number] * invalidityDate [number of seconds in Jan 1,1970] - * + * * </pre> + * * revocationReason can be one of these values: + * * <pre> * 0 = Unspecified (default) * 1 = Key compromised @@ -204,7 +205,7 @@ public class DoRevoke extends CMSServlet { if (req.getParameter("verifiedRecordCount") != null) { verifiedRecordCount = Integer.parseInt( req.getParameter( - "verifiedRecordCount")); + "verifiedRecordCount")); } if (req.getParameter("invalidityDate") != null) { long l = Long.parseLong(req.getParameter( @@ -228,8 +229,8 @@ public class DoRevoke extends CMSServlet { try { user = (IUser) mUL.locateUser(new Certificates(certChain)); } catch (Exception e) { - CMS.debug("DoRevoke: Failed to map certificate '"+ - cert2.getSubjectDN().getName()+"' to user."); + CMS.debug("DoRevoke: Failed to map certificate '" + + cert2.getSubjectDN().getName() + "' to user."); } if (mUG.isMemberOf(user, "Subsystem Group")) { skipNonceVerification = true; @@ -249,8 +250,8 @@ public class DoRevoke extends CMSServlet { } else { CMS.debug("DoRevoke: Missing nonce"); } - CMS.debug("DoRevoke: nonceVerified="+nonceVerified); - CMS.debug("DoRevoke: skipNonceVerification="+skipNonceVerification); + CMS.debug("DoRevoke: nonceVerified=" + nonceVerified); + CMS.debug("DoRevoke: skipNonceVerification=" + skipNonceVerification); if ((!nonceVerified) && (!skipNonceVerification)) { cmsReq.setStatus(CMSRequest.UNAUTHORIZED); return; @@ -261,7 +262,7 @@ public class DoRevoke extends CMSServlet { String eeSubjectDN = null; String eeSerialNumber = null; - //for audit log. + // for audit log. String initiative = null; String authMgr = AuditFormat.NOAUTH; @@ -275,25 +276,24 @@ public class DoRevoke extends CMSServlet { mAuthzResourceName, "revoke"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { cmsReq.setStatus(CMSRequest.UNAUTHORIZED); return; } - - + if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { if (authToken != null) { String serialNumber = req.getParameter("serialNumber"); X509CertImpl sslCert = (X509CertImpl) getSSLClientCertificate(req); - if (serialNumber != null) { + if (serialNumber != null) { eeSerialNumber = serialNumber; } @@ -306,12 +306,12 @@ public class DoRevoke extends CMSServlet { } else { // request is fromUser. initiative = AuditFormat.FROMUSER; - + String serialNumber = req.getParameter("serialNumber"); X509CertImpl sslCert = (X509CertImpl) getSSLClientCertificate(req); if (serialNumber == null || sslCert == null || - !(serialNumber.equals(sslCert.getSerialNumber().toString(16)))) { + !(serialNumber.equals(sslCert.getSerialNumber().toString(16)))) { authorized = false; } else { eeSubjectDN = sslCert.getSubjectDN().toString(); @@ -322,29 +322,24 @@ public class DoRevoke extends CMSServlet { if (authorized) { process(argSet, header, reason, invalidityDate, initiative, - req, resp, verifiedRecordCount, revokeAll, - totalRecordCount, eeSerialNumber, eeSubjectDN, - comments, locale[0]); + req, resp, verifiedRecordCount, revokeAll, + totalRecordCount, eeSerialNumber, eeSubjectDN, + comments, locale[0]); } } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); error = new EBaseException(CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); } catch (EBaseException e) { error = e; } /* - catch (Exception e) { - noError = false; - header.addStringValue(OUT_ERROR, - MessageFormatter.getLocalizedString( - errorlocale[0], - BaseResources.class.getName(), - BaseResources.INTERNAL_ERROR_1, - e.toString())); - } + * catch (Exception e) { noError = false; + * header.addStringValue(OUT_ERROR, MessageFormatter.getLocalizedString( + * errorlocale[0], BaseResources.class.getName(), + * BaseResources.INTERNAL_ERROR_1, e.toString())); } */ try { @@ -353,11 +348,11 @@ public class DoRevoke extends CMSServlet { if (error == null && authorized) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else if (!authorized) { cmsReq.setStatus(CMSRequest.UNAUTHORIZED); @@ -366,8 +361,8 @@ public class DoRevoke extends CMSServlet { cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } } @@ -375,58 +370,59 @@ public class DoRevoke extends CMSServlet { /** * Process cert status change request * <P> - * - * (Certificate Request - either an "agent" cert status change request, - * or an "EE" cert status change request) + * + * (Certificate Request - either an "agent" cert status change request, or + * an "EE" cert status change request) * <P> - * - * (Certificate Request Processed - either an "agent" cert status change - * request, or an "EE" cert status change request) + * + * (Certificate Request Processed - either an "agent" cert status change + * request, or an "EE" cert status change request) * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when - * a cert status change request (e. g. - "revocation") is made (before + * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used + * when a cert status change request (e. g. - "revocation") is made (before * approval process) - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED - * used when a certificate status is changed (revoked, expired, on-hold, - * off-hold) + * <li>signed.audit + * LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a + * certificate status is changed (revoked, expired, on-hold, off-hold) * </ul> + * * @param argSet CMS template parameters * @param header argument block - * @param reason revocation reason (0 - Unspecified, 1 - Key compromised, - * 2 - CA key compromised; should not be used, 3 - Affiliation changed, - * 4 - Certificate superceded, 5 - Cessation of operation, or - * 6 - Certificate is on hold) + * @param reason revocation reason (0 - Unspecified, 1 - Key compromised, 2 + * - CA key compromised; should not be used, 3 - Affiliation + * changed, 4 - Certificate superceded, 5 - Cessation of + * operation, or 6 - Certificate is on hold) * @param invalidityDate certificate validity date * @param initiative string containing the audit format * @param req HTTP servlet request * @param resp HTTP servlet response * @param verifiedRecordCount number of verified records - * @param revokeAll string containing information on all of the - * certificates to be revoked + * @param revokeAll string containing information on all of the certificates + * to be revoked * @param totalRecordCount total number of records (verified and unverified) - * @param eeSerialNumber string containing the end-entity certificate - * serial number + * @param eeSerialNumber string containing the end-entity certificate serial + * number * @param eeSubjectDN string containing the end-entity certificate subject - * distinguished name (DN) + * distinguished name (DN) * @param comments string containing certificate comments * @param locale the system locale * @exception EBaseException an error has occurred */ private void process(CMSTemplateParams argSet, IArgBlock header, - int reason, Date invalidityDate, - String initiative, - HttpServletRequest req, - HttpServletResponse resp, - int verifiedRecordCount, - String revokeAll, - int totalRecordCount, - String eeSerialNumber, - String eeSubjectDN, - String comments, - Locale locale) - throws EBaseException { + int reason, Date invalidityDate, + String initiative, + HttpServletRequest req, + HttpServletResponse resp, + int verifiedRecordCount, + String revokeAll, + int totalRecordCount, + String eeSerialNumber, + String eeSubjectDN, + String comments, + Locale locale) + throws EBaseException { boolean auditRequest = true; String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -436,7 +432,7 @@ public class DoRevoke extends CMSServlet { String auditApprovalStatus = ILogger.SIGNED_AUDIT_EMPTY_VALUE; String auditReasonNum = String.valueOf(reason); - CMS.debug("DoRevoke: eeSerialNumber: " + eeSerialNumber + " auditSerialNumber: " + auditSerialNumber); + CMS.debug("DoRevoke: eeSerialNumber: " + eeSerialNumber + " auditSerialNumber: " + auditSerialNumber); long startTime = CMS.getCurrentDate().getTime(); try { @@ -483,16 +479,16 @@ public class DoRevoke extends CMSServlet { CMS.debug("DoRevoke: skipped revocation request for system certificate " + xcert.getSerialNumber()); continue; } - + if (xcert != null) { rarg.addStringValue("serialNumber", - xcert.getSerialNumber().toString(16)); + xcert.getSerialNumber().toString(16)); if (eeSerialNumber != null && - (eeSerialNumber.equals(xcert.getSerialNumber().toString())) && - rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) { + (eeSerialNumber.equals(xcert.getSerialNumber().toString())) && + rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CA_CERTIFICATE_ALREADY_REVOKED_1", xcert.getSerialNumber().toString(16))); + CMS.getLogMessage("CA_CERTIFICATE_ALREADY_REVOKED_1", xcert.getSerialNumber().toString(16))); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -508,19 +504,19 @@ public class DoRevoke extends CMSServlet { throw new ECMSGWException(CMS.getLogMessage("CMSGW_UNAUTHORIZED")); } else if (rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) { rarg.addStringValue("error", "Certificate 0x" + - xcert.getSerialNumber().toString(16) + - " is already revoked."); + xcert.getSerialNumber().toString(16) + + " is already revoked."); } else if (eeSubjectDN != null && - (!eeSubjectDN.equals(xcert.getSubjectDN().toString()))) { + (!eeSubjectDN.equals(xcert.getSubjectDN().toString()))) { rarg.addStringValue("error", "Certificate 0x" + - xcert.getSerialNumber().toString(16) + - " belongs to different subject."); + xcert.getSerialNumber().toString(16) + + " belongs to different subject."); } else { oldCertsV.addElement(xcert); RevokedCertImpl revCertImpl = - new RevokedCertImpl(xcert.getSerialNumber(), - CMS.getCurrentDate(), entryExtn); + new RevokedCertImpl(xcert.getSerialNumber(), + CMS.getCurrentDate(), entryExtn); revCertImplsV.addElement(revCertImpl); count++; @@ -535,9 +531,7 @@ public class DoRevoke extends CMSServlet { Vector<String> serialNumbers = new Vector<String>(); if (revokeAll != null && revokeAll.length() > 0) { - for (int i = revokeAll.indexOf('='); - i < revokeAll.length() && i > -1; - i = revokeAll.indexOf('=', i)) { + for (int i = revokeAll.indexOf('='); i < revokeAll.length() && i > -1; i = revokeAll.indexOf('=', i)) { if (i > -1) { i++; while (i < revokeAll.length() && revokeAll.charAt(i) == ' ') { @@ -564,29 +558,28 @@ public class DoRevoke extends CMSServlet { for (int i = 0; i < certs.length; i++) { boolean addToList = false; - for (int j = 0; j < serialNumbers.size(); - j++) { - //xxxxx serial number in decimal? + for (int j = 0; j < serialNumbers.size(); j++) { + // xxxxx serial number in decimal? if (certs[i].getSerialNumber().toString().equals((String) serialNumbers.elementAt(j)) && - eeSubjectDN != null && eeSubjectDN.equals(certs[i].getSubjectDN().toString())) { + eeSubjectDN != null && eeSubjectDN.equals(certs[i].getSubjectDN().toString())) { addToList = true; break; } } if (eeSerialNumber != null && - eeSerialNumber.equals(certs[i].getSerialNumber().toString())) { + eeSerialNumber.equals(certs[i].getSerialNumber().toString())) { authorized = true; } if (addToList) { IArgBlock rarg = CMS.createArgBlock(); rarg.addStringValue("serialNumber", - certs[i].getSerialNumber().toString(16)); + certs[i].getSerialNumber().toString(16)); oldCertsV.addElement(certs[i]); RevokedCertImpl revCertImpl = - new RevokedCertImpl(certs[i].getSerialNumber(), - CMS.getCurrentDate(), entryExtn); + new RevokedCertImpl(certs[i].getSerialNumber(), + CMS.getCurrentDate(), entryExtn); revCertImplsV.addElement(revCertImpl); count++; @@ -596,7 +589,7 @@ public class DoRevoke extends CMSServlet { } if (!authorized) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_REQ_AUTH_REVOKED_CERT")); + CMS.getLogMessage("CMSGW_REQ_AUTH_REVOKED_CERT")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -615,19 +608,19 @@ public class DoRevoke extends CMSServlet { String b64eCert = req.getParameter("b64eCertificate"); if (b64eCert != null) { - // BASE64Decoder decoder = new BASE64Decoder(); - // byte[] certBytes = decoder.decodeBuffer(b64eCert); + // BASE64Decoder decoder = new BASE64Decoder(); + // byte[] certBytes = decoder.decodeBuffer(b64eCert); byte[] certBytes = CMS.AtoB(b64eCert); X509CertImpl cert = new X509CertImpl(certBytes); IArgBlock rarg = CMS.createArgBlock(); rarg.addStringValue("serialNumber", - cert.getSerialNumber().toString(16)); + cert.getSerialNumber().toString(16)); oldCertsV.addElement(cert); RevokedCertImpl revCertImpl = - new RevokedCertImpl(cert.getSerialNumber(), - CMS.getCurrentDate(), entryExtn); + new RevokedCertImpl(cert.getSerialNumber(), + CMS.getCurrentDate(), entryExtn); revCertImplsV.addElement(revCertImpl); count++; @@ -636,8 +629,8 @@ public class DoRevoke extends CMSServlet { } } } - if (count == 0) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REV_CERTS_ZERO")); + if (count == 0) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REV_CERTS_ZERO")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -656,7 +649,7 @@ public class DoRevoke extends CMSServlet { header.addIntegerValue("totalRecordCount", count); X509CertImpl[] oldCerts = new X509CertImpl[count]; - //Certificate[] oldCerts = new Certificate[count]; + // Certificate[] oldCerts = new Certificate[count]; RevokedCertImpl[] revCertImpls = new RevokedCertImpl[count]; for (int i = 0; i < count; i++) { @@ -665,7 +658,7 @@ public class DoRevoke extends CMSServlet { } IRequest revReq = - mQueue.newRequest(IRequest.REVOCATION_REQUEST); + mQueue.newRequest(IRequest.REVOCATION_REQUEST); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -680,7 +673,7 @@ public class DoRevoke extends CMSServlet { revReq.setExtData(IRequest.CERT_INFO, revCertImpls); revReq.setExtData(IRequest.REQ_TYPE, IRequest.REVOCATION_REQUEST); - if(initiative.equals(AuditFormat.FROMUSER)) + if (initiative.equals(AuditFormat.FROMUSER)) revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_EE); else revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_AGENT); @@ -708,37 +701,37 @@ public class DoRevoke extends CMSServlet { // that is meant for the Master CA. From Clone's point of view // the request is complete if ((stat == RequestStatus.COMPLETE) || ((type.equals(IRequest.CLA_CERT4CRL_REQUEST)) && (stat == RequestStatus.SVC_PENDING))) { - // audit log the error + // audit log the error Integer result = revReq.getExtDataInInteger(IRequest.RESULT); if (result.equals(IRequest.RES_ERROR)) { String[] svcErrors = - revReq.getExtDataInStringArray(IRequest.SVCERRORS); + revReq.getExtDataInStringArray(IRequest.SVCERRORS); if (svcErrors != null && svcErrors.length > 0) { for (int i = 0; i < svcErrors.length; i++) { String err = svcErrors[i]; if (err != null) { - //cmsReq.setErrorDescription(err); + // cmsReq.setErrorDescription(err); for (int j = 0; j < count; j++) { if (oldCerts[j] instanceof X509CertImpl) { X509CertImpl cert = (X509CertImpl) oldCerts[j]; if (oldCerts[j] != null) { mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "completed with error: " + - err, - cert.getSubjectDN(), - cert.getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "completed with error: " + + err, + cert.getSubjectDN(), + cert.getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString() } + ); } } } @@ -751,10 +744,10 @@ public class DoRevoke extends CMSServlet { // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals( RequestStatus.COMPLETE_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.REJECTED_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.CANCELED_STRING))) { + (auditApprovalStatus.equals( + RequestStatus.REJECTED_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, auditSubjectID, @@ -768,7 +761,7 @@ public class DoRevoke extends CMSServlet { audit(auditMessage); } - return; + return; } long endTime = CMS.getCurrentDate().getTime(); @@ -780,24 +773,24 @@ public class DoRevoke extends CMSServlet { X509CertImpl cert = (X509CertImpl) oldCerts[j]; mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "completed", - cert.getSubjectDN(), - cert.getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString() + " time: " + (endTime - startTime)} - ); + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "completed", + cert.getSubjectDN(), + cert.getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString() + " time: " + (endTime - startTime) } + ); } } } header.addStringValue("revoked", "yes"); - Integer updateCRLResult = - revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); + Integer updateCRLResult = + revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); if (updateCRLResult != null) { header.addStringValue("updateCRL", "yes"); @@ -806,15 +799,15 @@ public class DoRevoke extends CMSServlet { } else { header.addStringValue("updateCRLSuccess", "no"); String crlError = - revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR); + revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR); - if (crlError != null) - header.addStringValue("updateCRLError", - crlError); + if (crlError != null) + header.addStringValue("updateCRLError", + crlError); } // let known crl publishing status too. Integer publishCRLResult = - revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); + revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); if (publishCRLResult != null) { if (publishCRLResult.equals(IRequest.RES_SUCCESS)) { @@ -822,23 +815,23 @@ public class DoRevoke extends CMSServlet { } else { header.addStringValue("publishCRLSuccess", "no"); String publError = - revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); - if (publError != null) - header.addStringValue("publishCRLError", - publError); + if (publError != null) + header.addStringValue("publishCRLError", + publError); } } } if (mAuthority instanceof ICertificateAuthority) { - // let known update and publish status of all crls. - Enumeration<ICRLIssuingPoint> otherCRLs = - ((ICertificateAuthority) mAuthority).getCRLIssuingPoints(); + // let known update and publish status of all crls. + Enumeration<ICRLIssuingPoint> otherCRLs = + ((ICertificateAuthority) mAuthority).getCRLIssuingPoints(); while (otherCRLs.hasMoreElements()) { ICRLIssuingPoint crl = (ICRLIssuingPoint) - otherCRLs.nextElement(); + otherCRLs.nextElement(); String crlId = crl.getId(); if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL)) @@ -857,31 +850,31 @@ public class DoRevoke extends CMSServlet { updateStatusStr)); header.addStringValue(updateStatusStr, "no"); String error = - revReq.getExtDataInString(updateErrorStr); + revReq.getExtDataInString(updateErrorStr); - if (error != null) + if (error != null) header.addStringValue(updateErrorStr, - error); + error); } String publishStatusStr = crl.getCrlPublishStatusStr(); Integer publishResult = - revReq.getExtDataInInteger(publishStatusStr); + revReq.getExtDataInInteger(publishStatusStr); - if (publishResult == null) + if (publishResult == null) continue; if (publishResult.equals(IRequest.RES_SUCCESS)) { header.addStringValue(publishStatusStr, "yes"); } else { - String publishErrorStr = - crl.getCrlPublishErrorStr(); + String publishErrorStr = + crl.getCrlPublishErrorStr(); header.addStringValue(publishStatusStr, "no"); String error = - revReq.getExtDataInString(publishErrorStr); + revReq.getExtDataInString(publishErrorStr); - if (error != null) + if (error != null) header.addStringValue( - publishErrorStr, error); + publishErrorStr, error); } } } @@ -889,8 +882,8 @@ public class DoRevoke extends CMSServlet { if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) { header.addStringValue("dirEnabled", "yes"); - Integer[] ldapPublishStatus = - revReq.getExtDataInIntegerArray("ldapPublishStatus"); + Integer[] ldapPublishStatus = + revReq.getExtDataInIntegerArray("ldapPublishStatus"); int certsToUpdate = 0; int certsUpdated = 0; @@ -905,13 +898,13 @@ public class DoRevoke extends CMSServlet { header.addIntegerValue("certsUpdated", certsUpdated); header.addIntegerValue("certsToUpdate", certsToUpdate); - // add crl publishing status. + // add crl publishing status. String publError = - revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); if (publError != null) { header.addStringValue("crlPublishError", - publError); + publError); } } else { header.addStringValue("dirEnabled", "no"); @@ -946,16 +939,16 @@ public class DoRevoke extends CMSServlet { X509CertImpl cert = (X509CertImpl) oldCerts[j]; mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - stat.toString(), - cert.getSubjectDN(), - cert.getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + stat.toString(), + cert.getSubjectDN(), + cert.getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString() } + ); } } } @@ -965,9 +958,8 @@ public class DoRevoke extends CMSServlet { // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING)) - ) { + || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, auditSubjectID, @@ -1001,10 +993,10 @@ public class DoRevoke extends CMSServlet { // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals( RequestStatus.COMPLETE_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.REJECTED_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.CANCELED_STRING))) { + (auditApprovalStatus.equals( + RequestStatus.REJECTED_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, auditSubjectID, @@ -1042,10 +1034,10 @@ public class DoRevoke extends CMSServlet { // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals( RequestStatus.COMPLETE_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.REJECTED_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.CANCELED_STRING))) { + (auditApprovalStatus.equals( + RequestStatus.REJECTED_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, auditSubjectID, @@ -1062,8 +1054,8 @@ public class DoRevoke extends CMSServlet { throw e; } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED_1", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED_1", e.toString())); if (auditRequest) { // store a "CERT_STATUS_CHANGE_REQUEST" failure @@ -1084,10 +1076,10 @@ public class DoRevoke extends CMSServlet { // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals( RequestStatus.COMPLETE_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.REJECTED_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.CANCELED_STRING))) { + (auditApprovalStatus.equals( + RequestStatus.REJECTED_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, auditSubjectID, @@ -1110,11 +1102,11 @@ public class DoRevoke extends CMSServlet { /** * Signed Audit Log Requester ID - * - * This method is called to obtain the "RequesterID" for - * a signed audit log message. + * + * This method is called to obtain the "RequesterID" for a signed audit log + * message. * <P> - * + * * @param req HTTP request * @return id string containing the signed audit log message RequesterID */ @@ -1140,11 +1132,11 @@ public class DoRevoke extends CMSServlet { /** * Signed Audit Log Serial Number - * + * * This method is called to obtain the serial number of the certificate * whose status is to be changed for a signed audit log message. * <P> - * + * * @param eeSerialNumber a string containing the un-normalized serialNumber * @return id string containing the signed audit log message RequesterID */ @@ -1163,30 +1155,30 @@ public class DoRevoke extends CMSServlet { // find out if the value is hex or decimal int value = -1; - - //try int - try { - value = Integer.parseInt(serialNumber,10); + + // try int + try { + value = Integer.parseInt(serialNumber, 10); } catch (NumberFormatException e) { } - - //try hex - if( value == -1) { + + // try hex + if (value == -1) { try { - value = Integer.parseInt(serialNumber,16); + value = Integer.parseInt(serialNumber, 16); } catch (NumberFormatException e) { } } // give up if it isn't hex or dec - if ( value == -1) { + if (value == -1) { throw new NumberFormatException(); } // convert it to hexadecimal serialNumber = "0x" + Integer.toHexString( - value); + value); } else { serialNumber = ILogger.SIGNED_AUDIT_EMPTY_VALUE; } @@ -1196,11 +1188,11 @@ public class DoRevoke extends CMSServlet { /** * Signed Audit Log Request Type - * - * This method is called to obtain the "Request Type" for - * a signed audit log message. + * + * This method is called to obtain the "Request Type" for a signed audit log + * message. * <P> - * + * * @param reason an integer denoting the revocation reason * @return string containing REVOKE or ON_HOLD */ @@ -1222,4 +1214,3 @@ public class DoRevoke extends CMSServlet { return requestType; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java index 12093661..e7b83b0c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.io.OutputStream; import java.util.Date; @@ -63,10 +62,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Revoke a Certificate - * + * * @version $Revision$, $Date$ */ public class DoRevokeTPS extends CMSServlet { @@ -89,20 +87,19 @@ public class DoRevokeTPS extends CMSServlet { private final static String REVOKE = "revoke"; private final static String ON_HOLD = "on-hold"; private final static int ON_HOLD_REASON = 6; - private final static String - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = - "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; - private final static String - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = - "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; + private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = + "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; + private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = + "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; public DoRevokeTPS() { super(); } /** - * initialize the servlet. This servlet uses the template - * file "revocationResult.template" to render the result + * initialize the servlet. This servlet uses the template file + * "revocationResult.template" to render the result + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -131,16 +128,20 @@ public class DoRevokeTPS extends CMSServlet { } /** - * Serves HTTP request. The http parameters used by this request are as follows: + * Serves HTTP request. The http parameters used by this request are as + * follows: + * * <pre> * serialNumber Serial number of certificate to revoke (in HEX) * revocationReason Revocation reason (Described below) * totalRecordCount [number] * verifiedRecordCount [number] * invalidityDate [number of seconds in Jan 1,1970] - * + * * </pre> + * * revocationReason can be one of these values: + * * <pre> * 0 = Unspecified (default) * 1 = Key compromised @@ -174,7 +175,7 @@ public class DoRevokeTPS extends CMSServlet { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } catch (Exception e) { - CMS.debug("DoRevokeTPS getTemplate failed"); + CMS.debug("DoRevokeTPS getTemplate failed"); throw new EBaseException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } @@ -203,7 +204,7 @@ public class DoRevokeTPS extends CMSServlet { revokeAll = req.getParameter("revokeAll"); String comments = req.getParameter(IRequest.REQUESTOR_COMMENTS); - //for audit log. + // for audit log. String initiative = null; String authMgr = AuditFormat.NOAUTH; @@ -215,17 +216,17 @@ public class DoRevokeTPS extends CMSServlet { mAuthzResourceName, "revoke"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { cmsReq.setStatus(CMSRequest.UNAUTHORIZED); return; } - + if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { if (authToken != null) { authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); @@ -242,11 +243,11 @@ public class DoRevokeTPS extends CMSServlet { if (authorized) { process(argSet, header, reason, invalidityDate, initiative, req, - resp, revokeAll, totalRecordCount, comments, locale[0]); + resp, revokeAll, totalRecordCount, comments, locale[0]); } } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); error = new EBaseException(CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); } catch (EBaseException e) { error = e; @@ -260,10 +261,10 @@ public class DoRevokeTPS extends CMSServlet { errorString = "error=unauthorized"; } else if (error != null) { o_status = "status=3"; - errorString = "error="+error.toString(); + errorString = "error=" + error.toString(); } - String pp = o_status+"\n"+errorString; + String pp = o_status + "\n" + errorString; byte[] b = pp.getBytes(); resp.setContentType("text/html"); resp.setContentLength(b.length); @@ -271,8 +272,8 @@ public class DoRevokeTPS extends CMSServlet { os.write(b); os.flush(); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } } @@ -280,50 +281,51 @@ public class DoRevokeTPS extends CMSServlet { /** * Process cert status change request * <P> - * - * (Certificate Request - either an "agent" cert status change request, - * or an "EE" cert status change request) + * + * (Certificate Request - either an "agent" cert status change request, or + * an "EE" cert status change request) * <P> - * - * (Certificate Request Processed - either an "agent" cert status change - * request, or an "EE" cert status change request) + * + * (Certificate Request Processed - either an "agent" cert status change + * request, or an "EE" cert status change request) * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when - * a cert status change request (e. g. - "revocation") is made (before + * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used + * when a cert status change request (e. g. - "revocation") is made (before * approval process) - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED - * used when a certificate status is changed (revoked, expired, on-hold, - * off-hold) + * <li>signed.audit + * LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a + * certificate status is changed (revoked, expired, on-hold, off-hold) * </ul> + * * @param argSet CMS template parameters * @param header argument block - * @param reason revocation reason (0 - Unspecified, 1 - Key compromised, - * 2 - CA key compromised; should not be used, 3 - Affiliation changed, - * 4 - Certificate superceded, 5 - Cessation of operation, or - * 6 - Certificate is on hold) + * @param reason revocation reason (0 - Unspecified, 1 - Key compromised, 2 + * - CA key compromised; should not be used, 3 - Affiliation + * changed, 4 - Certificate superceded, 5 - Cessation of + * operation, or 6 - Certificate is on hold) * @param invalidityDate certificate validity date * @param initiative string containing the audit format * @param req HTTP servlet request * @param resp HTTP servlet response - * @param revokeAll string containing information on all of the - * certificates to be revoked + * @param revokeAll string containing information on all of the certificates + * to be revoked * @param totalRecordCount total number of records (verified and unverified) * @param comments string containing certificate comments * @param locale the system locale * @exception EBaseException an error has occurred */ private void process(CMSTemplateParams argSet, IArgBlock header, - int reason, Date invalidityDate, - String initiative, - HttpServletRequest req, - HttpServletResponse resp, - String revokeAll, - int totalRecordCount, - String comments, - Locale locale) - throws EBaseException { + int reason, Date invalidityDate, + String initiative, + HttpServletRequest req, + HttpServletResponse resp, + String revokeAll, + int totalRecordCount, + String comments, + Locale locale) + throws EBaseException { boolean auditRequest = true; String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -333,21 +335,20 @@ public class DoRevokeTPS extends CMSServlet { String auditApprovalStatus = ILogger.SIGNED_AUDIT_EMPTY_VALUE; String auditReasonNum = String.valueOf(reason); - if (revokeAll != null) { - CMS.debug("DoRevokeTPS.process revokeAll" + revokeAll); + CMS.debug("DoRevokeTPS.process revokeAll" + revokeAll); - String serial = ""; + String serial = ""; String[] tokens; tokens = revokeAll.split("="); if (tokens.length == 2) { serial = tokens[1]; - //remove the trailing paren + // remove the trailing paren if (serial.endsWith(")")) { - serial = serial.substring(0,serial.length() -1); + serial = serial.substring(0, serial.length() - 1); } - auditSerialNumber = serial; + auditSerialNumber = serial; } } @@ -393,7 +394,7 @@ public class DoRevokeTPS extends CMSServlet { } X509CertImpl xcert = rec.getCertificate(); IArgBlock rarg = CMS.createArgBlock(); - + // we do not want to revoke the CA certificate accidentially if (xcert != null && isSystemCertificate(xcert.getSerialNumber())) { CMS.debug("DoRevokeTPS: skipped revocation request for system certificate " + xcert.getSerialNumber()); @@ -403,20 +404,20 @@ public class DoRevokeTPS extends CMSServlet { if (xcert != null) { rarg.addStringValue("serialNumber", - xcert.getSerialNumber().toString(16)); + xcert.getSerialNumber().toString(16)); if (rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) { alreadyRevokedCertFound = true; - CMS.debug("Certificate 0x"+xcert.getSerialNumber().toString(16) + " has been revoked."); + CMS.debug("Certificate 0x" + xcert.getSerialNumber().toString(16) + " has been revoked."); } else { oldCertsV.addElement(xcert); RevokedCertImpl revCertImpl = - new RevokedCertImpl(xcert.getSerialNumber(), - CMS.getCurrentDate(), entryExtn); + new RevokedCertImpl(xcert.getSerialNumber(), + CMS.getCurrentDate(), entryExtn); revCertImplsV.addElement(revCertImpl); - CMS.debug("Certificate 0x"+xcert.getSerialNumber().toString(16)+" is going to be revoked."); + CMS.debug("Certificate 0x" + xcert.getSerialNumber().toString(16) + " is going to be revoked."); count++; } } else { @@ -424,27 +425,27 @@ public class DoRevokeTPS extends CMSServlet { } } - if (count == 0) { + if (count == 0) { // Situation where no certs were reoked here, but some certs // requested happened to be already revoked. Don't return error. if (alreadyRevokedCertFound == true && badCertsRequested == false) { - CMS.debug("Only have previously revoked certs in the list."); - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - auditSerialNumber, - auditRequestType); + CMS.debug("Only have previously revoked certs in the list."); + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + auditSerialNumber, + auditRequestType); - audit(auditMessage); - return; + audit(auditMessage); + return; } - + errorString = "error=No certificates are revoked."; o_status = "status=2"; - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REV_CERTS_ZERO")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REV_CERTS_ZERO")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -469,7 +470,7 @@ public class DoRevokeTPS extends CMSServlet { } IRequest revReq = - mQueue.newRequest(IRequest.REVOCATION_REQUEST); + mQueue.newRequest(IRequest.REVOCATION_REQUEST); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -484,7 +485,7 @@ public class DoRevokeTPS extends CMSServlet { revReq.setExtData(IRequest.CERT_INFO, revCertImpls); revReq.setExtData(IRequest.REQ_TYPE, IRequest.REVOCATION_REQUEST); - if(initiative.equals(AuditFormat.FROMUSER)) { + if (initiative.equals(AuditFormat.FROMUSER)) { revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_EE); } else { revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_AGENT); @@ -513,37 +514,37 @@ public class DoRevokeTPS extends CMSServlet { // that is meant for the Master CA. From Clone's point of view // the request is complete if ((stat == RequestStatus.COMPLETE) || ((type.equals(IRequest.CLA_CERT4CRL_REQUEST)) && (stat == RequestStatus.SVC_PENDING))) { - // audit log the error + // audit log the error Integer result = revReq.getExtDataInInteger(IRequest.RESULT); if (result.equals(IRequest.RES_ERROR)) { String[] svcErrors = - revReq.getExtDataInStringArray(IRequest.SVCERRORS); + revReq.getExtDataInStringArray(IRequest.SVCERRORS); if (svcErrors != null && svcErrors.length > 0) { for (int i = 0; i < svcErrors.length; i++) { String err = svcErrors[i]; if (err != null) { - //cmsReq.setErrorDescription(err); + // cmsReq.setErrorDescription(err); for (int j = 0; j < count; j++) { if (oldCerts[j] instanceof X509CertImpl) { X509CertImpl cert = (X509CertImpl) oldCerts[j]; if (oldCerts[j] != null) { mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "completed with error: " + - err, - cert.getSubjectDN(), - cert.getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "completed with error: " + + err, + cert.getSubjectDN(), + cert.getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString() } + ); } } } @@ -556,10 +557,10 @@ public class DoRevokeTPS extends CMSServlet { // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals( RequestStatus.COMPLETE_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.REJECTED_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.CANCELED_STRING))) { + (auditApprovalStatus.equals( + RequestStatus.REJECTED_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, auditSubjectID, @@ -573,7 +574,7 @@ public class DoRevokeTPS extends CMSServlet { audit(auditMessage); } - return; + return; } long endTime = CMS.getCurrentDate().getTime(); @@ -585,24 +586,24 @@ public class DoRevokeTPS extends CMSServlet { X509CertImpl cert = (X509CertImpl) oldCerts[j]; mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "completed", - cert.getSubjectDN(), - cert.getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString() + " time: " + (endTime - startTime)} - ); + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "completed", + cert.getSubjectDN(), + cert.getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString() + " time: " + (endTime - startTime) } + ); } } } header.addStringValue("revoked", "yes"); - Integer updateCRLResult = - revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); + Integer updateCRLResult = + revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); if (updateCRLResult != null) { if (!updateCRLResult.equals(IRequest.RES_SUCCESS)) { @@ -615,29 +616,29 @@ public class DoRevokeTPS extends CMSServlet { } // let known crl publishing status too. Integer publishCRLResult = - revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); + revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); if (publishCRLResult != null) { if (!publishCRLResult.equals(IRequest.RES_SUCCESS)) { String publError = - revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); o_status = "status=3"; if (publError != null) { - errorString = "error="+publError; + errorString = "error=" + publError; } } } } if (mAuthority instanceof ICertificateAuthority) { - // let known update and publish status of all crls. - Enumeration<ICRLIssuingPoint> otherCRLs = - ((ICertificateAuthority) mAuthority).getCRLIssuingPoints(); + // let known update and publish status of all crls. + Enumeration<ICRLIssuingPoint> otherCRLs = + ((ICertificateAuthority) mAuthority).getCRLIssuingPoints(); while (otherCRLs.hasMoreElements()) { ICRLIssuingPoint crl = (ICRLIssuingPoint) - otherCRLs.nextElement(); + otherCRLs.nextElement(); String crlId = crl.getId(); if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL)) @@ -652,25 +653,25 @@ public class DoRevokeTPS extends CMSServlet { CMS.debug("DoRevoke: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER_NO", updateStatusStr)); String error = - revReq.getExtDataInString(updateErrorStr); + revReq.getExtDataInString(updateErrorStr); o_status = "status=3"; - if (error != null) { - errorString = "error="+error; + if (error != null) { + errorString = "error=" + error; } } String publishStatusStr = crl.getCrlPublishStatusStr(); Integer publishResult = - revReq.getExtDataInInteger(publishStatusStr); + revReq.getExtDataInInteger(publishStatusStr); - if (publishResult == null) + if (publishResult == null) continue; if (!publishResult.equals(IRequest.RES_SUCCESS)) { - String publishErrorStr = - crl.getCrlPublishErrorStr(); + String publishErrorStr = + crl.getCrlPublishErrorStr(); String error = - revReq.getExtDataInString(publishErrorStr); + revReq.getExtDataInString(publishErrorStr); o_status = "status=3"; if (error != null) { @@ -683,8 +684,8 @@ public class DoRevokeTPS extends CMSServlet { if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) { header.addStringValue("dirEnabled", "yes"); - Integer[] ldapPublishStatus = - revReq.getExtDataInIntegerArray("ldapPublishStatus"); + Integer[] ldapPublishStatus = + revReq.getExtDataInIntegerArray("ldapPublishStatus"); int certsToUpdate = 0; int certsUpdated = 0; @@ -697,12 +698,12 @@ public class DoRevokeTPS extends CMSServlet { } } - // add crl publishing status. + // add crl publishing status. String publError = - revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); if (publError != null) { - errorString = "error="+publError; + errorString = "error=" + publError; o_status = "status=3"; } } else if (mPublisherProcessor == null && mPublisherProcessor.ldapEnabled()) { @@ -712,7 +713,7 @@ public class DoRevokeTPS extends CMSServlet { } else { if (stat == RequestStatus.PENDING || stat == RequestStatus.REJECTED) { o_status = "status=2"; - errorString = "error="+stat.toString(); + errorString = "error=" + stat.toString(); } else { o_status = "status=2"; errorString = "error=Undefined request status"; @@ -743,16 +744,16 @@ public class DoRevokeTPS extends CMSServlet { X509CertImpl cert = (X509CertImpl) oldCerts[j]; mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - stat.toString(), - cert.getSubjectDN(), - cert.getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + stat.toString(), + cert.getSubjectDN(), + cert.getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString() } + ); } } } @@ -762,9 +763,8 @@ public class DoRevokeTPS extends CMSServlet { // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING)) - ) { + || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, auditSubjectID, @@ -799,10 +799,10 @@ public class DoRevokeTPS extends CMSServlet { // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals( RequestStatus.COMPLETE_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.REJECTED_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.CANCELED_STRING))) { + (auditApprovalStatus.equals( + RequestStatus.REJECTED_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, auditSubjectID, @@ -819,8 +819,8 @@ public class DoRevokeTPS extends CMSServlet { throw e; } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED_1", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED_1", e.toString())); if (auditRequest) { // store a "CERT_STATUS_CHANGE_REQUEST" failure @@ -841,10 +841,10 @@ public class DoRevokeTPS extends CMSServlet { // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals( RequestStatus.COMPLETE_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.REJECTED_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.CANCELED_STRING))) { + (auditApprovalStatus.equals( + RequestStatus.REJECTED_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, auditSubjectID, @@ -867,11 +867,11 @@ public class DoRevokeTPS extends CMSServlet { /** * Signed Audit Log Requester ID - * - * This method is called to obtain the "RequesterID" for - * a signed audit log message. + * + * This method is called to obtain the "RequesterID" for a signed audit log + * message. * <P> - * + * * @param req HTTP request * @return id string containing the signed audit log message RequesterID */ @@ -897,11 +897,11 @@ public class DoRevokeTPS extends CMSServlet { /** * Signed Audit Log Serial Number - * + * * This method is called to obtain the serial number of the certificate * whose status is to be changed for a signed audit log message. * <P> - * + * * @param eeSerialNumber a string containing the un-normalized serialNumber * @return id string containing the signed audit log message RequesterID */ @@ -920,7 +920,7 @@ public class DoRevokeTPS extends CMSServlet { // convert it to hexadecimal serialNumber = "0x" + Integer.toHexString( - Integer.valueOf(serialNumber).intValue()); + Integer.valueOf(serialNumber).intValue()); } else { serialNumber = ILogger.SIGNED_AUDIT_EMPTY_VALUE; } @@ -930,11 +930,11 @@ public class DoRevokeTPS extends CMSServlet { /** * Signed Audit Log Request Type - * - * This method is called to obtain the "Request Type" for - * a signed audit log message. + * + * This method is called to obtain the "Request Type" for a signed audit log + * message. * <P> - * + * * @param reason an integer denoting the revocation reason * @return string containing REVOKE or ON_HOLD */ @@ -956,4 +956,3 @@ public class DoRevokeTPS extends CMSServlet { return requestType; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java index e1791045..0b7c6f85 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.math.BigInteger; import java.util.Enumeration; @@ -56,11 +55,10 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * 'Unrevoke' a certificate. (For certificates that are on-hold only, - * take them off-hold) - * + * 'Unrevoke' a certificate. (For certificates that are on-hold only, take them + * off-hold) + * * @version $Revision$, $Date$ */ public class DoUnrevoke extends CMSServlet { @@ -80,19 +78,18 @@ public class DoUnrevoke extends CMSServlet { private final static String OFF_HOLD = "off-hold"; private final static int OFF_HOLD_REASON = 6; - private final static String - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = - "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; - private final static String - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = - "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; - + private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = + "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; + private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = + "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; + public DoUnrevoke() { super(); } /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -112,14 +109,14 @@ public class DoUnrevoke extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> - * <li>http.param serialNumber Decimal serial number of certificate to unrevoke. The - * certificate must be revoked with a revovcation reason 'on hold' for this - * operation to succeed. The serial number may be expressed as a hex number by - * prefixing '0x' to the serialNumber string + * <li>http.param serialNumber Decimal serial number of certificate to + * unrevoke. The certificate must be revoked with a revovcation reason 'on + * hold' for this operation to succeed. The serial number may be expressed + * as a hex number by prefixing '0x' to the serialNumber string * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -136,10 +133,10 @@ public class DoUnrevoke extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -149,20 +146,20 @@ public class DoUnrevoke extends CMSServlet { try { serialNumber = getSerialNumbers(req); - //for audit log. + // for audit log. IAuthToken authToken = authenticate(cmsReq); String authMgr = AuditFormat.NOAUTH; - + if (authToken != null) { authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); - } else { - CMS.debug( "DoUnrevoke::process() - authToken is null!" ); + } else { + CMS.debug("DoUnrevoke::process() - authToken is null!"); return; } String agentID = authToken.getInString("userid"); String initiative = AuditFormat.FROMAGENT + " agentID: " + agentID - + " authenticated by " + authMgr; + + " authenticated by " + authMgr; AuthzToken authzToken = null; @@ -171,10 +168,10 @@ public class DoUnrevoke extends CMSServlet { mAuthzResourceName, "unrevoke"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -186,7 +183,7 @@ public class DoUnrevoke extends CMSServlet { } catch (NumberFormatException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUM_FORMAT")); - error = new EBaseException(CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT")); + error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT")); } catch (EBaseException e) { error = e; } @@ -197,44 +194,45 @@ public class DoUnrevoke extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } - /** * Process X509 cert status change request * <P> - * - * (Certificate Request - an "agent" cert status change request to take - * a certificate off-hold) + * + * (Certificate Request - an "agent" cert status change request to take a + * certificate off-hold) * <P> - * - * (Certificate Request Processed - an "agent" cert status change request - * to take a certificate off-hold) + * + * (Certificate Request Processed - an "agent" cert status change request to + * take a certificate off-hold) * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when - * a cert status change request (e. g. - "revocation") is made (before + * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used + * when a cert status change request (e. g. - "revocation") is made (before * approval process) - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED - * used when a certificate status is changed (taken off-hold) + * <li>signed.audit + * LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a + * certificate status is changed (taken off-hold) * </ul> + * * @param argSet CMS template parameters * @param header argument block * @param serialNumbers the serial number of the certificate @@ -245,11 +243,11 @@ public class DoUnrevoke extends CMSServlet { * @exception EBaseException an error has occurred */ private void process(CMSTemplateParams argSet, IArgBlock header, - BigInteger[] serialNumbers, - HttpServletRequest req, - HttpServletResponse resp, - Locale locale, String initiative) - throws EBaseException { + BigInteger[] serialNumbers, + HttpServletRequest req, + HttpServletResponse resp, + Locale locale, String initiative) + throws EBaseException { boolean auditRequest = true; String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -262,11 +260,13 @@ public class DoUnrevoke extends CMSServlet { try { StringBuffer snList = new StringBuffer(); - // certs are for old cloning and they should be removed as soon as possible + // certs are for old cloning and they should be removed as soon as + // possible X509CertImpl[] certs = new X509CertImpl[serialNumbers.length]; for (int i = 0; i < serialNumbers.length; i++) { - certs[i] = (X509CertImpl)getX509Certificate(serialNumbers[i]); - if (snList.length() > 0) snList.append(", "); + certs[i] = (X509CertImpl) getX509Certificate(serialNumbers[i]); + if (snList.length() > 0) + snList.append(", "); snList.append("0x"); snList.append(serialNumbers[i].toString(16)); } @@ -310,15 +310,15 @@ public class DoUnrevoke extends CMSServlet { header.addStringValue("unrevoked", "yes"); if (certs[0] != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOUNREVOKEFORMAT, - new Object[] { - unrevReq.getRequestId(), - initiative, - "completed", - certs[0].getSubjectDN(), - "0x" + serialNumbers[0].toString(16)} - ); + AuditFormat.LEVEL, + AuditFormat.DOUNREVOKEFORMAT, + new Object[] { + unrevReq.getRequestId(), + initiative, + "completed", + certs[0].getSubjectDN(), + "0x" + serialNumbers[0].toString(16) } + ); } } else { header.addStringValue("unrevoked", "no"); @@ -328,59 +328,59 @@ public class DoUnrevoke extends CMSServlet { header.addStringValue("error", error); if (certs[0] != null) { mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOUNREVOKEFORMAT, - new Object[] { - unrevReq.getRequestId(), - initiative, - "completed with error: " + - error, - certs[0].getSubjectDN(), - "0x" + serialNumbers[0].toString(16)} - ); + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOUNREVOKEFORMAT, + new Object[] { + unrevReq.getRequestId(), + initiative, + "completed with error: " + + error, + certs[0].getSubjectDN(), + "0x" + serialNumbers[0].toString(16) } + ); } /****************************************************/ - - /* IMPORTANT: In the event that the following */ - - /* "throw error;" statement is */ - - /* uncommented, uncomment the following */ - - /* signed audit log message, also!!! */ - + + /* IMPORTANT: In the event that the following */ + + /* "throw error;" statement is */ + + /* uncommented, uncomment the following */ + + /* signed audit log message, also!!! */ + /****************************************************/ - // // store a message in the signed audit log file - // // if and only if "auditApprovalStatus" is - // // "complete", "revoked", or "canceled" - // if( ( auditApprovalStatus.equals( - // RequestStatus.COMPLETE_STRING ) ) || - // ( auditApprovalStatus.equals( - // RequestStatus.REJECTED_STRING ) ) || - // ( auditApprovalStatus.equals( - // RequestStatus.CANCELED_STRING ) ) ) { - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - // auditSubjectID, - // ILogger.FAILURE, - // auditRequesterID, - // auditSerialNumber, - // auditRequestType, - // auditReasonNum, - // auditApprovalStatus ); + // // store a message in the signed audit log file + // // if and only if "auditApprovalStatus" is + // // "complete", "revoked", or "canceled" + // if( ( auditApprovalStatus.equals( + // RequestStatus.COMPLETE_STRING ) ) || + // ( auditApprovalStatus.equals( + // RequestStatus.REJECTED_STRING ) ) || + // ( auditApprovalStatus.equals( + // RequestStatus.CANCELED_STRING ) ) ) { + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + // auditSubjectID, + // ILogger.FAILURE, + // auditRequesterID, + // auditSerialNumber, + // auditRequestType, + // auditReasonNum, + // auditApprovalStatus ); // - // audit( auditMessage ); - // } + // audit( auditMessage ); + // } - // throw error; + // throw error; } } - Integer updateCRLResult = - unrevReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); + Integer updateCRLResult = + unrevReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); if (updateCRLResult != null) { header.addStringValue("updateCRL", "yes"); @@ -389,15 +389,15 @@ public class DoUnrevoke extends CMSServlet { } else { header.addStringValue("updateCRLSuccess", "no"); String crlError = - unrevReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR); + unrevReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR); - if (crlError != null) - header.addStringValue("updateCRLError", - crlError); + if (crlError != null) + header.addStringValue("updateCRLError", + crlError); } // let known crl publishing status too. - Integer publishCRLResult = - unrevReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); + Integer publishCRLResult = + unrevReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); if (publishCRLResult != null) { if (publishCRLResult.equals(IRequest.RES_SUCCESS)) { @@ -405,22 +405,22 @@ public class DoUnrevoke extends CMSServlet { } else { header.addStringValue("publishCRLSuccess", "no"); String publError = - unrevReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + unrevReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); - if (publError != null) - header.addStringValue("publishCRLError", - publError); + if (publError != null) + header.addStringValue("publishCRLError", + publError); } } } - // let known update and publish status of all crls. - Enumeration otherCRLs = - ((ICertificateAuthority) mAuthority).getCRLIssuingPoints(); + // let known update and publish status of all crls. + Enumeration otherCRLs = + ((ICertificateAuthority) mAuthority).getCRLIssuingPoints(); while (otherCRLs.hasMoreElements()) { ICRLIssuingPoint crl = (ICRLIssuingPoint) - otherCRLs.nextElement(); + otherCRLs.nextElement(); String crlId = crl.getId(); if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL)) @@ -431,48 +431,48 @@ public class DoUnrevoke extends CMSServlet { if (updateResult != null) { if (updateResult.equals(IRequest.RES_SUCCESS)) { CMS.debug("DoUnrevoke: adding header " + - updateStatusStr + " yes "); + updateStatusStr + " yes "); header.addStringValue(updateStatusStr, "yes"); } else { String updateErrorStr = crl.getCrlUpdateErrorStr(); CMS.debug("DoUnrevoke: adding header " + - updateStatusStr + " no "); + updateStatusStr + " no "); header.addStringValue(updateStatusStr, "no"); String error = - unrevReq.getExtDataInString(updateErrorStr); + unrevReq.getExtDataInString(updateErrorStr); - if (error != null) + if (error != null) header.addStringValue( - updateErrorStr, error); + updateErrorStr, error); } String publishStatusStr = crl.getCrlPublishStatusStr(); Integer publishResult = - unrevReq.getExtDataInInteger(publishStatusStr); + unrevReq.getExtDataInInteger(publishStatusStr); - if (publishResult == null) + if (publishResult == null) continue; if (publishResult.equals(IRequest.RES_SUCCESS)) { header.addStringValue(publishStatusStr, "yes"); } else { - String publishErrorStr = - crl.getCrlPublishErrorStr(); + String publishErrorStr = + crl.getCrlPublishErrorStr(); header.addStringValue(publishStatusStr, "no"); String error = - unrevReq.getExtDataInString(publishErrorStr); + unrevReq.getExtDataInString(publishErrorStr); - if (error != null) + if (error != null) header.addStringValue( - publishErrorStr, error); + publishErrorStr, error); } } } if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) { header.addStringValue("dirEnabled", "yes"); - Integer[] ldapPublishStatus = - unrevReq.getExtDataInIntegerArray("ldapPublishStatus"); + Integer[] ldapPublishStatus = + unrevReq.getExtDataInIntegerArray("ldapPublishStatus"); if (ldapPublishStatus != null) { if (ldapPublishStatus[0] == IRequest.RES_SUCCESS) { @@ -490,30 +490,30 @@ public class DoUnrevoke extends CMSServlet { header.addStringValue("unrevoked", "pending"); if (certs[0] != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOUNREVOKEFORMAT, - new Object[] { - unrevReq.getRequestId(), - initiative, - "pending", - certs[0].getSubjectDN(), - "0x" + serialNumbers[0].toString(16)} - ); + AuditFormat.LEVEL, + AuditFormat.DOUNREVOKEFORMAT, + new Object[] { + unrevReq.getRequestId(), + initiative, + "pending", + certs[0].getSubjectDN(), + "0x" + serialNumbers[0].toString(16) } + ); } } else { header.addStringValue("error", "Request Status.Error"); header.addStringValue("unrevoked", "no"); if (certs[0] != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOUNREVOKEFORMAT, - new Object[] { - unrevReq.getRequestId(), - initiative, - status.toString(), - certs[0].getSubjectDN(), - "0x" + serialNumbers[0].toString(16)} - ); + AuditFormat.LEVEL, + AuditFormat.DOUNREVOKEFORMAT, + new Object[] { + unrevReq.getRequestId(), + initiative, + status.toString(), + certs[0].getSubjectDN(), + "0x" + serialNumbers[0].toString(16) } + ); } } @@ -521,9 +521,8 @@ public class DoUnrevoke extends CMSServlet { // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING)) - ) { + || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, auditSubjectID, @@ -557,10 +556,10 @@ public class DoUnrevoke extends CMSServlet { // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals( RequestStatus.COMPLETE_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.REJECTED_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.CANCELED_STRING))) { + (auditApprovalStatus.equals( + RequestStatus.REJECTED_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, auditSubjectID, @@ -580,7 +579,7 @@ public class DoUnrevoke extends CMSServlet { } private BigInteger[] getSerialNumbers(HttpServletRequest req) - throws NumberFormatException { + throws NumberFormatException { String serialNumString = req.getParameter("serialNumber"); StringTokenizer snList = new StringTokenizer(serialNumString, " "); @@ -601,7 +600,7 @@ public class DoUnrevoke extends CMSServlet { biList.addElement(bi); } else { throw new NumberFormatException(); - } + } } if (biList.size() < 1) { throw new NumberFormatException(); @@ -617,11 +616,11 @@ public class DoUnrevoke extends CMSServlet { /** * Signed Audit Log Requester ID - * - * This method is called to obtain the "RequesterID" for - * a signed audit log message. + * + * This method is called to obtain the "RequesterID" for a signed audit log + * message. * <P> - * + * * @param req HTTP request * @return id string containing the signed audit log message RequesterID */ @@ -647,11 +646,11 @@ public class DoUnrevoke extends CMSServlet { /** * Signed Audit Log Serial Number - * + * * This method is called to obtain the serial number of the certificate * whose status is to be changed for a signed audit log message. * <P> - * + * * @param eeSerialNumber a string containing the un-normalized serialNumber * @return id string containing the signed audit log message RequesterID */ @@ -670,7 +669,7 @@ public class DoUnrevoke extends CMSServlet { // convert it to hexadecimal serialNumber = "0x" + Integer.toHexString( - Integer.valueOf(serialNumber).intValue()); + Integer.valueOf(serialNumber).intValue()); } else { serialNumber = ILogger.SIGNED_AUDIT_EMPTY_VALUE; } @@ -678,4 +677,3 @@ public class DoUnrevoke extends CMSServlet { return serialNumber; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java index 8f46ee9c..4472d0e5 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.io.OutputStream; import java.math.BigInteger; @@ -55,11 +54,10 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * 'Unrevoke' a certificate. (For certificates that are on-hold only, - * take them off-hold) - * + * 'Unrevoke' a certificate. (For certificates that are on-hold only, take them + * off-hold) + * * @version $Revision$, $Date$ */ public class DoUnrevokeTPS extends CMSServlet { @@ -81,19 +79,18 @@ public class DoUnrevokeTPS extends CMSServlet { private final static String OFF_HOLD = "off-hold"; private final static int OFF_HOLD_REASON = 6; - private final static String - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = - "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; - private final static String - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = - "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; - + private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = + "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; + private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = + "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; + public DoUnrevokeTPS() { super(); } /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -112,14 +109,14 @@ public class DoUnrevokeTPS extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> - * <li>http.param serialNumber Decimal serial number of certificate to unrevoke. The - * certificate must be revoked with a revovcation reason 'on hold' for this - * operation to succeed. The serial number may be expressed as a hex number by - * prefixing '0x' to the serialNumber string + * <li>http.param serialNumber Decimal serial number of certificate to + * unrevoke. The certificate must be revoked with a revovcation reason 'on + * hold' for this operation to succeed. The serial number may be expressed + * as a hex number by prefixing '0x' to the serialNumber string * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -133,34 +130,31 @@ public class DoUnrevokeTPS extends CMSServlet { Locale[] locale = new Locale[1]; -/* - try { - form = getTemplate(mFormPath, req, locale); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } -*/ + /* + * try { form = getTemplate(mFormPath, req, locale); } catch + * (IOException e) { log(ILogger.LL_FAILURE, + * CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); throw new + * ECMSGWException( + * CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } + */ try { serialNumbers = getSerialNumbers(req); - //for audit log. + // for audit log. IAuthToken authToken = authenticate(cmsReq); String authMgr = AuditFormat.NOAUTH; - + if (authToken != null) { authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); - } else { - CMS.debug( "DoUnrevokeTPS::process() - authToken is null!" ); + } else { + CMS.debug("DoUnrevokeTPS::process() - authToken is null!"); return; - } + } String agentID = authToken.getInString("userid"); String initiative = AuditFormat.FROMAGENT + " agentID: " + agentID - + " authenticated by " + authMgr; + + " authenticated by " + authMgr; AuthzToken authzToken = null; @@ -169,17 +163,17 @@ public class DoUnrevokeTPS extends CMSServlet { mAuthzResourceName, "unrevoke"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { cmsReq.setStatus(CMSRequest.UNAUTHORIZED); o_status = "status=3"; errorString = "error=unauthorized"; - String pp = o_status+"\n"+errorString; + String pp = o_status + "\n" + errorString; byte[] b = pp.getBytes(); resp.setContentType("text/html"); resp.setContentLength(b.length); @@ -192,7 +186,7 @@ public class DoUnrevokeTPS extends CMSServlet { process(serialNumbers, req, resp, locale[0], initiative); } catch (NumberFormatException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUM_FORMAT")); - error = new EBaseException(CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT")); + error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT")); } catch (EBaseException e) { error = e; } catch (IOException e) { @@ -206,10 +200,10 @@ public class DoUnrevokeTPS extends CMSServlet { errorString = "error="; } else { o_status = "status=3"; - errorString = "error="+error.toString(); + errorString = "error=" + error.toString(); } - String pp = o_status+"\n"+errorString; + String pp = o_status + "\n" + errorString; byte[] b = pp.getBytes(); resp.setContentType("text/html"); resp.setContentLength(b.length); @@ -217,33 +211,34 @@ public class DoUnrevokeTPS extends CMSServlet { os.write(b); os.flush(); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } - /** * Process X509 cert status change request * <P> - * - * (Certificate Request - an "agent" cert status change request to take - * a certificate off-hold) + * + * (Certificate Request - an "agent" cert status change request to take a + * certificate off-hold) * <P> - * - * (Certificate Request Processed - an "agent" cert status change request - * to take a certificate off-hold) + * + * (Certificate Request Processed - an "agent" cert status change request to + * take a certificate off-hold) * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when - * a cert status change request (e. g. - "revocation") is made (before + * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used + * when a cert status change request (e. g. - "revocation") is made (before * approval process) - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED - * used when a certificate status is changed (taken off-hold) + * <li>signed.audit + * LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a + * certificate status is changed (taken off-hold) * </ul> + * * @param serialNumbers the serial number of the certificate * @param req HTTP servlet request * @param resp HTTP servlet response @@ -252,10 +247,10 @@ public class DoUnrevokeTPS extends CMSServlet { * @exception EBaseException an error has occurred */ private void process(BigInteger[] serialNumbers, - HttpServletRequest req, - HttpServletResponse resp, - Locale locale, String initiative) - throws EBaseException { + HttpServletRequest req, + HttpServletResponse resp, + Locale locale, String initiative) + throws EBaseException { boolean auditRequest = true; String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -268,11 +263,13 @@ public class DoUnrevokeTPS extends CMSServlet { try { String snList = ""; - // certs are for old cloning and they should be removed as soon as possible + // certs are for old cloning and they should be removed as soon as + // possible X509CertImpl[] certs = new X509CertImpl[serialNumbers.length]; for (int i = 0; i < serialNumbers.length; i++) { - certs[i] = (X509CertImpl)getX509Certificate(serialNumbers[i]); - if (snList.length() > 0) snList += ", "; + certs[i] = (X509CertImpl) getX509Certificate(serialNumbers[i]); + if (snList.length() > 0) + snList += ", "; snList += "0x" + serialNumbers[i].toString(16); } @@ -313,76 +310,76 @@ public class DoUnrevokeTPS extends CMSServlet { if (result != null && result.equals(IRequest.RES_SUCCESS)) { if (certs[0] != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOUNREVOKEFORMAT, - new Object[] { - unrevReq.getRequestId(), - initiative, - "completed", - certs[0].getSubjectDN(), - "0x" + serialNumbers[0].toString(16)} - ); + AuditFormat.LEVEL, + AuditFormat.DOUNREVOKEFORMAT, + new Object[] { + unrevReq.getRequestId(), + initiative, + "completed", + certs[0].getSubjectDN(), + "0x" + serialNumbers[0].toString(16) } + ); } } else { String error = unrevReq.getExtDataInString(IRequest.ERROR); if (error != null) { o_status = "status=3"; - errorString = "error="+error; + errorString = "error=" + error; if (certs[0] != null) { mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOUNREVOKEFORMAT, - new Object[] { - unrevReq.getRequestId(), - initiative, - "completed with error: " + - error, - certs[0].getSubjectDN(), - "0x" + serialNumbers[0].toString(16)} - ); + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOUNREVOKEFORMAT, + new Object[] { + unrevReq.getRequestId(), + initiative, + "completed with error: " + + error, + certs[0].getSubjectDN(), + "0x" + serialNumbers[0].toString(16) } + ); } } } - Integer updateCRLResult = - unrevReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); + Integer updateCRLResult = + unrevReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); if (updateCRLResult != null) { if (!updateCRLResult.equals(IRequest.RES_SUCCESS)) { String crlError = - unrevReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR); + unrevReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR); if (crlError != null) { o_status = "status=3"; - errorString = "error="+crlError; + errorString = "error=" + crlError; } } // let known crl publishing status too. - Integer publishCRLResult = - unrevReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); + Integer publishCRLResult = + unrevReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); if (publishCRLResult != null) { if (!publishCRLResult.equals(IRequest.RES_SUCCESS)) { String publError = - unrevReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + unrevReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); if (publError != null) { o_status = "status=3"; - errorString = "error="+publError; + errorString = "error=" + publError; } } } } - // let known update and publish status of all crls. - Enumeration otherCRLs = - ((ICertificateAuthority) mAuthority).getCRLIssuingPoints(); + // let known update and publish status of all crls. + Enumeration otherCRLs = + ((ICertificateAuthority) mAuthority).getCRLIssuingPoints(); while (otherCRLs.hasMoreElements()) { ICRLIssuingPoint crl = (ICRLIssuingPoint) - otherCRLs.nextElement(); + otherCRLs.nextElement(); String crlId = crl.getId(); if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL)) @@ -394,37 +391,37 @@ public class DoUnrevokeTPS extends CMSServlet { if (!updateResult.equals(IRequest.RES_SUCCESS)) { String updateErrorStr = crl.getCrlUpdateErrorStr(); String error = - unrevReq.getExtDataInString(updateErrorStr); + unrevReq.getExtDataInString(updateErrorStr); if (error != null) { o_status = "status=3"; - errorString = "error="+error; + errorString = "error=" + error; } } String publishStatusStr = crl.getCrlPublishStatusStr(); Integer publishResult = - unrevReq.getExtDataInInteger(publishStatusStr); + unrevReq.getExtDataInInteger(publishStatusStr); - if (publishResult == null) + if (publishResult == null) continue; if (!publishResult.equals(IRequest.RES_SUCCESS)) { - String publishErrorStr = - crl.getCrlPublishErrorStr(); + String publishErrorStr = + crl.getCrlPublishErrorStr(); String error = - unrevReq.getExtDataInString(publishErrorStr); + unrevReq.getExtDataInString(publishErrorStr); if (error != null) { o_status = "status=3"; - errorString = "error="+error; + errorString = "error=" + error; } } } } if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) { - Integer[] ldapPublishStatus = - unrevReq.getExtDataInIntegerArray("ldapPublishStatus"); + Integer[] ldapPublishStatus = + unrevReq.getExtDataInIntegerArray("ldapPublishStatus"); if (ldapPublishStatus != null) { if (ldapPublishStatus[0] != IRequest.RES_SUCCESS) { @@ -432,25 +429,25 @@ public class DoUnrevokeTPS extends CMSServlet { errorString = "error=Problem in publishing to LDAP"; } } - } else if (mPublisherProcessor == null || (! mPublisherProcessor.ldapEnabled())) { + } else if (mPublisherProcessor == null || (!mPublisherProcessor.ldapEnabled())) { o_status = "status=3"; errorString = "error=LDAP Publisher not enabled"; } } else if (status == RequestStatus.PENDING) { o_status = "status=2"; - errorString = "error="+status.toString(); + errorString = "error=" + status.toString(); if (certs[0] != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOUNREVOKEFORMAT, - new Object[] { - unrevReq.getRequestId(), - initiative, - "pending", - certs[0].getSubjectDN(), - "0x" + serialNumbers[0].toString(16)} - ); + AuditFormat.LEVEL, + AuditFormat.DOUNREVOKEFORMAT, + new Object[] { + unrevReq.getRequestId(), + initiative, + "pending", + certs[0].getSubjectDN(), + "0x" + serialNumbers[0].toString(16) } + ); } } else { o_status = "status=2"; @@ -458,15 +455,15 @@ public class DoUnrevokeTPS extends CMSServlet { if (certs[0] != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOUNREVOKEFORMAT, - new Object[] { - unrevReq.getRequestId(), - initiative, - status.toString(), - certs[0].getSubjectDN(), - "0x" + serialNumbers[0].toString(16)} - ); + AuditFormat.LEVEL, + AuditFormat.DOUNREVOKEFORMAT, + new Object[] { + unrevReq.getRequestId(), + initiative, + status.toString(), + certs[0].getSubjectDN(), + "0x" + serialNumbers[0].toString(16) } + ); } } @@ -474,9 +471,8 @@ public class DoUnrevokeTPS extends CMSServlet { // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING)) - ) { + || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, auditSubjectID, @@ -510,10 +506,10 @@ public class DoUnrevokeTPS extends CMSServlet { // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals( RequestStatus.COMPLETE_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.REJECTED_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.CANCELED_STRING))) { + (auditApprovalStatus.equals( + RequestStatus.REJECTED_STRING)) || + (auditApprovalStatus.equals( + RequestStatus.CANCELED_STRING))) { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, auditSubjectID, @@ -533,7 +529,7 @@ public class DoUnrevokeTPS extends CMSServlet { } private BigInteger[] getSerialNumbers(HttpServletRequest req) - throws NumberFormatException { + throws NumberFormatException { String serialNumString = req.getParameter("serialNumber"); StringTokenizer snList = new StringTokenizer(serialNumString, " "); @@ -554,7 +550,7 @@ public class DoUnrevokeTPS extends CMSServlet { biList.addElement(bi); } else { throw new NumberFormatException(); - } + } } if (biList.size() < 1) { throw new NumberFormatException(); @@ -570,11 +566,11 @@ public class DoUnrevokeTPS extends CMSServlet { /** * Signed Audit Log Requester ID - * - * This method is called to obtain the "RequesterID" for - * a signed audit log message. + * + * This method is called to obtain the "RequesterID" for a signed audit log + * message. * <P> - * + * * @param req HTTP request * @return id string containing the signed audit log message RequesterID */ @@ -600,11 +596,11 @@ public class DoUnrevokeTPS extends CMSServlet { /** * Signed Audit Log Serial Number - * + * * This method is called to obtain the serial number of the certificate * whose status is to be changed for a signed audit log message. * <P> - * + * * @param eeSerialNumber a string containing the un-normalized serialNumber * @return id string containing the signed audit log message RequesterID */ @@ -623,7 +619,7 @@ public class DoUnrevokeTPS extends CMSServlet { // convert it to hexadecimal serialNumber = "0x" + Integer.toHexString( - Integer.valueOf(serialNumber).intValue()); + Integer.valueOf(serialNumber).intValue()); } else { serialNumber = ILogger.SIGNED_AUDIT_EMPTY_VALUE; } @@ -631,4 +627,3 @@ public class DoUnrevokeTPS extends CMSServlet { return serialNumber; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/EnableEnrollResult.java b/pki/base/common/src/com/netscape/cms/servlet/cert/EnableEnrollResult.java index b1d89426..2a143b66 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/EnableEnrollResult.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/EnableEnrollResult.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.security.cert.X509Certificate; import java.util.Locale; @@ -46,10 +45,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * For Face-to-face enrollment, enable EE enrollment feature - * + * * @version $Revision$, $Date$ * @see com.netscape.cms.servlet.cert.DisableEnrollResult */ @@ -88,7 +86,7 @@ public class EnableEnrollResult extends CMSServlet { * Services the request */ protected void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -119,7 +117,7 @@ public class EnableEnrollResult extends CMSServlet { if (!(mAuthority instanceof IRegistrationAuthority)) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP")); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED"))); + CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -130,10 +128,10 @@ public class EnableEnrollResult extends CMSServlet { try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -162,7 +160,7 @@ public class EnableEnrollResult extends CMSServlet { String timeout = args.getValueAsString("timeout", "600"); mgr.createEntry(host, dn, Long.parseLong(timeout) * 1000, - random.nextLong() + "", 0); + random.nextLong() + "", 0); header.addStringValue("code", "0"); } @@ -173,10 +171,10 @@ public class EnableEnrollResult extends CMSServlet { form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); } cmsReq.setStatus(CMSRequest.SUCCESS); diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java index 44d0c509..ecad6d8a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.math.BigInteger; import java.security.cert.CertificateEncodingException; @@ -75,10 +74,9 @@ import com.netscape.cms.servlet.processors.KeyGenProcessor; import com.netscape.cms.servlet.processors.PKCS10Processor; import com.netscape.cms.servlet.processors.PKIProcessor; - /** * Submit a Certificate Enrollment request - * + * * @version $Revision$, $Date$ */ public class EnrollServlet extends CMSServlet { @@ -90,10 +88,9 @@ public class EnrollServlet extends CMSServlet { public final static String ADMIN_ENROLL_SERVLET_ID = "caadminEnroll"; // enrollment templates. - public static final String - ENROLL_SUCCESS_TEMPLATE = "EnrollSuccess.template"; + public static final String ENROLL_SUCCESS_TEMPLATE = "EnrollSuccess.template"; - // http params + // http params public static final String OLD_CERT_TYPE = "csrCertType"; public static final String CERT_TYPE = "certType"; // same as in ConfigConstant.java @@ -116,8 +113,7 @@ public class EnrollServlet extends CMSServlet { private boolean mAuthTokenOverride = true; private String mEnrollSuccessTemplate = null; - private ICMSTemplateFiller - mEnrollSuccessFiller = new ImportCertsTemplateFiller(); + private ICMSTemplateFiller mEnrollSuccessFiller = new ImportCertsTemplateFiller(); ICertificateAuthority mCa = null; ICertificateRepository mRepository = null; @@ -126,55 +122,55 @@ public class EnrollServlet extends CMSServlet { private String auditServiceID = ILogger.UNIDENTIFIED; private final static String ADMIN_CA_ENROLLMENT_SERVLET = - "caadminEnroll"; + "caadminEnroll"; private final static String AGENT_CA_BULK_ENROLLMENT_SERVLET = - "cabulkissuance"; + "cabulkissuance"; private final static String AGENT_RA_BULK_ENROLLMENT_SERVLET = - "rabulkissuance"; + "rabulkissuance"; private final static String EE_CA_CERT_BASED_ENROLLMENT_SERVLET = - "cacertbasedenrollment"; + "cacertbasedenrollment"; private final static String EE_CA_ENROLLMENT_SERVLET = - "caenrollment"; + "caenrollment"; private final static String EE_RA_CERT_BASED_ENROLLMENT_SERVLET = - "racertbasedenrollment"; + "racertbasedenrollment"; private final static String EE_RA_ENROLLMENT_SERVLET = - "raenrollment"; + "raenrollment"; private final static byte EOL[] = { Character.LINE_SEPARATOR }; - private final static String[] - SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] { - - /* 0 */ "automated non-profile cert request rejection: " + private final static String[] SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] { + + /* 0 */"automated non-profile cert request rejection: " + "unable to render OLD_CERT_TYPE response", - - /* 1 */ "automated non-profile cert request rejection: " + + /* 1 */"automated non-profile cert request rejection: " + "unable to complete handleEnrollAuditLog() method", - - /* 2 */ "automated non-profile cert request rejection: " + + /* 2 */"automated non-profile cert request rejection: " + "unable to render success template", - - /* 3 */ "automated non-profile cert request rejection: " + + /* 3 */"automated non-profile cert request rejection: " + "indeterminate reason for inability to process " + "cert request due to an EBaseException" }; - private final static String - LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST = - "LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST_5"; - private final static String - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = - "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; - + private final static String LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST = + "LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST_5"; + private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = + "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; + private static final String HEADER = "-----BEGIN NEW CERTIFICATE REQUEST-----"; private static final String TRAILER = "-----END NEW CERTIFICATE REQUEST-----"; - + public EnrollServlet() { super(); } /** - * initialize the servlet.<p> - * the following parameters are read from the servlet config: - * <ul><li>CMSServlet.PROP_ID - ID for signed audit log messages - * <li>CMSServlet.PROP_SUCCESS_TEMPLATE - success template file + * initialize the servlet. + * <p> + * the following parameters are read from the servlet config: + * <ul> + * <li>CMSServlet.PROP_ID - ID for signed audit log messages + * <li>CMSServlet.PROP_SUCCESS_TEMPLATE - success template file + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -185,8 +181,8 @@ public class EnrollServlet extends CMSServlet { try { IConfigStore configStore = CMS.getConfigStore(); - String PKI_Subsystem = configStore.getString( "subsystem.0.id", - null ); + String PKI_Subsystem = configStore.getString("subsystem.0.id", + null); // CMS 6.1 began utilizing the "Certificate Profiles" framework // instead of the legacy "Certificate Policies" framework. @@ -197,51 +193,51 @@ public class EnrollServlet extends CMSServlet { // framework would be deprecated and disabled by default // (see Bugzilla Bug #472597). // - // NOTE: The "Certificate Policies" framework ONLY applied to - // to CA, KRA, and legacy RA (pre-CMS 7.0) subsystems. + // NOTE: The "Certificate Policies" framework ONLY applied to + // to CA, KRA, and legacy RA (pre-CMS 7.0) subsystems. // - // Further, the "EnrollServlet.java" servlet is ONLY - // used by the CA for the following: + // Further, the "EnrollServlet.java" servlet is ONLY + // used by the CA for the following: // - // SERVLET-NAME URL-PATTERN - // ==================================================== - // caadminEnroll ca/admin/ca/adminEnroll.html - // cabulkissuance ca/agent/ca/bulkissuance.html - // cacertbasedenrollment ca/certbasedenrollment.html - // caenrollment ca/enrollment.html + // SERVLET-NAME URL-PATTERN + // ==================================================== + // caadminEnroll ca/admin/ca/adminEnroll.html + // cabulkissuance ca/agent/ca/bulkissuance.html + // cacertbasedenrollment ca/certbasedenrollment.html + // caenrollment ca/enrollment.html // - // The "EnrollServlet.java" servlet is NOT used by - // the KRA. + // The "EnrollServlet.java" servlet is NOT used by + // the KRA. // - if( PKI_Subsystem.trim().equalsIgnoreCase( "ca" ) ) { + if (PKI_Subsystem.trim().equalsIgnoreCase("ca")) { String policyStatus = PKI_Subsystem.trim().toLowerCase() + "." + "Policy" + "." + IPolicyProcessor.PROP_ENABLE; - if( configStore.getBoolean( policyStatus, true ) == true ) { - // NOTE: If "<subsystem>.Policy.enable=<boolean>" - // is missing, then the referenced instance - // existed prior to this name=value pair - // existing in its 'CS.cfg' file, and thus - // we err on the side that the user may - // still need to use the policy framework. - CMS.debug( "EnrollServlet::init Certificate " + if (configStore.getBoolean(policyStatus, true) == true) { + // NOTE: If "<subsystem>.Policy.enable=<boolean>" + // is missing, then the referenced instance + // existed prior to this name=value pair + // existing in its 'CS.cfg' file, and thus + // we err on the side that the user may + // still need to use the policy framework. + CMS.debug("EnrollServlet::init Certificate " + "Policy Framework (deprecated) " - + "is ENABLED" ); + + "is ENABLED"); } else { - // CS 8.1 Default: <subsystem>.Policy.enable=false - CMS.debug( "EnrollServlet::init Certificate " + // CS 8.1 Default: <subsystem>.Policy.enable=false + CMS.debug("EnrollServlet::init Certificate " + "Policy Framework (deprecated) " - + "is DISABLED" ); + + "is DISABLED"); return; } } - } catch( EBaseException e ) { - throw new ServletException( "EnrollServlet::init - " + } catch (EBaseException e) { + throw new ServletException("EnrollServlet::init - " + "EBaseException: " + "Unable to initialize " + "Certificate Policy Framework " - + "(deprecated)" ); + + "(deprecated)"); } // override success template to allow direct import of keygen certs. @@ -254,18 +250,18 @@ public class EnrollServlet extends CMSServlet { if (id != null) { if (!(auditServiceID.equals( ADMIN_CA_ENROLLMENT_SERVLET)) - && !(auditServiceID.equals( - AGENT_CA_BULK_ENROLLMENT_SERVLET)) - && !(auditServiceID.equals( - AGENT_RA_BULK_ENROLLMENT_SERVLET)) - && !(auditServiceID.equals( - EE_CA_CERT_BASED_ENROLLMENT_SERVLET)) - && !(auditServiceID.equals( - EE_CA_ENROLLMENT_SERVLET)) - && !(auditServiceID.equals( - EE_RA_CERT_BASED_ENROLLMENT_SERVLET)) - && !(auditServiceID.equals( - EE_RA_ENROLLMENT_SERVLET))) { + && !(auditServiceID.equals( + AGENT_CA_BULK_ENROLLMENT_SERVLET)) + && !(auditServiceID.equals( + AGENT_RA_BULK_ENROLLMENT_SERVLET)) + && !(auditServiceID.equals( + EE_CA_CERT_BASED_ENROLLMENT_SERVLET)) + && !(auditServiceID.equals( + EE_CA_ENROLLMENT_SERVLET)) + && !(auditServiceID.equals( + EE_RA_CERT_BASED_ENROLLMENT_SERVLET)) + && !(auditServiceID.equals( + EE_RA_ENROLLMENT_SERVLET))) { auditServiceID = ILogger.UNIDENTIFIED; } else { auditServiceID = id.trim(); @@ -282,7 +278,7 @@ public class EnrollServlet extends CMSServlet { if (fillername != null) { ICMSTemplateFiller filler = newFillerObject(fillername); - if (filler != null) + if (filler != null) mEnrollSuccessFiller = filler; } @@ -291,10 +287,10 @@ public class EnrollServlet extends CMSServlet { init_testbed_hack(mConfig); } catch (Exception e) { - // this should never happen. - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", - e.toString(), mId)); + // this should never happen. + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", + e.toString(), mId)); } } catch (ServletException eAudit1) { // rethrow caught exception @@ -302,64 +298,61 @@ public class EnrollServlet extends CMSServlet { } } - - /** - * XXX (SHOULD CHANGE TO READ FROM Servletconfig) - * Getter method to see if Proof of Posession checking is enabled. - * this value is set in the CMS.cfg filem with the parameter - * "enrollment.enforcePop". It defaults to false - * @return true if user is required to Prove that they possess the - * private key corresponding to the public key in the certificate - * request they are submitting - */ + /** + * XXX (SHOULD CHANGE TO READ FROM Servletconfig) Getter method to see if + * Proof of Posession checking is enabled. this value is set in the CMS.cfg + * filem with the parameter "enrollment.enforcePop". It defaults to false + * + * @return true if user is required to Prove that they possess the private + * key corresponding to the public key in the certificate request + * they are submitting + */ public boolean getEnforcePop() { return enforcePop; } /** - * Process the HTTP request. - * <UL><LI>If the request is coming through the admin port, it is only - * allowed to continue if 'admin enrollment' is enabled in the CMS.cfg file - * <LI>If the CMS.cfg parameter useThreadNaming is true, the current thread is - * renamed with more information about the current request ID - * <LI>The request is preprocessed, then processed further in one - * of the cert request processor classes: KeyGenProcessor, PKCS10Processor, - * CMCProcessor, CRMFProcessor - * </UL> - * + * Process the HTTP request. + * <UL> + * <LI>If the request is coming through the admin port, it is only allowed + * to continue if 'admin enrollment' is enabled in the CMS.cfg file + * <LI>If the CMS.cfg parameter useThreadNaming is true, the current thread + * is renamed with more information about the current request ID + * <LI>The request is preprocessed, then processed further in one of the + * cert request processor classes: KeyGenProcessor, PKCS10Processor, + * CMCProcessor, CRMFProcessor + * </UL> + * * @param cmsReq the object holding the request and response information */ - protected void process(CMSRequest cmsReq) - throws EBaseException { + protected void process(CMSRequest cmsReq) + throws EBaseException { // SPECIAL CASE: // if it is adminEnroll servlet,check if it's enabled if (mId.equals(ADMIN_ENROLL_SERVLET_ID) && - !CMSGateway.getEnableAdminEnroll()) { - log(ILogger.LL_SECURITY, - CMS.getLogMessage("ADMIN_SRVLT_ENROLL_ACCESS_AFTER_SETUP")); + !CMSGateway.getEnableAdminEnroll()) { + log(ILogger.LL_SECURITY, + CMS.getLogMessage("ADMIN_SRVLT_ENROLL_ACCESS_AFTER_SETUP")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_REDIRECTING_ADMINENROLL_ERROR", "Attempt to access adminEnroll after already setup.")); + CMS.getUserMessage("CMS_GW_REDIRECTING_ADMINENROLL_ERROR", "Attempt to access adminEnroll after already setup.")); } - processX509(cmsReq); + processX509(cmsReq); } private boolean getCertAuthEnrollStatus(IArgBlock httpParams) { /* - * === certAuth based enroll === - * "certAuthEnroll" is on. - * "certauthEnrollType can be one of the three: - * single - it's for single cert enrollment - * dual - it's for dual certs enrollment - * encryption - getting the encryption cert only via - * authentication of the signing cert - * (crmf or keyGenInfo) + * === certAuth based enroll === "certAuthEnroll" is on. + * "certauthEnrollType can be one of the three: single - it's for single + * cert enrollment dual - it's for dual certs enrollment encryption - + * getting the encryption cert only via authentication of the signing + * cert (crmf or keyGenInfo) */ boolean certAuthEnroll = false; String certAuthEnrollOn = - httpParams.getValueAsString("certauthEnroll", null); + httpParams.getValueAsString("certauthEnroll", null); if ((certAuthEnrollOn != null) && (certAuthEnrollOn.equals("on"))) { certAuthEnroll = true; @@ -371,7 +364,7 @@ public class EnrollServlet extends CMSServlet { } private String getCertAuthEnrollType(IArgBlock httpParams, boolean certAuthEnroll) - throws EBaseException { + throws EBaseException { String certauthEnrollType = null; @@ -387,53 +380,53 @@ public class EnrollServlet extends CMSServlet { CMS.debug("EnrollServlet: certauthEnrollType is single"); } else { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_CERTAUTH_ENROLL_TYPE_1", certauthEnrollType)); + CMS.getLogMessage("CMSGW_INVALID_CERTAUTH_ENROLL_TYPE_1", certauthEnrollType)); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERTAUTH_ENROLL_TYPE")); + CMS.getUserMessage("CMS_GW_INVALID_CERTAUTH_ENROLL_TYPE")); } } else { log(ILogger.LL_FAILURE, - CMS.getLogMessage("MSGW_MISSING_CERTAUTH_ENROLL_TYPE")); + CMS.getLogMessage("MSGW_MISSING_CERTAUTH_ENROLL_TYPE")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_CERTAUTH_ENROLL_TYPE")); + CMS.getUserMessage("CMS_GW_MISSING_CERTAUTH_ENROLL_TYPE")); } } - + return certauthEnrollType; - + } private boolean checkClientCertSigningOnly(X509Certificate sslClientCert) - throws EBaseException { + throws EBaseException { if ((CMS.isSigningCert((X509CertImpl) sslClientCert) == false) || - ((CMS.isSigningCert((X509CertImpl) sslClientCert) == + ((CMS.isSigningCert((X509CertImpl) sslClientCert) == true) && (CMS.isEncryptionCert((X509CertImpl) sslClientCert) == true))) { // either it's not a signing cert, or it's a dual cert log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE")); + CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE")); + CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE")); } return true; } - + private X509CertInfo[] handleCertAuthDual(X509CertInfo certInfo, IAuthToken authToken, X509Certificate sslClientCert, - ICertificateAuthority mCa, String certBasedOldSubjectDN, - BigInteger certBasedOldSerialNum) - throws EBaseException { - + ICertificateAuthority mCa, String certBasedOldSubjectDN, + BigInteger certBasedOldSerialNum) + throws EBaseException { + CMS.debug("EnrollServlet: In handleCertAuthDual!"); - + if (mCa == null) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NOT_A_CA")); + CMS.getLogMessage("CMSGW_NOT_A_CA")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_NOT_A_CA")); + CMS.getUserMessage("CMS_GW_NOT_A_CA")); } // first, make sure the client cert is indeed a @@ -456,20 +449,20 @@ public class EnrollServlet extends CMSServlet { certInfo.set(X509CertInfo.KEY, new CertificateX509Key(key)); } catch (CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); + CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); + CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_IO", e.toString())); + CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_IO", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); + CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); } String filter = - "(&(x509cert.subject=" + certBasedOldSubjectDN + ")(!(x509cert.serialNumber=" + certBasedOldSerialNum + "))(certStatus=VALID))"; + "(&(x509cert.subject=" + certBasedOldSubjectDN + ")(!(x509cert.serialNumber=" + certBasedOldSerialNum + "))(certStatus=VALID))"; ICertRecordList list = - (ICertRecordList) mCa.getCertificateRepository().findCertRecordsInList(filter, null, 10); + (ICertRecordList) mCa.getCertificateRepository().findCertRecordsInList(filter, null, 10); int size = list.getSize(); Enumeration<ICertRecord> en = list.getCertRecords(0, size - 1); boolean gotEncCert = false; @@ -482,8 +475,8 @@ public class EnrollServlet extends CMSServlet { // pairing encryption cert not found } else { X509CertInfo encCertInfo = CMS.getDefaultX509CertInfo(); - X509CertInfo[] cInfoArray = new X509CertInfo[] {certInfo, - encCertInfo}; + X509CertInfo[] cInfoArray = new X509CertInfo[] { certInfo, + encCertInfo }; int i = 1; boolean encCertFound = false; @@ -494,7 +487,7 @@ public class EnrollServlet extends CMSServlet { // if not encryption cert only, try next one if ((CMS.isEncryptionCert(cert) == false) || - ((CMS.isEncryptionCert(cert) == true) && + ((CMS.isEncryptionCert(cert) == true) && (CMS.isSigningCert(cert) == true))) { CMS.debug("EnrollServlet: Not encryption only cert, will try next one."); @@ -508,27 +501,27 @@ public class EnrollServlet extends CMSServlet { try { encCertInfo = (X509CertInfo) cert.get( - X509CertImpl.NAME + "." + X509CertImpl.INFO); + X509CertImpl.NAME + "." + X509CertImpl.INFO); } catch (CertificateParsingException ex) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT")); + CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_CERTINFO")); + CMS.getUserMessage("CMS_GW_MISSING_CERTINFO")); } try { encCertInfo.set(X509CertInfo.KEY, new CertificateX509Key(key)); } catch (CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); + CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); + CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); + CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); + CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); } CMS.debug("EnrollServlet: About to fillCertInfoFromAuthToken!"); @@ -545,14 +538,14 @@ public class EnrollServlet extends CMSServlet { CMS.debug("EnrollServlet: returning cInfoArray of length " + cInfoArray.length); return cInfoArray; - } + } } private boolean handleEnrollAuditLog(IRequest req, CMSRequest cmsReq, String authMgr, IAuthToken authToken, - X509CertInfo certInfo, long startTime) - throws EBaseException { - //for audit log + X509CertInfo certInfo, long startTime) + throws EBaseException { + // for audit log String initiative = null; String agentID = null; @@ -563,7 +556,7 @@ public class EnrollServlet extends CMSServlet { } else { agentID = authToken.getInString("userid"); initiative = AuditFormat.FROMAGENT + " agentID: " + agentID; - } + } // if service not complete return standard templates. RequestStatus status = req.getRequestStatus(); @@ -584,54 +577,54 @@ public class EnrollServlet extends CMSServlet { wholeMsg.append(msgs.nextElement()); } mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.ENROLLMENTFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - status.toString(), - certInfo.get(X509CertInfo.SUBJECT), - " violation: " + - wholeMsg.toString()} - ); + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.ENROLLMENTFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + status.toString(), + certInfo.get(X509CertInfo.SUBJECT), + " violation: " + + wholeMsg.toString() } + ); } else { // no policy violation, from agent mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.ENROLLMENTFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - status.toString(), - certInfo.get(X509CertInfo.SUBJECT), ""} - ); + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.ENROLLMENTFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + status.toString(), + certInfo.get(X509CertInfo.SUBJECT), "" } + ); } } else { // other imcomplete status long endTime = CMS.getCurrentDate().getTime(); mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.ENROLLMENTFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - status.toString(), - certInfo.get(X509CertInfo.SUBJECT) + " time: " + (endTime - startTime), ""} - ); + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.ENROLLMENTFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + status.toString(), + certInfo.get(X509CertInfo.SUBJECT) + " time: " + (endTime - startTime), "" } + ); } } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", - e.toString())); + CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", + e.toString())); } catch (CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", - e.toString())); + CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", + e.toString())); } return false; } @@ -643,40 +636,40 @@ public class EnrollServlet extends CMSServlet { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(req.getExtDataInString(IRequest.ERROR)); String[] svcErrors = - req.getExtDataInStringArray(IRequest.SVCERRORS); + req.getExtDataInStringArray(IRequest.SVCERRORS); if (svcErrors != null && svcErrors.length > 0) { for (int i = 0; i < svcErrors.length; i++) { String err = svcErrors[i]; if (err != null) { - //System.out.println( - //"revocation servlet: setting error description "+ - //err.toString()); + // System.out.println( + // "revocation servlet: setting error description "+ + // err.toString()); cmsReq.setErrorDescription(err); // audit log the error try { mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.ENROLLMENTFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - "completed with error: " + - err, - certInfo.get(X509CertInfo.SUBJECT), "" + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.ENROLLMENTFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + "completed with error: " + + err, + certInfo.get(X509CertInfo.SUBJECT), "" } - ); + ); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", - e.toString())); + CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", + e.toString())); } catch (CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", - e.toString())); + CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", + e.toString())); } } @@ -693,29 +686,30 @@ public class EnrollServlet extends CMSServlet { /** * Process X509 certificate enrollment request * <P> - * + * * (Certificate Request - either an "admin" cert request for an admin - * certificate, an "agent" cert request for "bulk enrollment", or - * an "EE" standard cert request) + * certificate, an "agent" cert request for "bulk enrollment", or an "EE" + * standard cert request) * <P> - * + * * (Certificate Request Processed - either an automated "admin" non-profile - * based CA admin cert acceptance, an automated "admin" non-profile based - * CA admin cert rejection, an automated "EE" non-profile based cert - * acceptance, or an automated "EE" non-profile based cert rejection) + * based CA admin cert acceptance, an automated "admin" non-profile based CA + * admin cert rejection, an automated "EE" non-profile based cert + * acceptance, or an automated "EE" non-profile based cert rejection) * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST used when a - * non-profile cert request is made (before approval process) + * <li>signed.audit LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST used when + * a non-profile cert request is made (before approval process) * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a * certificate request has just been through the approval process * </ul> + * * @param cmsReq a certificate enrollment request * @exception EBaseException an error has occurred */ - protected void processX509(CMSRequest cmsReq) - throws EBaseException { + protected void processX509(CMSRequest cmsReq) + throws EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRequesterID = ILogger.UNIDENTIFIED; @@ -733,7 +727,7 @@ public class EnrollServlet extends CMSServlet { IConfigStore configStore = CMS.getConfigStore(); - /* XXX shouldn't we read this from ServletConfig at init time? */ + /* XXX shouldn't we read this from ServletConfig at init time? */ enforcePop = configStore.getBoolean("enrollment.enforcePop", false); CMS.debug("EnrollServlet: enforcePop " + enforcePop); @@ -743,7 +737,7 @@ public class EnrollServlet extends CMSServlet { startTime = CMS.getCurrentDate().getTime(); httpParams = cmsReq.getHttpParams(); httpReq = cmsReq.getHttpReq(); - if (mAuthMgr != null) { + if (mAuthMgr != null) { authToken = authenticate(cmsReq); } @@ -752,10 +746,10 @@ public class EnrollServlet extends CMSServlet { mAuthzResourceName, "submit"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -763,8 +757,8 @@ public class EnrollServlet extends CMSServlet { // store a message in the signed audit log file // (either an "admin" cert request for an admin certificate, - // an "agent" cert request for "bulk enrollment", or - // an "EE" standard cert request) + // an "agent" cert request for "bulk enrollment", or + // an "EE" standard cert request) auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, auditSubjectID, @@ -791,27 +785,24 @@ public class EnrollServlet extends CMSServlet { } try { - if (CMS.getConfigStore().getBoolean("useThreadNaming", false)) { - String currentName = Thread.currentThread().getName(); + if (CMS.getConfigStore().getBoolean("useThreadNaming", false)) { + String currentName = Thread.currentThread().getName(); Thread.currentThread().setName(currentName - + "-request-" - + req.getRequestId().toString() - + "-" - + (new Date()).getTime()); + + "-request-" + + req.getRequestId().toString() + + "-" + + (new Date()).getTime()); } } catch (Exception e) { } /* - * === certAuth based enroll === - * "certAuthEnroll" is on. - * "certauthEnrollType can be one of the three: - * single - it's for single cert enrollment - * dual - it's for dual certs enrollment - * encryption - getting the encryption cert only via - * authentication of the signing cert - * (crmf or keyGenInfo) + * === certAuth based enroll === "certAuthEnroll" is on. + * "certauthEnrollType can be one of the three: single - it's for + * single cert enrollment dual - it's for dual certs enrollment + * encryption - getting the encryption cert only via authentication + * of the signing cert (crmf or keyGenInfo) */ boolean certAuthEnroll = false; String certauthEnrollType = null; @@ -826,8 +817,8 @@ public class EnrollServlet extends CMSServlet { } catch (ECMSGWException e) { // store a message in the signed audit log file // (either an "admin" cert request for an admin certificate, - // an "agent" cert request for "bulk enrollment", or - // an "EE" standard cert request) + // an "agent" cert request for "bulk enrollment", or + // an "EE" standard cert request) auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, auditSubjectID, @@ -844,7 +835,7 @@ public class EnrollServlet extends CMSServlet { CMS.debug("EnrollServlet: In EnrollServlet.processX509!"); CMS.debug("EnrollServlet: certAuthEnroll " + certAuthEnroll); CMS.debug("EnrollServlet: certauthEnrollType " + certauthEnrollType); - + String challengePassword = httpParams.getValueAsString( "challengePassword", ""); @@ -859,18 +850,18 @@ public class EnrollServlet extends CMSServlet { BigInteger certBasedOldSerialNum = null; // check if request was authenticated, if so set authtoken & - // certInfo. also if authenticated, take certInfo from authToken. + // certInfo. also if authenticated, take certInfo from authToken. certInfo = null; if (certAuthEnroll == true) { sslClientCert = getSSLClientCertificate(httpReq); if (sslClientCert == null) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_SSL_CLIENT_CERT")); + CMS.getLogMessage("CMSGW_MISSING_SSL_CLIENT_CERT")); // store a message in the signed audit log file // (either an "admin" cert request for an admin certificate, - // an "agent" cert request for "bulk enrollment", or - // an "EE" standard cert request) + // an "agent" cert request for "bulk enrollment", or + // an "EE" standard cert request) auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, auditSubjectID, @@ -882,7 +873,7 @@ public class EnrollServlet extends CMSServlet { audit(auditMessage); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_SSL_CLIENT_CERT")); + CMS.getUserMessage("CMS_GW_MISSING_SSL_CLIENT_CERT")); } certBasedOldSubjectDN = (String) @@ -896,23 +887,23 @@ public class EnrollServlet extends CMSServlet { // if the cert subject name is NOT MISSING, retrieve the // actual "auditCertificateSubjectName" and "normalize" it if (certBasedOldSubjectDN != null) { - // NOTE: This is ok even if the cert subject name - // is "" (empty)! + // NOTE: This is ok even if the cert subject name + // is "" (empty)! auditCertificateSubjectName = certBasedOldSubjectDN.trim(); } try { certInfo = (X509CertInfo) ((X509CertImpl) sslClientCert).get( - X509CertImpl.NAME + "." + X509CertImpl.INFO); + X509CertImpl.NAME + "." + X509CertImpl.INFO); } catch (CertificateParsingException ex) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CERTINFO")); + CMS.getLogMessage("CMSGW_MISSING_CERTINFO")); // store a message in the signed audit log file // (either an "admin" cert request for an admin certificate, - // an "agent" cert request for "bulk enrollment", or - // an "EE" standard cert request) + // an "agent" cert request for "bulk enrollment", or + // an "EE" standard cert request) auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, auditSubjectID, @@ -924,14 +915,14 @@ public class EnrollServlet extends CMSServlet { audit(auditMessage); throw new ECMSGWException( - CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_CERTINFO")); + CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_CERTINFO")); } } else { CMS.debug("EnrollServlet: No CertAuthEnroll."); certInfo = CMS.getDefaultX509CertInfo(); } - X509CertInfo[] certInfoArray = new X509CertInfo[] {certInfo}; + X509CertInfo[] certInfoArray = new X509CertInfo[] { certInfo }; X509CertInfo authCertInfo = null; String authMgr = AuditFormat.NOAUTH; @@ -940,15 +931,15 @@ public class EnrollServlet extends CMSServlet { if (authToken != null) { authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); - // don't store agent token in request. - // agent currently used for bulk issuance. + // don't store agent token in request. + // agent currently used for bulk issuance. // if (!authMgr.equals(AuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { - log(ILogger.LL_INFO, - "Enrollment request was authenticated by " + - authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME)); + log(ILogger.LL_INFO, + "Enrollment request was authenticated by " + + authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME)); PKIProcessor.fillCertInfoFromAuthToken(certInfo, - authToken); + authToken); // save authtoken attrs to request directly // (for policy use) saveAuthToken(authToken, req); @@ -960,17 +951,17 @@ public class EnrollServlet extends CMSServlet { if (certAuthEnroll == true) { // log(ILogger.LL_DEBUG, - // "just gotten subjectDN and serialNumber " + - // "from ssl client cert"); + // "just gotten subjectDN and serialNumber " + + // "from ssl client cert"); if (authToken == null) { // authToken is null, can't match to anyone; bail! - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_PROCESS_ENROLL_NO_AUTH")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_PROCESS_ENROLL_NO_AUTH")); // store a message in the signed audit log file // (either an "admin" cert request for an admin certificate, - // an "agent" cert request for "bulk enrollment", or - // an "EE" standard cert request) + // an "agent" cert request for "bulk enrollment", or + // an "EE" standard cert request) auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, auditSubjectID, @@ -1028,7 +1019,7 @@ public class EnrollServlet extends CMSServlet { } } - //pkcs10 = httpParams.getValuePKCS10(PKCS10_REQUEST, null); + // pkcs10 = httpParams.getValuePKCS10(PKCS10_REQUEST, null); } else { try { @@ -1039,24 +1030,23 @@ public class EnrollServlet extends CMSServlet { ex.printStackTrace(); } } - + String cmc = null; String asciiBASE64Blob = httpParams.getValueAsString(CMC_REQUEST, null); - - if(asciiBASE64Blob!=null) - { - int startIndex = asciiBASE64Blob.indexOf(HEADER); - int endIndex = asciiBASE64Blob.indexOf(TRAILER); - if (startIndex!= -1 && endIndex!=-1) { - startIndex = startIndex + HEADER.length(); - cmc=asciiBASE64Blob.substring(startIndex, endIndex); - }else - cmc = asciiBASE64Blob; - CMS.debug("EnrollServlet: cmc " + cmc); + + if (asciiBASE64Blob != null) { + int startIndex = asciiBASE64Blob.indexOf(HEADER); + int endIndex = asciiBASE64Blob.indexOf(TRAILER); + if (startIndex != -1 && endIndex != -1) { + startIndex = startIndex + HEADER.length(); + cmc = asciiBASE64Blob.substring(startIndex, endIndex); + } else + cmc = asciiBASE64Blob; + CMS.debug("EnrollServlet: cmc " + cmc); } - + String crmf = httpParams.getValueAsString(CRMF_REQUEST, null); - + CMS.debug("EnrollServlet: crmf " + crmf); if (certAuthEnroll == true) { @@ -1066,7 +1056,7 @@ public class EnrollServlet extends CMSServlet { // for dual certs if (certauthEnrollType.equals(CERT_AUTH_DUAL)) { - CMS.debug("EnrollServlet: Attempting CERT_AUTH_DUAL"); + CMS.debug("EnrollServlet: Attempting CERT_AUTH_DUAL"); boolean gotEncCert = false; X509CertInfo[] cInfoArray = null; @@ -1078,8 +1068,8 @@ public class EnrollServlet extends CMSServlet { } catch (ECMSGWException e) { // store a message in the signed audit log file // (either an "admin" cert request for an admin - // certificate, an "agent" cert request for - // "bulk enrollment", or an "EE" standard cert request) + // certificate, an "agent" cert request for + // "bulk enrollment", or an "EE" standard cert request) auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, auditSubjectID, @@ -1103,13 +1093,13 @@ public class EnrollServlet extends CMSServlet { if (gotEncCert == false) { // encryption cert not found, bail log(ILogger.LL_FAILURE, - CMS.getLogMessage( - "CMSGW_ENCRYPTION_CERT_NOT_FOUND")); + CMS.getLogMessage( + "CMSGW_ENCRYPTION_CERT_NOT_FOUND")); // store a message in the signed audit log file // (either an "admin" cert request for an admin - // certificate, an "agent" cert request for - // "bulk enrollment", or an "EE" standard cert request) + // certificate, an "agent" cert request for + // "bulk enrollment", or an "EE" standard cert request) auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, auditSubjectID, @@ -1121,7 +1111,7 @@ public class EnrollServlet extends CMSServlet { audit(auditMessage); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_ENCRYPTION_CERT_NOT_FOUND")); + CMS.getUserMessage("CMS_GW_ENCRYPTION_CERT_NOT_FOUND")); } } else if (certauthEnrollType.equals(CERT_AUTH_ENCRYPTION)) { @@ -1135,8 +1125,8 @@ public class EnrollServlet extends CMSServlet { } catch (ECMSGWException e) { // store a message in the signed audit log file // (either an "admin" cert request for an admin - // certificate, an "agent" cert request for - // "bulk enrollment", or an "EE" standard cert request) + // certificate, an "agent" cert request for + // "bulk enrollment", or an "EE" standard cert request) auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, auditSubjectID, @@ -1158,12 +1148,12 @@ public class EnrollServlet extends CMSServlet { this); keyGenProc.fillCertInfo(null, certInfo, - authToken, httpParams); + authToken, httpParams); req.setExtData(CLIENT_ISSUER, - sslClientCert.getIssuerDN().toString()); + sslClientCert.getIssuerDN().toString()); CMS.debug("EnrollServlet: sslClientCert issuerDN = " + - sslClientCert.getIssuerDN().toString()); + sslClientCert.getIssuerDN().toString()); } else if (crmf != null && crmf != "") { CRMFProcessor crmfProc = new CRMFProcessor(cmsReq, this, enforcePop); @@ -1173,18 +1163,18 @@ public class EnrollServlet extends CMSServlet { req); req.setExtData(CLIENT_ISSUER, - sslClientCert.getIssuerDN().toString()); + sslClientCert.getIssuerDN().toString()); CMS.debug("EnrollServlet: sslClientCert issuerDN = " + - sslClientCert.getIssuerDN().toString()); + sslClientCert.getIssuerDN().toString()); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ") + - CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ") + + CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); // store a message in the signed audit log file // (either an "admin" cert request for an admin - // certificate, an "agent" cert request for - // "bulk enrollment", or an "EE" standard cert request) + // certificate, an "agent" cert request for + // "bulk enrollment", or an "EE" standard cert request) auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, auditSubjectID, @@ -1196,7 +1186,7 @@ public class EnrollServlet extends CMSServlet { audit(auditMessage); throw new ECMSGWException( - CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_KEYGEN_INFO")); + CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_KEYGEN_INFO")); } } else if (certauthEnrollType.equals(CERT_AUTH_SINGLE)) { @@ -1208,13 +1198,13 @@ public class EnrollServlet extends CMSServlet { this); keyGenProc.fillCertInfo(null, certInfo, - authToken, httpParams); + authToken, httpParams); } else if (pkcs10 != null) { PKCS10Processor pkcs10Proc = new PKCS10Processor(cmsReq, this); pkcs10Proc.fillCertInfo(pkcs10, certInfo, - authToken, httpParams); + authToken, httpParams); } else if (cmc != null && cmc != "") { CMCProcessor cmcProc = new CMCProcessor(cmsReq, this, enforcePop); @@ -1230,14 +1220,14 @@ public class EnrollServlet extends CMSServlet { httpParams, req); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ") + - CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ") + + CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); // store a message in the signed audit log file // (either an "admin" cert request for an admin - // certificate, an "agent" cert request for - // "bulk enrollment", or an "EE" standard cert request) + // certificate, an "agent" cert request for + // "bulk enrollment", or an "EE" standard cert request) auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, auditSubjectID, @@ -1249,10 +1239,10 @@ public class EnrollServlet extends CMSServlet { audit(auditMessage); throw new ECMSGWException( - CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_KEYGEN_INFO")); + CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_KEYGEN_INFO")); } req.setExtData(CLIENT_ISSUER, - sslClientCert.getIssuerDN().toString()); + sslClientCert.getIssuerDN().toString()); } } else if (keyGenInfo != null) { @@ -1279,14 +1269,14 @@ public class EnrollServlet extends CMSServlet { certInfoArray = crmfProc.fillCertInfoArray(crmf, authToken, httpParams, req); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ") + - CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ") + + CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); // store a message in the signed audit log file // (either an "admin" cert request for an admin certificate, - // an "agent" cert request for "bulk enrollment", or - // an "EE" standard cert request) + // an "agent" cert request for "bulk enrollment", or + // an "EE" standard cert request) auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, auditSubjectID, @@ -1300,28 +1290,26 @@ public class EnrollServlet extends CMSServlet { throw new ECMSGWException(CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_KEYGEN_INFO")); } - // if ca, fill in default signing alg here - + try { - ICertificateAuthority caSub = - (ICertificateAuthority) CMS.getSubsystem("ca"); - if (certInfoArray != null && caSub != null) { - for (int ix = 0; ix < certInfoArray.length; ix++) { - X509CertInfo ci = (X509CertInfo)certInfoArray[ix]; - String defaultSig = caSub.getDefaultAlgorithm(); - AlgorithmId algid = AlgorithmId.get(defaultSig); - ci.set(X509CertInfo.ALGORITHM_ID, - new CertificateAlgorithmId(algid)); + ICertificateAuthority caSub = + (ICertificateAuthority) CMS.getSubsystem("ca"); + if (certInfoArray != null && caSub != null) { + for (int ix = 0; ix < certInfoArray.length; ix++) { + X509CertInfo ci = (X509CertInfo) certInfoArray[ix]; + String defaultSig = caSub.getDefaultAlgorithm(); + AlgorithmId algid = AlgorithmId.get(defaultSig); + ci.set(X509CertInfo.ALGORITHM_ID, + new CertificateAlgorithmId(algid)); + } } - } } catch (Exception e) { - CMS.debug("Failed to set signing alg to certinfo " + e.toString()); + CMS.debug("Failed to set signing alg to certinfo " + e.toString()); } req.setExtData(IRequest.CERT_INFO, certInfoArray); - if (challengePassword != null && !challengePassword.equals("")) { String pwd = hashPassword(challengePassword); @@ -1330,8 +1318,8 @@ public class EnrollServlet extends CMSServlet { // store a message in the signed audit log file // (either an "admin" cert request for an admin certificate, - // an "agent" cert request for "bulk enrollment", or - // an "EE" standard cert request) + // an "agent" cert request for "bulk enrollment", or + // an "EE" standard cert request) auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, auditSubjectID, @@ -1345,8 +1333,8 @@ public class EnrollServlet extends CMSServlet { } catch (EBaseException eAudit1) { // store a message in the signed audit log file // (either an "admin" cert request for an admin certificate, - // an "agent" cert request for "bulk enrollment", or - // an "EE" standard cert request) + // an "agent" cert request for "bulk enrollment", or + // an "EE" standard cert request) auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, auditSubjectID, @@ -1365,9 +1353,9 @@ public class EnrollServlet extends CMSServlet { // ensure that any low-level exceptions are reported // to the signed audit log and stored as failures try { - // send request to request queue. + // send request to request queue. mRequestQueue.processRequest(req); - // process result. + // process result. // render OLD_CERT_TYPE's response differently, we // do not want any javascript in HTML, and need to @@ -1379,11 +1367,11 @@ public class EnrollServlet extends CMSServlet { issuedCerts = cmsReq.getIRequest().getExtDataInCertArray( - IRequest.ISSUED_CERTS); + IRequest.ISSUED_CERTS); for (int i = 0; i < issuedCerts.length; i++) { // (automated "agent" cert request processed - // - "accepted") + // - "accepted") auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, auditSubjectID, @@ -1449,27 +1437,27 @@ public class EnrollServlet extends CMSServlet { // audit log the success. long endTime = CMS.getCurrentDate().getTime(); - mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.ENROLLMENTFORMAT, - new Object[] - { req.getRequestId(), - initiative, - mAuthMgr, - "completed", - issuedCerts[0].getSubjectDN(), - "cert issued serial number: 0x" + - issuedCerts[0].getSerialNumber().toString(16) + - " time: " + - (endTime - startTime) } - ); + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.ENROLLMENTFORMAT, + new Object[] + { req.getRequestId(), + initiative, + mAuthMgr, + "completed", + issuedCerts[0].getSubjectDN(), + "cert issued serial number: 0x" + + issuedCerts[0].getSerialNumber().toString(16) + + " time: " + + (endTime - startTime) } + ); // handle initial admin enrollment if in adminEnroll mode. checkAdminEnroll(cmsReq, issuedCerts); // return cert as mime type binary if requested. if (checkImportCertToNav(cmsReq.getHttpResp(), - httpParams, issuedCerts[0])) { + httpParams, issuedCerts[0])) { cmsReq.setStatus(CMSRequest.SUCCESS); for (int i = 0; i < issuedCerts.length; i++) { @@ -1490,10 +1478,10 @@ public class EnrollServlet extends CMSServlet { // use success template. try { - cmsReq.setResult(issuedCerts); - renderTemplate(cmsReq, mEnrollSuccessTemplate, - mEnrollSuccessFiller); - cmsReq.setStatus(CMSRequest.SUCCESS); + cmsReq.setResult(issuedCerts); + renderTemplate(cmsReq, mEnrollSuccessTemplate, + mEnrollSuccessFiller); + cmsReq.setStatus(CMSRequest.SUCCESS); for (int i = 0; i < issuedCerts.length; i++) { // (automated "agent" cert request processed - "accepted") @@ -1508,10 +1496,10 @@ public class EnrollServlet extends CMSServlet { audit(auditMessage); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_TEMP_REND_ERR", - mEnrollSuccessFiller.toString(), - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_TEMP_REND_ERR", + mEnrollSuccessFiller.toString(), + e.toString())); // (automated "agent" cert request processed - "rejected") auditMessage = CMS.getLogMessage( @@ -1525,7 +1513,7 @@ public class EnrollServlet extends CMSServlet { audit(auditMessage); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_RETURNING_RESULT_ERROR")); + CMS.getUserMessage("CMS_GW_RETURNING_RESULT_ERROR")); } } catch (EBaseException eAudit1) { // store a message in the signed audit log file @@ -1547,11 +1535,11 @@ public class EnrollServlet extends CMSServlet { } /** - * check if this is first enroll from admin enroll. - * If so disable admin enroll from here on. + * check if this is first enroll from admin enroll. If so disable admin + * enroll from here on. */ protected void checkAdminEnroll(CMSRequest cmsReq, X509CertImpl[] issuedCerts) - throws EBaseException { + throws EBaseException { // this is special case, get the admin certificate if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID)) { addAdminAgent(cmsReq, issuedCerts); @@ -1559,8 +1547,8 @@ public class EnrollServlet extends CMSServlet { } } - protected void addAdminAgent(CMSRequest cmsReq, X509CertImpl[] issuedCerts) - throws EBaseException { + protected void addAdminAgent(CMSRequest cmsReq, X509CertImpl[] issuedCerts) + throws EBaseException { String userid = cmsReq.getHttpParams().getValueAsString("uid"); IUGSubsystem ug = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG); @@ -1571,13 +1559,13 @@ public class EnrollServlet extends CMSServlet { ug.addUserCert(adminuser); } catch (netscape.ldap.LDAPException e) { CMS.debug( - "EnrollServlet: Cannot add admin's certificate to its entry in the " + - "user group database. Error " + e); + "EnrollServlet: Cannot add admin's certificate to its entry in the " + + "user group database. Error " + e); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_ADDING_ADMIN_CERT_ERROR", e.toString())); + CMS.getUserMessage("CMS_GW_ADDING_ADMIN_CERT_ERROR", e.toString())); } - IGroup agentGroup = - ug.getGroupFromName(CA_AGENT_GROUP); + IGroup agentGroup = + ug.getGroupFromName(CA_AGENT_GROUP); if (agentGroup != null) { // add user to the group if necessary @@ -1585,15 +1573,15 @@ public class EnrollServlet extends CMSServlet { agentGroup.addMemberName(userid); ug.modifyGroup(agentGroup); mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP, - AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT, - new Object[] {userid, userid, CA_AGENT_GROUP} - ); + AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT, + new Object[] { userid, userid, CA_AGENT_GROUP } + ); } } else { String msg = "Cannot add admin to the " + - CA_AGENT_GROUP + - " group: Group does not exist."; + CA_AGENT_GROUP + + " group: Group does not exist."; CMS.debug("EnrollServlet: " + msg); throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_ADMIN_ERROR")); @@ -1620,7 +1608,11 @@ public class EnrollServlet extends CMSServlet { out.println("<H1>"); out.println("SUCCESS"); out.println("</H1>"); - out.println("Your request is submitted and approved. Please cut and paste the certificate into your server."); // XXX - localize the message + out.println("Your request is submitted and approved. Please cut and paste the certificate into your server."); // XXX + // - + // localize + // the + // message out.println("<P>"); out.println("Request Creation Time: "); out.println(cmsReq.getIRequest().getCreationTime().toString()); @@ -1635,24 +1627,28 @@ public class EnrollServlet extends CMSServlet { out.println("<P>"); out.println("<PRE>"); X509CertImpl certs[] = - cmsReq.getIRequest().getExtDataInCertArray(IRequest.ISSUED_CERTS); + cmsReq.getIRequest().getExtDataInCertArray(IRequest.ISSUED_CERTS); out.println(CMS.getEncodedCert(certs[0])); out.println("</PRE>"); out.println("<P>"); out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" + - cmsReq.getIRequest().getCreationTime().toString() + ">"); - out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + - cmsReq.getStatus().toString() + ">"); - out.println("<!HTTP_OUTPUT REQUEST_ID=" + - cmsReq.getIRequest().getRequestId().toString() + ">"); + cmsReq.getIRequest().getCreationTime().toString() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + + cmsReq.getStatus().toString() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_ID=" + + cmsReq.getIRequest().getRequestId().toString() + ">"); out.println("<!HTTP_OUTPUT X509_CERTIFICATE=" + - CMS.getEncodedCert(certs[0]) + ">"); + CMS.getEncodedCert(certs[0]) + ">"); } else if (cmsReq.getIRequest().getRequestStatus().equals(RequestStatus.PENDING)) { out.println("<H1>"); out.println("PENDING"); out.println("</H1>"); - out.println("Your request is submitted. You can check on the status of your request with an authorized agent or local administrator by referring to the request ID."); // XXX - localize the message + out.println("Your request is submitted. You can check on the status of your request with an authorized agent or local administrator by referring to the request ID."); // XXX + // - + // localize + // the + // message out.println("<P>"); out.println("Request Creation Time: "); out.println(cmsReq.getIRequest().getCreationTime().toString()); @@ -1664,17 +1660,21 @@ public class EnrollServlet extends CMSServlet { out.println(cmsReq.getIRequest().getRequestId().toString()); out.println("<P>"); out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" + - cmsReq.getIRequest().getCreationTime().toString() + ">"); - out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + - cmsReq.getStatus().toString() + ">"); - out.println("<!HTTP_OUTPUT REQUEST_ID=" + - cmsReq.getIRequest().getRequestId().toString() + ">"); + cmsReq.getIRequest().getCreationTime().toString() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + + cmsReq.getStatus().toString() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_ID=" + + cmsReq.getIRequest().getRequestId().toString() + ">"); } else { out.println("<H1>"); out.println("ERROR"); out.println("</H1>"); out.println("<!INFO>"); - out.println("Please consult your local administrator for assistance."); // XXX - localize the message + out.println("Please consult your local administrator for assistance."); // XXX + // - + // localize + // the + // message out.println("<!/INFO>"); out.println("<P>"); out.println("Request Status: "); @@ -1683,47 +1683,43 @@ public class EnrollServlet extends CMSServlet { out.println("Error: "); out.println(cmsReq.getError()); // XXX - need to parse in Locale out.println("<P>"); - out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + - cmsReq.getStatus().toString() + ">"); - out.println("<!HTTP_OUTPUT ERROR=" + - cmsReq.getError() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + + cmsReq.getStatus().toString() + ">"); + out.println("<!HTTP_OUTPUT ERROR=" + + cmsReq.getError() + ">"); } /** - // include all the input data - ArgBlock args = cmsReq.getHttpParams(); - Enumeration ele = args.getElements(); - while (ele.hasMoreElements()) { - String eleT = (String)ele.nextElement(); - out.println("<!HTTP_INPUT " + eleT + "=" + - args.get(eleT) + ">"); - } + * // include all the input data ArgBlock args = cmsReq.getHttpParams(); + * Enumeration ele = args.getElements(); while (ele.hasMoreElements()) { + * String eleT = (String)ele.nextElement(); out.println("<!HTTP_INPUT " + * + eleT + "=" + args.get(eleT) + ">"); } **/ out.println("</HTML>"); } - // XXX ALERT !! - // Remove the following and calls to them when we bundle a cartman - // later than alpha1. - // These are here to cover up problem in cartman where the - // key usage extension always ends up being digital signature only + // XXX ALERT !! + // Remove the following and calls to them when we bundle a cartman + // later than alpha1. + // These are here to cover up problem in cartman where the + // key usage extension always ends up being digital signature only // and for rsa-ex ends up having no bits set. private boolean mIsTestBed = false; - private void init_testbed_hack(IConfigStore config) - throws EBaseException { + private void init_testbed_hack(IConfigStore config) + throws EBaseException { mIsTestBed = config.getBoolean("isTestBed", true); } /** * Signed Audit Log Info Certificate Value - * + * * This method is called to obtain the certificate from the passed in * "X509CertImpl" for a signed audit log message. * <P> - * + * * @param x509cert an X509CertImpl * @return cert string containing the certificate */ @@ -1776,4 +1772,3 @@ public class EnrollServlet extends CMSServlet { } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetBySerial.java index a723cb52..0d11600c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetBySerial.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetBySerial.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.ByteArrayOutputStream; import java.io.IOException; import java.math.BigInteger; @@ -58,7 +57,6 @@ import com.netscape.cms.servlet.common.ECMSGWException; import com.netscape.cms.servlet.common.ICMSTemplateFiller; import com.netscape.cmsutil.crypto.CryptoUtil; - /** * Retrieve certificate by serial number. * @@ -83,10 +81,11 @@ public class GetBySerial extends CMSServlet { super(); } - /** + /** * Initialize the servlet. This servlet uses the template file - * "ImportCert.template" to import the cert to the users browser, - * if that is what the user requested + * "ImportCert.template" to import the cert to the users browser, if that is + * what the user requested + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -102,7 +101,7 @@ public class GetBySerial extends CMSServlet { } mImportTemplateFiller = new ImportCertsTemplateFiller(); - // override success and error templates to null - + // override success and error templates to null - // handle templates locally. mTemplates.remove(CMSRequest.SUCCESS); @@ -115,11 +114,11 @@ public class GetBySerial extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> - * <li>http.param serialNumber serial number of certificate in HEX + * <li>http.param serialNumber serial number of certificate in HEX * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -139,10 +138,10 @@ public class GetBySerial extends CMSServlet { mAuthzResourceName, "import"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -160,18 +159,18 @@ public class GetBySerial extends CMSServlet { serialNo = null; } if (serial == null || serialNo == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUMBER")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUMBER")); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_SERIAL_NUMBER"))); + CMS.getUserMessage("CMS_GW_INVALID_SERIAL_NUMBER"))); cmsReq.setStatus(CMSRequest.ERROR); return; } ICertRecord certRecord = (ICertRecord) getCertRecord(serialNo); if (certRecord == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CERT_SERIAL_NOT_FOUND_1", serialNo.toString(16))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CERT_SERIAL_NOT_FOUND_1", serialNo.toString(16))); cmsReq.setError(new ECMSGWException( CMS.getUserMessage("CMS_GW_CERT_SERIAL_NOT_FOUND", "0x" + serialNo.toString(16)))); cmsReq.setStatus(CMSRequest.ERROR); @@ -181,37 +180,37 @@ public class GetBySerial extends CMSServlet { // if RA, needs requestOwner to match // first, find the user's group if (authToken != null) { - String group = authToken.getInString("group"); - - if ((group != null) && (group != "")) { - CMS.debug("GetBySerial process: auth group="+group); - if (group.equals("Registration Manager Agents")) { - boolean groupMatched = false; - // find the cert record's orig. requestor's group - MetaInfo metai = certRecord.getMetaInfo(); - if (metai != null) { - String reqId = (String) metai.get(ICertRecord.META_REQUEST_ID); - RequestId rid = new RequestId(reqId); - IRequest creq = mReqQ.findRequest(rid); - if (creq != null) { - String reqOwner = creq.getRequestOwner(); - if (reqOwner != null) { - CMS.debug("GetBySerial process: req owner="+reqOwner); - if (reqOwner.equals(group)) - groupMatched = true; - } + String group = authToken.getInString("group"); + + if ((group != null) && (group != "")) { + CMS.debug("GetBySerial process: auth group=" + group); + if (group.equals("Registration Manager Agents")) { + boolean groupMatched = false; + // find the cert record's orig. requestor's group + MetaInfo metai = certRecord.getMetaInfo(); + if (metai != null) { + String reqId = (String) metai.get(ICertRecord.META_REQUEST_ID); + RequestId rid = new RequestId(reqId); + IRequest creq = mReqQ.findRequest(rid); + if (creq != null) { + String reqOwner = creq.getRequestOwner(); + if (reqOwner != null) { + CMS.debug("GetBySerial process: req owner=" + reqOwner); + if (reqOwner.equals(group)) + groupMatched = true; + } + } + } + if (groupMatched == false) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CERT_SERIAL_NOT_FOUND_1", serialNo.toString(16))); + cmsReq.setError(new ECMSGWException( + CMS.getUserMessage("CMS_GW_CERT_SERIAL_NOT_FOUND", "0x" + serialNo.toString(16)))); + cmsReq.setStatus(CMSRequest.ERROR); + return; + } } - } - if (groupMatched == false) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CERT_SERIAL_NOT_FOUND_1", serialNo.toString(16))); - cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_CERT_SERIAL_NOT_FOUND", "0x" + serialNo.toString(16)))); - cmsReq.setStatus(CMSRequest.ERROR); - return; - } } - } } X509CertImpl cert = certRecord.getCertificate(); @@ -224,7 +223,7 @@ public class GetBySerial extends CMSServlet { IArgBlock ctx = CMS.createArgBlock(); Locale[] locale = new Locale[1]; CMSTemplateParams argSet = new CMSTemplateParams(header, ctx); - ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca"); + ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca"); CertificateChain cachain = ca.getCACertChain(); X509Certificate[] cacerts = cachain.getChain(); X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1]; @@ -236,7 +235,7 @@ public class GetBySerial extends CMSServlet { userChain[0] = cert; PKCS7 p7 = new PKCS7(new AlgorithmId[0], - new ContentInfo(new byte[0]), userChain, new SignerInfo[0]); + new ContentInfo(new byte[0]), userChain, new SignerInfo[0]); ByteArrayOutputStream bos = new ByteArrayOutputStream(); try { @@ -246,7 +245,7 @@ public class GetBySerial extends CMSServlet { byte[] p7Bytes = bos.toByteArray(); String p7Str = CMS.BtoA(p7Bytes); - + header.addStringValue("pkcs7", CryptoUtil.normalizeCertStr(p7Str)); try { CMSTemplate form = getTemplate(mIETemplate, req, locale); @@ -256,16 +255,16 @@ public class GetBySerial extends CMSServlet { form.renderOutput(out, argSet); return; } catch (Exception ee) { - CMS.debug("GetBySerial process: Exception="+ee.toString()); + CMS.debug("GetBySerial process: Exception=" + ee.toString()); } - } //browser is IE - + } // browser is IE + MetaInfo metai = certRecord.getMetaInfo(); String crmfReqId = null; if (metai != null) { crmfReqId = (String) metai.get(ICertRecord.META_CRMF_REQID); - if (crmfReqId != null) + if (crmfReqId != null) cmsReq.setResult(IRequest.CRMF_REQID, crmfReqId); } @@ -283,7 +282,7 @@ public class GetBySerial extends CMSServlet { cmsReq.setStatus(CMSRequest.SUCCESS); // XXX follow request in cert record to set certtype, which will - // import cert only if it's client. For now assume "client" if + // import cert only if it's client. For now assume "client" if // someone clicked to import this cert. cmsReq.getHttpParams().set("certType", "client"); @@ -294,8 +293,7 @@ public class GetBySerial extends CMSServlet { throw new ECMSGWException(CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } - + return; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCAChain.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCAChain.java index b765a2cb..c0029d9c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCAChain.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCAChain.java @@ -15,10 +15,9 @@ // (C) 2007 Red Hat, Inc. // All rights reserved. // --- END COPYRIGHT BLOCK --- - package com.netscape.cms.servlet.cert; +package com.netscape.cms.servlet.cert; - - import java.io.ByteArrayOutputStream; +import java.io.ByteArrayOutputStream; import java.io.IOException; import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; @@ -49,236 +48,237 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - - /** - * Retrieve the Certificates comprising the CA Chain for this CA. - * - * @version $Revision$, $Date$ - */ - public class GetCAChain extends CMSServlet { - /** +/** + * Retrieve the Certificates comprising the CA Chain for this CA. + * + * @version $Revision$, $Date$ + */ +public class GetCAChain extends CMSServlet { + /** * */ - private static final long serialVersionUID = -8189048155415074581L; - private final static String TPL_FILE = "displayCaCert.template"; - private String mFormPath = null; - - public GetCAChain() { - super(); - } - - /** - * initialize the servlet. - * @param sc servlet configuration, read from the web.xml file - */ - public void init(ServletConfig sc) throws ServletException { - super.init(sc); - - // override success to display own output. - mTemplates.remove(CMSRequest.SUCCESS); - // coming from ee - mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; - } - - /** - * Process the HTTP request. - * <ul> - * <li>http.param op 'downloadBIN' - return the binary certificate chain - * <li>http.param op 'displayIND' - display pretty-print of certificate chain components - * </ul> - * @param cmsReq the object holding the request and response information - */ - protected void process(CMSRequest cmsReq) - throws EBaseException { - HttpServletRequest httpReq = cmsReq.getHttpReq(); - HttpServletResponse httpResp = cmsReq.getHttpResp(); - - IAuthToken authToken = authenticate(cmsReq); - - // Construct an ArgBlock - IArgBlock args = cmsReq.getHttpParams(); - - // Get the operation code - String op = null; - - op = args.getValueAsString("op", null); - if (op == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_OPTIONS_SELECTED")); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_NO_OPTIONS_SELECTED")); - } - - cmsReq.setStatus(CMSRequest.SUCCESS); - - AuthzToken authzToken = null; - - if (op.startsWith("download")) { - try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "download"); - } catch (EAuthzAccessDenied e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } - - if (authzToken == null) { - cmsReq.setStatus(CMSRequest.UNAUTHORIZED); - return; - } - - downloadChain(op, args, httpReq, httpResp, cmsReq); - } else if (op.startsWith("display")) { - try { - authzToken = mAuthz.authorize(mAclMethod, authToken, - mAuthzResourceName, "read"); - } catch (EAuthzAccessDenied e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } - - if (authzToken == null) { - cmsReq.setStatus(CMSRequest.UNAUTHORIZED); - return; - } - - displayChain(op, args, httpReq, httpResp, cmsReq); - } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_OPTIONS_CA_CHAIN")); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_OPTIONS_SELECTED")); - } - // cmsReq.setResult(null); - return; - } - - private void downloadChain(String op, - IArgBlock args, - HttpServletRequest httpReq, - HttpServletResponse httpResp, - CMSRequest cmsReq) - throws EBaseException { - - /* check browser info ? */ - - /* check if pkcs7 will work for both nav and ie */ - - byte[] bytes = null; - - /* - * Some IE actions - IE doesn't want PKCS7 for "download" CA Cert. - * This means that we can only hand out the root CA, and not - * the whole chain. - */ - - if (clientIsMSIE(httpReq) && (op.equals("download") || op.equals("downloadBIN"))) { - X509Certificate[] caCerts = - ((ICertAuthority) mAuthority).getCACertChain().getChain(); - - try { - bytes = caCerts[0].getEncoded(); - } catch (CertificateEncodingException e) { - cmsReq.setStatus(CMSRequest.ERROR); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_GETTING_CACERT_ENCODED", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_GETTING_CA_CERT_ERROR")); - } - } else { - CertificateChain certChain = - ((ICertAuthority) mAuthority).getCACertChain(); - - if (certChain == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_CHAIN_EMPTY")); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CA_CHAIN_EMPTY")); - } - - try { - ByteArrayOutputStream encoded = new ByteArrayOutputStream(); - - certChain.encode(encoded, false); - bytes = encoded.toByteArray(); - } catch (IOException e) { - cmsReq.setStatus(CMSRequest.ERROR); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_ENCODING_CA_CHAIN_1", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR")); - } - } - - String mimeType = null; - - if (op.equals("downloadBIN")) { - mimeType = "application/octet-stream"; - } else { - try { - mimeType = args.getValueAsString("mimeType"); - } catch (EBaseException e) { - mimeType = "application/octet-stream"; - } - } - - try { - if (op.equals("downloadBIN")) { - // file suffixes changed to comply with RFC 5280 - // requirements for AIA extensions - if (clientIsMSIE(httpReq)) { - httpResp.setHeader("Content-disposition", - "attachment; filename=ca.cer"); - } else { - httpResp.setHeader("Content-disposition", - "attachment; filename=ca.p7c"); - } - } - httpResp.setContentType(mimeType); - httpResp.getOutputStream().write(bytes); - httpResp.setContentLength(bytes.length); - httpResp.getOutputStream().flush(); - } catch (IOException e) { - cmsReq.setStatus(CMSRequest.ERROR); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_DISPLAYING_CACHAIN_1", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAYING_CACHAIN_ERROR")); - } - } - - private void displayChain(String op, - IArgBlock args, - HttpServletRequest httpReq, - HttpServletResponse httpResp, - CMSRequest cmsReq) - throws EBaseException { - String outputString = null; - - CertificateChain certChain = - ((ICertAuthority) mAuthority).getCACertChain(); - - if (certChain == null) { - cmsReq.setStatus(CMSRequest.ERROR); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_CHAIN_NOT_AVAILABLE")); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CA_CHAIN_NOT_AVAILABLE")); - } - - CMSTemplate form = null; - Locale[] locale = new Locale[1]; - - if (mOutputTemplatePath != null) - mFormPath = mOutputTemplatePath; + private static final long serialVersionUID = -8189048155415074581L; + private final static String TPL_FILE = "displayCaCert.template"; + private String mFormPath = null; + + public GetCAChain() { + super(); + } + + /** + * initialize the servlet. + * + * @param sc servlet configuration, read from the web.xml file + */ + public void init(ServletConfig sc) throws ServletException { + super.init(sc); + + // override success to display own output. + mTemplates.remove(CMSRequest.SUCCESS); + // coming from ee + mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; + } + + /** + * Process the HTTP request. + * <ul> + * <li>http.param op 'downloadBIN' - return the binary certificate chain + * <li>http.param op 'displayIND' - display pretty-print of certificate + * chain components + * </ul> + * + * @param cmsReq the object holding the request and response information + */ + protected void process(CMSRequest cmsReq) + throws EBaseException { + HttpServletRequest httpReq = cmsReq.getHttpReq(); + HttpServletResponse httpResp = cmsReq.getHttpResp(); + + IAuthToken authToken = authenticate(cmsReq); + + // Construct an ArgBlock + IArgBlock args = cmsReq.getHttpParams(); + + // Get the operation code + String op = null; + + op = args.getValueAsString("op", null); + if (op == null) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_OPTIONS_SELECTED")); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_NO_OPTIONS_SELECTED")); + } + + cmsReq.setStatus(CMSRequest.SUCCESS); + + AuthzToken authzToken = null; + + if (op.startsWith("download")) { + try { + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "download"); + } catch (EAuthzAccessDenied e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + } catch (Exception e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + } + + if (authzToken == null) { + cmsReq.setStatus(CMSRequest.UNAUTHORIZED); + return; + } + + downloadChain(op, args, httpReq, httpResp, cmsReq); + } else if (op.startsWith("display")) { + try { + authzToken = mAuthz.authorize(mAclMethod, authToken, + mAuthzResourceName, "read"); + } catch (EAuthzAccessDenied e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + } catch (Exception e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + } + + if (authzToken == null) { + cmsReq.setStatus(CMSRequest.UNAUTHORIZED); + return; + } + + displayChain(op, args, httpReq, httpResp, cmsReq); + } else { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_INVALID_OPTIONS_CA_CHAIN")); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_INVALID_OPTIONS_SELECTED")); + } + // cmsReq.setResult(null); + return; + } + + private void downloadChain(String op, + IArgBlock args, + HttpServletRequest httpReq, + HttpServletResponse httpResp, + CMSRequest cmsReq) + throws EBaseException { + + /* check browser info ? */ + + /* check if pkcs7 will work for both nav and ie */ + + byte[] bytes = null; + + /* + * Some IE actions - IE doesn't want PKCS7 for "download" CA Cert. This + * means that we can only hand out the root CA, and not the whole chain. + */ + + if (clientIsMSIE(httpReq) && (op.equals("download") || op.equals("downloadBIN"))) { + X509Certificate[] caCerts = + ((ICertAuthority) mAuthority).getCACertChain().getChain(); + + try { + bytes = caCerts[0].getEncoded(); + } catch (CertificateEncodingException e) { + cmsReq.setStatus(CMSRequest.ERROR); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_GETTING_CACERT_ENCODED", e.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_GETTING_CA_CERT_ERROR")); + } + } else { + CertificateChain certChain = + ((ICertAuthority) mAuthority).getCACertChain(); + + if (certChain == null) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_CHAIN_EMPTY")); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_CA_CHAIN_EMPTY")); + } + + try { + ByteArrayOutputStream encoded = new ByteArrayOutputStream(); + + certChain.encode(encoded, false); + bytes = encoded.toByteArray(); + } catch (IOException e) { + cmsReq.setStatus(CMSRequest.ERROR); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_ENCODING_CA_CHAIN_1", e.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR")); + } + } + + String mimeType = null; + + if (op.equals("downloadBIN")) { + mimeType = "application/octet-stream"; + } else { + try { + mimeType = args.getValueAsString("mimeType"); + } catch (EBaseException e) { + mimeType = "application/octet-stream"; + } + } + + try { + if (op.equals("downloadBIN")) { + // file suffixes changed to comply with RFC 5280 + // requirements for AIA extensions + if (clientIsMSIE(httpReq)) { + httpResp.setHeader("Content-disposition", + "attachment; filename=ca.cer"); + } else { + httpResp.setHeader("Content-disposition", + "attachment; filename=ca.p7c"); + } + } + httpResp.setContentType(mimeType); + httpResp.getOutputStream().write(bytes); + httpResp.setContentLength(bytes.length); + httpResp.getOutputStream().flush(); + } catch (IOException e) { + cmsReq.setStatus(CMSRequest.ERROR); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_DISPLAYING_CACHAIN_1", e.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAYING_CACHAIN_ERROR")); + } + } + + private void displayChain(String op, + IArgBlock args, + HttpServletRequest httpReq, + HttpServletResponse httpResp, + CMSRequest cmsReq) + throws EBaseException { + String outputString = null; + + CertificateChain certChain = + ((ICertAuthority) mAuthority).getCACertChain(); + + if (certChain == null) { + cmsReq.setStatus(CMSRequest.ERROR); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_CHAIN_NOT_AVAILABLE")); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_CA_CHAIN_NOT_AVAILABLE")); + } + + CMSTemplate form = null; + Locale[] locale = new Locale[1]; + + if (mOutputTemplatePath != null) + mFormPath = mOutputTemplatePath; try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -306,7 +306,7 @@ import com.netscape.cms.servlet.common.ECMSGWException; byte[] bytes = null; try { - subjectdn = + subjectdn = certChain.getFirstCertificate().getSubjectDN().toString(); ByteArrayOutputStream encoded = new ByteArrayOutputStream(); @@ -315,14 +315,14 @@ import com.netscape.cms.servlet.common.ECMSGWException; } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_ENCODING_CA_CHAIN_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR")); + CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR")); } String chainBase64 = getBase64(bytes); header.addStringValue("subjectdn", subjectdn); header.addStringValue("chainBase64", chainBase64); - } else { + } else { try { X509Certificate[] certs = certChain.getChain(); @@ -339,13 +339,13 @@ import com.netscape.cms.servlet.common.ECMSGWException; String subjectdn = certs[i].getSubjectDN().toString(); String finger = null; try { - finger = CMS.getFingerPrints(certs[i]); + finger = CMS.getFingerPrints(certs[i]); } catch (Exception e) { throw new IOException("Internal Error"); } - ICertPrettyPrint certDetails = - CMS.getCertPrettyPrint((X509CertImpl) certs[i]); + ICertPrettyPrint certDetails = + CMS.getCertPrettyPrint((X509CertImpl) certs[i]); IArgBlock rarg = CMS.createArgBlock(); @@ -353,14 +353,14 @@ import com.netscape.cms.servlet.common.ECMSGWException; rarg.addStringValue("subjectdn", subjectdn); rarg.addStringValue("base64", getBase64(bytes)); rarg.addStringValue("certDetails", - certDetails.toString(locale[0])); + certDetails.toString(locale[0])); argSet.addRepeatRecord(rarg); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_DISPLAYING_CACHAIN_1", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_DISPLAYING_CACHAIN_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAYING_CACHAIN_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAYING_CACHAIN_ERROR")); } } @@ -371,10 +371,10 @@ import com.netscape.cms.servlet.common.ECMSGWException; form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java index 2bbec482..68d38aab 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.math.BigInteger; import java.security.cert.CRLException; @@ -48,10 +47,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Retrieve CRL for a Certificate Authority - * + * * @version $Revision$, $Date$ */ public class GetCRL extends CMSServlet { @@ -68,6 +66,7 @@ public class GetCRL extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -79,15 +78,14 @@ public class GetCRL extends CMSServlet { mFormPath = mOutputTemplatePath; } - /** - * Process the HTTP request. - * + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information - * @see DisplayCRL#process + * @see DisplayCRL#process */ protected void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -100,10 +98,10 @@ public class GetCRL extends CMSServlet { mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -117,7 +115,7 @@ public class GetCRL extends CMSServlet { if (!(mAuthority instanceof ICertificateAuthority)) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP")); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED"))); + CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -125,14 +123,14 @@ public class GetCRL extends CMSServlet { CMSTemplate form = null; Locale[] locale = new Locale[1]; -CMS.debug("**** mFormPath before getTemplate = "+mFormPath); + CMS.debug("**** mFormPath before getTemplate = " + mFormPath); try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -150,14 +148,14 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); if (op == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_OPTIONS_SELECTED")); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_NO_OPTIONS_SELECTED"))); + CMS.getUserMessage("CMS_GW_NO_OPTIONS_SELECTED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } if (crlId == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT")); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_NO_CRL_SELECTED"))); + CMS.getUserMessage("CMS_GW_NO_CRL_SELECTED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -165,23 +163,24 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); ICRLIssuingPointRecord crlRecord = null; ICertificateAuthority ca = (ICertificateAuthority) mAuthority; ICRLIssuingPoint crlIP = null; - if (ca != null) crlIP = ca.getCRLIssuingPoint(crlId); + if (ca != null) + crlIP = ca.getCRLIssuingPoint(crlId); try { crlRecord = (ICRLIssuingPointRecord) ca.getCRLRepository().readCRLIssuingPointRecord(crlId); } catch (EBaseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT_FOUND", crlId)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT_FOUND", crlId)); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRL_NOT_FOUND"))); + CMS.getUserMessage("CMS_GW_CRL_NOT_FOUND"))); cmsReq.setStatus(CMSRequest.ERROR); return; } if (crlRecord == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlId)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlId)); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRL_NOT_UPDATED"))); + CMS.getUserMessage("CMS_GW_CRL_NOT_UPDATED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -201,12 +200,12 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); } if ((op.equals("checkCRLcache") || - (op.equals("displayCRL") && crlDisplayType != null && crlDisplayType.equals("cachedCRL"))) && - (crlIP == null || (!crlIP.isCRLCacheEnabled()) || crlIP.isCRLCacheEmpty())) { + (op.equals("displayCRL") && crlDisplayType != null && crlDisplayType.equals("cachedCRL"))) && + (crlIP == null || (!crlIP.isCRLCacheEnabled()) || crlIP.isCRLCacheEmpty())) { cmsReq.setError( - CMS.getUserMessage( - ((crlIP != null && crlIP.isCRLCacheEnabled() && crlIP.isCRLCacheEmpty())? - "CMS_GW_CRL_CACHE_IS_EMPTY":"CMS_GW_CRL_CACHE_IS_NOT_ENABLED"), crlId)); + CMS.getUserMessage( + ((crlIP != null && crlIP.isCRLCacheEnabled() && crlIP.isCRLCacheEmpty()) ? + "CMS_GW_CRL_CACHE_IS_EMPTY" : "CMS_GW_CRL_CACHE_IS_NOT_ENABLED"), crlId)); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -214,26 +213,26 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); byte[] crlbytes = null; if (op.equals("importDeltaCRL") || op.equals("getDeltaCRL") || - (op.equals("displayCRL") && crlDisplayType != null && - crlDisplayType.equals("deltaCRL"))) { + (op.equals("displayCRL") && crlDisplayType != null && + crlDisplayType.equals("deltaCRL"))) { crlbytes = crlRecord.getDeltaCRL(); } else if (op.equals("importCRL") || op.equals("getCRL") || op.equals("checkCRL") || (op.equals("displayCRL") && - crlDisplayType != null && + crlDisplayType != null && (crlDisplayType.equals("entireCRL") || - crlDisplayType.equals("crlHeader") || + crlDisplayType.equals("crlHeader") || crlDisplayType.equals("base64Encoded")))) { crlbytes = crlRecord.getCRL(); - } + } if (crlbytes == null && (!op.equals("checkCRLcache")) && - (!(op.equals("displayCRL") && crlDisplayType != null && - crlDisplayType.equals("cachedCRL")))) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlId)); + (!(op.equals("displayCRL") && crlDisplayType != null && + crlDisplayType.equals("cachedCRL")))) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlId)); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRL_NOT_UPDATED"))); + CMS.getUserMessage("CMS_GW_CRL_NOT_UPDATED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -242,15 +241,15 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); X509CRLImpl crl = null; if (op.equals("checkCRL") || op.equals("importCRL") || - op.equals("importDeltaCRL") || - (op.equals("displayCRL") && crlDisplayType != null && - (crlDisplayType.equals("entireCRL") || - crlDisplayType.equals("crlHeader") || - crlDisplayType.equals("base64Encoded") || - crlDisplayType.equals("deltaCRL")))) { + op.equals("importDeltaCRL") || + (op.equals("displayCRL") && crlDisplayType != null && + (crlDisplayType.equals("entireCRL") || + crlDisplayType.equals("crlHeader") || + crlDisplayType.equals("base64Encoded") || + crlDisplayType.equals("deltaCRL")))) { try { if (op.equals("displayCRL") && crlDisplayType != null && - crlDisplayType.equals("crlHeader")) { + crlDisplayType.equals("crlHeader")) { crl = new X509CRLImpl(crlbytes, false); } else { crl = new X509CRLImpl(crlbytes); @@ -258,25 +257,25 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); } catch (Exception e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_FAILED_DECODE_CRL_1", e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DECODE_CRL_FAILED"))); + CMS.getUserMessage("CMS_GW_DECODE_CRL_FAILED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } if ((op.equals("importDeltaCRL") || (op.equals("displayCRL") && - crlDisplayType != null && crlDisplayType.equals("deltaCRL"))) && - ((!(crlIP != null && crlIP.isThisCurrentDeltaCRL(crl))) && - (crlRecord.getCRLNumber() == null || - crlRecord.getDeltaCRLNumber() == null || - crlRecord.getDeltaCRLNumber().compareTo(crlRecord.getCRLNumber()) < 0 || - crlRecord.getDeltaCRLSize() == null || + crlDisplayType != null && crlDisplayType.equals("deltaCRL"))) && + ((!(crlIP != null && crlIP.isThisCurrentDeltaCRL(crl))) && + (crlRecord.getCRLNumber() == null || + crlRecord.getDeltaCRLNumber() == null || + crlRecord.getDeltaCRLNumber().compareTo(crlRecord.getCRLNumber()) < 0 || + crlRecord.getDeltaCRLSize() == null || crlRecord.getDeltaCRLSize().longValue() == -1))) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_NO_DELTA_CRL_1")); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRL_NOT_UPDATED"))); + CMS.getUserMessage("CMS_GW_CRL_NOT_UPDATED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } - } + } String mimeType = "application/x-pkcs7-crl"; @@ -300,13 +299,13 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); if (op.equals("checkCRL")) { header.addBooleanValue("isOnCRL", - crl.isRevoked(new BigInteger(certSerialNumber))); + crl.isRevoked(new BigInteger(certSerialNumber))); } if (op.equals("displayCRL")) { if (crlDisplayType.equals("entireCRL") || crlDisplayType.equals("cachedCRL")) { - ICRLPrettyPrint crlDetails = (crlDisplayType.equals("entireCRL"))? - CMS.getCRLPrettyPrint(crl): + ICRLPrettyPrint crlDetails = (crlDisplayType.equals("entireCRL")) ? + CMS.getCRLPrettyPrint(crl) : CMS.getCRLCachePrettyPrint(crlIP); String pageStart = args.getValueAsString("pageStart", null); String pageSize = args.getValueAsString("pageSize", null); @@ -315,22 +314,23 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); long lPageStart = new Long(pageStart).longValue(); long lPageSize = new Long(pageSize).longValue(); - if (lPageStart < 1) lPageStart = 1; + if (lPageStart < 1) + lPageStart = 1; header.addStringValue("crlPrettyPrint", crlDetails.toString(locale[0], - lCRLSize, lPageStart, lPageSize)); + lCRLSize, lPageStart, lPageSize)); header.addLongValue("pageStart", lPageStart); header.addLongValue("pageSize", lPageSize); } else { header.addStringValue( - "crlPrettyPrint", crlDetails.toString(locale[0])); + "crlPrettyPrint", crlDetails.toString(locale[0])); } } else if (crlDisplayType.equals("crlHeader")) { ICRLPrettyPrint crlDetails = CMS.getCRLPrettyPrint(crl); header.addStringValue( - "crlPrettyPrint", crlDetails.toString(locale[0], lCRLSize, 0, 0)); + "crlPrettyPrint", crlDetails.toString(locale[0], lCRLSize, 0, 0)); } else if (crlDisplayType.equals("base64Encoded")) { try { byte[] ba = crl.getEncoded(); @@ -365,12 +365,12 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); } } else if (crlDisplayType.equals("deltaCRL")) { header.addIntegerValue("deltaCRLSize", - crl.getNumberOfRevokedCertificates()); + crl.getNumberOfRevokedCertificates()); ICRLPrettyPrint crlDetails = CMS.getCRLPrettyPrint(crl); header.addStringValue( - "crlPrettyPrint", crlDetails.toString(locale[0], 0, 0, 0)); + "crlPrettyPrint", crlDetails.toString(locale[0], 0, 0, 0)); try { byte[] ba = crl.getEncoded(); @@ -413,10 +413,10 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); } return; @@ -428,21 +428,21 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); } else if (op.equals("getCRL")) { mimeType = "application/octet-stream"; httpResp.setHeader("Content-disposition", - "attachment; filename=" + crlId + ".crl"); + "attachment; filename=" + crlId + ".crl"); } else if (op.equals("getDeltaCRL")) { mimeType = "application/octet-stream"; httpResp.setHeader("Content-disposition", - "attachment; filename=delta-" + crlId + ".crl"); + "attachment; filename=delta-" + crlId + ".crl"); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_OPTIONS_SELECTED")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_OPTIONS_SELECTED")); + CMS.getUserMessage("CMS_GW_INVALID_OPTIONS_SELECTED")); } try { - // if (clientIsMSIE(httpReq) && op.equals("getCRL")) - // httpResp.setHeader("Content-disposition", - // "attachment; filename=getCRL.crl"); + // if (clientIsMSIE(httpReq) && op.equals("getCRL")) + // httpResp.setHeader("Content-disposition", + // "attachment; filename=getCRL.crl"); httpResp.setContentType(mimeType); httpResp.setContentLength(bytes.length); httpResp.getOutputStream().write(bytes); @@ -450,9 +450,9 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_DISPLAYING_CRLINFO")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAYING_CRLINFO_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAYING_CRLINFO_ERROR")); } - // cmsReq.setResult(null); + // cmsReq.setResult(null); cmsReq.setStatus(CMSRequest.SUCCESS); return; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java index 5909bc4b..3ea9d02b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.util.Locale; @@ -52,10 +51,9 @@ import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; import com.netscape.cms.servlet.common.ICMSTemplateFiller; - /** - * Gets a issued certificate from a request id. - * + * Gets a issued certificate from a request id. + * * @version $Revision$, $Date$ */ public class GetCertFromRequest extends CMSServlet { @@ -64,27 +62,26 @@ public class GetCertFromRequest extends CMSServlet { */ private static final long serialVersionUID = 5310646832256611066L; private final static String PROP_IMPORT = "importCert"; - protected static final String - GET_CERT_FROM_REQUEST_TEMPLATE = "ImportCert.template"; - protected static final String - DISPLAY_CERT_FROM_REQUEST_TEMPLATE = "displayCertFromRequest.template"; + protected static final String GET_CERT_FROM_REQUEST_TEMPLATE = "ImportCert.template"; + protected static final String DISPLAY_CERT_FROM_REQUEST_TEMPLATE = "displayCertFromRequest.template"; protected static final String REQUEST_ID = "requestId"; protected static final String CERT_TYPE = "certtype"; - protected String mCertFrReqSuccessTemplate = null; + protected String mCertFrReqSuccessTemplate = null; protected ICMSTemplateFiller mCertFrReqFiller = null; protected IRequestQueue mQueue = null; protected boolean mImportCert = true; - public GetCertFromRequest() { + public GetCertFromRequest() { super(); } /** * initialize the servlet. This servlet uses the template files - * "displayCertFromRequest.template" and "ImportCert.template" + * "displayCertFromRequest.template" and "ImportCert.template" + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -102,23 +99,23 @@ public class GetCertFromRequest extends CMSServlet { if (mImportCert) defTemplate = GET_CERT_FROM_REQUEST_TEMPLATE; - else + else defTemplate = DISPLAY_CERT_FROM_REQUEST_TEMPLATE; if (mAuthority instanceof IRegistrationAuthority) defTemplate = "/ra/" + defTemplate; - else + else defTemplate = "/ca/" + defTemplate; mCertFrReqSuccessTemplate = sc.getInitParameter( PROP_SUCCESS_TEMPLATE); if (mCertFrReqSuccessTemplate == null) mCertFrReqSuccessTemplate = defTemplate; String fillername = - sc.getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER); + sc.getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER); if (fillername != null) { ICMSTemplateFiller filler = newFillerObject(fillername); - if (filler != null) + if (filler != null) mCertFrReqFiller = filler; } else { mCertFrReqFiller = new CertFrRequestFiller(); @@ -126,22 +123,21 @@ public class GetCertFromRequest extends CMSServlet { } catch (Exception e) { // should never happen. log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(), - mId)); + CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(), + mId)); } } - /** - * Process the HTTP request. + * Process the HTTP request. * <ul> - * <li>http.param requestId The request ID to search on + * <li>http.param requestId The request ID to search on * </ul> - * + * * @param cmsReq the object holding the request and response information */ - protected void process(CMSRequest cmsReq) - throws EBaseException { + protected void process(CMSRequest cmsReq) + throws EBaseException { IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest httpReq = cmsReq.getHttpReq(); @@ -154,10 +150,10 @@ public class GetCertFromRequest extends CMSServlet { mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -165,7 +161,7 @@ public class GetCertFromRequest extends CMSServlet { return; } - String requestId = httpParams.getValueAsString(REQUEST_ID, null); + String requestId = httpParams.getValueAsString(REQUEST_ID, null); if (requestId == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_REQUEST_ID_PROVIDED")); @@ -185,51 +181,51 @@ public class GetCertFromRequest extends CMSServlet { if (r == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REQUEST_ID_NOT_FOUND", requestId)); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_REQUEST_ID_NOT_FOUND", requestId)); + CMS.getUserMessage("CMS_GW_REQUEST_ID_NOT_FOUND", requestId)); } if (authToken != null) { - //if RA, group and requestOwner must match - String group = authToken.getInString("group"); - if ((group != null) && (group != "") && - group.equals("Registration Manager Agents")) { - boolean groupMatched = false; - String reqOwner = r.getRequestOwner(); - if (reqOwner != null) { - CMS.debug("GetCertFromRequest process: req owner="+reqOwner); - if (reqOwner.equals(group)) - groupMatched = true; - } - if (groupMatched == false) { - CMS.debug("RA group unmatched"); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REQUEST_ID_NOT_FOUND", requestId)); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_REQUEST_ID_NOT_FOUND", requestId)); + // if RA, group and requestOwner must match + String group = authToken.getInString("group"); + if ((group != null) && (group != "") && + group.equals("Registration Manager Agents")) { + boolean groupMatched = false; + String reqOwner = r.getRequestOwner(); + if (reqOwner != null) { + CMS.debug("GetCertFromRequest process: req owner=" + reqOwner); + if (reqOwner.equals(group)) + groupMatched = true; + } + if (groupMatched == false) { + CMS.debug("RA group unmatched"); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REQUEST_ID_NOT_FOUND", requestId)); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_REQUEST_ID_NOT_FOUND", requestId)); + } } - } } if (!((r.getRequestType().equals(IRequest.ENROLLMENT_REQUEST)) || (r.getRequestType().equals(IRequest.RENEWAL_REQUEST)))) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_REQUEST_NOT_ENROLLMENT_1", requestId)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_REQUEST_NOT_ENROLLMENT_1", requestId)); throw new ECMSGWException( CMS.getUserMessage("CMS_GW_REQUEST_NOT_ENROLLMENT", requestId)); } RequestStatus status = r.getRequestStatus(); if (!status.equals(RequestStatus.COMPLETE)) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_REQUEST_NOT_COMPLETED_1", requestId)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_REQUEST_NOT_COMPLETED_1", requestId)); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_REQUEST_NOT_COMPLETED", requestId)); + CMS.getUserMessage("CMS_GW_REQUEST_NOT_COMPLETED", requestId)); } Integer result = r.getExtDataInInteger(IRequest.RESULT); if (result != null && !result.equals(IRequest.RES_SUCCESS)) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_REQUEST_HAD_ERROR_1", requestId)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_REQUEST_HAD_ERROR_1", requestId)); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_REQUEST_HAD_ERROR", requestId)); + CMS.getUserMessage("CMS_GW_REQUEST_HAD_ERROR", requestId)); } Object o = r.getExtDataInCertArray(IRequest.ISSUED_CERTS); @@ -242,19 +238,19 @@ public class GetCertFromRequest extends CMSServlet { o = certs; } if (o == null || !(o instanceof X509CertImpl[])) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_REQUEST_HAD_NO_CERTS_1", requestId)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_REQUEST_HAD_NO_CERTS_1", requestId)); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_REQUEST_HAD_NO_CERTS", requestId)); + CMS.getUserMessage("CMS_GW_REQUEST_HAD_NO_CERTS", requestId)); } if (o instanceof X509CertImpl[]) { X509CertImpl[] certs = (X509CertImpl[]) o; if (certs == null || certs.length == 0 || certs[0] == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_REQUEST_HAD_NO_CERTS_1", requestId)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_REQUEST_HAD_NO_CERTS_1", requestId)); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_REQUEST_HAD_NO_CERTS", requestId)); + CMS.getUserMessage("CMS_GW_REQUEST_HAD_NO_CERTS", requestId)); } // for importsCert to get the crmf_reqid. @@ -263,7 +259,7 @@ public class GetCertFromRequest extends CMSServlet { cmsReq.setStatus(CMSRequest.SUCCESS); if (mImportCert && - checkImportCertToNav(cmsReq.getHttpResp(), httpParams, certs[0])) { + checkImportCertToNav(cmsReq.getHttpResp(), httpParams, certs[0])) { return; } try { @@ -271,26 +267,25 @@ public class GetCertFromRequest extends CMSServlet { renderTemplate(cmsReq, mCertFrReqSuccessTemplate, mCertFrReqFiller); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGE_ERROR_DISPLAY_TEMPLATE_1", - mCertFrReqSuccessTemplate, e.toString())); + CMS.getLogMessage("CMSGE_ERROR_DISPLAY_TEMPLATE_1", + mCertFrReqSuccessTemplate, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } return; } } - class CertFrRequestFiller extends ImportCertsTemplateFiller { public CertFrRequestFiller() { } public CMSTemplateParams getTemplateParams( - CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) - throws Exception { - CMSTemplateParams tparams = - super.getTemplateParams(cmsReq, authority, locale, e); + CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) + throws Exception { + CMSTemplateParams tparams = + super.getTemplateParams(cmsReq, authority, locale, e); String reqId = cmsReq.getHttpParams().getValueAsString( GetCertFromRequest.REQUEST_ID); @@ -329,11 +324,11 @@ class CertFrRequestFiller extends ImportCertsTemplateFiller { } if (ext instanceof KeyUsageExtension) { KeyUsageExtension usage = - (KeyUsageExtension) ext; + (KeyUsageExtension) ext; try { if (((Boolean) usage.get(KeyUsageExtension.DIGITAL_SIGNATURE)).booleanValue() || - ((Boolean) usage.get(KeyUsageExtension.DATA_ENCIPHERMENT)).booleanValue()) + ((Boolean) usage.get(KeyUsageExtension.DATA_ENCIPHERMENT)).booleanValue()) emailCert = true; } catch (ArrayIndexOutOfBoundsException e0) { // bug356108: diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetEnableStatus.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetEnableStatus.java index 8b5536ea..e589cc06 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetEnableStatus.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetEnableStatus.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -45,10 +44,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Servlet to get the enrollment status, enable or disable. - * + * * @version $Revision$, $Date$ */ public class GetEnableStatus extends CMSServlet { @@ -64,7 +62,8 @@ public class GetEnableStatus extends CMSServlet { } /** - * initialize the servlet. + * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -80,15 +79,15 @@ public class GetEnableStatus extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> * <li>http.param * </ul> - * + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -115,7 +114,7 @@ public class GetEnableStatus extends CMSServlet { if (!(mAuthority instanceof IRegistrationAuthority)) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP")); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED"))); + CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -126,11 +125,11 @@ public class GetEnableStatus extends CMSServlet { try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", - mFormPath, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", + mFormPath, e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -164,10 +163,10 @@ public class GetEnableStatus extends CMSServlet { form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); } cmsReq.setStatus(CMSRequest.SUCCESS); diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetInfo.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetInfo.java index 9d83d430..3548caa0 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetInfo.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetInfo.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.math.BigInteger; import java.util.Enumeration; @@ -49,10 +48,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Get detailed information about CA CRL processing - * + * * @version $Revision$, $Date$ */ public class GetInfo extends CMSServlet { @@ -76,6 +74,7 @@ public class GetInfo extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -90,11 +89,11 @@ public class GetInfo extends CMSServlet { } /** - * XXX Process the HTTP request. + * XXX Process the HTTP request. * <ul> * <li>http.param template filename of template to use to render the result * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -109,10 +108,10 @@ public class GetInfo extends CMSServlet { mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -129,35 +128,30 @@ public class GetInfo extends CMSServlet { String template = req.getParameter("template"); String formFile = ""; -/* - for (int i = 0; ((template != null) && (i < template.length())); i++) { - char c = template.charAt(i); - if (!Character.isLetterOrDigit(c) && c != '_' && c != '-') { - template = null; - break; - } - } -*/ - + /* + * for (int i = 0; ((template != null) && (i < template.length())); i++) + * { char c = template.charAt(i); if (!Character.isLetterOrDigit(c) && c + * != '_' && c != '-') { template = null; break; } } + */ if (template != null) { formFile = template + ".template"; } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE_1")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } CMSTemplate form = null; Locale[] locale = new Locale[1]; -CMS.debug("*** formFile = "+formFile); + CMS.debug("*** formFile = " + formFile); try { form = getTemplate(formFile, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", formFile, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } try { @@ -172,29 +166,29 @@ CMS.debug("*** formFile = "+formFile); if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } private void process(CMSTemplateParams argSet, IArgBlock header, - HttpServletRequest req, - HttpServletResponse resp, - Locale locale) - throws EBaseException { + HttpServletRequest req, + HttpServletResponse resp, + Locale locale) + throws EBaseException { if (mCA != null) { String crlIssuingPoints = ""; String crlNumbers = ""; @@ -209,15 +203,15 @@ CMS.debug("*** formFile = "+formFile); String masterHost = CMS.getConfigStore().getString("master.ca.agent.host", ""); String masterPort = CMS.getConfigStore().getString("master.ca.agent.port", ""); - + if (masterHost != null && masterHost.length() > 0 && - masterPort != null && masterPort.length() > 0) { + masterPort != null && masterPort.length() > 0) { ICRLRepository crlRepository = mCA.getCRLRepository(); Vector ipNames = crlRepository.getIssuingPointsNames(); for (int i = 0; i < ipNames.size(); i++) { - String ipName = (String)ipNames.elementAt(i); + String ipName = (String) ipNames.elementAt(i); ICRLIssuingPointRecord crlRecord = null; try { crlRecord = crlRepository.readCRLIssuingPointRecord(ipName); @@ -236,8 +230,8 @@ CMS.debug("*** formFile = "+formFile); if (crlSizes.length() > 0) crlSizes += "+"; - crlSizes += ((crlRecord.getCRLSize() != null)? - crlRecord.getCRLSize().toString(): "-1"); + crlSizes += ((crlRecord.getCRLSize() != null) ? + crlRecord.getCRLSize().toString() : "-1"); if (deltaSizes.length() > 0) deltaSizes += "+"; @@ -307,7 +301,7 @@ CMS.debug("*** formFile = "+formFile); recentChanges += "Publishing CRL #" + ip.getCRLNumber(); } else if (ip.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_UPDATE_STARTED) { recentChanges += "Creating CRL #" + ip.getNextCRLNumber(); - } else { // ip.CRL_UPDATE_DONE + } else { // ip.CRL_UPDATE_DONE recentChanges += ip.getNumberOfRecentlyRevokedCerts() + ", " + ip.getNumberOfRecentlyUnrevokedCerts() + ", " + ip.getNumberOfRecentlyExpiredCerts(); @@ -326,7 +320,7 @@ CMS.debug("*** formFile = "+formFile); if (crlTesting.length() > 0) crlTesting += "+"; - crlTesting += ((ip.isCRLCacheTestingEnabled())?"1":"0"); + crlTesting += ((ip.isCRLCacheTestingEnabled()) ? "1" : "0"); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java index 5507cadf..58acbcfd 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -85,10 +84,9 @@ import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; import com.netscape.cms.servlet.common.ICMSTemplateFiller; - /** * performs face-to-face enrollment. - * + * * @version $Revision$, $Date$ */ public class HashEnrollServlet extends CMSServlet { @@ -100,10 +98,9 @@ public class HashEnrollServlet extends CMSServlet { public final static String ADMIN_ENROLL_SERVLET_ID = "adminEnroll"; // enrollment templates. - public static final String - ENROLL_SUCCESS_TEMPLATE = "/ra/HashEnrollSuccess.template"; + public static final String ENROLL_SUCCESS_TEMPLATE = "/ra/HashEnrollSuccess.template"; - // http params + // http params public static final String OLD_CERT_TYPE = "csrCertType"; public static final String CERT_TYPE = "certType"; // same as in ConfigConstant.java @@ -123,8 +120,7 @@ public class HashEnrollServlet extends CMSServlet { private boolean mAuthTokenOverride = true; private String mEnrollSuccessTemplate = null; - private ICMSTemplateFiller - mEnrollSuccessFiller = new ImportCertsTemplateFiller(); + private ICMSTemplateFiller mEnrollSuccessFiller = new ImportCertsTemplateFiller(); ICertificateAuthority mCa = null; ICertificateRepository mRepository = null; @@ -135,6 +131,7 @@ public class HashEnrollServlet extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -146,13 +143,13 @@ public class HashEnrollServlet extends CMSServlet { CMSServlet.PROP_SUCCESS_TEMPLATE); if (mEnrollSuccessTemplate == null) mEnrollSuccessTemplate = ENROLL_SUCCESS_TEMPLATE; - String fillername = - sc.getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER); + String fillername = + sc.getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER); if (fillername != null) { ICMSTemplateFiller filler = newFillerObject(fillername); - if (filler != null) + if (filler != null) mEnrollSuccessFiller = filler; } @@ -161,20 +158,19 @@ public class HashEnrollServlet extends CMSServlet { init_testbed_hack(mConfig); } catch (Exception e) { - // this should never happen. - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(), mId)); + // this should never happen. + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(), mId)); } } - /** - * Process the HTTP request. - * + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information */ - protected void process(CMSRequest cmsReq) - throws EBaseException { + protected void process(CMSRequest cmsReq) + throws EBaseException { IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -193,7 +189,7 @@ public class HashEnrollServlet extends CMSServlet { IConfigStore configStore = CMS.getConfigStore(); String val = configStore.getString("hashDirEnrollment.name"); IAuthSubsystem authSS = (IAuthSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); + CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); IAuthManager authMgr = authSS.get(val); HashAuthentication mgr = (HashAuthentication) authMgr; @@ -226,14 +222,15 @@ public class HashEnrollServlet extends CMSServlet { certType = httpParams.getValueAsString(OLD_CERT_TYPE, null); if (certType == null) { certType = httpParams.getValueAsString(CERT_TYPE, "client"); - } else {; - } + } else { + ; + } - processX509(cmsReq); + processX509(cmsReq); } - + private void printError(CMSRequest cmsReq, String errorCode) - throws EBaseException { + throws EBaseException { IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -253,9 +250,9 @@ public class HashEnrollServlet extends CMSServlet { form = getTemplate(formPath, httpReq, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", formPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", formPath, e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -267,16 +264,16 @@ public class HashEnrollServlet extends CMSServlet { cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", - e.toString())); + CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", + e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); } } - protected void processX509(CMSRequest cmsReq) - throws EBaseException { + protected void processX509(CMSRequest cmsReq) + throws EBaseException { IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest httpReq = cmsReq.getHttpReq(); @@ -284,19 +281,16 @@ public class HashEnrollServlet extends CMSServlet { IRequest req = mRequestQueue.newRequest(IRequest.ENROLLMENT_REQUEST); /* - * === certAuth based enroll === - * "certAuthEnroll" is on. - * "certauthEnrollType can be one of the three: - * single - it's for single cert enrollment - * dual - it's for dual certs enrollment - * encryption - getting the encryption cert only via - * authentication of the signing cert - * (crmf or keyGenInfo) + * === certAuth based enroll === "certAuthEnroll" is on. + * "certauthEnrollType can be one of the three: single - it's for single + * cert enrollment dual - it's for dual certs enrollment encryption - + * getting the encryption cert only via authentication of the signing + * cert (crmf or keyGenInfo) */ boolean certAuthEnroll = false; String certAuthEnrollOn = - httpParams.getValueAsString("certauthEnroll", null); + httpParams.getValueAsString("certauthEnroll", null); X509CertInfo new_certInfo = null; if ((certAuthEnrollOn != null) && (certAuthEnrollOn.equals("on"))) { @@ -307,7 +301,7 @@ public class HashEnrollServlet extends CMSServlet { String certauthEnrollType = null; if (certAuthEnroll == true) { - certauthEnrollType = + certauthEnrollType = httpParams.getValueAsString("certauthEnrollType", null); if (certauthEnrollType != null) { if (certauthEnrollType.equals("dual")) { @@ -318,15 +312,15 @@ public class HashEnrollServlet extends CMSServlet { CMS.debug("HashEnrollServlet: certauthEnrollType is single"); } else { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_CERTAUTH_ENROLL_TYPE_1", certauthEnrollType)); + CMS.getLogMessage("CMSGW_INVALID_CERTAUTH_ENROLL_TYPE_1", certauthEnrollType)); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERTAUTH_ENROLL_TYPE")); + CMS.getUserMessage("CMS_GW_INVALID_CERTAUTH_ENROLL_TYPE")); } } else { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CERTAUTH_ENROLL_TYPE")); + CMS.getLogMessage("CMSGW_MISSING_CERTAUTH_ENROLL_TYPE")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_CERTAUTH_ENROLL_TYPE")); + CMS.getUserMessage("CMS_GW_MISSING_CERTAUTH_ENROLL_TYPE")); } } @@ -356,8 +350,8 @@ public class HashEnrollServlet extends CMSServlet { String certBasedOldSubjectDN = null; BigInteger certBasedOldSerialNum = null; - // check if request was authenticated, if so set authtoken & certInfo. - // also if authenticated, take certInfo from authToken. + // check if request was authenticated, if so set authtoken & certInfo. + // also if authenticated, take certInfo from authToken. X509CertInfo certInfo = null; if (certAuthEnroll == true) { @@ -365,7 +359,7 @@ public class HashEnrollServlet extends CMSServlet { if (sslClientCert == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_MISSING_SSL_CLIENT_CERT")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_SSL_CLIENT_CERT")); + CMS.getUserMessage("CMS_GW_MISSING_SSL_CLIENT_CERT")); } certBasedOldSubjectDN = (String) sslClientCert.getSubjectDN().toString(); @@ -373,24 +367,24 @@ public class HashEnrollServlet extends CMSServlet { try { certInfo = (X509CertInfo) ((X509CertImpl) sslClientCert).get( - X509CertImpl.NAME + "." + X509CertImpl.INFO); + X509CertImpl.NAME + "." + X509CertImpl.INFO); } catch (CertificateParsingException ex) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT")); + CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT")); throw new ECMSGWException( - CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_CERTINFO")); + CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_CERTINFO")); } } else { certInfo = CMS.getDefaultX509CertInfo(); } - X509CertInfo[] certInfoArray = new X509CertInfo[] {certInfo}; + X509CertInfo[] certInfoArray = new X509CertInfo[] { certInfo }; - //AuthToken authToken = access.getAuthToken(); + // AuthToken authToken = access.getAuthToken(); IConfigStore configStore = CMS.getConfigStore(); String val = configStore.getString("hashDirEnrollment.name"); IAuthSubsystem authSS = (IAuthSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); + CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); IAuthManager authMgr1 = authSS.get(val); HashAuthentication mgr = (HashAuthentication) authMgr1; String pageID = httpParams.getValueAsString("pageID", null); @@ -405,24 +399,24 @@ public class HashEnrollServlet extends CMSServlet { cmsReq.setStatus(CMSRequest.SUCCESS); return; } else { - authMgr = + authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); - // don't store agent token in request. - // agent currently used for bulk issuance. + // don't store agent token in request. + // agent currently used for bulk issuance. // if (!authMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { - log(ILogger.LL_INFO, - "Enrollment request was authenticated by " + - authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME)); + log(ILogger.LL_INFO, + "Enrollment request was authenticated by " + + authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME)); fillCertInfoFromAuthToken(certInfo, authToken); - // save authtoken attrs to request directly (for policy use) + // save authtoken attrs to request directly (for policy use) saveAuthToken(authToken, req); // req.set(IRequest.AUTH_TOKEN, authToken); // } } // fill certInfo from input types: keygen, cmc, pkcs10 or crmf - KeyGenInfo keyGenInfo = - httpParams.getValueAsKeyGenInfo(SUBJECT_KEYGEN_INFO, null); + KeyGenInfo keyGenInfo = + httpParams.getValueAsKeyGenInfo(SUBJECT_KEYGEN_INFO, null); String certType = null; @@ -441,8 +435,8 @@ public class HashEnrollServlet extends CMSServlet { req.setExtData(IRequest.HTTP_PARAMS, CERT_TYPE, certType); } - String crmf = - httpParams.getValueAsString(CRMF_REQUEST, null); + String crmf = + httpParams.getValueAsString(CRMF_REQUEST, null); if (certAuthEnroll == true) { @@ -452,24 +446,24 @@ public class HashEnrollServlet extends CMSServlet { if (certauthEnrollType.equals(CERT_AUTH_DUAL)) { if (mCa == null) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NOT_A_CA")); + CMS.getLogMessage("CMSGW_NOT_A_CA")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_NOT_A_CA")); + CMS.getUserMessage("CMS_GW_NOT_A_CA")); } // first, make sure the client cert is indeed a - // signing only cert + // signing only cert if ((CMS.isSigningCert((X509CertImpl) sslClientCert) == false) || - ((CMS.isSigningCert((X509CertImpl) sslClientCert) == + ((CMS.isSigningCert((X509CertImpl) sslClientCert) == true) && (CMS.isEncryptionCert((X509CertImpl) sslClientCert) == true))) { // either it's not a signing cert, or it's a dual cert log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE")); + CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE")); + CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE")); } X509Key key = null; @@ -478,22 +472,22 @@ public class HashEnrollServlet extends CMSServlet { try { certInfo.set(X509CertInfo.KEY, new CertificateX509Key(key)); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); + CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); + CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); } String filter = - "(&(x509cert.subject=" + certBasedOldSubjectDN + ")(!(x509cert.serialNumber=" + certBasedOldSerialNum + "))(certStatus=VALID))"; - ICertRecordList list = - (ICertRecordList) mCa.getCertificateRepository().findCertRecordsInList(filter, - null, 10); + "(&(x509cert.subject=" + certBasedOldSubjectDN + ")(!(x509cert.serialNumber=" + certBasedOldSerialNum + "))(certStatus=VALID))"; + ICertRecordList list = + (ICertRecordList) mCa.getCertificateRepository().findCertRecordsInList(filter, + null, 10); int size = list.getSize(); Enumeration<ICertRecord> en = list.getCertRecords(0, size - 1); boolean gotEncCert = false; @@ -502,8 +496,8 @@ public class HashEnrollServlet extends CMSServlet { // pairing encryption cert not found } else { X509CertInfo encCertInfo = CMS.getDefaultX509CertInfo(); - X509CertInfo[] cInfoArray = new X509CertInfo[] {certInfo, - encCertInfo}; + X509CertInfo[] cInfoArray = new X509CertInfo[] { certInfo, + encCertInfo }; int i = 1; while (en.hasMoreElements()) { @@ -512,7 +506,7 @@ public class HashEnrollServlet extends CMSServlet { // if not encryption cert only, try next one if ((CMS.isEncryptionCert(cert) == false) || - ((CMS.isEncryptionCert(cert) == true) && + ((CMS.isEncryptionCert(cert) == true) && (CMS.isSigningCert(cert) == true))) { continue; } @@ -521,27 +515,27 @@ public class HashEnrollServlet extends CMSServlet { try { encCertInfo = (X509CertInfo) cert.get( - X509CertImpl.NAME + "." + X509CertImpl.INFO); + X509CertImpl.NAME + "." + X509CertImpl.INFO); } catch (CertificateParsingException ex) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT")); + CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT")); throw new ECMSGWException( - CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_CERTINFO")); + CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_CERTINFO")); } try { encCertInfo.set(X509CertInfo.KEY, new CertificateX509Key(key)); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); + CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); + CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); } fillCertInfoFromAuthToken(encCertInfo, authToken); @@ -555,24 +549,24 @@ public class HashEnrollServlet extends CMSServlet { if (gotEncCert == false) { // encryption cert not found, bail log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ENCRYPTION_CERT_NOT_FOUND")); + CMS.getLogMessage("CMSGW_ENCRYPTION_CERT_NOT_FOUND")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_ENCRYPTION_CERT_NOT_FOUND")); + CMS.getUserMessage("CMS_GW_ENCRYPTION_CERT_NOT_FOUND")); } } else if (certauthEnrollType.equals(CERT_AUTH_ENCRYPTION)) { // first, make sure the client cert is indeed a - // signing only cert + // signing only cert if ((CMS.isSigningCert((X509CertImpl) sslClientCert) == false) || - ((CMS.isSigningCert((X509CertImpl) sslClientCert) == + ((CMS.isSigningCert((X509CertImpl) sslClientCert) == true) && (CMS.isEncryptionCert((X509CertImpl) sslClientCert) == true))) { // either it's not a signing cert, or it's a dual cert log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE")); + CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE")); + CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE")); } /* @@ -581,14 +575,14 @@ public class HashEnrollServlet extends CMSServlet { if (crmf != null && crmf != "") { certInfoArray = fillCRMF(crmf, authToken, httpParams, req); req.setExtData(CLIENT_ISSUER, - sslClientCert.getIssuerDN().toString()); + sslClientCert.getIssuerDN().toString()); CMS.debug( - "HashEnrollServlet: sslClientCert issuerDN = " + sslClientCert.getIssuerDN().toString()); + "HashEnrollServlet: sslClientCert issuerDN = " + sslClientCert.getIssuerDN().toString()); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); throw new ECMSGWException(CMS.getUserMessage(getLocale(httpReq), - "CMS_GW_MISSING_KEYGEN_INFO")); + "CMS_GW_MISSING_KEYGEN_INFO")); } } else if (certauthEnrollType.equals(CERT_AUTH_SINGLE)) { // have to be buried here to handle the issuer @@ -596,21 +590,21 @@ public class HashEnrollServlet extends CMSServlet { if (crmf != null && crmf != "") { certInfoArray = fillCRMF(crmf, authToken, httpParams, req); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); throw new ECMSGWException(CMS.getUserMessage(getLocale(httpReq), - "CMS_GW_MISSING_KEYGEN_INFO")); + "CMS_GW_MISSING_KEYGEN_INFO")); } req.setExtData(CLIENT_ISSUER, - sslClientCert.getIssuerDN().toString()); + sslClientCert.getIssuerDN().toString()); } } else if (crmf != null && crmf != "") { certInfoArray = fillCRMF(crmf, authToken, httpParams, req); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); throw new ECMSGWException(CMS.getUserMessage(getLocale(httpReq), - "CMS_GW_MISSING_KEYGEN_INFO")); + "CMS_GW_MISSING_KEYGEN_INFO")); } req.setExtData(IRequest.CERT_INFO, certInfoArray); @@ -621,9 +615,9 @@ public class HashEnrollServlet extends CMSServlet { req.setExtData(CHALLENGE_PASSWORD, pwd); } - // send request to request queue. + // send request to request queue. mRequestQueue.processRequest(req); - // process result. + // process result. // render OLD_CERT_TYPE's response differently, we // dont want any javascript in HTML, and need to @@ -638,24 +632,24 @@ public class HashEnrollServlet extends CMSServlet { return; } - //for audit log + // for audit log String initiative = null; String agentID = null; if (!authMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { - // request is from eegateway, so fromUser. + // request is from eegateway, so fromUser. initiative = AuditFormat.FROMUSER; } else { agentID = authToken.getInString("userid"); initiative = AuditFormat.FROMAGENT + " agentID: " + agentID; - } + } // if service not complete return standard templates. RequestStatus status = req.getRequestStatus(); if (status != RequestStatus.COMPLETE) { cmsReq.setIRequestStatus(); // set status acc. to IRequest status. - // audit log the status + // audit log the status try { if (status == RequestStatus.REJECTED) { Vector<String> messages = req.getExtDataInStringVector(IRequest.ERRORS); @@ -668,52 +662,52 @@ public class HashEnrollServlet extends CMSServlet { wholeMsg.append("\n"); wholeMsg.append(msgs.nextElement()); } - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.ENROLLMENTFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - status.toString(), - certInfo.get(X509CertInfo.SUBJECT), - " violation: " + - wholeMsg.toString()}, - ILogger.L_MULTILINE - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.ENROLLMENTFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + status.toString(), + certInfo.get(X509CertInfo.SUBJECT), + " violation: " + + wholeMsg.toString() }, + ILogger.L_MULTILINE + ); } else { // no policy violation, from agent mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.ENROLLMENTFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + status.toString(), + certInfo.get(X509CertInfo.SUBJECT), "" } + ); + } + } else { // other imcomplete status + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, AuditFormat.LEVEL, AuditFormat.ENROLLMENTFORMAT, new Object[] { - req.getRequestId(), - initiative, - authMgr, - status.toString(), - certInfo.get(X509CertInfo.SUBJECT), ""} - ); - } - } else { // other imcomplete status - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.ENROLLMENTFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - status.toString(), - certInfo.get(X509CertInfo.SUBJECT), ""} - ); + req.getRequestId(), + initiative, + authMgr, + status.toString(), + certInfo.get(X509CertInfo.SUBJECT), "" } + ); } } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString())); + CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString())); } catch (CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString())); + CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString())); } return; } @@ -725,39 +719,39 @@ public class HashEnrollServlet extends CMSServlet { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(req.getExtDataInString(IRequest.ERROR)); String[] svcErrors = - req.getExtDataInStringArray(IRequest.SVCERRORS); + req.getExtDataInStringArray(IRequest.SVCERRORS); if (svcErrors != null && svcErrors.length > 0) { for (int i = 0; i < svcErrors.length; i++) { String err = svcErrors[i]; if (err != null) { - //System.out.println( - //"revocation servlet: setting error description "+ - //err.toString()); + // System.out.println( + // "revocation servlet: setting error description "+ + // err.toString()); cmsReq.setErrorDescription(err); // audit log the error try { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.ENROLLMENTFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - "completed with error: " + - err, - certInfo.get(X509CertInfo.SUBJECT), ""} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.ENROLLMENTFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + "completed with error: " + + err, + certInfo.get(X509CertInfo.SUBJECT), "" } + ); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", - e.toString())); + CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", + e.toString())); } catch (CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", - e.toString())); + CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", + e.toString())); } } } @@ -768,143 +762,143 @@ public class HashEnrollServlet extends CMSServlet { // service success cmsReq.setStatus(CMSRequest.SUCCESS); X509CertImpl[] issuedCerts = - req.getExtDataInCertArray(IRequest.ISSUED_CERTS); + req.getExtDataInCertArray(IRequest.ISSUED_CERTS); // audit log the success. - mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.ENROLLMENTFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - "completed", - issuedCerts[0].getSubjectDN(), - "cert issued serial number: 0x" + - issuedCerts[0].getSerialNumber().toString(16)} - ); + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.ENROLLMENTFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + "completed", + issuedCerts[0].getSubjectDN(), + "cert issued serial number: 0x" + + issuedCerts[0].getSerialNumber().toString(16) } + ); // return cert as mime type binary if requested. if (checkImportCertToNav( - cmsReq.getHttpResp(), httpParams, issuedCerts[0])) { + cmsReq.getHttpResp(), httpParams, issuedCerts[0])) { cmsReq.setStatus(CMSRequest.SUCCESS); return; } - + // use success template. try { - cmsReq.setResult(issuedCerts); - renderTemplate(cmsReq, mEnrollSuccessTemplate, - mEnrollSuccessFiller); - cmsReq.setStatus(CMSRequest.SUCCESS); + cmsReq.setResult(issuedCerts); + renderTemplate(cmsReq, mEnrollSuccessTemplate, + mEnrollSuccessFiller); + cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_TEMP_REND_ERR", mEnrollSuccessFiller.toString(), e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_TEMP_REND_ERR", mEnrollSuccessFiller.toString(), e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_RETURNING_RESULT_ERROR")); + CMS.getUserMessage("CMS_GW_RETURNING_RESULT_ERROR")); } return; } /** - * fill subject name, validity, extensions from authoken if any, - * overriding what was in pkcs10. - * fill subject name, extensions from http input if not authenticated. - * requests not authenticated will need to be approved by an agent. + * fill subject name, validity, extensions from authoken if any, overriding + * what was in pkcs10. fill subject name, extensions from http input if not + * authenticated. requests not authenticated will need to be approved by an + * agent. */ protected void fillCertInfoFromAuthToken( - X509CertInfo certInfo, IAuthToken authToken) - throws EBaseException { + X509CertInfo certInfo, IAuthToken authToken) + throws EBaseException { // override subject, validity and extensions from auth token // CA determines algorithm, version and issuer. - // take key from keygen, cmc, pkcs10 or crmf. + // take key from keygen, cmc, pkcs10 or crmf. // subject name. try { String subjectname = - authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT); + authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT); if (subjectname != null) { CertificateSubjectName certSubject = (CertificateSubjectName) - new CertificateSubjectName(new X500Name(subjectname)); + new CertificateSubjectName(new X500Name(subjectname)); certInfo.set(X509CertInfo.SUBJECT, certSubject); - log(ILogger.LL_INFO, - "cert subject set to " + certSubject + " from authtoken"); + log(ILogger.LL_INFO, + "cert subject set to " + certSubject + " from authtoken"); } } catch (CertificateException e) { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); } catch (IOException e) { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", - e.toString())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); } // validity try { CertificateValidity validity = null; - Date notBefore = - authToken.getInDate(AuthToken.TOKEN_CERT_NOTBEFORE); - Date notAfter = - authToken.getInDate(AuthToken.TOKEN_CERT_NOTAFTER); + Date notBefore = + authToken.getInDate(AuthToken.TOKEN_CERT_NOTBEFORE); + Date notAfter = + authToken.getInDate(AuthToken.TOKEN_CERT_NOTAFTER); if (notBefore != null && notAfter != null) { validity = new CertificateValidity(notBefore, notAfter); certInfo.set(X509CertInfo.VALIDITY, validity); - log(ILogger.LL_INFO, - "cert validity set to " + validity + " from authtoken"); + log(ILogger.LL_INFO, + "cert validity set to " + validity + " from authtoken"); } } catch (CertificateException e) { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", - e.toString())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR")); + CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR")); } catch (IOException e) { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR")); + CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR")); } - + // extensions try { CertificateExtensions extensions = - authToken.getInCertExts(X509CertInfo.EXTENSIONS); + authToken.getInCertExts(X509CertInfo.EXTENSIONS); if (extensions != null) { certInfo.set(X509CertInfo.EXTENSIONS, extensions); log(ILogger.LL_INFO, "cert extensions set from authtoken"); } } catch (CertificateException e) { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR")); + CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR")); } catch (IOException e) { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", - e.toString())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR")); + CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR")); } } protected X509CertInfo[] fillCRMF( - String crmf, IAuthToken authToken, IArgBlock httpParams, IRequest req) - throws EBaseException { + String crmf, IAuthToken authToken, IArgBlock httpParams, IRequest req) + throws EBaseException { try { byte[] crmfBlob = CMS.AtoB(crmf); ByteArrayInputStream crmfBlobIn = - new ByteArrayInputStream(crmfBlob); - + new ByteArrayInputStream(crmfBlob); + SEQUENCE crmfMsgs = (SEQUENCE) - new SEQUENCE.OF_Template(new CertReqMsg.Template()).decode(crmfBlobIn); + new SEQUENCE.OF_Template(new CertReqMsg.Template()).decode(crmfBlobIn); int nummsgs = crmfMsgs.size(); X509CertInfo[] certInfoArray = new X509CertInfo[nummsgs]; @@ -914,17 +908,11 @@ public class HashEnrollServlet extends CMSServlet { CertReqMsg certReqMsg = (CertReqMsg) crmfMsgs.elementAt(i); /* - if (certReqMsg.hasPop()) { - try { - certReqMsg.verify(); - } catch (ChallengeResponseException ex) { - // create and save the challenge - // construct the cmmf message together - // in a sequence to challenge the requestor - } catch (Exception e) { - // failed, should only affect one request - } - } + * if (certReqMsg.hasPop()) { try { certReqMsg.verify(); } catch + * (ChallengeResponseException ex) { // create and save the + * challenge // construct the cmmf message together // in a + * sequence to challenge the requestor } catch (Exception e) { + * // failed, should only affect one request } } */ CertRequest certReq = certReqMsg.getCertReq(); INTEGER certReqId = certReq.getCertReqId(); @@ -951,92 +939,92 @@ public class HashEnrollServlet extends CMSServlet { if (certTemplate.getNotBefore() != null || certTemplate.getNotAfter() != null) { CertificateValidity certValidity = new CertificateValidity(certTemplate.getNotBefore(), certTemplate.getNotAfter()); - certInfo.set(X509CertInfo.VALIDITY, certValidity); + certInfo.set(X509CertInfo.VALIDITY, certValidity); } if (certTemplate.hasSubject()) { Name subjectdn = certTemplate.getSubject(); - ByteArrayOutputStream subjectEncStream = - new ByteArrayOutputStream(); + ByteArrayOutputStream subjectEncStream = + new ByteArrayOutputStream(); subjectdn.encode(subjectEncStream); byte[] subjectEnc = subjectEncStream.toByteArray(); X500Name subject = new X500Name(subjectEnc); - certInfo.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(subject)); - } else if (authToken == null || - authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) { - // No subject name - error! - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); + certInfo.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(subject)); + } else if (authToken == null || + authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) { + // No subject name - error! + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); + CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); } - // get extensions + // get extensions CertificateExtensions extensions = null; try { extensions = (CertificateExtensions) - certInfo.get(X509CertInfo.EXTENSIONS); + certInfo.get(X509CertInfo.EXTENSIONS); } catch (CertificateException e) { extensions = null; } catch (IOException e) { extensions = null; } if (certTemplate.hasExtensions()) { - // put each extension from CRMF into CertInfo. - // index by extension name, consistent with + // put each extension from CRMF into CertInfo. + // index by extension name, consistent with // CertificateExtensions.parseExtension() method. - if (extensions == null) + if (extensions == null) extensions = new CertificateExtensions(); int numexts = certTemplate.numExtensions(); for (int j = 0; j < numexts; j++) { - org.mozilla.jss.pkix.cert.Extension jssext = - certTemplate.extensionAt(j); + org.mozilla.jss.pkix.cert.Extension jssext = + certTemplate.extensionAt(j); boolean isCritical = jssext.getCritical(); - org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid = - jssext.getExtnId(); + org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid = + jssext.getExtnId(); long[] numbers = jssoid.getNumbers(); int[] oidNumbers = new int[numbers.length]; for (int k = numbers.length - 1; k >= 0; k--) { oidNumbers[k] = (int) numbers[k]; } - ObjectIdentifier oid = - new ObjectIdentifier(oidNumbers); - org.mozilla.jss.asn1.OCTET_STRING jssvalue = - jssext.getExtnValue(); - ByteArrayOutputStream jssvalueout = - new ByteArrayOutputStream(); + ObjectIdentifier oid = + new ObjectIdentifier(oidNumbers); + org.mozilla.jss.asn1.OCTET_STRING jssvalue = + jssext.getExtnValue(); + ByteArrayOutputStream jssvalueout = + new ByteArrayOutputStream(); jssvalue.encode(jssvalueout); byte[] extValue = jssvalueout.toByteArray(); - Extension ext = - new Extension(oid, isCritical, extValue); + Extension ext = + new Extension(oid, isCritical, extValue); extensions.parseExtension(ext); } - certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + certInfo.set(X509CertInfo.VERSION, + new CertificateVersion(CertificateVersion.V3)); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } - // Added a new configuration parameter + // Added a new configuration parameter // eeGateway.Enrollment.authTokenOverride=[true|false] // By default, it is set to true. In most // of the case, administrator would want // to have the control of the subject name // formulation. // -- CRMFfillCert - if (authToken != null && - authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null) { - // if authenticated override subect name, validity and + if (authToken != null && + authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null) { + // if authenticated override subect name, validity and // extensions if any from authtoken. fillCertInfoFromAuthToken(certInfo, authToken); } @@ -1048,27 +1036,27 @@ public class HashEnrollServlet extends CMSServlet { return certInfoArray; } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } catch (InvalidBERException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } catch (InvalidKeyException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } } @@ -1092,7 +1080,11 @@ public class HashEnrollServlet extends CMSServlet { out.println("<H1>"); out.println("SUCCESS"); out.println("</H1>"); - out.println("Your request is submitted and approved. Please cut and paste the certificate into your server."); // XXX - localize the message + out.println("Your request is submitted and approved. Please cut and paste the certificate into your server."); // XXX + // - + // localize + // the + // message out.println("<P>"); out.println("Request Creation Time: "); out.println(cmsReq.getIRequest().getCreationTime().toString()); @@ -1107,24 +1099,28 @@ public class HashEnrollServlet extends CMSServlet { out.println("<P>"); out.println("<PRE>"); X509CertImpl certs[] = - cmsReq.getIRequest().getExtDataInCertArray(IRequest.ISSUED_CERTS); + cmsReq.getIRequest().getExtDataInCertArray(IRequest.ISSUED_CERTS); out.println(CMS.getEncodedCert(certs[0])); out.println("</PRE>"); out.println("<P>"); out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" + - cmsReq.getIRequest().getCreationTime().toString() + ">"); - out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + - cmsReq.getStatus().toString() + ">"); - out.println("<!HTTP_OUTPUT REQUEST_ID=" + - cmsReq.getIRequest().getRequestId().toString() + ">"); + cmsReq.getIRequest().getCreationTime().toString() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + + cmsReq.getStatus().toString() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_ID=" + + cmsReq.getIRequest().getRequestId().toString() + ">"); out.println("<!HTTP_OUTPUT X509_CERTIFICATE=" + - CMS.getEncodedCert(certs[0]) + ">"); + CMS.getEncodedCert(certs[0]) + ">"); } else if (cmsReq.getIRequest().getRequestStatus().equals(RequestStatus.PENDING)) { out.println("<H1>"); out.println("PENDING"); out.println("</H1>"); - out.println("Your request is submitted. You can check on the status of your request with an authorized agent or local administrator by referring to the request ID."); // XXX - localize the message + out.println("Your request is submitted. You can check on the status of your request with an authorized agent or local administrator by referring to the request ID."); // XXX + // - + // localize + // the + // message out.println("<P>"); out.println("Request Creation Time: "); out.println(cmsReq.getIRequest().getCreationTime().toString()); @@ -1136,17 +1132,21 @@ public class HashEnrollServlet extends CMSServlet { out.println(cmsReq.getIRequest().getRequestId().toString()); out.println("<P>"); out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" + - cmsReq.getIRequest().getCreationTime().toString() + ">"); - out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + - cmsReq.getStatus().toString() + ">"); - out.println("<!HTTP_OUTPUT REQUEST_ID=" + - cmsReq.getIRequest().getRequestId().toString() + ">"); + cmsReq.getIRequest().getCreationTime().toString() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + + cmsReq.getStatus().toString() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_ID=" + + cmsReq.getIRequest().getRequestId().toString() + ">"); } else { out.println("<H1>"); out.println("ERROR"); out.println("</H1>"); out.println("<!INFO>"); - out.println("Please consult your local administrator for assistance."); // XXX - localize the message + out.println("Please consult your local administrator for assistance."); // XXX + // - + // localize + // the + // message out.println("<!/INFO>"); out.println("<P>"); out.println("Request Status: "); @@ -1155,62 +1155,58 @@ public class HashEnrollServlet extends CMSServlet { out.println("Error: "); out.println(cmsReq.getError()); // XXX - need to parse in Locale out.println("<P>"); - out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + - cmsReq.getStatus().toString() + ">"); - out.println("<!HTTP_OUTPUT ERROR=" + - cmsReq.getError() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + + cmsReq.getStatus().toString() + ">"); + out.println("<!HTTP_OUTPUT ERROR=" + + cmsReq.getError() + ">"); } /** - // include all the input data - IArgBlock args = cmsReq.getHttpParams(); - Enumeration ele = args.getElements(); - while (ele.hasMoreElements()) { - String eleT = (String)ele.nextElement(); - out.println("<!HTTP_INPUT " + eleT + "=" + - args.get(eleT) + ">"); - } + * // include all the input data IArgBlock args = + * cmsReq.getHttpParams(); Enumeration ele = args.getElements(); while + * (ele.hasMoreElements()) { String eleT = (String)ele.nextElement(); + * out.println("<!HTTP_INPUT " + eleT + "=" + args.get(eleT) + ">"); } **/ out.println("</HTML>"); } - // XXX ALERT !! - // Remove the following and calls to them when we bundle a cartman - // later than alpha1. - // These are here to cover up problem in cartman where the - // key usage extension always ends up being digital signature only + // XXX ALERT !! + // Remove the following and calls to them when we bundle a cartman + // later than alpha1. + // These are here to cover up problem in cartman where the + // key usage extension always ends up being digital signature only // and for rsa-ex ends up having no bits set. private boolean mIsTestBed = false; - private void init_testbed_hack(IConfigStore config) - throws EBaseException { + private void init_testbed_hack(IConfigStore config) + throws EBaseException { mIsTestBed = config.getBoolean("isTestBed", true); } private void do_testbed_hack( - int nummsgs, X509CertInfo[] certinfo, IArgBlock httpParams) - throws EBaseException { - if (!mIsTestBed) + int nummsgs, X509CertInfo[] certinfo, IArgBlock httpParams) + throws EBaseException { + if (!mIsTestBed) return; - // get around bug in cartman - bits are off by one byte. + // get around bug in cartman - bits are off by one byte. for (int i = 0; i < certinfo.length; i++) { try { X509CertInfo cert = certinfo[i]; CertificateExtensions exts = (CertificateExtensions) - cert.get(CertificateExtensions.NAME); + cert.get(CertificateExtensions.NAME); if (exts == null) { // should not happen. continue; } KeyUsageExtension ext = (KeyUsageExtension) - exts.get(KeyUsageExtension.class.getSimpleName()); + exts.get(KeyUsageExtension.class.getSimpleName()); - if (ext == null) - // should not happen + if (ext == null) + // should not happen continue; byte[] value = ext.getExtensionValue(); @@ -1221,13 +1217,12 @@ public class HashEnrollServlet extends CMSServlet { newvalue[1] = 0x03; newvalue[2] = 0x07; newvalue[3] = value[3]; - // force encryption certs to have digitial signature + // force encryption certs to have digitial signature // set too so smime can find the cert for encryption. if (value[3] == 0x20) { /* - newvalue[3] = 0x3f; - newvalue[4] = (byte)0x80; + * newvalue[3] = 0x3f; newvalue[4] = (byte)0x80; */ if (httpParams.getValueAsBoolean( "dual-use-hack", true)) { @@ -1235,22 +1230,21 @@ public class HashEnrollServlet extends CMSServlet { } } newvalue[4] = 0; - KeyUsageExtension newext = - new KeyUsageExtension(Boolean.valueOf(true), - (Object) newvalue); + KeyUsageExtension newext = + new KeyUsageExtension(Boolean.valueOf(true), + (Object) newvalue); exts.delete(KeyUsageExtension.class.getSimpleName()); exts.set(KeyUsageExtension.class.getSimpleName(), newext); } } catch (IOException e) { - // should never happen + // should never happen continue; } catch (CertificateException e) { - // should never happen + // should never happen continue; } } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java index 75726730..58822812 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.BufferedReader; import java.io.ByteArrayOutputStream; import java.io.StringReader; @@ -58,25 +57,25 @@ import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; import com.netscape.cms.servlet.common.ICMSTemplateFiller; - /** * Set up HTTP response to import certificate into browsers * - * The result must have been populate with the set of certificates - * to return. + * The result must have been populate with the set of certificates to return. + * * <pre> * inputs: certtype. * outputs: - * - cert type from http input (if any) + * - cert type from http input (if any) * - CA chain - * - authority name (RM, CM, DRM) + * - authority name (RM, CM, DRM) * - scheme:host:port of server. - * array of one or more + * array of one or more * - cert serial number * - cert pretty print - * - cert in base 64 encoding. - * - cmmf blob to import + * - cert in base 64 encoding. + * - cmmf blob to import * </pre> + * * @version $Revision$, $Date$ */ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { @@ -88,7 +87,7 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { public static final String CERT_FINGERPRINT = "certFingerprint"; // cisco public static final String CERT_NICKNAME = "certNickname"; public static final String CMMF_RESP = "cmmfResponse"; - public static final String PKCS7_RESP = "pkcs7ChainBase64"; // for MSIE + public static final String PKCS7_RESP = "pkcs7ChainBase64"; // for MSIE public ImportCertsTemplateFiller() { } @@ -100,32 +99,32 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { * @param e unexpected exception e. ignored. */ public CMSTemplateParams getTemplateParams( - CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) - throws Exception { + CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) + throws Exception { Certificate[] certs = (Certificate[]) cmsReq.getResult(); if (certs instanceof X509CertImpl[]) - return getX509TemplateParams(cmsReq, authority, locale, e); + return getX509TemplateParams(cmsReq, authority, locale, e); else return null; } - + public CMSTemplateParams getX509TemplateParams( - CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) - throws Exception { + CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) + throws Exception { IArgBlock header = CMS.createArgBlock(); IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams params = new CMSTemplateParams(header, fixed); - // set host name and port. + // set host name and port. HttpServletRequest httpReq = cmsReq.getHttpReq(); String host = httpReq.getServerName(); int port = httpReq.getServerPort(); String scheme = httpReq.getScheme(); String format = httpReq.getParameter("format"); - if(format!=null && format.equals("cmc")) + if (format != null && format.equals("cmc")) fixed.set("importCMC", "false"); - String agentPort = ""+port; + String agentPort = "" + port; fixed.set("agentHost", host); fixed.set("agentPort", agentPort); fixed.set(ICMSTemplateFiller.HOST, host); @@ -148,33 +147,34 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { // set cert type. IArgBlock httpParams = cmsReq.getHttpParams(); - String certType = - httpParams.getValueAsString(CERT_TYPE, null); + String certType = + httpParams.getValueAsString(CERT_TYPE, null); - if (certType != null) + if (certType != null) fixed.set(CERT_TYPE, certType); - // this authority - fixed.set(ICMSTemplateFiller.AUTHORITY, - (String) authority.getOfficialName()); + // this authority + fixed.set(ICMSTemplateFiller.AUTHORITY, + (String) authority.getOfficialName()); // CA chain. - CertificateChain cachain = - ((ICertAuthority) authority).getCACertChain(); + CertificateChain cachain = + ((ICertAuthority) authority).getCACertChain(); X509Certificate[] cacerts = cachain.getChain(); String replyTo = httpParams.getValueAsString("replyTo", null); - if (replyTo != null) fixed.set("replyTo", replyTo); + if (replyTo != null) + fixed.set("replyTo", replyTo); - // set user + CA cert chain and pkcs7 for MSIE. + // set user + CA cert chain and pkcs7 for MSIE. X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1]; int m = 1, n = 0; - for (; n < cacerts.length; m++, n++) + for (; n < cacerts.length; m++, n++) userChain[m] = (X509CertImpl) cacerts[n]; - // certs. + // certs. X509CertImpl[] certs = (X509CertImpl[]) cmsReq.getResult(); // expose CRMF request id @@ -188,7 +188,7 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { fixed.set(CRMF_REQID, crmfReqId); } - // set CA certs in cmmf, initialize CertRepContent + // set CA certs in cmmf, initialize CertRepContent // note cartman can't trust ca certs yet but it'll import them. // also set cert nickname for cartman. CertRepContent certRepContent = null; @@ -196,23 +196,23 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { if (CMSServlet.doCMMFResponse(httpParams)) { byte[][] caPubs = new byte[cacerts.length][]; - for (int j = 0; j < cacerts.length; j++) + for (int j = 0; j < cacerts.length; j++) caPubs[j] = ((X509CertImpl) cacerts[j]).getEncoded(); certRepContent = new CertRepContent(caPubs); - String certnickname = - cmsReq.getHttpParams().getValueAsString(CERT_NICKNAME, null); + String certnickname = + cmsReq.getHttpParams().getValueAsString(CERT_NICKNAME, null); // if nickname is not requested set to subject name by default. - if (certnickname == null) + if (certnickname == null) fixed.set(CERT_NICKNAME, certs[0].getSubjectDN().toString()); else fixed.set(CERT_NICKNAME, certnickname); } - // make pkcs7 for MSIE - if (CMSServlet.clientIsMSIE(cmsReq.getHttpReq()) && - (certType == null || certType.equals("client"))) { + // make pkcs7 for MSIE + if (CMSServlet.clientIsMSIE(cmsReq.getHttpReq()) && + (certType == null || certType.equals("client"))) { userChain[0] = certs[0]; PKCS7 p7 = new PKCS7(new AlgorithmId[0], new ContentInfo(new byte[0]), @@ -222,7 +222,7 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { p7.encodeSignedData(bos); byte[] p7Bytes = bos.toByteArray(); - // String p7Str = encoder.encodeBuffer(p7Bytes); + // String p7Str = encoder.encodeBuffer(p7Bytes); String p7Str = CMS.BtoA(p7Bytes); header.set(PKCS7_RESP, p7Str); @@ -234,24 +234,24 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { X509CertImpl cert = certs[i]; // set serial number. - BigInteger serialNo = - ((X509Certificate) cert).getSerialNumber(); + BigInteger serialNo = + ((X509Certificate) cert).getSerialNumber(); repeat.addBigIntegerValue(ISSUED_CERT_SERIAL, serialNo, 16); // set base64 encoded blob. byte[] certEncoded = cert.getEncoded(); - // String b64 = encoder.encodeBuffer(certEncoded); + // String b64 = encoder.encodeBuffer(certEncoded); String b64 = CMS.BtoA(certEncoded); String b64cert = "-----BEGIN CERTIFICATE-----\n" + - b64 + "\n-----END CERTIFICATE-----"; + b64 + "\n-----END CERTIFICATE-----"; repeat.set(BASE64_CERT, b64cert); - + // set cert pretty print. - + String prettyPrintRequested = - cmsReq.getHttpParams().getValueAsString(CERT_PRETTYPRINT, null); + cmsReq.getHttpParams().getValueAsString(CERT_PRETTYPRINT, null); if (prettyPrintRequested == null) { prettyPrintRequested = "true"; @@ -266,7 +266,8 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { repeat.set(CERT_PRETTYPRINT, ppStr); // Now formulate a PKCS#7 blob - X509CertImpl[] certsInChain = new X509CertImpl[1];; + X509CertImpl[] certsInChain = new X509CertImpl[1]; + ; if (cacerts != null) { for (int j = 0; j < cacerts.length; j++) { if (cert.equals(cacerts[j])) { @@ -277,10 +278,10 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { certsInChain = new X509CertImpl[cacerts.length + 1]; } } - + // Set the EE cert certsInChain[0] = cert; - + // Set the Ca certificate chain if (cacerts != null) { for (int j = 0; j < cacerts.length; j++) { @@ -292,7 +293,7 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { String p7Str; try { - PKCS7 p7 = new PKCS7(new AlgorithmId[0], + PKCS7 p7 = new PKCS7(new AlgorithmId[0], new ContentInfo(new byte[0]), certsInChain, new SignerInfo[0]); @@ -301,14 +302,14 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { p7.encodeSignedData(bos); byte[] p7Bytes = bos.toByteArray(); - //p7Str = encoder.encodeBuffer(p7Bytes); + // p7Str = encoder.encodeBuffer(p7Bytes); p7Str = CMS.BtoA(p7Bytes); repeat.addStringValue("pkcs7ChainBase64", p7Str); } catch (Exception ex) { - //p7Str = "PKCS#7 B64 Encoding error - " + ex.toString() - //+ "; Please contact your administrator"; + // p7Str = "PKCS#7 B64 Encoding error - " + ex.toString() + // + "; Please contact your administrator"; throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_FORMING_PKCS7_ERROR")); + CMS.getUserMessage("CMS_GW_FORMING_PKCS7_ERROR")); } // set cert fingerprint (for Cisco routers) @@ -325,18 +326,18 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { throw new EBaseException( CMS.getUserMessage(locale, "CMS_BASE_INTERNAL_ERROR", ex.toString())); } - if (fingerprint != null && fingerprint.length() > 0) + if (fingerprint != null && fingerprint.length() > 0) repeat.set(CERT_FINGERPRINT, fingerprint); - // cmmf response for this cert. + // cmmf response for this cert. if (CMSServlet.doCMMFResponse(httpParams) && crmfReqId != null && - (certType == null || certType.equals("client"))) { + (certType == null || certType.equals("client"))) { PKIStatusInfo status = new PKIStatusInfo(PKIStatusInfo.granted); - CertifiedKeyPair certifiedKP = - new CertifiedKeyPair(new CertOrEncCert(certEncoded)); - CertResponse resp = - new CertResponse(new INTEGER(crmfReqId), status, - certifiedKP); + CertifiedKeyPair certifiedKP = + new CertifiedKeyPair(new CertOrEncCert(certEncoded)); + CertResponse resp = + new CertResponse(new INTEGER(crmfReqId), status, + certifiedKP); certRepContent.addCertResponse(resp); } @@ -352,19 +353,19 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { byte[] certRepBytes = certRepOut.toByteArray(); String certRepB64 = com.netscape.osutil.OSUtil.BtoA(certRepBytes); // add CR to each return as required by cartman - BufferedReader certRepB64lines = - new BufferedReader(new StringReader(certRepB64)); + BufferedReader certRepB64lines = + new BufferedReader(new StringReader(certRepB64)); StringWriter certRepStringOut = new StringWriter(); String oneLine = null; boolean first = true; while ((oneLine = certRepB64lines.readLine()) != null) { if (first) { - //certRepStringOut.write("\""+oneLine+"\""); + // certRepStringOut.write("\""+oneLine+"\""); certRepStringOut.write(oneLine); first = false; } else { - //certRepStringOut.write("+\"\\n"+oneLine+"\""); + // certRepStringOut.write("+\"\\n"+oneLine+"\""); certRepStringOut.write("\n" + oneLine); } } @@ -376,4 +377,3 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { return params; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java b/pki/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java index a65be25a..9e89bb1a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.math.BigInteger; import java.security.PublicKey; @@ -57,10 +56,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Retrieve a paged list of certs matching the specified query - * + * * @version $Revision$, $Date$ */ public class ListCerts extends CMSServlet { @@ -78,8 +76,8 @@ public class ListCerts extends CMSServlet { private ICertificateRepository mCertDB = null; private X500Name mAuthName = null; private String mFormPath = null; - private boolean mReverse = false; - private boolean mHardJumpTo = false; //jump to the end + private boolean mReverse = false; + private boolean mHardJumpTo = false; // jump to the end private String mDirection = null; private boolean mUseClientFilter = false; private Vector<String> mAllowedClientFilters = new Vector<String>(); @@ -95,7 +93,7 @@ public class ListCerts extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "queryCert.template" to render the response - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -120,28 +118,29 @@ public class ListCerts extends CMSServlet { /* do nothing, just use the default if integer parsing failed */ } - /* useClientFilter should be off by default. We keep - this parameter around so that we do not break - the client applications that submits raw LDAP - filter into this servlet. */ + /* + * useClientFilter should be off by default. We keep this parameter + * around so that we do not break the client applications that submits + * raw LDAP filter into this servlet. + */ if (sc.getInitParameter(USE_CLIENT_FILTER) != null && - sc.getInitParameter(USE_CLIENT_FILTER).equalsIgnoreCase("true")) { mUseClientFilter = true; + sc.getInitParameter(USE_CLIENT_FILTER).equalsIgnoreCase("true")) { + mUseClientFilter = true; } if (sc.getInitParameter(ALLOWED_CLIENT_FILTERS) == null || sc.getInitParameter(ALLOWED_CLIENT_FILTERS).equals("")) { - mAllowedClientFilters.addElement("(certStatus=*)"); - mAllowedClientFilters.addElement("(certStatus=VALID)"); - mAllowedClientFilters.addElement("(|(certStatus=VALID)(certStatus=INVALID)(certStatus=EXPIRED))"); - mAllowedClientFilters.addElement("(|(certStatus=VALID)(certStatus=REVOKED))"); + mAllowedClientFilters.addElement("(certStatus=*)"); + mAllowedClientFilters.addElement("(certStatus=VALID)"); + mAllowedClientFilters.addElement("(|(certStatus=VALID)(certStatus=INVALID)(certStatus=EXPIRED))"); + mAllowedClientFilters.addElement("(|(certStatus=VALID)(certStatus=REVOKED))"); } else { StringTokenizer st = new StringTokenizer(sc.getInitParameter(ALLOWED_CLIENT_FILTERS), ","); while (st.hasMoreTokens()) { - mAllowedClientFilters.addElement(st.nextToken()); + mAllowedClientFilters.addElement(st.nextToken()); } } } - public String buildFilter(HttpServletRequest req) - { + public String buildFilter(HttpServletRequest req) { String queryCertFilter = req.getParameter("queryCertFilter"); com.netscape.certsrv.apps.CMS.debug("client queryCertFilter=" + queryCertFilter); @@ -151,7 +150,7 @@ public class ListCerts extends CMSServlet { Enumeration<String> filters = mAllowedClientFilters.elements(); // check to see if the filter is allowed while (filters.hasMoreElements()) { - String filter = (String)filters.nextElement(); + String filter = (String) filters.nextElement(); com.netscape.certsrv.apps.CMS.debug("Comparing filter=" + filter + " queryCertFilter=" + queryCertFilter); if (filter.equals(queryCertFilter)) { return queryCertFilter; @@ -166,34 +165,37 @@ public class ListCerts extends CMSServlet { boolean skipRevoked = false; boolean skipNonValid = false; if (req.getParameter("skipRevoked") != null && - req.getParameter("skipRevoked").equals("on")) { + req.getParameter("skipRevoked").equals("on")) { skipRevoked = true; } if (req.getParameter("skipNonValid") != null && - req.getParameter("skipNonValid").equals("on")) { + req.getParameter("skipNonValid").equals("on")) { skipNonValid = true; } if (!skipRevoked && !skipNonValid) { - queryCertFilter = "(certStatus=*)"; - } else if (skipRevoked && skipNonValid) { - queryCertFilter = "(certStatus=VALID)"; - } else if (skipRevoked) { - queryCertFilter = "(|(certStatus=VALID)(certStatus=INVALID)(certStatus=EXPIRED))"; - } else if (skipNonValid) { - queryCertFilter = "(|(certStatus=VALID)(certStatus=REVOKED))"; + queryCertFilter = "(certStatus=*)"; + } else if (skipRevoked && skipNonValid) { + queryCertFilter = "(certStatus=VALID)"; + } else if (skipRevoked) { + queryCertFilter = "(|(certStatus=VALID)(certStatus=INVALID)(certStatus=EXPIRED))"; + } else if (skipNonValid) { + queryCertFilter = "(|(certStatus=VALID)(certStatus=REVOKED))"; } return queryCertFilter; } /** - * Process the HTTP request. - * <ul> - * <li>http.param maxCount Number of certificates to show + * Process the HTTP request. + * <ul> + * <li>http.param maxCount Number of certificates to show * <li>http.param queryFilter and ldap style filter specifying the - * certificates to show - * <li>http.param querySentinelDown the serial number of the first certificate to show (default decimal, or hex if prefixed with 0x) when paging down - * <li>http.param querySentinelUp the serial number of the first certificate to show (default decimal, or hex if prefixed with 0x) when paging up + * certificates to show + * <li>http.param querySentinelDown the serial number of the first + * certificate to show (default decimal, or hex if prefixed with 0x) when + * paging down + * <li>http.param querySentinelUp the serial number of the first certificate + * to show (default decimal, or hex if prefixed with 0x) when paging up * <li>http.param direction "up", "down", "begin", or "end" * </ul> */ @@ -232,24 +234,24 @@ public class ListCerts extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - com.netscape.certsrv.apps.CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + log(ILogger.LL_FAILURE, + com.netscape.certsrv.apps.CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - com.netscape.certsrv.apps.CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + com.netscape.certsrv.apps.CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } - mHardJumpTo = false; + mHardJumpTo = false; try { - if (req.getParameter("direction") != null) { - mDirection = req.getParameter("direction").trim(); - mReverse = mDirection.equals("up"); - if (mReverse) - com.netscape.certsrv.apps.CMS.debug("reverse is true"); - else - com.netscape.certsrv.apps.CMS.debug("reverse is false"); + if (req.getParameter("direction") != null) { + mDirection = req.getParameter("direction").trim(); + mReverse = mDirection.equals("up"); + if (mReverse) + com.netscape.certsrv.apps.CMS.debug("reverse is true"); + else + com.netscape.certsrv.apps.CMS.debug("reverse is false"); - } + } if (req.getParameter("maxCount") != null) { maxCount = Integer.parseInt(req.getParameter("maxCount")); @@ -259,19 +261,19 @@ public class ListCerts extends CMSServlet { maxCount = mMaxReturns; } - String sentinelStr = ""; - if (mReverse) { - sentinelStr = req.getParameter("querySentinelUp"); - } else if (mDirection.equals("end")) { - // this servlet will figure out the end - sentinelStr = "0"; - mReverse = true; - mHardJumpTo = true; - } else if (mDirection.equals("down")) { - sentinelStr = req.getParameter("querySentinelDown"); - } else - sentinelStr = "0"; - //begin and non-specified have sentinel default "0" + String sentinelStr = ""; + if (mReverse) { + sentinelStr = req.getParameter("querySentinelUp"); + } else if (mDirection.equals("end")) { + // this servlet will figure out the end + sentinelStr = "0"; + mReverse = true; + mHardJumpTo = true; + } else if (mDirection.equals("down")) { + sentinelStr = req.getParameter("querySentinelDown"); + } else + sentinelStr = "0"; + // begin and non-specified have sentinel default "0" if (sentinelStr != null) { if (sentinelStr.trim().startsWith("0x")) { @@ -286,9 +288,9 @@ public class ListCerts extends CMSServlet { if (mAuthority instanceof ICertificateAuthority) { X509CertImpl caCert = ((ICertificateAuthority) mAuthority).getSigningUnit().getCertImpl(); - //if (isCertFromCA(caCert)) + // if (isCertFromCA(caCert)) header.addStringValue("caSerialNumber", - caCert.getSerialNumber().toString(16)); + caCert.getSerialNumber().toString(16)); } // constructs the ldap filter on the server side @@ -298,7 +300,7 @@ public class ListCerts extends CMSServlet { cmsReq.setStatus(CMSRequest.UNAUTHORIZED); return; } - + com.netscape.certsrv.apps.CMS.debug("queryCertFilter=" + queryCertFilter); int totalRecordCount = -1; @@ -307,16 +309,16 @@ public class ListCerts extends CMSServlet { totalRecordCount = Integer.parseInt(req.getParameter("totalRecordCount")); } catch (Exception e) { } - processCertFilter(argSet, header, maxCount, - sentinel, - totalRecordCount, - req.getParameter("serialTo"), - queryCertFilter, - req, resp, revokeAll, locale[0]); + processCertFilter(argSet, header, maxCount, + sentinel, + totalRecordCount, + req.getParameter("serialTo"), + queryCertFilter, + req, resp, revokeAll, locale[0]); } catch (NumberFormatException e) { log(ILogger.LL_FAILURE, com.netscape.certsrv.apps.CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); - - error = new EBaseException(com.netscape.certsrv.apps.CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT")); + + error = new EBaseException(com.netscape.certsrv.apps.CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT")); } catch (EBaseException e) { error = e; } @@ -329,36 +331,36 @@ public class ListCerts extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - cmsReq.setStatus(CMSRequest.SUCCESS); - resp.setContentType("text/html"); - form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - com.netscape.certsrv.apps.CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + com.netscape.certsrv.apps.CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - com.netscape.certsrv.apps.CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + com.netscape.certsrv.apps.CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } - private void processCertFilter(CMSTemplateParams argSet, - IArgBlock header, - int maxCount, - BigInteger sentinel, - int totalRecordCount, - String serialTo, - String filter, - HttpServletRequest req, - HttpServletResponse resp, - String revokeAll, - Locale locale - ) throws EBaseException { + private void processCertFilter(CMSTemplateParams argSet, + IArgBlock header, + int maxCount, + BigInteger sentinel, + int totalRecordCount, + String serialTo, + String filter, + HttpServletRequest req, + HttpServletResponse resp, + String revokeAll, + Locale locale + ) throws EBaseException { BigInteger serialToVal = MINUS_ONE; try { @@ -376,31 +378,31 @@ public class ListCerts extends CMSServlet { } String jumpTo = sentinel.toString(); - int pSize = 0; - if (mReverse) { - if (!mHardJumpTo) //reverse gets one more - pSize = -1*maxCount-1; - else - pSize = -1*maxCount; - } else - pSize = maxCount; + int pSize = 0; + if (mReverse) { + if (!mHardJumpTo) // reverse gets one more + pSize = -1 * maxCount - 1; + else + pSize = -1 * maxCount; + } else + pSize = maxCount; ICertRecordList list = (ICertRecordList) mCertDB.findCertRecordsInList( - filter, (String[]) null, jumpTo, mHardJumpTo, "serialno", - pSize); + filter, (String[]) null, jumpTo, mHardJumpTo, "serialno", + pSize); // retrive maxCount + 1 entries - Enumeration<ICertRecord> e = list.getCertRecords(0, maxCount); + Enumeration<ICertRecord> e = list.getCertRecords(0, maxCount); ICertRecordList tolist = null; int toCurIndex = 0; if (!serialToVal.equals(MINUS_ONE)) { - // if user specify a range, we need to + // if user specify a range, we need to // calculate the totalRecordCount tolist = (ICertRecordList) mCertDB.findCertRecordsInList( - filter, - (String[]) null, serialTo, + filter, + (String[]) null, serialTo, "serialno", maxCount); Enumeration<ICertRecord> en = tolist.getCertRecords(0, 0); @@ -420,82 +422,85 @@ public class ListCerts extends CMSServlet { } } } - + int curIndex = list.getCurrentIndex(); int count = 0; - BigInteger firstSerial = new BigInteger("0"); - BigInteger curSerial = new BigInteger("0"); - ICertRecord[] recs = new ICertRecord[maxCount]; - int rcount = 0; + BigInteger firstSerial = new BigInteger("0"); + BigInteger curSerial = new BigInteger("0"); + ICertRecord[] recs = new ICertRecord[maxCount]; + int rcount = 0; if (e != null) { - /* in reverse (page up), because the sentinel is the one after the - * last item to be displayed, we need to skip it - */ - while ((count < ((mReverse &&!mHardJumpTo)? (maxCount+1):maxCount)) && e.hasMoreElements()) { + /* + * in reverse (page up), because the sentinel is the one after the + * last item to be displayed, we need to skip it + */ + while ((count < ((mReverse && !mHardJumpTo) ? (maxCount + 1) : maxCount)) && e.hasMoreElements()) { ICertRecord rec = (ICertRecord) e.nextElement(); if (rec == null) { - com.netscape.certsrv.apps.CMS.debug("record "+count+" is null"); + com.netscape.certsrv.apps.CMS.debug("record " + count + " is null"); break; - } + } curSerial = rec.getSerialNumber(); - com.netscape.certsrv.apps.CMS.debug("record "+count+" is serial#"+curSerial); - - if (count == 0) { - firstSerial = curSerial; - if (mReverse && !mHardJumpTo) {//reverse got one more, skip - count++; - continue; - } - } - - // DS has a problem where last record will be returned - // even though the filter is not matched. - /*cfu - is this necessary? it breaks when paging up - if (curSerial.compareTo(sentinel) == -1) { - com.netscape.certsrv.apps.CMS.debug("curSerial compare sentinel -1 break..."); - - break; - } - */ + com.netscape.certsrv.apps.CMS.debug("record " + count + " is serial#" + curSerial); + + if (count == 0) { + firstSerial = curSerial; + if (mReverse && !mHardJumpTo) {// reverse got one more, skip + count++; + continue; + } + } + + // DS has a problem where last record will be returned + // even though the filter is not matched. + /* + * cfu - is this necessary? it breaks when paging up if + * (curSerial.compareTo(sentinel) == -1) { + * com.netscape.certsrv.apps + * .CMS.debug("curSerial compare sentinel -1 break..."); + * + * break; } + */ if (!serialToVal.equals(MINUS_ONE)) { // check if we go over the limit if (curSerial.compareTo(serialToVal) == 1) { - com.netscape.certsrv.apps.CMS.debug("curSerial compare serialToVal 1 breaking..."); + com.netscape.certsrv.apps.CMS.debug("curSerial compare serialToVal 1 breaking..."); break; - } + } } - if (mReverse) { - recs[rcount++] = rec; - } else { + if (mReverse) { + recs[rcount++] = rec; + } else { - IArgBlock rarg = com.netscape.certsrv.apps.CMS.createArgBlock(); + IArgBlock rarg = com.netscape.certsrv.apps.CMS.createArgBlock(); - fillRecordIntoArg(rec, rarg); - argSet.addRepeatRecord(rarg); - } + fillRecordIntoArg(rec, rarg); + argSet.addRepeatRecord(rarg); + } count++; } } else { com.netscape.certsrv.apps.CMS.debug( - "ListCerts::processCertFilter() - no Cert Records found!" ); + "ListCerts::processCertFilter() - no Cert Records found!"); return; } - if (mReverse) { - // fill records into arg block and argSet - for (int ii = rcount-1; ii>= 0; ii--) { - if (recs[ii] != null) { - IArgBlock rarg = com.netscape.certsrv.apps.CMS.createArgBlock(); - //com.netscape.certsrv.apps.CMS.debug("item "+ii+" is serial # "+ recs[ii].getSerialNumber()); - fillRecordIntoArg(recs[ii], rarg); - argSet.addRepeatRecord(rarg); - } - } - } + if (mReverse) { + // fill records into arg block and argSet + for (int ii = rcount - 1; ii >= 0; ii--) { + if (recs[ii] != null) { + IArgBlock rarg = com.netscape.certsrv.apps.CMS.createArgBlock(); + // com.netscape.certsrv.apps.CMS.debug("item "+ii+" is serial # "+ + // recs[ii].getSerialNumber()); + fillRecordIntoArg(recs[ii], rarg); + argSet.addRepeatRecord(rarg); + } + } + } // peek ahead ICertRecord nextRec = null; @@ -519,58 +524,58 @@ public class ListCerts extends CMSServlet { if (totalRecordCount == -1) { if (!serialToVal.equals(MINUS_ONE)) { totalRecordCount = toCurIndex - curIndex + 1; - com.netscape.certsrv.apps.CMS.debug("totalRecordCount="+totalRecordCount); + com.netscape.certsrv.apps.CMS.debug("totalRecordCount=" + totalRecordCount); } else { - totalRecordCount = list.getSize() - + totalRecordCount = list.getSize() - list.getCurrentIndex(); - com.netscape.certsrv.apps.CMS.debug("totalRecordCount="+totalRecordCount); + com.netscape.certsrv.apps.CMS.debug("totalRecordCount=" + totalRecordCount); } } header.addIntegerValue("totalRecordCount", totalRecordCount); - header.addIntegerValue("currentRecordCount", list.getSize() - - list.getCurrentIndex()); - - String qs = ""; - if (mReverse) - qs = "querySentinelUp"; - else - qs = "querySentinelDown"; - - if (mHardJumpTo) { - com.netscape.certsrv.apps.CMS.debug("curSerial added to querySentinelUp:"+ curSerial.toString()); - - header.addStringValue("querySentinelUp", curSerial.toString()); - } else { - if (nextRec == null) { - header.addStringValue(qs, null); - com.netscape.certsrv.apps.CMS.debug("nextRec is null"); - if (mReverse) { - com.netscape.certsrv.apps.CMS.debug("curSerial added to querySentinelUp:"+ curSerial.toString()); - - header.addStringValue("querySentinelUp", curSerial.toString()); - } + header.addIntegerValue("currentRecordCount", list.getSize() - + list.getCurrentIndex()); + + String qs = ""; + if (mReverse) + qs = "querySentinelUp"; + else + qs = "querySentinelDown"; + + if (mHardJumpTo) { + com.netscape.certsrv.apps.CMS.debug("curSerial added to querySentinelUp:" + curSerial.toString()); + + header.addStringValue("querySentinelUp", curSerial.toString()); } else { - BigInteger nextRecNo = nextRec.getSerialNumber(); + if (nextRec == null) { + header.addStringValue(qs, null); + com.netscape.certsrv.apps.CMS.debug("nextRec is null"); + if (mReverse) { + com.netscape.certsrv.apps.CMS.debug("curSerial added to querySentinelUp:" + curSerial.toString()); - if (serialToVal.equals(MINUS_ONE)) { - header.addStringValue( - qs, nextRecNo.toString()); + header.addStringValue("querySentinelUp", curSerial.toString()); + } } else { - if (nextRecNo.compareTo(serialToVal) <= 0) { + BigInteger nextRecNo = nextRec.getSerialNumber(); + + if (serialToVal.equals(MINUS_ONE)) { header.addStringValue( - qs, nextRecNo.toString()); + qs, nextRecNo.toString()); } else { - header.addStringValue(qs, - null); + if (nextRecNo.compareTo(serialToVal) <= 0) { + header.addStringValue( + qs, nextRecNo.toString()); + } else { + header.addStringValue(qs, + null); + } } + com.netscape.certsrv.apps.CMS.debug("querySentinel " + qs + " = " + nextRecNo.toString()); } - com.netscape.certsrv.apps.CMS.debug("querySentinel "+qs+" = "+nextRecNo.toString()); - } - } // !mHardJumpto + } // !mHardJumpto - header.addStringValue(!mReverse? "querySentinelUp":"querySentinelDown", - firstSerial.toString()); + header.addStringValue(!mReverse ? "querySentinelUp" : "querySentinelDown", + firstSerial.toString()); } @@ -578,7 +583,7 @@ public class ListCerts extends CMSServlet { * Fills cert record into argument block. */ private void fillRecordIntoArg(ICertRecord rec, IArgBlock rarg) - throws EBaseException { + throws EBaseException { X509CertImpl xcert = rec.getCertificate(); @@ -586,9 +591,9 @@ public class ListCerts extends CMSServlet { fillX509RecordIntoArg(rec, rarg); } } - + private void fillX509RecordIntoArg(ICertRecord rec, IArgBlock rarg) - throws EBaseException { + throws EBaseException { X509CertImpl cert = rec.getCertificate(); @@ -631,12 +636,13 @@ public class ListCerts extends CMSServlet { rarg.addStringValue("signatureAlgorithm", cert.getSigAlgOID()); String issuedBy = rec.getIssuedBy(); - if (issuedBy == null) issuedBy = ""; + if (issuedBy == null) + issuedBy = ""; rarg.addStringValue("issuedBy", issuedBy); // cert.getIssuerDN().toString() rarg.addLongValue("issuedOn", rec.getCreateTime().getTime() / 1000); rarg.addStringValue("revokedBy", - ((rec.getRevokedBy() == null) ? "" : rec.getRevokedBy())); + ((rec.getRevokedBy() == null) ? "" : rec.getRevokedBy())); if (rec.getRevokedOn() == null) { rarg.addStringValue("revokedOn", null); } else { @@ -665,4 +671,3 @@ public class ListCerts extends CMSServlet { } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/Monitor.java b/pki/base/common/src/com/netscape/cms/servlet/cert/Monitor.java index db77d039..b248d2bd 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/Monitor.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/Monitor.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.util.Calendar; import java.util.Date; @@ -51,10 +50,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Provide statistical queries of request and certificate records. - * + * * @version $Revision$, $Date$ */ public class Monitor extends CMSServlet { @@ -83,8 +81,8 @@ public class Monitor extends CMSServlet { /** * initialize the servlet. This servlet uses the template file - * 'monitor.template' to render the response. - * + * 'monitor.template' to render the response. + * * @param sc servlet configuration, read from the web.xml file */ @@ -111,8 +109,8 @@ public class Monitor extends CMSServlet { * Process the HTTP request. * <ul> * <li>http.param startTime start of time period to query - * <li>http.param endTime end of time period to query - * <li>http.param interval time between queries + * <li>http.param endTime end of time period to query + * <li>http.param interval time between queries * <li>http.param numberOfIntervals number of queries to run * <li>http.param maxResults =number * <li>http.param timeLimit =time @@ -130,10 +128,10 @@ public class Monitor extends CMSServlet { mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -158,8 +156,8 @@ public class Monitor extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException(CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } @@ -172,7 +170,7 @@ public class Monitor extends CMSServlet { process(argSet, header, startTime, endTime, interval, numberOfIntervals, locale[0]); } catch (EBaseException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_PROCESSING_REQ", e.toString())); + CMS.getLogMessage("CMSGW_ERR_PROCESSING_REQ", e.toString())); error = e; } @@ -182,29 +180,29 @@ public class Monitor extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", + e.toString())); throw new ECMSGWException(CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } - private void process(CMSTemplateParams argSet, IArgBlock header, - String startTime, String endTime, - String interval, String numberOfIntervals, - Locale locale) - throws EBaseException { + private void process(CMSTemplateParams argSet, IArgBlock header, + String startTime, String endTime, + String interval, String numberOfIntervals, + Locale locale) + throws EBaseException { if (interval == null || interval.length() == 0) { header.addStringValue("error", "Invalid interval: " + interval); return; @@ -270,7 +268,7 @@ public class Monitor extends CMSServlet { return; } - + Date nextDate(Date d, int seconds) { Date date = new Date((d.getTime()) + ((long) (seconds * 1000))); @@ -326,12 +324,12 @@ public class Monitor extends CMSServlet { mTotalReqs += count; } } catch (Exception ex) { - return "Exception: " + ex; + return "Exception: " + ex; } return null; } else { - return "Missing start or end date"; + return "Missing start or end date"; } } @@ -348,12 +346,12 @@ public class Monitor extends CMSServlet { int hour = Integer.parseInt(z.substring(8, 10)); int minute = Integer.parseInt(z.substring(10, 12)); int second = Integer.parseInt(z.substring(12, 14)); - Calendar calendar= Calendar.getInstance(); + Calendar calendar = Calendar.getInstance(); calendar.set(year, month, date, hour, minute, second); d = calendar.getTime(); } catch (NumberFormatException nfe) { } - } else if (z != null && z.length() > 1 && z.charAt(0) == '-') { // -5 + } else if (z != null && z.length() > 1 && z.charAt(0) == '-') { // -5 try { int i = Integer.parseInt(z); @@ -370,23 +368,27 @@ public class Monitor extends CMSServlet { Calendar calendar = Calendar.getInstance(); calendar.setTime(d); - String time = "" + (calendar.get(Calendar.YEAR)); int i = calendar.get(Calendar.MONTH) + 1; - if (i < 10) time += "0"; + if (i < 10) + time += "0"; time += i; - i = calendar.get(Calendar.DAY_OF_MONTH); - if (i < 10) time += "0"; + i = calendar.get(Calendar.DAY_OF_MONTH); + if (i < 10) + time += "0"; time += i; i = calendar.get(Calendar.HOUR_OF_DAY); - if (i < 10) time += "0"; + if (i < 10) + time += "0"; time += i; i = calendar.get(Calendar.MINUTE); - if (i < 10) time += "0"; + if (i < 10) + time += "0"; time += i; i = calendar.get(Calendar.SECOND); - if (i < 10) time += "0"; + if (i < 10) + time += "0"; time += i + "Z"; return time; } @@ -403,4 +405,3 @@ public class Monitor extends CMSServlet { return filter; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/ReasonToRevoke.java b/pki/base/common/src/com/netscape/cms/servlet/cert/ReasonToRevoke.java index 50296cf1..db09fae9 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/ReasonToRevoke.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/ReasonToRevoke.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -48,10 +47,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Specify the RevocationReason when revoking a certificate - * + * * @version $Revision$, $Date$ */ public class ReasonToRevoke extends CMSServlet { @@ -75,9 +73,9 @@ public class ReasonToRevoke extends CMSServlet { } /** - * initialize the servlet. This servlet uses the template file - * 'reasonToRevoke.template' to render the response - * + * initialize the servlet. This servlet uses the template file + * 'reasonToRevoke.template' to render the response + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -108,13 +106,13 @@ public class ReasonToRevoke extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** - * Process the HTTP request. - * + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -130,10 +128,10 @@ public class ReasonToRevoke extends CMSServlet { mAuthzResourceName, "revoke"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -151,10 +149,10 @@ public class ReasonToRevoke extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -163,31 +161,26 @@ public class ReasonToRevoke extends CMSServlet { try { if (req.getParameter("totalRecordCount") != null) { - totalRecordCount = + totalRecordCount = Integer.parseInt(req.getParameter("totalRecordCount")); } revokeAll = req.getParameter("revokeAll"); - process(argSet, header, req, resp, - revokeAll, totalRecordCount, locale[0]); + process(argSet, header, req, resp, + revokeAll, totalRecordCount, locale[0]); } catch (EBaseException e) { error = e; } catch (NumberFormatException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_RECORD_COUNT_FORMAT")); error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT")); - } + } /* - catch (Exception e) { - noError = false; - header.addStringValue(OUT_ERROR, - MessageFormatter.getLocalizedString( - errorlocale[0], - BaseResources.class.getName(), - BaseResources.INTERNAL_ERROR_1, - e.toString())); - } + * catch (Exception e) { noError = false; + * header.addStringValue(OUT_ERROR, MessageFormatter.getLocalizedString( + * errorlocale[0], BaseResources.class.getName(), + * BaseResources.INTERNAL_ERROR_1, e.toString())); } */ try { @@ -196,30 +189,30 @@ public class ReasonToRevoke extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } private void process(CMSTemplateParams argSet, IArgBlock header, - HttpServletRequest req, - HttpServletResponse resp, - String revokeAll, int totalRecordCount, - Locale locale) - throws EBaseException { + HttpServletRequest req, + HttpServletResponse resp, + String revokeAll, int totalRecordCount, + Locale locale) + throws EBaseException { header.addStringValue("revokeAll", revokeAll); header.addIntegerValue("totalRecordCount", totalRecordCount); @@ -238,14 +231,14 @@ public class ReasonToRevoke extends CMSServlet { if (isCertFromCA(caCert)) { header.addStringValue("caSerialNumber", - caCert.getSerialNumber().toString(16)); + caCert.getSerialNumber().toString(16)); } } /** - ICertRecordList list = mCertDB.findCertRecordsInList( - revokeAll, null, totalRecordCount); - Enumeration e = list.getCertRecords(0, totalRecordCount - 1); + * ICertRecordList list = mCertDB.findCertRecordsInList( revokeAll, + * null, totalRecordCount); Enumeration e = list.getCertRecords(0, + * totalRecordCount - 1); **/ Enumeration e = mCertDB.searchCertificates(revokeAll, totalRecordCount, mTimeLimits); @@ -265,16 +258,16 @@ public class ReasonToRevoke extends CMSServlet { count++; IArgBlock rarg = CMS.createArgBlock(); - rarg.addStringValue("serialNumber", - xcert.getSerialNumber().toString(16)); - rarg.addStringValue("serialNumberDecimal", - xcert.getSerialNumber().toString()); - rarg.addStringValue("subject", - xcert.getSubjectDN().toString()); - rarg.addLongValue("validNotBefore", - xcert.getNotBefore().getTime() / 1000); - rarg.addLongValue("validNotAfter", - xcert.getNotAfter().getTime() / 1000); + rarg.addStringValue("serialNumber", + xcert.getSerialNumber().toString(16)); + rarg.addStringValue("serialNumberDecimal", + xcert.getSerialNumber().toString()); + rarg.addStringValue("subject", + xcert.getSubjectDN().toString()); + rarg.addLongValue("validNotBefore", + xcert.getNotBefore().getTime() / 1000); + rarg.addLongValue("validNotAfter", + xcert.getNotAfter().getTime() / 1000); argSet.addRepeatRecord(rarg); } } @@ -288,4 +281,3 @@ public class ReasonToRevoke extends CMSServlet { return; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/RemoteAuthConfig.java b/pki/base/common/src/com/netscape/cms/servlet/cert/RemoteAuthConfig.java index 9c414b9c..c1d95acf 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/RemoteAuthConfig.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/RemoteAuthConfig.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.util.Calendar; import java.util.Date; @@ -54,7 +53,6 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Allow agent to turn on/off authentication managers * @@ -89,11 +87,11 @@ public class RemoteAuthConfig extends CMSServlet { /** * Initializes the servlet. - * - * Presence of "auths.enableRemoteConfiguration=true" in CMS.cfg - * enables remote configuration for authentication plugins. - * List of remotely set instances can be found in CMS.cfg - * at "auths.remotelySetInstances=<name1>,<name2>,...,<nameN>" + * + * Presence of "auths.enableRemoteConfiguration=true" in CMS.cfg enables + * remote configuration for authentication plugins. List of remotely set + * instances can be found in CMS.cfg at + * "auths.remotelySetInstances=<name1>,<name2>,...,<nameN>" */ public void init(ServletConfig sc) throws ServletException { super.init(sc); @@ -104,7 +102,8 @@ public class RemoteAuthConfig extends CMSServlet { try { mEnableRemoteConfiguration = mAuthConfig.getBoolean(ENABLE_REMOTE_CONFIG, false); } catch (EBaseException eb) { - // Thanks to design of getBoolean we have to catch but we will never get anything. + // Thanks to design of getBoolean we have to catch but we will never + // get anything. } String remoteList = null; @@ -112,7 +111,8 @@ public class RemoteAuthConfig extends CMSServlet { try { remoteList = mAuthConfig.getString(REMOTELY_SET_INSTANCES, null); } catch (EBaseException eb) { - // Thanks to design of getString we have to catch but we will never get anything. + // Thanks to design of getString we have to catch but we will never + // get anything. } if (remoteList != null) { StringTokenizer s = new StringTokenizer(remoteList, ","); @@ -133,16 +133,10 @@ public class RemoteAuthConfig extends CMSServlet { /** * Serves HTTPS request. The format of this request is as follows: - * https://host:ee-port/remoteAuthConfig? - * op="add"|"delete"& - * instance=<instanceName>& - * of=<authPluginName>& - * host=<hostName>& - * port=<portNumber>& - * password=<password>& - * [adminDN=<adminDN>]& - * [uid=<uid>]& - * [baseDN=<baseDN>] + * https://host:ee-port/remoteAuthConfig? op="add"|"delete"& + * instance=<instanceName>& of=<authPluginName>& host=<hostName>& + * port=<portNumber>& password=<password>& [adminDN=<adminDN>]& [uid=<uid>]& + * [baseDN=<baseDN>] */ public void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest req = cmsReq.getHttpReq(); @@ -201,7 +195,7 @@ public class RemoteAuthConfig extends CMSServlet { } } else { header.addStringValue("error", "Unknown instance " + - instance + "."); + instance + "."); } } else { header.addStringValue("error", "Unknown plugin name: " + plugin); @@ -217,7 +211,7 @@ public class RemoteAuthConfig extends CMSServlet { } if (isInstanceListed(instance)) { header.addStringValue("error", "Instance name " + - instance + " is already in use."); + instance + " is already in use."); } else { errMsg = addInstance(instance, plugin, host, port, baseDN, @@ -253,7 +247,7 @@ public class RemoteAuthConfig extends CMSServlet { } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } try { @@ -263,15 +257,15 @@ public class RemoteAuthConfig extends CMSServlet { form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } private String authenticateRemoteAdmin(String host, String port, - String adminDN, String password) { + String adminDN, String password) { if (host == null || host.length() == 0) { return "Missing host name."; } @@ -339,13 +333,11 @@ public class RemoteAuthConfig extends CMSServlet { } catch (LDAPException e) { /* - switch (e.getLDAPResultCode()) { - case LDAPException.NO_SUCH_OBJECT: - case LDAPException.INVALID_CREDENTIALS: - case LDAPException.INSUFFICIENT_ACCESS_RIGHTS: - case LDAPException.LDAP_PARTIAL_RESULTS: - default: - } + * switch (e.getLDAPResultCode()) { case + * LDAPException.NO_SUCH_OBJECT: case + * LDAPException.INVALID_CREDENTIALS: case + * LDAPException.INSUFFICIENT_ACCESS_RIGHTS: case + * LDAPException.LDAP_PARTIAL_RESULTS: default: } */ c.disconnect(); return "LDAP error: " + e.toString(); @@ -362,8 +354,8 @@ public class RemoteAuthConfig extends CMSServlet { } private String authenticateRemoteAdmin(String host, String port, - String uid, String baseDN, - String password) { + String uid, String baseDN, + String password) { if (host == null || host.length() == 0) { return "Missing host name."; } @@ -473,8 +465,8 @@ public class RemoteAuthConfig extends CMSServlet { } private String addInstance(String instance, String plugin, - String host, String port, - String baseDN, String dnPattern) { + String host, String port, + String baseDN, String dnPattern) { if (host == null || host.length() == 0) { return "Missing host name."; } @@ -516,7 +508,8 @@ public class RemoteAuthConfig extends CMSServlet { StringBuffer list = new StringBuffer(); for (int i = 0; i < mRemotelySetInstances.size(); i++) { - if (i > 0) list.append(","); + if (i > 0) + list.append(","); list.append((String) mRemotelySetInstances.elementAt(i)); } @@ -542,7 +535,8 @@ public class RemoteAuthConfig extends CMSServlet { StringBuffer list = new StringBuffer(); for (int i = 0; i < mRemotelySetInstances.size(); i++) { - if (i > 0) list.append(","); + if (i > 0) + list.append(","); list.append((String) mRemotelySetInstances.elementAt(i)); } @@ -602,17 +596,21 @@ public class RemoteAuthConfig extends CMSServlet { int y = now.get(Calendar.YEAR); String name = "R" + y; - if (now.get(Calendar.MONTH) < 10) name += "0"; + if (now.get(Calendar.MONTH) < 10) + name += "0"; name += now.get(Calendar.MONTH); - if (now.get(Calendar.DAY_OF_MONTH) < 10) name += "0"; + if (now.get(Calendar.DAY_OF_MONTH) < 10) + name += "0"; name += now.get(Calendar.DAY_OF_MONTH); - if (now.get(Calendar.HOUR_OF_DAY) < 10) name += "0"; + if (now.get(Calendar.HOUR_OF_DAY) < 10) + name += "0"; name += now.get(Calendar.HOUR_OF_DAY); - if (now.get(Calendar.MINUTE) < 10) name += "0"; + if (now.get(Calendar.MINUTE) < 10) + name += "0"; name += now.get(Calendar.MINUTE); - if (now.get(Calendar.SECOND) < 10) name += "0"; + if (now.get(Calendar.SECOND) < 10) + name += "0"; name += now.get(Calendar.SECOND); return name; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/RenewalServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/RenewalServlet.java index 050dd36d..e603103a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/RenewalServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/RenewalServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.math.BigInteger; import java.security.cert.CertificateException; @@ -59,7 +58,7 @@ import com.netscape.cms.servlet.common.ICMSTemplateFiller; /** * Certificate Renewal - * + * * @version $Revision$, $Date$ */ public class RenewalServlet extends CMSServlet { @@ -69,29 +68,27 @@ public class RenewalServlet extends CMSServlet { private static final long serialVersionUID = -3094124661102395244L; // renewal templates. - public static final String - RENEWAL_SUCCESS_TEMPLATE = "RenewalSuccess.template"; + public static final String RENEWAL_SUCCESS_TEMPLATE = "RenewalSuccess.template"; - // http params + // http params public static final String CERT_TYPE = "certType"; public static final String SERIAL_NO = "serialNo"; - // XXX can't do pkcs10 cause it's got no serial no. + // XXX can't do pkcs10 cause it's got no serial no. // (unless put serial no in pki attributes) - // public static final String PKCS10 = "pkcs10"; + // public static final String PKCS10 = "pkcs10"; public static final String IMPORT_CERT = "importCert"; private String mRenewalSuccessTemplate = RENEWAL_SUCCESS_TEMPLATE; - private ICMSTemplateFiller - mRenewalSuccessFiller = new ImportCertsTemplateFiller(); + private ICMSTemplateFiller mRenewalSuccessFiller = new ImportCertsTemplateFiller(); public RenewalServlet() { super(); } /** - * initialize the servlet. This servlet makes use of the - * template file "RenewalSuccess.template" to render the - * response + * initialize the servlet. This servlet makes use of the template file + * "RenewalSuccess.template" to render the response + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -103,43 +100,42 @@ public class RenewalServlet extends CMSServlet { PROP_SUCCESS_TEMPLATE); if (mRenewalSuccessTemplate == null) mRenewalSuccessTemplate = RENEWAL_SUCCESS_TEMPLATE; - String fillername = - sc.getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER); + String fillername = + sc.getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER); if (fillername != null) { ICMSTemplateFiller filler = newFillerObject(fillername); - if (filler != null) + if (filler != null) mRenewalSuccessFiller = filler; } } catch (Exception e) { - // this should never happen. - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(), - mId)); + // this should never happen. + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(), + mId)); } } - /** - * Process the HTTP request. - * + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information */ - protected void process(CMSRequest cmsReq) - throws EBaseException { + protected void process(CMSRequest cmsReq) + throws EBaseException { long startTime = CMS.getCurrentDate().getTime(); IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest httpReq = cmsReq.getHttpReq(); - // renewal requires either: - // - coming from ee: - // - old cert from ssl client auth - // - old certs from auth manager - // - coming from agent or trusted RA: - // - serial no of cert to be renewed. - + // renewal requires either: + // - coming from ee: + // - old cert from ssl client auth + // - old certs from auth manager + // - coming from agent or trusted RA: + // - serial no of cert to be renewed. + BigInteger old_serial_no = null; X509CertImpl old_cert = null; X509CertImpl renewed_cert = null; @@ -156,10 +152,10 @@ public class RenewalServlet extends CMSServlet { mAuthzResourceName, "renew"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -174,7 +170,7 @@ public class RenewalServlet extends CMSServlet { authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); } - // coming from agent + // coming from agent if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { X509Certificate[] cert = new X509Certificate[1]; @@ -190,7 +186,7 @@ public class RenewalServlet extends CMSServlet { int endDate = httpParams.getValueAsInt("endDate", -1); if (beginYear != -1 && beginMonth != -1 && beginDate != -1 && - endYear != -1 && endMonth != -1 && endDate != -1) { + endYear != -1 && endMonth != -1 && endDate != -1) { Calendar calendar = Calendar.getInstance(); calendar.set(beginYear, beginMonth, beginDate); notBefore = calendar.getTime(); @@ -199,7 +195,7 @@ public class RenewalServlet extends CMSServlet { } } // coming from client else { - // from auth manager + // from auth manager X509CertImpl[] cert = new X509CertImpl[1]; old_serial_no = getCertFromAuthMgr(authToken, cert); @@ -213,44 +209,44 @@ public class RenewalServlet extends CMSServlet { X509CertInfo new_certInfo = null; req = mRequestQueue.newRequest(IRequest.RENEWAL_REQUEST); - req.setExtData(IRequest.OLD_SERIALS, new BigInteger[] {old_serial_no}); + req.setExtData(IRequest.OLD_SERIALS, new BigInteger[] { old_serial_no }); if (old_cert != null) { req.setExtData(IRequest.OLD_CERTS, - new X509CertImpl[] { old_cert } - ); - // create new certinfo from old_cert contents. + new X509CertImpl[] { old_cert } + ); + // create new certinfo from old_cert contents. X509CertInfo old_certInfo = (X509CertInfo) - ((X509CertImpl) old_cert).get( - X509CertImpl.NAME + "." + X509CertImpl.INFO); + ((X509CertImpl) old_cert).get( + X509CertImpl.NAME + "." + X509CertImpl.INFO); new_certInfo = new X509CertInfo(old_certInfo.getEncodedInfo()); } else { - // if no old cert (came from RA agent) create new cert info - // (serializable) to pass through policies. And set the old + // if no old cert (came from RA agent) create new cert info + // (serializable) to pass through policies. And set the old // serial number to pick up. new_certInfo = new CertInfo(); - new_certInfo.set(X509CertInfo.SERIAL_NUMBER, - new CertificateSerialNumber(old_serial_no)); + new_certInfo.set(X509CertInfo.SERIAL_NUMBER, + new CertificateSerialNumber(old_serial_no)); } - + if (notBefore == null || notAfter == null) { notBefore = new Date(0); notAfter = new Date(0); } - new_certInfo.set(X509CertInfo.VALIDITY, - new CertificateValidity(notBefore, notAfter)); + new_certInfo.set(X509CertInfo.VALIDITY, + new CertificateValidity(notBefore, notAfter)); req.setExtData(IRequest.CERT_INFO, new X509CertInfo[] { new_certInfo } - ); + ); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_SETTING_RENEWAL_VALIDITY_1", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_SETTING_RENEWAL_VALIDITY_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SETTING_RENEWAL_VALIDITY_ERROR")); + CMS.getUserMessage("CMS_GW_SETTING_RENEWAL_VALIDITY_ERROR")); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_SETTING_RENEWAL_VALIDITY_1", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_SETTING_RENEWAL_VALIDITY_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SETTING_RENEWAL_VALIDITY_ERROR")); + CMS.getUserMessage("CMS_GW_SETTING_RENEWAL_VALIDITY_ERROR")); } saveHttpHeaders(httpReq, req); @@ -259,7 +255,7 @@ public class RenewalServlet extends CMSServlet { saveAuthToken(authToken, req); cmsReq.setIRequest(req); - // send request to request queue. + // send request to request queue. mRequestQueue.processRequest(req); // for audit log @@ -269,12 +265,12 @@ public class RenewalServlet extends CMSServlet { if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { agentID = authToken.getInString("userid"); initiative = AuditFormat.FROMAGENT + " agentID: " + agentID; - }else { + } else { // request is from eegateway, so fromUser. initiative = AuditFormat.FROMUSER; } - // check resulting status + // check resulting status RequestStatus status = req.getRequestStatus(); if (status != RequestStatus.COMPLETE) { @@ -292,92 +288,92 @@ public class RenewalServlet extends CMSServlet { wholeMsg.append(msgs.nextElement()); } - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.RENEWALFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - status.toString(), - old_cert.getSubjectDN(), - old_cert.getSerialNumber().toString(16), - "violation: " + - wholeMsg.toString()} - // wholeMsg}, - // ILogger.L_MULTILINE - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.RENEWALFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + status.toString(), + old_cert.getSubjectDN(), + old_cert.getSerialNumber().toString(16), + "violation: " + + wholeMsg.toString() } + // wholeMsg}, + // ILogger.L_MULTILINE + ); } else { // no policy violation, from agent mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.RENEWALFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + status.toString(), + old_cert.getSubjectDN(), + old_cert.getSerialNumber().toString(16), + "" } + ); + } + } else { // other imcomplete status + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, AuditFormat.LEVEL, AuditFormat.RENEWALFORMAT, new Object[] { - req.getRequestId(), - initiative, - authMgr, - status.toString(), - old_cert.getSubjectDN(), - old_cert.getSerialNumber().toString(16), - "" } - ); - } - } else { // other imcomplete status - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.RENEWALFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - status.toString(), - old_cert.getSubjectDN(), - old_cert.getSerialNumber().toString(16), - "" } - ); + req.getRequestId(), + initiative, + authMgr, + status.toString(), + old_cert.getSubjectDN(), + old_cert.getSerialNumber().toString(16), + "" } + ); } return; } - // service error + // service error Integer result = req.getExtDataInInteger(IRequest.RESULT); CMS.debug( - "RenewalServlet: Result for request " + req.getRequestId() + " is " + result); + "RenewalServlet: Result for request " + req.getRequestId() + " is " + result); if (result.equals(IRequest.RES_ERROR)) { CMS.debug( - "RenewalServlet: Result for request " + req.getRequestId() + " is error."); + "RenewalServlet: Result for request " + req.getRequestId() + " is error."); cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(req.getExtDataInString(IRequest.ERROR)); String[] svcErrors = - req.getExtDataInStringArray(IRequest.SVCERRORS); + req.getExtDataInStringArray(IRequest.SVCERRORS); if (svcErrors != null && svcErrors.length > 0) { for (int i = 0; i < svcErrors.length; i++) { String err = svcErrors[i]; if (err != null) { - //System.out.println( - //"revocation servlet: setting error description "+ - //err.toString()); + // System.out.println( + // "revocation servlet: setting error description "+ + // err.toString()); cmsReq.setErrorDescription(err); mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.RENEWALFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - "completed with error: " + - err, - old_cert.getSubjectDN(), - old_cert.getSerialNumber().toString(16), - "" } - ); + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.RENEWALFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + "completed with error: " + + err, + old_cert.getSubjectDN(), + old_cert.getSerialNumber().toString(16), + "" } + ); } } @@ -393,31 +389,31 @@ public class RenewalServlet extends CMSServlet { long endTime = CMS.getCurrentDate().getTime(); mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.RENEWALFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - "completed", - old_cert.getSubjectDN(), - old_cert.getSerialNumber().toString(16), - "new serial number: 0x" + - renewed_cert.getSerialNumber().toString(16) + " time: " + (endTime - startTime)} - ); + AuditFormat.LEVEL, + AuditFormat.RENEWALFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + "completed", + old_cert.getSubjectDN(), + old_cert.getSerialNumber().toString(16), + "new serial number: 0x" + + renewed_cert.getSerialNumber().toString(16) + " time: " + (endTime - startTime) } + ); return; } private void respondSuccess( - CMSRequest cmsReq, X509CertImpl renewed_cert) - throws EBaseException { - cmsReq.setResult(new X509CertImpl[] {renewed_cert} - ); + CMSRequest cmsReq, X509CertImpl renewed_cert) + throws EBaseException { + cmsReq.setResult(new X509CertImpl[] { renewed_cert } + ); cmsReq.setStatus(CMSRequest.SUCCESS); - // check if cert should be imported. - // browser must have input type set to nav or cartman since + // check if cert should be imported. + // browser must have input type set to nav or cartman since // there's no other way to tell IArgBlock httpParams = cmsReq.getHttpParams(); @@ -425,45 +421,45 @@ public class RenewalServlet extends CMSServlet { String certType = httpParams.getValueAsString(CERT_TYPE, "client"); String agent = httpReq.getHeader("user-agent"); - if (checkImportCertToNav(cmsReq.getHttpResp(), + if (checkImportCertToNav(cmsReq.getHttpResp(), httpParams, renewed_cert)) { return; } else { try { - renderTemplate(cmsReq, - mRenewalSuccessTemplate, mRenewalSuccessFiller); + renderTemplate(cmsReq, + mRenewalSuccessTemplate, mRenewalSuccessFiller); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGE_ERROR_DISPLAY_TEMPLATE_1", - mRenewalSuccessTemplate, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGE_ERROR_DISPLAY_TEMPLATE_1", + mRenewalSuccessTemplate, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } return; } - protected BigInteger getRenewedCert(ICertRecord certRec) - throws EBaseException { + protected BigInteger getRenewedCert(ICertRecord certRec) + throws EBaseException { BigInteger renewedCert = null; String serial = null; - MetaInfo meta = certRec.getMetaInfo(); + MetaInfo meta = certRec.getMetaInfo(); if (meta == null) { - log(ILogger.LL_INFO, - "no meta info in cert serial 0x" + certRec.getSerialNumber().toString(16)); + log(ILogger.LL_INFO, + "no meta info in cert serial 0x" + certRec.getSerialNumber().toString(16)); return null; } serial = (String) meta.get(ICertRecord.META_RENEWED_CERT); if (serial == null) { - log(ILogger.LL_INFO, - "no renewed cert in cert 0x" + certRec.getSerialNumber().toString(16)); + log(ILogger.LL_INFO, + "no renewed cert in cert 0x" + certRec.getSerialNumber().toString(16)); return null; } renewedCert = new BigInteger(serial); - log(ILogger.LL_INFO, - "renewed cert serial 0x" + renewedCert.toString(16) + "found for 0x" + - certRec.getSerialNumber().toString(16)); + log(ILogger.LL_INFO, + "renewed cert serial 0x" + renewedCert.toString(16) + "found for 0x" + + certRec.getSerialNumber().toString(16)); return renewedCert; } @@ -471,27 +467,27 @@ public class RenewalServlet extends CMSServlet { * get certs to renew from agent. */ private BigInteger getCertFromAgent( - IArgBlock httpParams, X509Certificate[] certContainer) - throws EBaseException { + IArgBlock httpParams, X509Certificate[] certContainer) + throws EBaseException { BigInteger serialno = null; X509Certificate cert = null; // get serial no serialno = httpParams.getValueAsBigInteger(SERIAL_NO, null); if (serialno == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_RENEW")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_RENEW")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_SERIALNO_FOR_RENEW")); + CMS.getUserMessage("CMS_GW_MISSING_SERIALNO_FOR_RENEW")); } // get cert from db if we're cert authority. if (mAuthority instanceof ICertificateAuthority) { cert = getX509Certificate(serialno); if (cert == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_RENEW_1", serialno.toString(16))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_RENEW_1", serialno.toString(16))); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_RENEWAL")); + CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_RENEWAL")); } } certContainer[0] = cert; @@ -502,23 +498,23 @@ public class RenewalServlet extends CMSServlet { * get cert to renew from auth manager */ private BigInteger getCertFromAuthMgr( - IAuthToken authToken, X509Certificate[] certContainer) - throws EBaseException { + IAuthToken authToken, X509Certificate[] certContainer) + throws EBaseException { X509CertImpl cert = - authToken.getInCert(AuthToken.TOKEN_CERT); + authToken.getInCert(AuthToken.TOKEN_CERT); if (cert == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CERTS_RENEW_FROM_AUTHMGR")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_CERTS_RENEW_FROM_AUTHMGR")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_CERTS_RENEW_FROM_AUTHMGR")); + CMS.getUserMessage("CMS_GW_MISSING_CERTS_RENEW_FROM_AUTHMGR")); } - if (mAuthority instanceof ICertificateAuthority && - !isCertFromCA(cert)) { + if (mAuthority instanceof ICertificateAuthority && + !isCertFromCA(cert)) { log(ILogger.LL_FAILURE, "certficate from auth manager for " + - " renewal is not from this ca."); + " renewal is not from this ca."); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_RENEWAL")); + CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_RENEWAL")); } certContainer[0] = cert; BigInteger serialno = ((X509Certificate) cert).getSerialNumber(); diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationServlet.java index 9b39acc7..78d2b8b9 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.math.BigInteger; import java.security.cert.CertificateEncodingException; @@ -57,10 +56,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Perform the first step in revoking a certificate - * + * * @version $Revision$, $Date$ */ public class RevocationServlet extends CMSServlet { @@ -72,11 +70,11 @@ public class RevocationServlet extends CMSServlet { // revocation templates. private final static String TPL_FILE = "reasonToRevoke.template"; - // http params + // http params public static final String SERIAL_NO = "serialNo"; - // XXX can't do pkcs10 cause it's got no serial no. + // XXX can't do pkcs10 cause it's got no serial no. // (unless put serial no in pki attributes) - // public static final String PKCS10 = "pkcs10"; + // public static final String PKCS10 = "pkcs10"; public static final String REASON_CODE = "reasonCode"; private String mFormPath = null; @@ -85,15 +83,14 @@ public class RevocationServlet extends CMSServlet { private Random mRandom = null; private Nonces mNonces = null; - public RevocationServlet() { super(); } /** - * initialize the servlet. This servlet uses - * the template file "reasonToRevoke.template" to render the - * result. + * initialize the servlet. This servlet uses the template file + * "reasonToRevoke.template" to render the result. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -115,7 +112,7 @@ public class RevocationServlet extends CMSServlet { } } - // set to false by revokeByDN=false in web.xml + // set to false by revokeByDN=false in web.xml mRevokeByDN = false; String tmp = sc.getInitParameter(PROP_REVOKEBYDN); @@ -127,28 +124,27 @@ public class RevocationServlet extends CMSServlet { } } - /** - * Process the HTTP request. Note that this servlet does not - * actually perform the certificate revocation. This is the first - * step in the multi-step revocation process. (the next step is - * in the ReasonToRevoke servlet. - * + * Process the HTTP request. Note that this servlet does not actually + * perform the certificate revocation. This is the first step in the + * multi-step revocation process. (the next step is in the ReasonToRevoke + * servlet. + * * @param cmsReq the object holding the request and response information */ - protected void process(CMSRequest cmsReq) - throws EBaseException { + protected void process(CMSRequest cmsReq) + throws EBaseException { IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); - // revocation requires either: - // - coming from ee: - // - old cert from ssl client auth - // - old certs from auth manager - // - coming from agent or trusted RA: - // - serial no of cert to be revoked. - + // revocation requires either: + // - coming from ee: + // - old cert from ssl client auth + // - old certs from auth manager + // - coming from agent or trusted RA: + // - serial no of cert to be revoked. + BigInteger old_serial_no = null; X509CertImpl old_cert = null; String revokeAll = null; @@ -159,10 +155,10 @@ public class RevocationServlet extends CMSServlet { try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -178,18 +174,18 @@ public class RevocationServlet extends CMSServlet { mAuthzResourceName, "submit"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { cmsReq.setStatus(CMSRequest.UNAUTHORIZED); return; } - - // coming from agent + + // coming from agent if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { X509Certificate[] cert = new X509Certificate[1]; @@ -197,22 +193,24 @@ public class RevocationServlet extends CMSServlet { old_cert = (X509CertImpl) cert[0]; } // coming from client else { - // from auth manager + // from auth manager X509CertImpl[] cert = new X509CertImpl[1]; - + old_serial_no = getCertFromAuthMgr(authToken, cert); old_cert = cert[0]; } header.addStringValue("serialNumber", old_cert.getSerialNumber().toString(16)); header.addStringValue("serialNumberDecimal", old_cert.getSerialNumber().toString()); - // header.addStringValue("subject", old_cert.getSubjectDN().toString()); - // header.addLongValue("validNotBefore", old_cert.getNotBefore().getTime()/1000); - // header.addLongValue("validNotAfter", old_cert.getNotAfter().getTime()/1000); + // header.addStringValue("subject", old_cert.getSubjectDN().toString()); + // header.addLongValue("validNotBefore", + // old_cert.getNotBefore().getTime()/1000); + // header.addLongValue("validNotAfter", + // old_cert.getNotAfter().getTime()/1000); if (mNonces != null) { long n = mRandom.nextLong(); - long m = mNonces.addNonce(n, (X509Certificate)old_cert); + long m = mNonces.addNonce(n, (X509Certificate) old_cert); if ((n + m) != 0) { header.addStringValue("nonce", Long.toString(m)); } @@ -229,12 +227,12 @@ public class RevocationServlet extends CMSServlet { } else if (mAuthority instanceof IRegistrationAuthority) { IRequest req = mRequestQueue.newRequest(IRequest.GETCERTS_REQUEST); String filter = "(&(" + ICertRecord.ATTR_X509CERT + "." + - X509CertInfo.SUBJECT + "=" + - old_cert.getSubjectDN().toString() + ")(|(" + - ICertRecord.ATTR_CERT_STATUS + "=" + - ICertRecord.STATUS_VALID + ")(" + - ICertRecord.ATTR_CERT_STATUS + "=" + - ICertRecord.STATUS_EXPIRED + ")))"; + X509CertInfo.SUBJECT + "=" + + old_cert.getSubjectDN().toString() + ")(|(" + + ICertRecord.ATTR_CERT_STATUS + "=" + + ICertRecord.STATUS_VALID + ")(" + + ICertRecord.ATTR_CERT_STATUS + "=" + + ICertRecord.STATUS_EXPIRED + ")))"; req.setExtData(IRequest.CERT_FILTER, filter); mRequestQueue.processRequest(req); @@ -271,8 +269,8 @@ public class RevocationServlet extends CMSServlet { if (!noInfo && (certsToRevoke == null || certsToRevoke.length == 0 || (!authorized))) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CA_CERT_ALREADY_REVOKED_1", old_serial_no.toString(16))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CA_CERT_ALREADY_REVOKED_1", old_serial_no.toString(16))); throw new ECMSGWException(CMS.getUserMessage("CMS_GW_CERT_ALREADY_REVOKED")); } @@ -296,15 +294,15 @@ public class RevocationServlet extends CMSServlet { IArgBlock rarg = CMS.createArgBlock(); rarg.addStringValue("serialNumber", - certsToRevoke[i].getSerialNumber().toString(16)); + certsToRevoke[i].getSerialNumber().toString(16)); rarg.addStringValue("serialNumberDecimal", - certsToRevoke[i].getSerialNumber().toString()); + certsToRevoke[i].getSerialNumber().toString()); rarg.addStringValue("subject", - certsToRevoke[i].getSubjectDN().toString()); + certsToRevoke[i].getSubjectDN().toString()); rarg.addLongValue("validNotBefore", - certsToRevoke[i].getNotBefore().getTime() / 1000); + certsToRevoke[i].getNotBefore().getTime() / 1000); rarg.addLongValue("validNotAfter", - certsToRevoke[i].getNotAfter().getTime() / 1000); + certsToRevoke[i].getNotAfter().getTime() / 1000); argSet.addRepeatRecord(rarg); } } else { @@ -313,7 +311,7 @@ public class RevocationServlet extends CMSServlet { } // set revocation reason, default to unspecified if not set. - int reasonCode = httpParams.getValueAsInt(REASON_CODE, 0); + int reasonCode = httpParams.getValueAsInt(REASON_CODE, 0); header.addIntegerValue("reason", reasonCode); @@ -324,10 +322,10 @@ public class RevocationServlet extends CMSServlet { form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } return; @@ -337,28 +335,28 @@ public class RevocationServlet extends CMSServlet { * get cert to revoke from agent. */ private BigInteger getCertFromAgent( - IArgBlock httpParams, X509Certificate[] certContainer) - throws EBaseException { + IArgBlock httpParams, X509Certificate[] certContainer) + throws EBaseException { BigInteger serialno = null; X509Certificate cert = null; // get serial no serialno = httpParams.getValueAsBigInteger(SERIAL_NO, null); if (serialno == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_REVOKE")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_REVOKE")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_SERIALNO_FOR_REVOKE")); + CMS.getUserMessage("CMS_GW_MISSING_SERIALNO_FOR_REVOKE")); } // get cert from db if we're cert authority. if (mAuthority instanceof ICertificateAuthority) { cert = getX509Certificate(serialno); if (cert == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_CERT_FOR_REVOCATION")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_INVALID_CERT_FOR_REVOCATION")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION")); + CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION")); } } certContainer[0] = cert; @@ -369,22 +367,22 @@ public class RevocationServlet extends CMSServlet { * get cert to revoke from auth manager */ private BigInteger getCertFromAuthMgr( - IAuthToken authToken, X509Certificate[] certContainer) - throws EBaseException { + IAuthToken authToken, X509Certificate[] certContainer) + throws EBaseException { X509CertImpl cert = - authToken.getInCert(AuthToken.TOKEN_CERT); + authToken.getInCert(AuthToken.TOKEN_CERT); if (cert == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CERTS_REVOKE_FROM_AUTHMGR")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_CERTS_REVOKE_FROM_AUTHMGR")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_CERTS_REVOKE_FROM_AUTHMGR")); + CMS.getUserMessage("CMS_GW_MISSING_CERTS_REVOKE_FROM_AUTHMGR")); } - if (mAuthority instanceof ICertificateAuthority && - !isCertFromCA(cert)) { + if (mAuthority instanceof ICertificateAuthority && + !isCertFromCA(cert)) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_CERT_FOR_REVOCATION")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION")); + CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION")); } certContainer[0] = cert; BigInteger serialno = ((X509Certificate) cert).getSerialNumber(); @@ -393,4 +391,3 @@ public class RevocationServlet extends CMSServlet { } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationSuccessTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationSuccessTemplateFiller.java index 3a571d44..bd983a6c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationSuccessTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationSuccessTemplateFiller.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.util.Locale; import javax.servlet.http.HttpServletRequest; @@ -31,21 +30,13 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ICMSTemplateFiller; - /** - * Certificates Template filler. - * must have list of certificates in result. - * looks at inputs: certtype. - * outputs: - * - cert type from http input (if any) - * - CA chain - * - authority name (RM, CM, DRM) - * - scheme:host:port of server. - * array of one or more - * - cert serial number - * - cert pretty print - * - cert in base 64 encoding. - * - cmmf blob to import + * Certificates Template filler. must have list of certificates in result. looks + * at inputs: certtype. outputs: - cert type from http input (if any) - CA chain + * - authority name (RM, CM, DRM) - scheme:host:port of server. array of one or + * more - cert serial number - cert pretty print - cert in base 64 encoding. - + * cmmf blob to import + * * @version $Revision$, $Date$ */ class RevocationSuccessTemplateFiller implements ICMSTemplateFiller { @@ -61,12 +52,12 @@ class RevocationSuccessTemplateFiller implements ICMSTemplateFiller { * @param e unexpected exception e. ignored. */ public CMSTemplateParams getTemplateParams( - CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) - throws Exception { + CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) + throws Exception { IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams params = new CMSTemplateParams(null, fixed); - // set host name and port. + // set host name and port. HttpServletRequest httpReq = cmsReq.getHttpReq(); String host = httpReq.getServerName(); int port = httpReq.getServerPort(); @@ -77,15 +68,15 @@ class RevocationSuccessTemplateFiller implements ICMSTemplateFiller { fixed.set(ICMSTemplateFiller.SCHEME, scheme); // this authority - fixed.set(ICMSTemplateFiller.AUTHORITY, - (String) authority.getOfficialName()); + fixed.set(ICMSTemplateFiller.AUTHORITY, + (String) authority.getOfficialName()); // XXX CA chain. - RevokedCertImpl[] revoked = - (RevokedCertImpl[]) cmsReq.getResult(); + RevokedCertImpl[] revoked = + (RevokedCertImpl[]) cmsReq.getResult(); - // revoked certs. + // revoked certs. for (int i = 0; i < revoked.length; i++) { IArgBlock repeat = CMS.createArgBlock(); @@ -96,4 +87,3 @@ class RevocationSuccessTemplateFiller implements ICMSTemplateFiller { return params; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java b/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java index 17bad7a1..dfd735f0 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.math.BigInteger; import java.security.PublicKey; @@ -61,10 +60,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Search for certificates matching complex query filter - * + * * @version $Revision$, $Date$ */ public class SrchCerts extends CMSServlet { @@ -96,8 +94,9 @@ public class SrchCerts extends CMSServlet { } /** - * initialize the servlet. This servlet uses srchCert.template - * to render the response + * initialize the servlet. This servlet uses srchCert.template to render the + * response + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -140,20 +139,20 @@ public class SrchCerts extends CMSServlet { /* do nothing, just use the default if integer parsing failed */ } - /* useClientFilter should be off by default. We keep - this parameter around so that we do not break - the client applications that submits raw LDAP - filter into this servlet. */ + /* + * useClientFilter should be off by default. We keep this parameter + * around so that we do not break the client applications that submits + * raw LDAP filter into this servlet. + */ if (sc.getInitParameter("useClientFilter") != null && - sc.getInitParameter("useClientFilter").equalsIgnoreCase("true")) { + sc.getInitParameter("useClientFilter").equalsIgnoreCase("true")) { mUseClientFilter = true; } } - private boolean isOn(HttpServletRequest req, String name) - { + private boolean isOn(HttpServletRequest req, String name) { String inUse = req.getParameter(name); - if (inUse == null) { + if (inUse == null) { return false; } if (inUse.equals("on")) { @@ -162,10 +161,9 @@ public class SrchCerts extends CMSServlet { return false; } - private boolean isOff(HttpServletRequest req, String name) - { + private boolean isOff(HttpServletRequest req, String name) { String inUse = req.getParameter(name); - if (inUse == null) { + if (inUse == null) { return false; } if (inUse.equals("off")) { @@ -174,8 +172,7 @@ public class SrchCerts extends CMSServlet { return false; } - private void buildCertStatusFilter(HttpServletRequest req, StringBuffer filter) - { + private void buildCertStatusFilter(HttpServletRequest req, StringBuffer filter) { if (!isOn(req, "statusInUse")) { return; } @@ -185,8 +182,7 @@ public class SrchCerts extends CMSServlet { filter.append(")"); } - private void buildProfileFilter(HttpServletRequest req, StringBuffer filter) - { + private void buildProfileFilter(HttpServletRequest req, StringBuffer filter) { if (!isOn(req, "profileInUse")) { return; } @@ -196,16 +192,14 @@ public class SrchCerts extends CMSServlet { filter.append(")"); } - private void buildBasicConstraintsFilter(HttpServletRequest req, StringBuffer filter) - { + private void buildBasicConstraintsFilter(HttpServletRequest req, StringBuffer filter) { if (!isOn(req, "basicConstraintsInUse")) { return; } filter.append("(x509cert.BasicConstraints.isCA=on)"); } - private void buildSerialNumberRangeFilter(HttpServletRequest req, StringBuffer filter) - { + private void buildSerialNumberRangeFilter(HttpServletRequest req, StringBuffer filter) { if (!isOn(req, "serialNumberRangeInUse")) { return; } @@ -225,9 +219,8 @@ public class SrchCerts extends CMSServlet { } } - private void buildAVAFilter(HttpServletRequest req, String paramName, - String avaName, StringBuffer lf, String match) - { + private void buildAVAFilter(HttpServletRequest req, String paramName, + String avaName, StringBuffer lf, String match) { String val = req.getParameter(paramName); if (val != null && !val.equals("")) { if (match != null && match.equals("exact")) { @@ -254,8 +247,7 @@ public class SrchCerts extends CMSServlet { } } - private void buildSubjectFilter(HttpServletRequest req, StringBuffer filter) - { + private void buildSubjectFilter(HttpServletRequest req, StringBuffer filter) { if (!isOn(req, "subjectInUse")) { return; } @@ -286,9 +278,8 @@ public class SrchCerts extends CMSServlet { } } - private void buildRevokedByFilter(HttpServletRequest req, - StringBuffer filter) - { + private void buildRevokedByFilter(HttpServletRequest req, + StringBuffer filter) { if (!isOn(req, "revokedByInUse")) { return; } @@ -302,10 +293,9 @@ public class SrchCerts extends CMSServlet { } } - private void buildDateFilter(HttpServletRequest req, String prefix, + private void buildDateFilter(HttpServletRequest req, String prefix, String outStr, long adjustment, - StringBuffer filter) - { + StringBuffer filter) { String queryCertFilter = null; long epoch = 0; try { @@ -324,19 +314,17 @@ public class SrchCerts extends CMSServlet { } private void buildRevokedOnFilter(HttpServletRequest req, - StringBuffer filter) - { + StringBuffer filter) { if (!isOn(req, "revokedOnInUse")) { return; } buildDateFilter(req, "revokedOnFrom", "certRevokedOn>=", 0, filter); - buildDateFilter(req, "revokedOnTo", "certRevokedOn<=", 86399999, + buildDateFilter(req, "revokedOnTo", "certRevokedOn<=", 86399999, filter); } private void buildRevocationReasonFilter(HttpServletRequest req, - StringBuffer filter) - { + StringBuffer filter) { if (!isOn(req, "revocationReasonInUse")) { return; } @@ -347,23 +335,22 @@ public class SrchCerts extends CMSServlet { String queryCertFilter = null; StringTokenizer st = new StringTokenizer(reasons, ","); if (st.hasMoreTokens()) { - filter.append("(|"); - while (st.hasMoreTokens()) { - String token = st.nextToken(); - if (queryCertFilter == null) { - queryCertFilter = ""; - } - filter.append("(x509cert.certRevoInfo="); - filter.append(token); - filter.append(")"); - } - filter.append(")"); + filter.append("(|"); + while (st.hasMoreTokens()) { + String token = st.nextToken(); + if (queryCertFilter == null) { + queryCertFilter = ""; + } + filter.append("(x509cert.certRevoInfo="); + filter.append(token); + filter.append(")"); + } + filter.append(")"); } } - private void buildIssuedByFilter(HttpServletRequest req, - StringBuffer filter) - { + private void buildIssuedByFilter(HttpServletRequest req, + StringBuffer filter) { if (!isOn(req, "issuedByInUse")) { return; } @@ -378,43 +365,39 @@ public class SrchCerts extends CMSServlet { } private void buildIssuedOnFilter(HttpServletRequest req, - StringBuffer filter) - { + StringBuffer filter) { if (!isOn(req, "issuedOnInUse")) { return; } buildDateFilter(req, "issuedOnFrom", "certCreateTime>=", 0, filter); - buildDateFilter(req, "issuedOnTo", "certCreateTime<=", 86399999, + buildDateFilter(req, "issuedOnTo", "certCreateTime<=", 86399999, filter); } private void buildValidNotBeforeFilter(HttpServletRequest req, - StringBuffer filter) - { + StringBuffer filter) { if (!isOn(req, "validNotBeforeInUse")) { return; } - buildDateFilter(req, "validNotBeforeFrom", "x509cert.notBefore>=", + buildDateFilter(req, "validNotBeforeFrom", "x509cert.notBefore>=", 0, filter); - buildDateFilter(req, "validNotBeforeTo", "x509cert.notBefore<=", + buildDateFilter(req, "validNotBeforeTo", "x509cert.notBefore<=", 86399999, filter); } private void buildValidNotAfterFilter(HttpServletRequest req, - StringBuffer filter) - { + StringBuffer filter) { if (!isOn(req, "validNotAfterInUse")) { return; } - buildDateFilter(req, "validNotAfterFrom", "x509cert.notAfter>=", + buildDateFilter(req, "validNotAfterFrom", "x509cert.notAfter>=", 0, filter); - buildDateFilter(req, "validNotAfterTo", "x509cert.notAfter<=", + buildDateFilter(req, "validNotAfterTo", "x509cert.notAfter<=", 86399999, filter); } private void buildValidityLengthFilter(HttpServletRequest req, - StringBuffer filter) - { + StringBuffer filter) { if (!isOn(req, "validityLengthInUse")) { return; } @@ -439,8 +422,7 @@ public class SrchCerts extends CMSServlet { } private void buildCertTypeFilter(HttpServletRequest req, - StringBuffer filter) - { + StringBuffer filter) { if (!isOn(req, "certTypeInUse")) { return; } @@ -471,8 +453,7 @@ public class SrchCerts extends CMSServlet { } } - public String buildFilter(HttpServletRequest req) - { + public String buildFilter(HttpServletRequest req) { String queryCertFilter = req.getParameter("queryCertFilter"); StringBuffer filter = new StringBuffer(); @@ -504,10 +485,8 @@ public class SrchCerts extends CMSServlet { /** * Serves HTTP request. This format of this request is as follows: - * queryCert? - * [maxCount=<number>] - * [queryFilter=<filter>] - * [revokeAll=<filter>] + * queryCert? [maxCount=<number>] [queryFilter=<filter>] + * [revokeAll=<filter>] */ public void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest req = cmsReq.getHttpReq(); @@ -522,10 +501,10 @@ public class SrchCerts extends CMSServlet { mAuthzResourceName, "list"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -551,10 +530,10 @@ public class SrchCerts extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } try { @@ -571,10 +550,10 @@ public class SrchCerts extends CMSServlet { String queryCertFilter = buildFilter(req); process(argSet, header, queryCertFilter, - revokeAll, maxResults, timeLimit, req, resp, locale[0]); + revokeAll, maxResults, timeLimit, req, resp, locale[0]); } catch (NumberFormatException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); - error = new EBaseException(CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT")); + error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT")); } catch (EBaseException e) { error = e; } @@ -585,33 +564,33 @@ public class SrchCerts extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - cmsReq.setStatus(CMSRequest.SUCCESS); - resp.setContentType("text/html"); - form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } /** * Process the key search. */ - private void process(CMSTemplateParams argSet, IArgBlock header, - String filter, String revokeAll, - int maxResults, int timeLimit, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) - throws EBaseException { + private void process(CMSTemplateParams argSet, IArgBlock header, + String filter, String revokeAll, + int maxResults, int timeLimit, + HttpServletRequest req, HttpServletResponse resp, + Locale locale) + throws EBaseException { try { long startTime = CMS.getCurrentDate().getTime(); @@ -629,7 +608,7 @@ public class SrchCerts extends CMSServlet { timeLimit = mTimeLimits; } CMS.debug("Start searching ... " + "filter=" + filter + " maxreturns=" + maxResults + " timelimit=" + timeLimit); - Enumeration<ICertRecord > e = mCertDB.searchCertificates(filter, maxResults, timeLimit); + Enumeration<ICertRecord> e = mCertDB.searchCertificates(filter, maxResults, timeLimit); int count = 0; @@ -671,7 +650,8 @@ public class SrchCerts extends CMSServlet { int i = filter.indexOf(CURRENT_TIME, k); while (i > -1) { - if (now == null) now = new Date(); + if (now == null) + now = new Date(); newFilter.append(filter.substring(k, i)); newFilter.append(now.getTime()); k = i + CURRENT_TIME.length(); @@ -687,7 +667,7 @@ public class SrchCerts extends CMSServlet { * Fills cert record into argument block. */ private void fillRecordIntoArg(ICertRecord rec, IArgBlock rarg) - throws EBaseException { + throws EBaseException { X509CertImpl xcert = rec.getCertificate(); @@ -695,9 +675,9 @@ public class SrchCerts extends CMSServlet { fillX509RecordIntoArg(rec, rarg); } } - + private void fillX509RecordIntoArg(ICertRecord rec, IArgBlock rarg) - throws EBaseException { + throws EBaseException { X509CertImpl cert = rec.getCertificate(); @@ -708,7 +688,7 @@ public class SrchCerts extends CMSServlet { String subject = (String) cert.getSubjectDN().toString(); if (subject.equals("")) { - rarg.addStringValue("subject", " "); + rarg.addStringValue("subject", " "); } else { rarg.addStringValue("subject", subject); @@ -744,12 +724,13 @@ public class SrchCerts extends CMSServlet { rarg.addStringValue("signatureAlgorithm", cert.getSigAlgOID()); String issuedBy = rec.getIssuedBy(); - if (issuedBy == null) issuedBy = ""; + if (issuedBy == null) + issuedBy = ""; rarg.addStringValue("issuedBy", issuedBy); // cert.getIssuerDN().toString() rarg.addLongValue("issuedOn", rec.getCreateTime().getTime() / 1000); rarg.addStringValue("revokedBy", - ((rec.getRevokedBy() == null) ? "" : rec.getRevokedBy())); + ((rec.getRevokedBy() == null) ? "" : rec.getRevokedBy())); if (rec.getRevokedOn() == null) { rarg.addStringValue("revokedOn", null); } else { diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java b/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java index b10086e1..45544583 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.math.BigInteger; import java.util.Date; @@ -60,10 +59,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Force the CRL to be updated now. - * + * * @version $Revision$, $Date$ */ public class UpdateCRL extends CMSServlet { @@ -88,40 +86,41 @@ public class UpdateCRL extends CMSServlet { } /** - * Initializes the servlet. This servlet uses updateCRL.template - * to render the result + * Initializes the servlet. This servlet uses updateCRL.template to render + * the result */ public void init(ServletConfig sc) throws ServletException { super.init(sc); mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; if (mAuthority instanceof ICertificateAuthority) mCA = (ICertificateAuthority) mAuthority; - - // override success to do output orw own template. + + // override success to do output orw own template. mTemplates.remove(CMSRequest.SUCCESS); if (mOutputTemplatePath != null) mFormPath = mOutputTemplatePath; } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> * <li>http.param signatureAlgorithm the algorithm to use to sign the CRL - * <li>http.param waitForUpdate true/false - should the servlet wait until - * the CRL update is complete? + * <li>http.param waitForUpdate true/false - should the servlet wait until + * the CRL update is complete? * <li>http.param clearCRLCache true/false - should the CRL cache cleared - * before the CRL is generated? + * before the CRL is generated? * <li>http.param crlIssuingPoint the CRL Issuing Point to Update * </ul> + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest req = cmsReq.getHttpReq(); HttpServletResponse resp = cmsReq.getHttpResp(); - IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats"); + IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats"); if (statsSub != null) { - statsSub.startTiming("crl", true /* main action */); + statsSub.startTiming("crl", true /* main action */); } long startTime = CMS.getCurrentDate().getTime(); @@ -133,16 +132,16 @@ public class UpdateCRL extends CMSServlet { mAuthzResourceName, "update"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { cmsReq.setStatus(CMSRequest.UNAUTHORIZED); if (statsSub != null) { - statsSub.endTiming("crl"); + statsSub.endTiming("crl"); } return; } @@ -159,21 +158,21 @@ public class UpdateCRL extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); if (statsSub != null) { - statsSub.endTiming("crl"); + statsSub.endTiming("crl"); } throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } try { - String signatureAlgorithm = - req.getParameter("signatureAlgorithm"); + String signatureAlgorithm = + req.getParameter("signatureAlgorithm"); - process(argSet, header, req, resp, - signatureAlgorithm, locale[0]); + process(argSet, header, req, resp, + signatureAlgorithm, locale[0]); } catch (EBaseException e) { error = e; } @@ -184,42 +183,43 @@ public class UpdateCRL extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", + e.toString())); if (statsSub != null) { - statsSub.endTiming("crl"); + statsSub.endTiming("crl"); } throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } if (statsSub != null) { - statsSub.endTiming("crl"); + statsSub.endTiming("crl"); } } - private CRLExtensions crlEntryExtensions (String reason, String invalidity) { + private CRLExtensions crlEntryExtensions(String reason, String invalidity) { CRLExtensions entryExts = new CRLExtensions(); CRLReasonExtension crlReasonExtn = null; if (reason != null && reason.length() > 0) { try { RevocationReason revReason = RevocationReason.fromInt(Integer.parseInt(reason)); - if (revReason == null) revReason = RevocationReason.UNSPECIFIED; + if (revReason == null) + revReason = RevocationReason.UNSPECIFIED; crlReasonExtn = new CRLReasonExtension(revReason); } catch (Exception e) { - CMS.debug("Invalid revocation reason: "+reason); + CMS.debug("Invalid revocation reason: " + reason); } } @@ -229,15 +229,15 @@ public class UpdateCRL extends CMSServlet { Date invalidityDate = null; try { long backInTime = Long.parseLong(invalidity); - invalidityDate = new Date(now-(backInTime*60000)); + invalidityDate = new Date(now - (backInTime * 60000)); } catch (Exception e) { - CMS.debug("Invalid invalidity time offset: "+invalidity); + CMS.debug("Invalid invalidity time offset: " + invalidity); } if (invalidityDate != null) { try { invalidityDateExtn = new InvalidityDateExtension(invalidityDate); } catch (Exception e) { - CMS.debug("Error creating invalidity extension: "+e); + CMS.debug("Error creating invalidity extension: " + e); } } } @@ -246,7 +246,7 @@ public class UpdateCRL extends CMSServlet { try { entryExts.set(crlReasonExtn.getName(), crlReasonExtn); } catch (Exception e) { - CMS.debug("Error adding revocation reason extension to entry extensions: "+e); + CMS.debug("Error adding revocation reason extension to entry extensions: " + e); } } @@ -254,7 +254,7 @@ public class UpdateCRL extends CMSServlet { try { entryExts.set(invalidityDateExtn.getName(), invalidityDateExtn); } catch (Exception e) { - CMS.debug("Error adding invalidity date extension to entry extensions: "+e); + CMS.debug("Error adding invalidity date extension to entry extensions: " + e); } } @@ -293,18 +293,18 @@ public class UpdateCRL extends CMSServlet { } private void process(CMSTemplateParams argSet, IArgBlock header, - HttpServletRequest req, - HttpServletResponse resp, - String signatureAlgorithm, - Locale locale) - throws EBaseException { + HttpServletRequest req, + HttpServletResponse resp, + String signatureAlgorithm, + Locale locale) + throws EBaseException { long startTime = CMS.getCurrentDate().getTime(); - String waitForUpdate = - req.getParameter("waitForUpdate"); - String clearCache = - req.getParameter("clearCRLCache"); - String crlIssuingPointId = - req.getParameter("crlIssuingPoint"); + String waitForUpdate = + req.getParameter("waitForUpdate"); + String clearCache = + req.getParameter("clearCRLCache"); + String crlIssuingPointId = + req.getParameter("crlIssuingPoint"); String test = req.getParameter("test"); String add = req.getParameter("add"); String from = req.getParameter("from"); @@ -317,45 +317,46 @@ public class UpdateCRL extends CMSServlet { Enumeration<ICRLIssuingPoint> ips = mCA.getCRLIssuingPoints(); while (ips.hasMoreElements()) { - ICRLIssuingPoint ip = ips.nextElement(); + ICRLIssuingPoint ip = ips.nextElement(); if (crlIssuingPointId.equals(ip.getId())) { break; } - if (!ips.hasMoreElements()) crlIssuingPointId = null; + if (!ips.hasMoreElements()) + crlIssuingPointId = null; } } if (crlIssuingPointId == null) { crlIssuingPointId = ICertificateAuthority.PROP_MASTER_CRL; } - ICRLIssuingPoint crlIssuingPoint = - mCA.getCRLIssuingPoint(crlIssuingPointId); + ICRLIssuingPoint crlIssuingPoint = + mCA.getCRLIssuingPoint(crlIssuingPointId); header.addStringValue("crlIssuingPoint", crlIssuingPointId); IPublisherProcessor lpm = mCA.getPublisherProcessor(); if (crlIssuingPoint != null) { if (clearCache != null && clearCache.equals("true") && - crlIssuingPoint.isCRLGenerationEnabled() && - crlIssuingPoint.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_UPDATE_DONE && - crlIssuingPoint.isCRLIssuingPointInitialized() + crlIssuingPoint.isCRLGenerationEnabled() && + crlIssuingPoint.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_UPDATE_DONE && + crlIssuingPoint.isCRLIssuingPointInitialized() == ICRLIssuingPoint.CRL_IP_INITIALIZED) { crlIssuingPoint.clearCRLCache(); } if (waitForUpdate != null && waitForUpdate.equals("true") && - crlIssuingPoint.isCRLGenerationEnabled() && - crlIssuingPoint.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_UPDATE_DONE && - crlIssuingPoint.isCRLIssuingPointInitialized() + crlIssuingPoint.isCRLGenerationEnabled() && + crlIssuingPoint.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_UPDATE_DONE && + crlIssuingPoint.isCRLIssuingPointInitialized() == ICRLIssuingPoint.CRL_IP_INITIALIZED) { if (test != null && test.equals("true") && - crlIssuingPoint.isCRLCacheTestingEnabled() && - (!mTesting.contains(crlIssuingPointId))) { + crlIssuingPoint.isCRLCacheTestingEnabled() && + (!mTesting.contains(crlIssuingPointId))) { CMS.debug("CRL test started."); mTesting.add(crlIssuingPointId); BigInteger addLen = null; BigInteger startFrom = null; if (add != null && add.length() > 0 && - from != null && from.length() > 0) { + from != null && from.length() > 0) { try { addLen = new BigInteger(add); startFrom = new BigInteger(from); @@ -366,7 +367,7 @@ public class UpdateCRL extends CMSServlet { Date revocationDate = CMS.getCurrentDate(); String err = null; - CRLExtensions entryExts = crlEntryExtensions (reason, invalidity); + CRLExtensions entryExts = crlEntryExtensions(reason, invalidity); BigInteger serialNumber = startFrom; BigInteger counter = addLen; @@ -380,16 +381,16 @@ public class UpdateCRL extends CMSServlet { long t1 = System.currentTimeMillis(); long t2 = 0; - + while (counter.compareTo(BigInteger.ZERO) > 0) { RevokedCertImpl revokedCert = - new RevokedCertImpl(serialNumber, revocationDate, entryExts); + new RevokedCertImpl(serialNumber, revocationDate, entryExts); crlIssuingPoint.addRevokedCert(serialNumber, revokedCert); serialNumber = serialNumber.add(BigInteger.ONE); counter = counter.subtract(BigInteger.ONE); if ((counter.compareTo(BigInteger.ZERO) == 0) || - (stepBy != null && ((counter.mod(stepBy)).compareTo(BigInteger.ZERO) == 0))) { + (stepBy != null && ((counter.mod(stepBy)).compareTo(BigInteger.ZERO) == 0))) { t2 = System.currentTimeMillis(); long t0 = t2 - t1; t1 = t2; @@ -465,40 +466,40 @@ public class UpdateCRL extends CMSServlet { String agentId = (String) sContext.get(SessionContext.USER_ID); IAuthToken authToken = (IAuthToken) sContext.get(SessionContext.AUTH_TOKEN); String authMgr = AuditFormat.NOAUTH; - + if (authToken != null) { authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); } long endTime = CMS.getCurrentDate().getTime(); if (crlIssuingPoint.getNextUpdate() != null) { - mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.CRLUPDATEFORMAT, - new Object[] { - AuditFormat.FROMAGENT + " agentID: " + agentId, - authMgr, - "completed", - crlIssuingPoint.getId(), - crlIssuingPoint.getCRLNumber(), - crlIssuingPoint.getLastUpdate(), - crlIssuingPoint.getNextUpdate(), - Long.toString(crlIssuingPoint.getCRLSize()) + " time: " + (endTime - startTime)} - ); - }else { - mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.CRLUPDATEFORMAT, - new Object[] { - AuditFormat.FROMAGENT + " agentID: " + agentId, - authMgr, - "completed", - crlIssuingPoint.getId(), - crlIssuingPoint.getCRLNumber(), - crlIssuingPoint.getLastUpdate(), - "not set", - Long.toString(crlIssuingPoint.getCRLSize()) + " time: " + (endTime - startTime)} - ); + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.CRLUPDATEFORMAT, + new Object[] { + AuditFormat.FROMAGENT + " agentID: " + agentId, + authMgr, + "completed", + crlIssuingPoint.getId(), + crlIssuingPoint.getCRLNumber(), + crlIssuingPoint.getLastUpdate(), + crlIssuingPoint.getNextUpdate(), + Long.toString(crlIssuingPoint.getCRLSize()) + " time: " + (endTime - startTime) } + ); + } else { + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.CRLUPDATEFORMAT, + new Object[] { + AuditFormat.FROMAGENT + " agentID: " + agentId, + authMgr, + "completed", + crlIssuingPoint.getId(), + crlIssuingPoint.getCRLNumber(), + crlIssuingPoint.getLastUpdate(), + "not set", + Long.toString(crlIssuingPoint.getCRLSize()) + " time: " + (endTime - startTime) } + ); } } catch (EBaseException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_UPDATE_CRL", e.toString())); @@ -511,8 +512,7 @@ public class UpdateCRL extends CMSServlet { } } } else { - if (crlIssuingPoint.isCRLIssuingPointInitialized() - != ICRLIssuingPoint.CRL_IP_INITIALIZED) { + if (crlIssuingPoint.isCRLIssuingPointInitialized() != ICRLIssuingPoint.CRL_IP_INITIALIZED) { header.addStringValue("crlUpdate", "notInitialized"); } else if (crlIssuingPoint.isCRLUpdateInProgress() != ICRLIssuingPoint.CRL_UPDATE_DONE || diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateDir.java b/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateDir.java index ccba3362..5b7688c5 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateDir.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateDir.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.math.BigInteger; import java.util.Enumeration; @@ -58,10 +57,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Update the configured LDAP server with specified objects - * + * * @version $Revision$, $Date$ */ public class UpdateDir extends CMSServlet { @@ -85,12 +83,12 @@ public class UpdateDir extends CMSServlet { private final static int REVOKED_FROM = 10; private final static int REVOKED_TO = 11; private final static int CHECK_FLAG = 12; - private final static String[] updateName = - {"updateAll", "updateCRL", "updateCA", - "updateValid", "validFrom", "validTo", - "updateExpired", "expiredFrom", "expiredTo", - "updateRevoked", "revokedFrom", "revokedTo", - "checkFlag"}; + private final static String[] updateName = + { "updateAll", "updateCRL", "updateCA", + "updateValid", "validFrom", "validTo", + "updateExpired", "expiredFrom", "expiredTo", + "updateRevoked", "revokedFrom", "revokedTo", + "checkFlag" }; private String mFormPath = null; private ICertificateAuthority mCA = null; @@ -112,7 +110,7 @@ public class UpdateDir extends CMSServlet { public void init(ServletConfig sc) throws ServletException { super.init(sc); - if( mAuthority != null ) { + if (mAuthority != null) { mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; if (mAuthority instanceof ICertificateAuthority) { mCA = (ICertificateAuthority) mAuthority; @@ -129,8 +127,8 @@ public class UpdateDir extends CMSServlet { } /** - * Process the HTTP request. - * + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -146,10 +144,10 @@ public class UpdateDir extends CMSServlet { mAuthzResourceName, "update"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -169,17 +167,17 @@ public class UpdateDir extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } try { String crlIssuingPointId = req.getParameter("crlIssuingPoint"); if (mPublisherProcessor == null || - !mPublisherProcessor.enabled()) + !mPublisherProcessor.enabled()) throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_PUB_MODULE")); String[] updateValue = new String[updateName.length]; @@ -191,7 +189,7 @@ public class UpdateDir extends CMSServlet { String masterHost = CMS.getConfigStore().getString("master.ca.agent.host", ""); String masterPort = CMS.getConfigStore().getString("master.ca.agent.port", ""); if (masterHost != null && masterHost.length() > 0 && - masterPort != null && masterPort.length() > 0) { + masterPort != null && masterPort.length() > 0) { mClonedCA = true; } @@ -206,29 +204,29 @@ public class UpdateDir extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } private void updateCRLIssuingPoint( - IArgBlock header, - String crlIssuingPointId, - ICRLIssuingPoint crlIssuingPoint, - Locale locale) { + IArgBlock header, + String crlIssuingPointId, + ICRLIssuingPoint crlIssuingPoint, + Locale locale) { SessionContext sc = SessionContext.getContext(); sc.put(ICRLIssuingPoint.SC_ISSUING_POINT_ID, crlIssuingPointId); @@ -237,28 +235,28 @@ public class UpdateDir extends CMSServlet { try { if (mCRLRepository != null) { - crlRecord = (ICRLIssuingPointRecord)mCRLRepository.readCRLIssuingPointRecord(crlIssuingPointId); + crlRecord = (ICRLIssuingPointRecord) mCRLRepository.readCRLIssuingPointRecord(crlIssuingPointId); } } catch (EBaseException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_CRL_RECORD", e.toString())); } if (crlRecord == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId)); header.addStringValue("crlPublished", "Failure"); header.addStringValue("crlError", - new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString()); + new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString()); } else { - String publishDN = (crlIssuingPoint != null)? crlIssuingPoint.getPublishDN(): null; + String publishDN = (crlIssuingPoint != null) ? crlIssuingPoint.getPublishDN() : null; byte[] crlbytes = crlRecord.getCRL(); if (crlbytes == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", "")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", "")); header.addStringValue("crlPublished", "Failure"); header.addStringValue("crlError", - new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString()); + new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString()); } else { X509CRLImpl crl = null; @@ -271,13 +269,13 @@ public class UpdateDir extends CMSServlet { if (crl == null) { header.addStringValue("crlPublished", "Failure"); header.addStringValue("crlError", - new ECMSGWException(CMS.getUserMessage(locale,"CMS_GW_DECODE_CRL_FAILED")).toString()); + new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString()); } else { try { if (publishDN != null) { mPublisherProcessor.publishCRL(publishDN, crl); } else { - mPublisherProcessor.publishCRL(crl,crlIssuingPointId); + mPublisherProcessor.publishCRL(crl, crlIssuingPointId); } header.addStringValue("crlPublished", "Success"); } catch (ELdapException e) { @@ -307,20 +305,20 @@ public class UpdateDir extends CMSServlet { BigInteger deltaNumber = crlRecord.getDeltaCRLNumber(); Long deltaCRLSize = crlRecord.getDeltaCRLSize(); if (deltaCRLSize != null && deltaCRLSize.longValue() > -1 && - crlNumber != null && deltaNumber != null && - deltaNumber.compareTo(crlNumber) >= 0) { + crlNumber != null && deltaNumber != null && + deltaNumber.compareTo(crlNumber) >= 0) { goodDelta = true; } } if (deltaCrl != null && ((mClonedCA && goodDelta) || - (crlIssuingPoint != null && - crlIssuingPoint.isThisCurrentDeltaCRL(deltaCrl)))) { + (crlIssuingPoint != null && + crlIssuingPoint.isThisCurrentDeltaCRL(deltaCrl)))) { try { if (publishDN != null) { mPublisherProcessor.publishCRL(publishDN, deltaCrl); } else { - mPublisherProcessor.publishCRL(deltaCrl,crlIssuingPointId); + mPublisherProcessor.publishCRL(deltaCrl, crlIssuingPointId); } } catch (ELdapException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_PUBLISH_DELTA_CRL", e.toString())); @@ -331,16 +329,16 @@ public class UpdateDir extends CMSServlet { } private void process(CMSTemplateParams argSet, IArgBlock header, - HttpServletRequest req, - HttpServletResponse resp, - String crlIssuingPointId, - String[] updateValue, - Locale locale) - throws EBaseException { + HttpServletRequest req, + HttpServletResponse resp, + String crlIssuingPointId, + String[] updateValue, + Locale locale) + throws EBaseException { // all or crl if ((updateValue[UPDATE_ALL] != null && updateValue[UPDATE_ALL].equalsIgnoreCase("yes")) || - (updateValue[UPDATE_CRL] != null && + (updateValue[UPDATE_CRL] != null && updateValue[UPDATE_CRL].equalsIgnoreCase("yes"))) { // check if received issuing point ID is known to the server if (crlIssuingPointId != null) { @@ -352,7 +350,8 @@ public class UpdateDir extends CMSServlet { if (crlIssuingPointId.equals(ip.getId())) { break; } - if (!ips.hasMoreElements()) crlIssuingPointId = null; + if (!ips.hasMoreElements()) + crlIssuingPointId = null; } } if (crlIssuingPointId == null) { @@ -361,7 +360,7 @@ public class UpdateDir extends CMSServlet { Vector ipNames = mCRLRepository.getIssuingPointsNames(); if (ipNames != null && ipNames.size() > 0) { for (int i = 0; i < ipNames.size(); i++) { - String ipName = (String)ipNames.elementAt(i); + String ipName = (String) ipNames.elementAt(i); updateCRLIssuingPoint(header, ipName, null, locale); } @@ -377,11 +376,11 @@ public class UpdateDir extends CMSServlet { } } else { ICRLIssuingPoint crlIssuingPoint = - mCA.getCRLIssuingPoint(crlIssuingPointId); + mCA.getCRLIssuingPoint(crlIssuingPointId); ICRLIssuingPointRecord crlRecord = null; - updateCRLIssuingPoint(header, crlIssuingPointId, - crlIssuingPoint, locale); + updateCRLIssuingPoint(header, crlIssuingPointId, + crlIssuingPoint, locale); } } @@ -390,7 +389,7 @@ public class UpdateDir extends CMSServlet { // all or ca if ((updateValue[UPDATE_ALL] != null && updateValue[UPDATE_ALL].equalsIgnoreCase("yes")) || - (updateValue[UPDATE_CA] != null && + (updateValue[UPDATE_CA] != null && updateValue[UPDATE_CA].equalsIgnoreCase("yes"))) { X509CertImpl caCert = mCA.getSigningUnit().getCertImpl(); @@ -408,7 +407,7 @@ public class UpdateDir extends CMSServlet { // all or valid if ((updateValue[UPDATE_ALL] != null && updateValue[UPDATE_ALL].equalsIgnoreCase("yes")) || - (updateValue[UPDATE_VALID] != null && + (updateValue[UPDATE_VALID] != null && updateValue[UPDATE_VALID].equalsIgnoreCase("yes"))) { if (certificateRepository != null) { if (updateValue[VALID_FROM].startsWith("0x")) { @@ -420,16 +419,16 @@ public class UpdateDir extends CMSServlet { Enumeration validCerts = null; if (updateValue[CHECK_FLAG] != null && - updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) { - validCerts = + updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) { + validCerts = certificateRepository.getValidNotPublishedCertificates( - updateValue[VALID_FROM], - updateValue[VALID_TO]); + updateValue[VALID_FROM], + updateValue[VALID_TO]); } else { - validCerts = + validCerts = certificateRepository.getValidCertificates( - updateValue[VALID_FROM], - updateValue[VALID_TO]); + updateValue[VALID_FROM], + updateValue[VALID_TO]); } int i = 0; int l = 0; @@ -438,8 +437,8 @@ public class UpdateDir extends CMSServlet { if (validCerts != null) { while (validCerts.hasMoreElements()) { ICertRecord certRecord = - (ICertRecord) validCerts.nextElement(); - //X509CertImpl cert = certRecord.getCertificate(); + (ICertRecord) validCerts.nextElement(); + // X509CertImpl cert = certRecord.getCertificate(); X509CertImpl cert = null; Object o = certRecord.getCertificate(); @@ -454,9 +453,9 @@ public class UpdateDir extends CMSServlet { // ca's self signed signing cert and // server cert has no related request and // have no metaInfo - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAIL_GET_ICERT_RECORD", - cert.getSerialNumber().toString(16))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_FAIL_GET_ICERT_RECORD", + cert.getSerialNumber().toString(16))); } else { ridString = (String) metaInfo.get(ICertRecord.META_REQUEST_ID); } @@ -465,55 +464,55 @@ public class UpdateDir extends CMSServlet { if (ridString != null) { RequestId rid = new RequestId(ridString); - + r = mCA.getRequestQueue().findRequest(rid); - } + } try { l++; - SessionContext sc = SessionContext.getContext(); + SessionContext sc = SessionContext.getContext(); if (r == null) { if (CMS.isEncryptionCert(cert)) sc.put((Object) "isEncryptionCert", (Object) "true"); - else + else sc.put((Object) "isEncryptionCert", (Object) "false"); mPublisherProcessor.publishCert(cert, null); } else { if (CMS.isEncryptionCert(cert)) r.setExtData("isEncryptionCert", "true"); - else + else r.setExtData("isEncryptionCert", "false"); mPublisherProcessor.publishCert(cert, r); } i++; } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAIL_PUBLISH_CERT", certRecord.getSerialNumber().toString(16), - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_FAIL_PUBLISH_CERT", certRecord.getSerialNumber().toString(16), + e.toString())); validCertsError += "Failed to publish certificate: 0x" + - certRecord.getSerialNumber().toString(16) + - ".\n <BR> "; + certRecord.getSerialNumber().toString(16) + + ".\n <BR> "; } } } if (i > 0 && i == l) { header.addStringValue("validCertsPublished", - "Success"); + "Success"); if (i == 1) - header.addStringValue("validCertsError", i + - " valid certificate is published in the directory."); + header.addStringValue("validCertsError", i + + " valid certificate is published in the directory."); else - header.addStringValue("validCertsError", i + - " valid certificates are published in the directory."); + header.addStringValue("validCertsError", i + + " valid certificates are published in the directory."); } else { if (l == 0) { header.addStringValue("validCertsPublished", "No"); } else { header.addStringValue("validCertsPublished", "Failure"); - header.addStringValue("validCertsError", - validCertsError); + header.addStringValue("validCertsError", + validCertsError); } } } else { @@ -525,7 +524,7 @@ public class UpdateDir extends CMSServlet { // all or expired if ((updateValue[UPDATE_ALL] != null && updateValue[UPDATE_ALL].equalsIgnoreCase("yes")) || - (updateValue[UPDATE_EXPIRED] != null && + (updateValue[UPDATE_EXPIRED] != null && updateValue[UPDATE_EXPIRED].equalsIgnoreCase("yes"))) { if (certificateRepository != null) { if (updateValue[EXPIRED_FROM].startsWith("0x")) { @@ -537,26 +536,26 @@ public class UpdateDir extends CMSServlet { Enumeration expiredCerts = null; if (updateValue[CHECK_FLAG] != null && - updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) { + updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) { expiredCerts = certificateRepository.getExpiredPublishedCertificates( - updateValue[EXPIRED_FROM], - updateValue[EXPIRED_TO]); + updateValue[EXPIRED_FROM], + updateValue[EXPIRED_TO]); } else { expiredCerts = certificateRepository.getExpiredCertificates( - updateValue[EXPIRED_FROM], - updateValue[EXPIRED_TO]); + updateValue[EXPIRED_FROM], + updateValue[EXPIRED_TO]); } int i = 0; int l = 0; StringBuffer expiredCertsError = new StringBuffer(); - if (expiredCerts != null) { + if (expiredCerts != null) { while (expiredCerts.hasMoreElements()) { ICertRecord certRecord = - (ICertRecord) expiredCerts.nextElement(); - //X509CertImpl cert = certRecord.getCertificate(); + (ICertRecord) expiredCerts.nextElement(); + // X509CertImpl cert = certRecord.getCertificate(); X509CertImpl cert = null; Object o = certRecord.getCertificate(); @@ -571,9 +570,9 @@ public class UpdateDir extends CMSServlet { // ca's self signed signing cert and // server cert has no related request and // have no metaInfo - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAIL_GET_ICERT_RECORD", - cert.getSerialNumber().toString(16))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_FAIL_GET_ICERT_RECORD", + cert.getSerialNumber().toString(16))); } else { ridString = (String) metaInfo.get(ICertRecord.META_REQUEST_ID); } @@ -582,9 +581,9 @@ public class UpdateDir extends CMSServlet { if (ridString != null) { RequestId rid = new RequestId(ridString); - + r = mCA.getRequestQueue().findRequest(rid); - } + } try { l++; @@ -595,10 +594,10 @@ public class UpdateDir extends CMSServlet { } i++; } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("LDAP_ERROR_UNPUBLISH_CERT", - certRecord.getSerialNumber().toString(16), - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("LDAP_ERROR_UNPUBLISH_CERT", + certRecord.getSerialNumber().toString(16), + e.toString())); expiredCertsError.append( "Failed to unpublish certificate: 0x"); expiredCertsError.append( @@ -611,18 +610,18 @@ public class UpdateDir extends CMSServlet { if (i > 0 && i == l) { header.addStringValue("expiredCertsUnpublished", "Success"); if (i == 1) - header.addStringValue("expiredCertsError", i + - " expired certificate is unpublished in the directory."); + header.addStringValue("expiredCertsError", i + + " expired certificate is unpublished in the directory."); else - header.addStringValue("expiredCertsError", i + - " expired certificates are unpublished in the directory."); + header.addStringValue("expiredCertsError", i + + " expired certificates are unpublished in the directory."); } else { if (l == 0) { header.addStringValue("expiredCertsUnpublished", "No"); } else { header.addStringValue("expiredCertsUnpublished", "Failure"); - header.addStringValue("expiredCertsError", - expiredCertsError.toString()); + header.addStringValue("expiredCertsError", + expiredCertsError.toString()); } } } else { @@ -634,7 +633,7 @@ public class UpdateDir extends CMSServlet { // all or revoked if ((updateValue[UPDATE_ALL] != null && updateValue[UPDATE_ALL].equalsIgnoreCase("yes")) || - (updateValue[UPDATE_REVOKED] != null && + (updateValue[UPDATE_REVOKED] != null && updateValue[UPDATE_REVOKED].equalsIgnoreCase("yes"))) { if (certificateRepository != null) { if (updateValue[REVOKED_FROM].startsWith("0x")) { @@ -646,26 +645,26 @@ public class UpdateDir extends CMSServlet { Enumeration revokedCerts = null; if (updateValue[CHECK_FLAG] != null && - updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) { + updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) { revokedCerts = certificateRepository.getRevokedPublishedCertificates( - updateValue[REVOKED_FROM], - updateValue[REVOKED_TO]); + updateValue[REVOKED_FROM], + updateValue[REVOKED_TO]); } else { revokedCerts = certificateRepository.getRevokedCertificates( - updateValue[REVOKED_FROM], - updateValue[REVOKED_TO]); + updateValue[REVOKED_FROM], + updateValue[REVOKED_TO]); } int i = 0; int l = 0; String revokedCertsError = ""; - if (revokedCerts != null) { + if (revokedCerts != null) { while (revokedCerts.hasMoreElements()) { ICertRecord certRecord = - (ICertRecord) revokedCerts.nextElement(); - //X509CertImpl cert = certRecord.getCertificate(); + (ICertRecord) revokedCerts.nextElement(); + // X509CertImpl cert = certRecord.getCertificate(); X509CertImpl cert = null; Object o = certRecord.getCertificate(); @@ -680,9 +679,9 @@ public class UpdateDir extends CMSServlet { // ca's self signed signing cert and // server cert has no related request and // have no metaInfo - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAIL_GET_ICERT_RECORD", - cert.getSerialNumber().toString(16))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_FAIL_GET_ICERT_RECORD", + cert.getSerialNumber().toString(16))); } else { ridString = (String) metaInfo.get(ICertRecord.META_REQUEST_ID); } @@ -691,9 +690,9 @@ public class UpdateDir extends CMSServlet { if (ridString != null) { RequestId rid = new RequestId(ridString); - + r = mCA.getRequestQueue().findRequest(rid); - } + } try { l++; @@ -704,32 +703,32 @@ public class UpdateDir extends CMSServlet { } i++; } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("LDAP_ERROR_UNPUBLISH_CERT", - certRecord.getSerialNumber().toString(16), - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("LDAP_ERROR_UNPUBLISH_CERT", + certRecord.getSerialNumber().toString(16), + e.toString())); revokedCertsError += "Failed to unpublish certificate: 0x" + - certRecord.getSerialNumber().toString(16) + - ".\n <BR> "; + certRecord.getSerialNumber().toString(16) + + ".\n <BR> "; } } } if (i > 0 && i == l) { header.addStringValue("revokedCertsUnpublished", "Success"); if (i == 1) - header.addStringValue("revokedCertsError", i + - " revoked certificate is unpublished in the directory."); + header.addStringValue("revokedCertsError", i + + " revoked certificate is unpublished in the directory."); else - header.addStringValue("revokedCertsError", i + - " revoked certificates are unpublished in the directory."); + header.addStringValue("revokedCertsError", i + + " revoked certificates are unpublished in the directory."); } else { if (l == 0) { header.addStringValue("revokedCertsUnpublished", "No"); } else { header.addStringValue("revokedCertsUnpublished", "Failure"); - header.addStringValue("revokedCertsError", - revokedCertsError); + header.addStringValue("revokedCertsError", + revokedCertsError); } } } else { diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java index f181e156..ad28c921 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java @@ -122,242 +122,234 @@ import com.netscape.certsrv.request.RequestStatus; import com.netscape.cms.servlet.profile.SSLClientCertProvider; import com.netscape.cmsutil.scep.CRSPKIMessage; - /** - * This servlet deals with PKCS#10-based certificate requests from - * CRS, now called SCEP, and defined at: - * http://search.ietf.org/internet-drafts/draft-nourse-scep-02.txt + * This servlet deals with PKCS#10-based certificate requests from CRS, now + * called SCEP, and defined at: + * http://search.ietf.org/internet-drafts/draft-nourse-scep-02.txt * * The router is hardcoded to look for the http://host:80/cgi-bin/pkiclient.exe - * - * The HTTP parameters are 'operation' and 'message' - * operation can be either 'GetCACert' or 'PKIOperation' - * + * + * The HTTP parameters are 'operation' and 'message' operation can be either + * 'GetCACert' or 'PKIOperation' + * * @version $Revision$, $Date$ */ -public class CRSEnrollment extends HttpServlet -{ - /** +public class CRSEnrollment extends HttpServlet { + /** * */ private static final long serialVersionUID = 8483002540957382369L; -protected IProfileSubsystem mProfileSubsystem = null; - protected String mProfileId = null; - protected ICertAuthority mAuthority; - protected IConfigStore mConfig = null; - protected IAuthSubsystem mAuthSubsystem; - protected String mAppendDN=null; - protected String mEntryObjectclass=null; - protected boolean mCreateEntry=false; - protected boolean mFlattenDN=false; - - private String mAuthManagerName; - private String mSubstoreName; - private boolean mEnabled = false; - private boolean mUseCA = true; - private String mNickname = null; - private String mTokenName = ""; - private String mHashAlgorithm = "SHA1"; - private String mHashAlgorithmList = null; - private String[] mAllowedHashAlgorithm; - private String mConfiguredEncryptionAlgorithm = "DES3"; - private String mEncryptionAlgorithm = "DES3"; - private String mEncryptionAlgorithmList = null; - private String[] mAllowedEncryptionAlgorithm; - private Random mRandom = null; - private int mNonceSizeLimit = 0; - protected ILogger mLogger = CMS.getLogger(); - private ICertificateAuthority ca; - /* for hashing challenge password */ - protected MessageDigest mSHADigest = null; - - private static final String PROP_SUBSTORENAME = "substorename"; - private static final String PROP_AUTHORITY = "authority"; - private static final String PROP_CRS = "crs"; - private static final String PROP_CRSCA = "casubsystem"; - private static final String PROP_CRSAUTHMGR = "authName"; - private static final String PROP_APPENDDN = "appendDN"; - private static final String PROP_CREATEENTRY= "createEntry"; - private static final String PROP_FLATTENDN = "flattenDN"; - private static final String PROP_ENTRYOC = "entryObjectclass"; - - // URL parameters - private static final String URL_OPERATION = "operation"; - private static final String URL_MESSAGE = "message"; - - // possible values for 'operation' - private static final String OP_GETCACERT = "GetCACert"; - private static final String OP_PKIOPERATION = "PKIOperation"; - - public static final String AUTH_PASSWORD = "pwd"; - - public static final String AUTH_CREDS = "AuthCreds"; - public static final String AUTH_TOKEN = "AuthToken"; - public static final String AUTH_FAILED = "AuthFailed"; - - public static final String SANE_DNSNAME = "DNSName"; - public static final String SANE_IPADDRESS = "IPAddress"; - - public static final String CERTINFO = "CertInfo"; - public static final String SUBJECTNAME = "SubjectName"; - - - public static ObjectIdentifier OID_UNSTRUCTUREDNAME = null; - public static ObjectIdentifier OID_UNSTRUCTUREDADDRESS = null; - public static ObjectIdentifier OID_SERIALNUMBER = null; - - public CRSEnrollment(){} - - public static Hashtable<String, String> toHashtable(HttpServletRequest req) { - Hashtable<String, String> httpReqHash = new Hashtable<String, String>(); - @SuppressWarnings("unchecked") - Enumeration<String> names = req.getParameterNames(); - while (names.hasMoreElements()) { - String name = (String)names.nextElement(); - httpReqHash.put(name, req.getParameter(name)); - } - return httpReqHash; - } - - public void init(ServletConfig sc) { - // Find the CertificateAuthority we should use for CRS. - String crsCA = sc.getInitParameter(PROP_AUTHORITY); - if (crsCA == null) - crsCA = "ca"; - mAuthority = (ICertAuthority) CMS.getSubsystem(crsCA); - ca = (ICertificateAuthority)mAuthority; - - if (mAuthority == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CANT_FIND_AUTHORITY",crsCA)); - } - - try { - if (mAuthority instanceof ISubsystem) { - IConfigStore authorityConfig = ((ISubsystem)mAuthority).getConfigStore(); - IConfigStore scepConfig = authorityConfig.getSubStore("scep"); - mEnabled = scepConfig.getBoolean("enable", false); - mHashAlgorithm = scepConfig.getString("hashAlgorithm", "SHA1"); - mConfiguredEncryptionAlgorithm = scepConfig.getString("encryptionAlgorithm", "DES3"); - mNonceSizeLimit = scepConfig.getInteger("nonceSizeLimit", 0); - mHashAlgorithmList = scepConfig.getString("allowedHashAlgorithms", "SHA1,SHA256,SHA512"); - mAllowedHashAlgorithm = mHashAlgorithmList.split(","); - mEncryptionAlgorithmList = scepConfig.getString("allowedEncryptionAlgorithms", "DES3"); - mAllowedEncryptionAlgorithm = mEncryptionAlgorithmList.split(","); - mNickname = scepConfig.getString("nickname", ca.getNickname()); - if (mNickname.equals(ca.getNickname())) { - mTokenName = ca.getSigningUnit().getTokenName(); - } else { - mTokenName = scepConfig.getString("tokenname", ""); - mUseCA = false; - } - if (!(mTokenName.equalsIgnoreCase(Constants.PR_INTERNAL_TOKEN) || - mTokenName.equalsIgnoreCase("Internal Key Storage Token") || - mTokenName.length() == 0)) { - int i = mNickname.indexOf(':'); - if (!((i > -1) && (mTokenName.length() == i) && (mNickname.startsWith(mTokenName)))) { - mNickname = mTokenName + ":" + mNickname; - } - } - } - } catch (EBaseException e) { - CMS.debug("CRSEnrollment: init: EBaseException: "+e); - } - mEncryptionAlgorithm = mConfiguredEncryptionAlgorithm; - CMS.debug("CRSEnrollment: init: SCEP support is "+((mEnabled)?"enabled":"disabled")+"."); - CMS.debug("CRSEnrollment: init: SCEP nickname: "+mNickname); - CMS.debug("CRSEnrollment: init: CA nickname: "+ca.getNickname()); - CMS.debug("CRSEnrollment: init: Token name: "+mTokenName); - CMS.debug("CRSEnrollment: init: Is SCEP using CA keys: "+mUseCA); - CMS.debug("CRSEnrollment: init: mNonceSizeLimit: "+mNonceSizeLimit); - CMS.debug("CRSEnrollment: init: mHashAlgorithm: "+mHashAlgorithm); - CMS.debug("CRSEnrollment: init: mHashAlgorithmList: "+mHashAlgorithmList); - for (int i = 0; i < mAllowedHashAlgorithm.length; i++) { - mAllowedHashAlgorithm[i] = mAllowedHashAlgorithm[i].trim(); - CMS.debug("CRSEnrollment: init: mAllowedHashAlgorithm["+i+"]="+mAllowedHashAlgorithm[i]); - } - CMS.debug("CRSEnrollment: init: mEncryptionAlgorithm: "+mEncryptionAlgorithm); - CMS.debug("CRSEnrollment: init: mEncryptionAlgorithmList: "+mEncryptionAlgorithmList); - for (int i = 0; i < mAllowedEncryptionAlgorithm.length; i++) { - mAllowedEncryptionAlgorithm[i] = mAllowedEncryptionAlgorithm[i].trim(); - CMS.debug("CRSEnrollment: init: mAllowedEncryptionAlgorithm["+i+"]="+mAllowedEncryptionAlgorithm[i]); - } - - try { - mProfileSubsystem = (IProfileSubsystem)CMS.getSubsystem("profile"); - mProfileId = sc.getInitParameter("profileId"); - CMS.debug("CRSEnrollment: init: mProfileId="+mProfileId); - - mAuthSubsystem = (IAuthSubsystem)CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); - mAuthManagerName = sc.getInitParameter(PROP_CRSAUTHMGR); - mAppendDN = sc.getInitParameter(PROP_APPENDDN); - String tmp = sc.getInitParameter(PROP_CREATEENTRY); - if (tmp != null && tmp.trim().equalsIgnoreCase("true")) - mCreateEntry = true; - else - mCreateEntry = false; - tmp = sc.getInitParameter(PROP_FLATTENDN); - if (tmp != null && tmp.trim().equalsIgnoreCase("true")) - mFlattenDN = true; - else - mFlattenDN = false; - mEntryObjectclass = sc.getInitParameter(PROP_ENTRYOC); - if (mEntryObjectclass == null) - mEntryObjectclass = "cep"; - mSubstoreName = sc.getInitParameter(PROP_SUBSTORENAME); - if (mSubstoreName == null) - mSubstoreName = "default"; - } catch (Exception e) { - } - - OID_UNSTRUCTUREDNAME = X500NameAttrMap.getDefault().getOid("UNSTRUCTUREDNAME"); - OID_UNSTRUCTUREDADDRESS = X500NameAttrMap.getDefault().getOid("UNSTRUCTUREDADDRESS"); - OID_SERIALNUMBER = X500NameAttrMap.getDefault().getOid("SERIALNUMBER"); - - - try { - mSHADigest = MessageDigest.getInstance("SHA1"); + protected IProfileSubsystem mProfileSubsystem = null; + protected String mProfileId = null; + protected ICertAuthority mAuthority; + protected IConfigStore mConfig = null; + protected IAuthSubsystem mAuthSubsystem; + protected String mAppendDN = null; + protected String mEntryObjectclass = null; + protected boolean mCreateEntry = false; + protected boolean mFlattenDN = false; + + private String mAuthManagerName; + private String mSubstoreName; + private boolean mEnabled = false; + private boolean mUseCA = true; + private String mNickname = null; + private String mTokenName = ""; + private String mHashAlgorithm = "SHA1"; + private String mHashAlgorithmList = null; + private String[] mAllowedHashAlgorithm; + private String mConfiguredEncryptionAlgorithm = "DES3"; + private String mEncryptionAlgorithm = "DES3"; + private String mEncryptionAlgorithmList = null; + private String[] mAllowedEncryptionAlgorithm; + private Random mRandom = null; + private int mNonceSizeLimit = 0; + protected ILogger mLogger = CMS.getLogger(); + private ICertificateAuthority ca; + /* for hashing challenge password */ + protected MessageDigest mSHADigest = null; + + private static final String PROP_SUBSTORENAME = "substorename"; + private static final String PROP_AUTHORITY = "authority"; + private static final String PROP_CRS = "crs"; + private static final String PROP_CRSCA = "casubsystem"; + private static final String PROP_CRSAUTHMGR = "authName"; + private static final String PROP_APPENDDN = "appendDN"; + private static final String PROP_CREATEENTRY = "createEntry"; + private static final String PROP_FLATTENDN = "flattenDN"; + private static final String PROP_ENTRYOC = "entryObjectclass"; + + // URL parameters + private static final String URL_OPERATION = "operation"; + private static final String URL_MESSAGE = "message"; + + // possible values for 'operation' + private static final String OP_GETCACERT = "GetCACert"; + private static final String OP_PKIOPERATION = "PKIOperation"; + + public static final String AUTH_PASSWORD = "pwd"; + + public static final String AUTH_CREDS = "AuthCreds"; + public static final String AUTH_TOKEN = "AuthToken"; + public static final String AUTH_FAILED = "AuthFailed"; + + public static final String SANE_DNSNAME = "DNSName"; + public static final String SANE_IPADDRESS = "IPAddress"; + + public static final String CERTINFO = "CertInfo"; + public static final String SUBJECTNAME = "SubjectName"; + + public static ObjectIdentifier OID_UNSTRUCTUREDNAME = null; + public static ObjectIdentifier OID_UNSTRUCTUREDADDRESS = null; + public static ObjectIdentifier OID_SERIALNUMBER = null; + + public CRSEnrollment() { + } + + public static Hashtable<String, String> toHashtable(HttpServletRequest req) { + Hashtable<String, String> httpReqHash = new Hashtable<String, String>(); + @SuppressWarnings("unchecked") + Enumeration<String> names = req.getParameterNames(); + while (names.hasMoreElements()) { + String name = (String) names.nextElement(); + httpReqHash.put(name, req.getParameter(name)); + } + return httpReqHash; + } + + public void init(ServletConfig sc) { + // Find the CertificateAuthority we should use for CRS. + String crsCA = sc.getInitParameter(PROP_AUTHORITY); + if (crsCA == null) + crsCA = "ca"; + mAuthority = (ICertAuthority) CMS.getSubsystem(crsCA); + ca = (ICertificateAuthority) mAuthority; + + if (mAuthority == null) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CANT_FIND_AUTHORITY", crsCA)); + } + + try { + if (mAuthority instanceof ISubsystem) { + IConfigStore authorityConfig = ((ISubsystem) mAuthority).getConfigStore(); + IConfigStore scepConfig = authorityConfig.getSubStore("scep"); + mEnabled = scepConfig.getBoolean("enable", false); + mHashAlgorithm = scepConfig.getString("hashAlgorithm", "SHA1"); + mConfiguredEncryptionAlgorithm = scepConfig.getString("encryptionAlgorithm", "DES3"); + mNonceSizeLimit = scepConfig.getInteger("nonceSizeLimit", 0); + mHashAlgorithmList = scepConfig.getString("allowedHashAlgorithms", "SHA1,SHA256,SHA512"); + mAllowedHashAlgorithm = mHashAlgorithmList.split(","); + mEncryptionAlgorithmList = scepConfig.getString("allowedEncryptionAlgorithms", "DES3"); + mAllowedEncryptionAlgorithm = mEncryptionAlgorithmList.split(","); + mNickname = scepConfig.getString("nickname", ca.getNickname()); + if (mNickname.equals(ca.getNickname())) { + mTokenName = ca.getSigningUnit().getTokenName(); + } else { + mTokenName = scepConfig.getString("tokenname", ""); + mUseCA = false; + } + if (!(mTokenName.equalsIgnoreCase(Constants.PR_INTERNAL_TOKEN) || + mTokenName.equalsIgnoreCase("Internal Key Storage Token") || mTokenName.length() == 0)) { + int i = mNickname.indexOf(':'); + if (!((i > -1) && (mTokenName.length() == i) && (mNickname.startsWith(mTokenName)))) { + mNickname = mTokenName + ":" + mNickname; + } + } + } + } catch (EBaseException e) { + CMS.debug("CRSEnrollment: init: EBaseException: " + e); + } + mEncryptionAlgorithm = mConfiguredEncryptionAlgorithm; + CMS.debug("CRSEnrollment: init: SCEP support is " + ((mEnabled) ? "enabled" : "disabled") + "."); + CMS.debug("CRSEnrollment: init: SCEP nickname: " + mNickname); + CMS.debug("CRSEnrollment: init: CA nickname: " + ca.getNickname()); + CMS.debug("CRSEnrollment: init: Token name: " + mTokenName); + CMS.debug("CRSEnrollment: init: Is SCEP using CA keys: " + mUseCA); + CMS.debug("CRSEnrollment: init: mNonceSizeLimit: " + mNonceSizeLimit); + CMS.debug("CRSEnrollment: init: mHashAlgorithm: " + mHashAlgorithm); + CMS.debug("CRSEnrollment: init: mHashAlgorithmList: " + mHashAlgorithmList); + for (int i = 0; i < mAllowedHashAlgorithm.length; i++) { + mAllowedHashAlgorithm[i] = mAllowedHashAlgorithm[i].trim(); + CMS.debug("CRSEnrollment: init: mAllowedHashAlgorithm[" + i + "]=" + mAllowedHashAlgorithm[i]); + } + CMS.debug("CRSEnrollment: init: mEncryptionAlgorithm: " + mEncryptionAlgorithm); + CMS.debug("CRSEnrollment: init: mEncryptionAlgorithmList: " + mEncryptionAlgorithmList); + for (int i = 0; i < mAllowedEncryptionAlgorithm.length; i++) { + mAllowedEncryptionAlgorithm[i] = mAllowedEncryptionAlgorithm[i].trim(); + CMS.debug("CRSEnrollment: init: mAllowedEncryptionAlgorithm[" + i + "]=" + mAllowedEncryptionAlgorithm[i]); + } + + try { + mProfileSubsystem = (IProfileSubsystem) CMS.getSubsystem("profile"); + mProfileId = sc.getInitParameter("profileId"); + CMS.debug("CRSEnrollment: init: mProfileId=" + mProfileId); + + mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); + mAuthManagerName = sc.getInitParameter(PROP_CRSAUTHMGR); + mAppendDN = sc.getInitParameter(PROP_APPENDDN); + String tmp = sc.getInitParameter(PROP_CREATEENTRY); + if (tmp != null && tmp.trim().equalsIgnoreCase("true")) + mCreateEntry = true; + else + mCreateEntry = false; + tmp = sc.getInitParameter(PROP_FLATTENDN); + if (tmp != null && tmp.trim().equalsIgnoreCase("true")) + mFlattenDN = true; + else + mFlattenDN = false; + mEntryObjectclass = sc.getInitParameter(PROP_ENTRYOC); + if (mEntryObjectclass == null) + mEntryObjectclass = "cep"; + mSubstoreName = sc.getInitParameter(PROP_SUBSTORENAME); + if (mSubstoreName == null) + mSubstoreName = "default"; + } catch (Exception e) { + } + + OID_UNSTRUCTUREDNAME = X500NameAttrMap.getDefault().getOid("UNSTRUCTUREDNAME"); + OID_UNSTRUCTUREDADDRESS = X500NameAttrMap.getDefault().getOid("UNSTRUCTUREDADDRESS"); + OID_SERIALNUMBER = X500NameAttrMap.getDefault().getOid("SERIALNUMBER"); + + try { + mSHADigest = MessageDigest.getInstance("SHA1"); + } catch (NoSuchAlgorithmException e) { + } + + mRandom = new Random(); } - catch (NoSuchAlgorithmException e) { - } - - mRandom = new Random(); - } - - - /** - * - * Service a CRS Request. It all starts here. This is where the message from the - * router is processed - * - * @param httpReq The HttpServletRequest. - * @param httpResp The HttpServletResponse. - * - */ - public void service(HttpServletRequest httpReq, + + /** + * + * Service a CRS Request. It all starts here. This is where the message from + * the router is processed + * + * @param httpReq The HttpServletRequest. + * @param httpResp The HttpServletResponse. + * + */ + public void service(HttpServletRequest httpReq, HttpServletResponse httpResp) - throws ServletException - { - boolean running_state = CMS.isInRunningState(); - if (!running_state) - throw new ServletException( - "CMS server is not ready to serve."); + throws ServletException { + boolean running_state = CMS.isInRunningState(); + if (!running_state) + throw new ServletException( + "CMS server is not ready to serve."); String operation = null; - String message = null; + String message = null; mEncryptionAlgorithm = mConfiguredEncryptionAlgorithm; - - + // Parse the URL from the HTTP Request. Split it up into // a structure which enables us to read the form elements IArgBlock input = CMS.createArgBlock(toHashtable(httpReq)); - - try { + + try { // Read in two form parameters - the router sets these - operation = (String)input.get(URL_OPERATION); + operation = (String) input.get(URL_OPERATION); CMS.debug("operation=" + operation); - message = (String)input.get(URL_MESSAGE); + message = (String) input.get(URL_MESSAGE); CMS.debug("message=" + message); - + if (!mEnabled) { CMS.debug("CRSEnrollment: SCEP support is disabled."); throw new ServletException("SCEP support is disabled."); @@ -366,55 +358,48 @@ protected IProfileSubsystem mProfileSubsystem = null; // 'operation' is mandatory. throw new ServletException("Bad request: operation missing from URL"); } - - /** - * the router can make two kinds of requests - * 1) simple request for CA cert - * 2) encoded, signed, enveloped request for anything else (PKIOperation) + + /** + * the router can make two kinds of requests 1) simple request for + * CA cert 2) encoded, signed, enveloped request for anything else + * (PKIOperation) */ - + if (operation.equals(OP_GETCACERT)) { - handleGetCACert(httpReq, httpResp); - } - else if (operation.equals(OP_PKIOPERATION)) { - String decodeMode = (String)input.get("decode"); + handleGetCACert(httpReq, httpResp); + } else if (operation.equals(OP_PKIOPERATION)) { + String decodeMode = (String) input.get("decode"); if (decodeMode == null || decodeMode.equals("false")) { - handlePKIOperation(httpReq, httpResp, message); + handlePKIOperation(httpReq, httpResp, message); } else { - decodePKIMessage(httpReq, httpResp, message); + decodePKIMessage(httpReq, httpResp, message); } - } - else { + } else { CMS.debug("Invalid operation " + operation); - throw new ServletException("unknown operation requested: "+operation); + throw new ServletException("unknown operation requested: " + operation); } - - } - catch (ServletException e) - { + + } catch (ServletException e) { CMS.debug("ServletException " + e); throw new ServletException(e.getMessage().toString()); + } catch (Exception e) { + CMS.debug("Service exception " + e); + log(ILogger.LL_FAILURE, e.getMessage()); } - catch (Exception e) - { - CMS.debug("Service exception " + e); - log(ILogger.LL_FAILURE,e.getMessage()); - } - + } /** - * Log a message to the system log + * Log a message to the system log */ - private void log(int level, String msg) { - + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - level, "CEP Enrollment: "+msg); + level, "CEP Enrollment: " + msg); } - private boolean isAlgorithmAllowed (String[] allowedAlgorithm, String algorithm) { + private boolean isAlgorithmAllowed(String[] allowedAlgorithm, String algorithm) { boolean allowed = false; if (algorithm != null && algorithm.length() > 0) { @@ -429,7 +414,7 @@ protected IProfileSubsystem mProfileSubsystem = null; } public IAuthToken authenticate(AuthCredentials credentials, IProfileAuthenticator authenticator, - HttpServletRequest request) throws EBaseException { + HttpServletRequest request) throws EBaseException { // build credential Enumeration<String> authNames = authenticator.getValueNames(); @@ -445,314 +430,301 @@ protected IProfileSubsystem mProfileSubsystem = null; credentials.set("clientHost", request.getRemoteHost()); IAuthToken authToken = authenticator.authenticate(credentials); if (authToken == null) { - return null; + return null; } SessionContext sc = SessionContext.getContext(); if (sc != null) { - sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName()); - String userid = authToken.getInString(IAuthToken.USER_ID); - if (userid != null) { - sc.put(SessionContext.USER_ID, userid); - } + sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName()); + String userid = authToken.getInString(IAuthToken.USER_ID); + if (userid != null) { + sc.put(SessionContext.USER_ID, userid); + } } return authToken; } - /** - * Return the CA certificate back to the requestor. - * This needs to be changed so that if the CA has a certificate chain, - * the whole thing should get packaged as a PKIMessage (degnerate PKCS7 - no - * signerInfo) - */ - - public void handleGetCACert(HttpServletRequest httpReq, - HttpServletResponse httpResp) - throws ServletException { - java.security.cert.X509Certificate[] chain = null; - - CertificateChain certChain = mAuthority.getCACertChain(); - - try { - if (certChain == null) { - throw new ServletException("Internal Error: cannot get CA Cert"); - } - - chain = certChain.getChain(); - - byte[] bytes = null; - - int i = 0; - String message = (String)httpReq.getParameter(URL_MESSAGE); - CMS.debug("handleGetCACert message=" + message); - if (message != null) { - try { - int j = Integer.parseInt(message); - if (j < chain.length) { - i = j; - } - } catch (NumberFormatException e1) { + /** + * Return the CA certificate back to the requestor. This needs to be changed + * so that if the CA has a certificate chain, the whole thing should get + * packaged as a PKIMessage (degnerate PKCS7 - no signerInfo) + */ + + public void handleGetCACert(HttpServletRequest httpReq, + HttpServletResponse httpResp) + throws ServletException { + java.security.cert.X509Certificate[] chain = null; + + CertificateChain certChain = mAuthority.getCACertChain(); + + try { + if (certChain == null) { + throw new ServletException("Internal Error: cannot get CA Cert"); + } + + chain = certChain.getChain(); + + byte[] bytes = null; + + int i = 0; + String message = (String) httpReq.getParameter(URL_MESSAGE); + CMS.debug("handleGetCACert message=" + message); + if (message != null) { + try { + int j = Integer.parseInt(message); + if (j < chain.length) { + i = j; + } + } catch (NumberFormatException e1) { + } + } + CMS.debug("handleGetCACert selected chain=" + i); + + if (mUseCA) { + bytes = chain[i].getEncoded(); + } else { + CryptoContext cx = new CryptoContext(); + bytes = cx.getSigningCert().getEncoded(); } - } - CMS.debug("handleGetCACert selected chain=" + i); - - if (mUseCA) { - bytes = chain[i].getEncoded(); - } else { - CryptoContext cx = new CryptoContext(); - bytes = cx.getSigningCert().getEncoded(); - } - - httpResp.setContentType("application/x-x509-ca-cert"); - - -// The following code may be used one day to encode -// the RA/CA cert chain for RA mode, but it will need some -// work. - - /****** - SET certs = new SET(); - for (int i=0; i<chain.length; i++) { - ANY cert = new ANY(chain[i].getEncoded()); - certs.addElement(cert); - } - - SignedData crsd = new SignedData( - new SET(), // empty set of digestAlgorithmID's - new ContentInfo( - new OBJECT_IDENTIFIER(new long[] {1,2,840,113549,1,7,1}), - null), //empty content - certs, - null, // no CRL's - new SET() // empty SignerInfos - ); - - ContentInfo wrap = new ContentInfo(ContentInfo.SIGNED_DATA, crsd); - - ByteArrayOutputStream baos = new ByteArrayOutputStream(); - wrap.encode(baos); - - bytes = baos.toByteArray(); - - httpResp.setContentType("application/x-x509-ca-ra-cert"); - *****/ - - httpResp.setContentLength(bytes.length); - httpResp.getOutputStream().write(bytes); - httpResp.getOutputStream().flush(); - - CMS.debug("Output certificate chain:"); - CMS.debug(bytes); - } - catch (Exception e) { - CMS.debug("handleGetCACert exception " + e); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_SENDING_DER_ENCODE_CERT",e.getMessage())); - throw new ServletException("Failed sending DER encoded version of CA cert to client"); - } - - } - - public String getPasswordFromP10(PKCS10 p10) - { - PKCS10Attributes p10atts = p10.getAttributes(); - Enumeration<PKCS10Attribute> e = p10atts.getElements(); - - try { - while (e.hasMoreElements()) { - PKCS10Attribute p10a = (PKCS10Attribute)e.nextElement(); - CertAttrSet attr = p10a.getAttributeValue(); - - if (attr.getName().equals(ChallengePassword.NAME)) { - if (attr.get(ChallengePassword.PASSWORD) != null) { - return (String)attr.get(ChallengePassword.PASSWORD); - } - } - } - } catch(Exception e1) { - // do nothing - } - return null; - } - - /** - * If the 'operation' is 'PKIOperation', the 'message' part of the URL is a - * PKIMessage structure. We decode it to see what type message it is. - */ - - /** - * Decodes the PKI message and return information to RA. - */ - public void decodePKIMessage(HttpServletRequest httpReq, + + httpResp.setContentType("application/x-x509-ca-cert"); + + // The following code may be used one day to encode + // the RA/CA cert chain for RA mode, but it will need some + // work. + + /****** + * SET certs = new SET(); for (int i=0; i<chain.length; i++) { ANY + * cert = new ANY(chain[i].getEncoded()); certs.addElement(cert); } + * + * SignedData crsd = new SignedData( new SET(), // empty set of + * digestAlgorithmID's new ContentInfo( new OBJECT_IDENTIFIER(new + * long[] {1,2,840,113549,1,7,1}), null), //empty content certs, + * null, // no CRL's new SET() // empty SignerInfos ); + * + * ContentInfo wrap = new ContentInfo(ContentInfo.SIGNED_DATA, + * crsd); + * + * ByteArrayOutputStream baos = new ByteArrayOutputStream(); + * wrap.encode(baos); + * + * bytes = baos.toByteArray(); + * + * httpResp.setContentType("application/x-x509-ca-ra-cert"); + *****/ + + httpResp.setContentLength(bytes.length); + httpResp.getOutputStream().write(bytes); + httpResp.getOutputStream().flush(); + + CMS.debug("Output certificate chain:"); + CMS.debug(bytes); + } catch (Exception e) { + CMS.debug("handleGetCACert exception " + e); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_SENDING_DER_ENCODE_CERT", e.getMessage())); + throw new ServletException("Failed sending DER encoded version of CA cert to client"); + } + + } + + public String getPasswordFromP10(PKCS10 p10) { + PKCS10Attributes p10atts = p10.getAttributes(); + Enumeration<PKCS10Attribute> e = p10atts.getElements(); + + try { + while (e.hasMoreElements()) { + PKCS10Attribute p10a = (PKCS10Attribute) e.nextElement(); + CertAttrSet attr = p10a.getAttributeValue(); + + if (attr.getName().equals(ChallengePassword.NAME)) { + if (attr.get(ChallengePassword.PASSWORD) != null) { + return (String) attr.get(ChallengePassword.PASSWORD); + } + } + } + } catch (Exception e1) { + // do nothing + } + return null; + } + + /** + * If the 'operation' is 'PKIOperation', the 'message' part of the URL is a + * PKIMessage structure. We decode it to see what type message it is. + */ + + /** + * Decodes the PKI message and return information to RA. + */ + public void decodePKIMessage(HttpServletRequest httpReq, HttpServletResponse httpResp, String msg) - throws ServletException { - - CryptoContext cx=null; - - CRSPKIMessage req=null; - - byte[] decodedPKIMessage; - byte[] response=null; - String responseData = ""; - - decodedPKIMessage = com.netscape.osutil.OSUtil.AtoB(msg); - - try { - ByteArrayInputStream is = new ByteArrayInputStream(decodedPKIMessage); - - // We make two CRSPKIMessages. One of them, is the request, so we initialize - // it from the DER given to us from the router. - // The second is the response, and we'll fill this in as we go. - - if (decodedPKIMessage.length < 50) { - throw new ServletException("CRS request is too small to be a real request ("+ - decodedPKIMessage.length+" bytes)"); - } - try { - req = new CRSPKIMessage(is); - String ea = req.getEncryptionAlgorithm(); - if (!isAlgorithmAllowed (mAllowedEncryptionAlgorithm, ea)) { - CMS.debug("CRSEnrollment: decodePKIMessage: Encryption algorithm '"+ea+ - "' is not allowed ("+mEncryptionAlgorithmList+")."); - throw new ServletException("Encryption algorithm '"+ea+ - "' is not allowed ("+mEncryptionAlgorithmList+")."); + throws ServletException { + + CryptoContext cx = null; + + CRSPKIMessage req = null; + + byte[] decodedPKIMessage; + byte[] response = null; + String responseData = ""; + + decodedPKIMessage = com.netscape.osutil.OSUtil.AtoB(msg); + + try { + ByteArrayInputStream is = new ByteArrayInputStream(decodedPKIMessage); + + // We make two CRSPKIMessages. One of them, is the request, so we + // initialize + // it from the DER given to us from the router. + // The second is the response, and we'll fill this in as we go. + + if (decodedPKIMessage.length < 50) { + throw new ServletException("CRS request is too small to be a real request (" + + decodedPKIMessage.length + " bytes)"); + } + try { + req = new CRSPKIMessage(is); + String ea = req.getEncryptionAlgorithm(); + if (!isAlgorithmAllowed(mAllowedEncryptionAlgorithm, ea)) { + CMS.debug("CRSEnrollment: decodePKIMessage: Encryption algorithm '" + ea + + "' is not allowed (" + mEncryptionAlgorithmList + ")."); + throw new ServletException("Encryption algorithm '" + ea + + "' is not allowed (" + mEncryptionAlgorithmList + ")."); + } + String da = req.getDigestAlgorithmName(); + if (!isAlgorithmAllowed(mAllowedHashAlgorithm, da)) { + CMS.debug("CRSEnrollment: decodePKIMessage: Hashing algorithm '" + da + + "' is not allowed (" + mHashAlgorithmList + ")."); + throw new ServletException("Hashing algorithm '" + da + + "' is not allowed (" + mHashAlgorithmList + ")."); + } + if (ea != null) { + mEncryptionAlgorithm = ea; + } + } catch (Exception e) { + CMS.debug(e); + throw new ServletException("Could not decode the request."); } - String da = req.getDigestAlgorithmName(); - if (!isAlgorithmAllowed (mAllowedHashAlgorithm, da)) { - CMS.debug("CRSEnrollment: decodePKIMessage: Hashing algorithm '"+da+ - "' is not allowed ("+mHashAlgorithmList+")."); - throw new ServletException("Hashing algorithm '"+da+ - "' is not allowed ("+mHashAlgorithmList+")."); + + // Create a new crypto context for doing all the crypto operations + cx = new CryptoContext(); + + // Verify Signature on message (throws exception if sig bad) + verifyRequest(req, cx); + unwrapPKCS10(req, cx); + + IProfile profile = mProfileSubsystem.getProfile(mProfileId); + if (profile == null) { + CMS.debug("Profile '" + mProfileId + "' not found."); + throw new ServletException("Profile '" + mProfileId + "' not found."); + } else { + CMS.debug("Found profile '" + mProfileId + "'."); } - if (ea != null) { - mEncryptionAlgorithm = ea; - } - } - catch (Exception e) { - CMS.debug(e); - throw new ServletException("Could not decode the request."); - } - - // Create a new crypto context for doing all the crypto operations - cx = new CryptoContext(); - - // Verify Signature on message (throws exception if sig bad) - verifyRequest(req,cx); - unwrapPKCS10(req,cx); - - IProfile profile = mProfileSubsystem.getProfile(mProfileId); - if (profile == null) { - CMS.debug("Profile '" + mProfileId + "' not found."); - throw new ServletException("Profile '" + mProfileId + "' not found."); - } else { - CMS.debug("Found profile '" + mProfileId + "'."); - } - - IProfileAuthenticator authenticator = null; - try { - CMS.debug("Retrieving authenticator"); - authenticator = profile.getAuthenticator(); - if (authenticator == null) { - CMS.debug("Authenticator not found."); - throw new ServletException("Authenticator not found."); - } else { - CMS.debug("Got authenticator=" + authenticator.getClass().getName()); - } - } catch (EProfileException e) { - throw new ServletException("Authenticator not found."); - } - AuthCredentials credentials = new AuthCredentials(); - IAuthToken authToken = null; - // for ssl authentication; pass in servlet for retrieving - // ssl client certificates - SessionContext context = SessionContext.getContext(); - - // insert profile context so that input parameter can be retrieved - context.put("sslClientCertProvider", new SSLClientCertProvider(httpReq)); - - try { - authToken = authenticate(credentials, authenticator, httpReq); - } catch (Exception e) { - CMS.debug("Authentication failure: "+ e.getMessage()); - throw new ServletException("Authentication failure: "+ e.getMessage()); - } - if (authToken == null) { - CMS.debug("Authentication failure."); - throw new ServletException("Authentication failure."); - } - - // Deal with Transaction ID - String transactionID = req.getTransactionID(); - responseData = responseData + - "<TransactionID>" + transactionID + "</TransactionID>"; - - // End-User or RA's IP address - responseData = responseData + - "<RemoteAddr>" + httpReq.getRemoteAddr() + "</RemoteAddr>"; - - responseData = responseData + - "<RemoteHost>" + httpReq.getRemoteHost() + "</RemoteHost>"; - - // Deal with Nonces - byte[] sn = req.getSenderNonce(); - - // Deal with message type - String mt = req.getMessageType(); - responseData = responseData + - "<MessageType>" + mt + "</MessageType>"; - - PKCS10 p10 = (PKCS10)req.getP10(); - X500Name p10subject = p10.getSubjectName(); - responseData = responseData + - "<SubjectName>" + p10subject.toString() + "</SubjectName>"; - - String pkcs10Attr = ""; - PKCS10Attributes p10atts = p10.getAttributes(); - Enumeration<PKCS10Attribute> e = p10atts.getElements(); - - while (e.hasMoreElements()) { - PKCS10Attribute p10a = (PKCS10Attribute)e.nextElement(); - CertAttrSet attr = p10a.getAttributeValue(); - - - if (attr.getName().equals(ChallengePassword.NAME)) { - if (attr.get(ChallengePassword.PASSWORD) != null) { - pkcs10Attr = pkcs10Attr + - "<ChallengePassword><Password>" + (String)attr.get(ChallengePassword.PASSWORD) + "</Password></ChallengePassword>"; - } - - } - String extensionsStr = ""; - if (attr.getName().equals(ExtensionsRequested.NAME)) { - - Enumeration<Extension> exts = ((ExtensionsRequested)attr).getExtensions().elements(); - while (exts.hasMoreElements()) { - Extension ext = exts.nextElement(); - - if (ext.getExtensionId().equals( - OIDMap.getOID(SubjectAlternativeNameExtension.IDENT)) ) { - DerOutputStream dos = new DerOutputStream(); - SubjectAlternativeNameExtension sane = new SubjectAlternativeNameExtension( - Boolean.valueOf(false), // noncritical - ext.getExtensionValue()); - - - @SuppressWarnings("unchecked") - Vector<GeneralNameInterface> v = - (Vector<GeneralNameInterface>) sane.get(SubjectAlternativeNameExtension. SUBJECT_NAME); - - Enumeration<GeneralNameInterface> gne = v.elements(); + + IProfileAuthenticator authenticator = null; + try { + CMS.debug("Retrieving authenticator"); + authenticator = profile.getAuthenticator(); + if (authenticator == null) { + CMS.debug("Authenticator not found."); + throw new ServletException("Authenticator not found."); + } else { + CMS.debug("Got authenticator=" + authenticator.getClass().getName()); + } + } catch (EProfileException e) { + throw new ServletException("Authenticator not found."); + } + AuthCredentials credentials = new AuthCredentials(); + IAuthToken authToken = null; + // for ssl authentication; pass in servlet for retrieving + // ssl client certificates + SessionContext context = SessionContext.getContext(); + + // insert profile context so that input parameter can be retrieved + context.put("sslClientCertProvider", new SSLClientCertProvider(httpReq)); + + try { + authToken = authenticate(credentials, authenticator, httpReq); + } catch (Exception e) { + CMS.debug("Authentication failure: " + e.getMessage()); + throw new ServletException("Authentication failure: " + e.getMessage()); + } + if (authToken == null) { + CMS.debug("Authentication failure."); + throw new ServletException("Authentication failure."); + } + + // Deal with Transaction ID + String transactionID = req.getTransactionID(); + responseData = responseData + + "<TransactionID>" + transactionID + "</TransactionID>"; + + // End-User or RA's IP address + responseData = responseData + + "<RemoteAddr>" + httpReq.getRemoteAddr() + "</RemoteAddr>"; + + responseData = responseData + + "<RemoteHost>" + httpReq.getRemoteHost() + "</RemoteHost>"; + + // Deal with Nonces + byte[] sn = req.getSenderNonce(); + + // Deal with message type + String mt = req.getMessageType(); + responseData = responseData + + "<MessageType>" + mt + "</MessageType>"; + + PKCS10 p10 = (PKCS10) req.getP10(); + X500Name p10subject = p10.getSubjectName(); + responseData = responseData + + "<SubjectName>" + p10subject.toString() + "</SubjectName>"; + + String pkcs10Attr = ""; + PKCS10Attributes p10atts = p10.getAttributes(); + Enumeration<PKCS10Attribute> e = p10atts.getElements(); + + while (e.hasMoreElements()) { + PKCS10Attribute p10a = (PKCS10Attribute) e.nextElement(); + CertAttrSet attr = p10a.getAttributeValue(); + + if (attr.getName().equals(ChallengePassword.NAME)) { + if (attr.get(ChallengePassword.PASSWORD) != null) { + pkcs10Attr = pkcs10Attr + + "<ChallengePassword><Password>" + (String) attr.get(ChallengePassword.PASSWORD) + "</Password></ChallengePassword>"; + } + + } + String extensionsStr = ""; + if (attr.getName().equals(ExtensionsRequested.NAME)) { + + Enumeration<Extension> exts = ((ExtensionsRequested) attr).getExtensions().elements(); + while (exts.hasMoreElements()) { + Extension ext = exts.nextElement(); + + if (ext.getExtensionId().equals( + OIDMap.getOID(SubjectAlternativeNameExtension.IDENT))) { + DerOutputStream dos = new DerOutputStream(); + SubjectAlternativeNameExtension sane = new SubjectAlternativeNameExtension( + Boolean.valueOf(false), // noncritical + ext.getExtensionValue()); + + @SuppressWarnings("unchecked") + Vector<GeneralNameInterface> v = + (Vector<GeneralNameInterface>) sane.get(SubjectAlternativeNameExtension.SUBJECT_NAME); + + Enumeration<GeneralNameInterface> gne = v.elements(); StringBuffer subjAltNameStr = new StringBuffer(); - while (gne.hasMoreElements()) { - GeneralNameInterface gni = gne.nextElement(); - if (gni instanceof GeneralName) { - GeneralName genName = (GeneralName) gni; + while (gne.hasMoreElements()) { + GeneralNameInterface gni = gne.nextElement(); + if (gni instanceof GeneralName) { + GeneralName genName = (GeneralName) gni; - String gn = genName.toString(); - int colon = gn.indexOf(':'); - String gnType = gn.substring(0,colon).trim(); - String gnValue = gn.substring(colon+1).trim(); + String gn = genName.toString(); + int colon = gn.indexOf(':'); + String gnType = gn.substring(0, colon).trim(); + String gnValue = gn.substring(colon + 1).trim(); subjAltNameStr.append("<"); subjAltNameStr.append(gnType); @@ -761,1453 +733,1398 @@ protected IProfileSubsystem mProfileSubsystem = null; subjAltNameStr.append("</"); subjAltNameStr.append(gnType); subjAltNameStr.append(">"); - } - } // while + } + } // while extensionsStr = "<SubjAltName>" + - subjAltNameStr.toString() + "</SubjAltName>"; - } // if - } // while - pkcs10Attr = pkcs10Attr + + subjAltNameStr.toString() + "</SubjAltName>"; + } // if + } // while + pkcs10Attr = pkcs10Attr + "<Extensions>" + extensionsStr + "</Extensions>"; - } // if extensions - } // while - responseData = responseData + - "<PKCS10>" + pkcs10Attr + "</PKCS10>"; - - } catch (ServletException e) { - throw new ServletException(e.getMessage().toString()); - } catch (CRSInvalidSignatureException e) { - CMS.debug("handlePKIMessage exception " + e); - CMS.debug(e); - } catch (Exception e) { - CMS.debug("handlePKIMessage exception " + e); - CMS.debug(e); - throw new ServletException("Failed to process message in CEP servlet: "+ e.getMessage()); - } - - // We have now processed the request, and need to make the response message - - try { - - responseData = "<XMLResponse>" + responseData + "</XMLResponse>"; - // Get the response coding - response = responseData.getBytes(); - - // Encode the httpResp into B64 - httpResp.setContentType("application/xml"); - httpResp.setContentLength(response.length); - httpResp.getOutputStream().write(response); - httpResp.getOutputStream().flush(); - - int i1 = responseData.indexOf("<Password>"); - if (i1 > -1) { - i1 += 10; // 10 is a length of "<Password>" - int i2 = responseData.indexOf("</Password>", i1); - if (i2 > -1) { - responseData = responseData.substring(0, i1) + "********" + + } // if extensions + } // while + responseData = responseData + + "<PKCS10>" + pkcs10Attr + "</PKCS10>"; + + } catch (ServletException e) { + throw new ServletException(e.getMessage().toString()); + } catch (CRSInvalidSignatureException e) { + CMS.debug("handlePKIMessage exception " + e); + CMS.debug(e); + } catch (Exception e) { + CMS.debug("handlePKIMessage exception " + e); + CMS.debug(e); + throw new ServletException("Failed to process message in CEP servlet: " + e.getMessage()); + } + + // We have now processed the request, and need to make the response + // message + + try { + + responseData = "<XMLResponse>" + responseData + "</XMLResponse>"; + // Get the response coding + response = responseData.getBytes(); + + // Encode the httpResp into B64 + httpResp.setContentType("application/xml"); + httpResp.setContentLength(response.length); + httpResp.getOutputStream().write(response); + httpResp.getOutputStream().flush(); + + int i1 = responseData.indexOf("<Password>"); + if (i1 > -1) { + i1 += 10; // 10 is a length of "<Password>" + int i2 = responseData.indexOf("</Password>", i1); + if (i2 > -1) { + responseData = responseData.substring(0, i1) + "********" + responseData.substring(i2, responseData.length()); - } - } - - CMS.debug("Output (decoding) PKIOperation response:"); - CMS.debug(responseData); - } - catch (Exception e) { - throw new ServletException("Failed to create response for CEP message"+e.getMessage()); - } - - } - - - /** - * finds a request with this transaction ID. - * If could not find any request - return null - * If could only find 'rejected' or 'cancelled' requests, return null - * If found 'pending' or 'completed' request - return that request - */ - - - public void handlePKIOperation(HttpServletRequest httpReq, + } + } + + CMS.debug("Output (decoding) PKIOperation response:"); + CMS.debug(responseData); + } catch (Exception e) { + throw new ServletException("Failed to create response for CEP message" + e.getMessage()); + } + + } + + /** + * finds a request with this transaction ID. If could not find any request - + * return null If could only find 'rejected' or 'cancelled' requests, return + * null If found 'pending' or 'completed' request - return that request + */ + + public void handlePKIOperation(HttpServletRequest httpReq, HttpServletResponse httpResp, String msg) - throws ServletException { - - - CryptoContext cx=null; - - CRSPKIMessage req=null; - CRSPKIMessage crsResp=null; - - byte[] decodedPKIMessage; - byte[] response=null; - X509CertImpl cert = null; - - decodedPKIMessage = com.netscape.osutil.OSUtil.AtoB(msg); - - try { - ByteArrayInputStream is = new ByteArrayInputStream(decodedPKIMessage); - - // We make two CRSPKIMessages. One of them, is the request, so we initialize - // it from the DER given to us from the router. - // The second is the response, and we'll fill this in as we go. - - if (decodedPKIMessage.length < 50) { - throw new ServletException("CRS request is too small to be a real request ("+ - decodedPKIMessage.length+" bytes)"); - } - try { - req = new CRSPKIMessage(is); - String ea = req.getEncryptionAlgorithm(); - if (!isAlgorithmAllowed (mAllowedEncryptionAlgorithm, ea)) { - CMS.debug("CRSEnrollment: handlePKIOperation: Encryption algorithm '"+ea+ - "' is not allowed ("+mEncryptionAlgorithmList+")."); - throw new ServletException("Encryption algorithm '"+ea+ - "' is not allowed ("+mEncryptionAlgorithmList+")."); + throws ServletException { + + CryptoContext cx = null; + + CRSPKIMessage req = null; + CRSPKIMessage crsResp = null; + + byte[] decodedPKIMessage; + byte[] response = null; + X509CertImpl cert = null; + + decodedPKIMessage = com.netscape.osutil.OSUtil.AtoB(msg); + + try { + ByteArrayInputStream is = new ByteArrayInputStream(decodedPKIMessage); + + // We make two CRSPKIMessages. One of them, is the request, so we + // initialize + // it from the DER given to us from the router. + // The second is the response, and we'll fill this in as we go. + + if (decodedPKIMessage.length < 50) { + throw new ServletException("CRS request is too small to be a real request (" + + decodedPKIMessage.length + " bytes)"); + } + try { + req = new CRSPKIMessage(is); + String ea = req.getEncryptionAlgorithm(); + if (!isAlgorithmAllowed(mAllowedEncryptionAlgorithm, ea)) { + CMS.debug("CRSEnrollment: handlePKIOperation: Encryption algorithm '" + ea + + "' is not allowed (" + mEncryptionAlgorithmList + ")."); + throw new ServletException("Encryption algorithm '" + ea + + "' is not allowed (" + mEncryptionAlgorithmList + ")."); + } + String da = req.getDigestAlgorithmName(); + if (!isAlgorithmAllowed(mAllowedHashAlgorithm, da)) { + CMS.debug("CRSEnrollment: handlePKIOperation: Hashing algorithm '" + da + + "' is not allowed (" + mHashAlgorithmList + ")."); + throw new ServletException("Hashing algorithm '" + da + + "' is not allowed (" + mHashAlgorithmList + ")."); + } + if (ea != null) { + mEncryptionAlgorithm = ea; + } + crsResp = new CRSPKIMessage(); + } catch (ServletException e) { + throw new ServletException(e.getMessage().toString()); + } catch (Exception e) { + CMS.debug(e); + throw new ServletException("Could not decode the request."); + } + crsResp.setMessageType(CRSPKIMessage.mType_CertRep); + + // Create a new crypto context for doing all the crypto operations + cx = new CryptoContext(); + + // Verify Signature on message (throws exception if sig bad) + verifyRequest(req, cx); + + // Deal with Transaction ID + String transactionID = req.getTransactionID(); + if (transactionID == null) { + throw new ServletException("Error: malformed PKIMessage - missing transactionID"); + } else { + crsResp.setTransactionID(transactionID); + } + + // Deal with Nonces + byte[] sn = req.getSenderNonce(); + if (sn == null) { + throw new ServletException("Error: malformed PKIMessage - missing sendernonce"); + } else { + if (mNonceSizeLimit > 0 && sn.length > mNonceSizeLimit) { + byte[] snLimited = (mNonceSizeLimit > 0) ? new byte[mNonceSizeLimit] : null; + System.arraycopy(sn, 0, snLimited, 0, mNonceSizeLimit); + crsResp.setRecipientNonce(snLimited); + } else { + crsResp.setRecipientNonce(sn); + } + byte[] serverNonce = new byte[16]; + mRandom.nextBytes(serverNonce); + crsResp.setSenderNonce(serverNonce); + // crsResp.setSenderNonce(new byte[] {0}); } - String da = req.getDigestAlgorithmName(); - if (!isAlgorithmAllowed (mAllowedHashAlgorithm, da)) { - CMS.debug("CRSEnrollment: handlePKIOperation: Hashing algorithm '"+da+ - "' is not allowed ("+mHashAlgorithmList+")."); - throw new ServletException("Hashing algorithm '"+da+ - "' is not allowed ("+mHashAlgorithmList+")."); + + // Deal with message type + String mt = req.getMessageType(); + if (mt == null) { + throw new ServletException("Error: malformed PKIMessage - missing messageType"); } - if (ea != null) { - mEncryptionAlgorithm = ea; - } - crsResp = new CRSPKIMessage(); - } - catch (ServletException e) { - throw new ServletException(e.getMessage().toString()); - } - catch (Exception e) { + + // now run appropriate code, depending on message type + if (mt.equals(CRSPKIMessage.mType_PKCSReq)) { + CMS.debug("Processing PKCSReq"); + try { + // Check if there is an existing request. If this returns + // non-null, + // then the request is 'active' (either pending or + // completed) in + // which case, we compare the hash of the new request to the + // hash of the + // one in the queue - if they are the same, I return the + // state of the + // original request - as if it was 'getCertInitial' message. + // If the hashes are different, then the user attempted to + // enroll + // for a new request with the same txid, which is not + // allowed - + // so we return 'failure'. + + IRequest cmsRequest = findRequestByTransactionID(req.getTransactionID(), true); + + // If there was no request (with a cert) with this + // transaction ID, + // process it as a new request + + cert = handlePKCSReq(httpReq, cmsRequest, req, crsResp, cx); + + } catch (CRSFailureException e) { + throw new ServletException("Couldn't handle CEP request (PKCSReq) - " + e.getMessage()); + } + } else if (mt.equals(CRSPKIMessage.mType_GetCertInitial)) { + CMS.debug("Processing GetCertInitial"); + cert = handleGetCertInitial(req, crsResp); + } else { + CMS.debug("Invalid request type " + mt); + } + } catch (ServletException e) { + throw new ServletException(e.getMessage().toString()); + } catch (CRSInvalidSignatureException e) { + CMS.debug("handlePKIMessage exception " + e); + CMS.debug(e); + crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck); + } catch (Exception e) { + CMS.debug("handlePKIMessage exception " + e); CMS.debug(e); - throw new ServletException("Could not decode the request."); - } - crsResp.setMessageType(CRSPKIMessage.mType_CertRep); - - // Create a new crypto context for doing all the crypto operations - cx = new CryptoContext(); - - // Verify Signature on message (throws exception if sig bad) - verifyRequest(req,cx); - - // Deal with Transaction ID - String transactionID = req.getTransactionID(); - if (transactionID == null) { - throw new ServletException("Error: malformed PKIMessage - missing transactionID"); - } - else { - crsResp.setTransactionID(transactionID); - } - - // Deal with Nonces - byte[] sn = req.getSenderNonce(); - if (sn == null) { - throw new ServletException("Error: malformed PKIMessage - missing sendernonce"); - } - else { - if (mNonceSizeLimit > 0 && sn.length > mNonceSizeLimit) { - byte[] snLimited = (mNonceSizeLimit > 0)? new byte[mNonceSizeLimit]: null; - System.arraycopy(sn, 0, snLimited, 0, mNonceSizeLimit); - crsResp.setRecipientNonce(snLimited); - } else { - crsResp.setRecipientNonce(sn); - } - byte[] serverNonce = new byte[16]; - mRandom.nextBytes(serverNonce); - crsResp.setSenderNonce(serverNonce); - // crsResp.setSenderNonce(new byte[] {0}); - } - - // Deal with message type - String mt = req.getMessageType(); - if (mt == null) { - throw new ServletException("Error: malformed PKIMessage - missing messageType"); - } - - // now run appropriate code, depending on message type - if (mt.equals(CRSPKIMessage.mType_PKCSReq)) { - CMS.debug("Processing PKCSReq"); - try { - // Check if there is an existing request. If this returns non-null, - // then the request is 'active' (either pending or completed) in - // which case, we compare the hash of the new request to the hash of the - // one in the queue - if they are the same, I return the state of the - // original request - as if it was 'getCertInitial' message. - // If the hashes are different, then the user attempted to enroll - // for a new request with the same txid, which is not allowed - - // so we return 'failure'. - - IRequest cmsRequest= findRequestByTransactionID(req.getTransactionID(),true); - - // If there was no request (with a cert) with this transaction ID, - // process it as a new request - - cert = handlePKCSReq(httpReq, cmsRequest,req,crsResp,cx); - - } - catch (CRSFailureException e) { - throw new ServletException("Couldn't handle CEP request (PKCSReq) - "+e.getMessage()); - } - } - else if (mt.equals(CRSPKIMessage.mType_GetCertInitial)) { - CMS.debug("Processing GetCertInitial"); - cert = handleGetCertInitial(req,crsResp); - } else { - CMS.debug("Invalid request type " + mt); - } - } - catch (ServletException e) { - throw new ServletException(e.getMessage().toString()); - } - catch (CRSInvalidSignatureException e) { - CMS.debug("handlePKIMessage exception " + e); - CMS.debug(e); - crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck); - } - catch (Exception e) { - CMS.debug("handlePKIMessage exception " + e); - CMS.debug(e); - throw new ServletException("Failed to process message in CEP servlet: "+ e.getMessage()); - } - - // We have now processed the request, and need to make the response message - - try { - // make the response - processCertRep(cx, cert,crsResp, req); - - // Get the response coding - response = crsResp.getResponse(); - - // Encode the crsResp into B64 - httpResp.setContentType("application/x-pki-message"); - httpResp.setContentLength(response.length); - httpResp.getOutputStream().write(response); - httpResp.getOutputStream().flush(); - - CMS.debug("Output PKIOperation response:"); - CMS.debug(CMS.BtoA(response)); - } - catch (Exception e) { - throw new ServletException("Failed to create response for CEP message"+e.getMessage()); - } - - } - - - /** - * finds a request with this transaction ID. - * If could not find any request - return null - * If could only find 'rejected' or 'cancelled' requests, return null - * If found 'pending' or 'completed' request - return that request - */ - - public IRequest findRequestByTransactionID(String txid, boolean ignoreRejected) - throws EBaseException { - - /* Check if certificate request has been completed */ - - IRequestQueue rq = ca.getRequestQueue(); - IRequest foundRequest = null; - - Enumeration<RequestId> rids = rq.findRequestsBySourceId(txid); - if (rids == null) { return null; } - - int count=0; - while (rids.hasMoreElements()) { - RequestId rid = rids.nextElement(); - if (rid == null) { - continue; - } - - IRequest request = rq.findRequest(rid); - if (request == null) { - continue; - } - if ( !ignoreRejected || - request.getRequestStatus().equals(RequestStatus.PENDING) || - request.getRequestStatus().equals(RequestStatus.COMPLETE)) { - if (foundRequest != null) { - } - foundRequest = request; - } - } - return foundRequest; - } - - /** - * Called if the router is requesting us to send it its certificate - * Examine request queue for a request matching the transaction ID. - * Ignore any rejected or cancelled requests. - * - * If a request is found in the pending state, the response should be - * 'pending' - * - * If a request is found in the completed state, the response should be - * to return the certificate - * - * If no request is found, the response should be to return null - * - */ - - public X509CertImpl handleGetCertInitial(CRSPKIMessage req,CRSPKIMessage resp) - { - IRequest foundRequest=null; - - // already done by handlePKIOperation - // resp.setRecipientNonce(req.getSenderNonce()); - // resp.setSenderNonce(null); - - try { - foundRequest = findRequestByTransactionID(req.getTransactionID(),false); - } catch (EBaseException e) { - } - - if (foundRequest == null) { - resp.setFailInfo(CRSPKIMessage.mFailInfo_badCertId); - resp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); - return null; - } - - return makeResponseFromRequest(req,resp,foundRequest); - } - - - public void verifyRequest(CRSPKIMessage req, CryptoContext cx) - throws CRSInvalidSignatureException { - - // Get Signed Data - - byte[] reqAAbytes = req.getAA(); - byte[] reqAAsig = req.getAADigest(); - - } - - - /** - * Create an entry for this user in the publishing directory - * - */ - - private boolean createEntry(String dn) - { - boolean result = false; - - IPublisherProcessor ldapPub = mAuthority.getPublisherProcessor(); - if (ldapPub == null || !ldapPub.enabled()) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_CREATE_ENTRY_FROM_CEP")); - - return result; - } - - ILdapConnFactory connFactory = ((IPublisherProcessor)ldapPub).getLdapConnModule().getLdapConnFactory(); - if (connFactory == null) { - return result; - } - - LDAPConnection connection=null; - try { - connection = connFactory.getConn(); - String[] objectclasses = { "top", mEntryObjectclass }; - LDAPAttribute ocAttrs = new LDAPAttribute("objectclass",objectclasses); - - LDAPAttributeSet attrSet = new LDAPAttributeSet(); - attrSet.add(ocAttrs); - - LDAPEntry newEntry = new LDAPEntry(dn, attrSet); - connection.add(newEntry); - result=true; - } - catch (Exception e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_FAIL_CREAT_ENTRY_EXISTS",dn)); - } - finally { - try { - connFactory.returnConn(connection); - } - catch (Exception f) {} - } - return result; + throw new ServletException("Failed to process message in CEP servlet: " + e.getMessage()); + } + + // We have now processed the request, and need to make the response + // message + + try { + // make the response + processCertRep(cx, cert, crsResp, req); + + // Get the response coding + response = crsResp.getResponse(); + + // Encode the crsResp into B64 + httpResp.setContentType("application/x-pki-message"); + httpResp.setContentLength(response.length); + httpResp.getOutputStream().write(response); + httpResp.getOutputStream().flush(); + + CMS.debug("Output PKIOperation response:"); + CMS.debug(CMS.BtoA(response)); + } catch (Exception e) { + throw new ServletException("Failed to create response for CEP message" + e.getMessage()); + } + + } + + /** + * finds a request with this transaction ID. If could not find any request - + * return null If could only find 'rejected' or 'cancelled' requests, return + * null If found 'pending' or 'completed' request - return that request + */ + + public IRequest findRequestByTransactionID(String txid, boolean ignoreRejected) + throws EBaseException { + + /* Check if certificate request has been completed */ + + IRequestQueue rq = ca.getRequestQueue(); + IRequest foundRequest = null; + + Enumeration<RequestId> rids = rq.findRequestsBySourceId(txid); + if (rids == null) { + return null; + } + + int count = 0; + while (rids.hasMoreElements()) { + RequestId rid = rids.nextElement(); + if (rid == null) { + continue; + } + + IRequest request = rq.findRequest(rid); + if (request == null) { + continue; + } + if (!ignoreRejected || + request.getRequestStatus().equals(RequestStatus.PENDING) || + request.getRequestStatus().equals(RequestStatus.COMPLETE)) { + if (foundRequest != null) { + } + foundRequest = request; + } + } + return foundRequest; + } + + /** + * Called if the router is requesting us to send it its certificate Examine + * request queue for a request matching the transaction ID. Ignore any + * rejected or cancelled requests. + * + * If a request is found in the pending state, the response should be + * 'pending' + * + * If a request is found in the completed state, the response should be to + * return the certificate + * + * If no request is found, the response should be to return null + * + */ + + public X509CertImpl handleGetCertInitial(CRSPKIMessage req, CRSPKIMessage resp) { + IRequest foundRequest = null; + + // already done by handlePKIOperation + // resp.setRecipientNonce(req.getSenderNonce()); + // resp.setSenderNonce(null); + + try { + foundRequest = findRequestByTransactionID(req.getTransactionID(), false); + } catch (EBaseException e) { + } + + if (foundRequest == null) { + resp.setFailInfo(CRSPKIMessage.mFailInfo_badCertId); + resp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); + return null; + } + + return makeResponseFromRequest(req, resp, foundRequest); + } + + public void verifyRequest(CRSPKIMessage req, CryptoContext cx) + throws CRSInvalidSignatureException { + + // Get Signed Data + + byte[] reqAAbytes = req.getAA(); + byte[] reqAAsig = req.getAADigest(); + } + /** + * Create an entry for this user in the publishing directory + * + */ + private boolean createEntry(String dn) { + boolean result = false; - /** - * Here we decrypt the PKCS10 message from the client - * - */ - - public void unwrapPKCS10(CRSPKIMessage req, CryptoContext cx) - throws ServletException, + IPublisherProcessor ldapPub = mAuthority.getPublisherProcessor(); + if (ldapPub == null || !ldapPub.enabled()) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_CREATE_ENTRY_FROM_CEP")); + + return result; + } + + ILdapConnFactory connFactory = ((IPublisherProcessor) ldapPub).getLdapConnModule().getLdapConnFactory(); + if (connFactory == null) { + return result; + } + + LDAPConnection connection = null; + try { + connection = connFactory.getConn(); + String[] objectclasses = { "top", mEntryObjectclass }; + LDAPAttribute ocAttrs = new LDAPAttribute("objectclass", objectclasses); + + LDAPAttributeSet attrSet = new LDAPAttributeSet(); + attrSet.add(ocAttrs); + + LDAPEntry newEntry = new LDAPEntry(dn, attrSet); + connection.add(newEntry); + result = true; + } catch (Exception e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_FAIL_CREAT_ENTRY_EXISTS", dn)); + } finally { + try { + connFactory.returnConn(connection); + } catch (Exception f) { + } + } + return result; + } + + /** + * Here we decrypt the PKCS10 message from the client + * + */ + + public void unwrapPKCS10(CRSPKIMessage req, CryptoContext cx) + throws ServletException, CryptoManager.NotInitializedException, - CryptoContext.CryptoContextException, + CryptoContext.CryptoContextException, CRSFailureException { - - byte[] decryptedP10bytes = null; - SymmetricKey sk; - SymmetricKey skinternal; - SymmetricKey.Type skt; - KeyWrapper kw; - Cipher cip; - EncryptionAlgorithm ea; - boolean errorInRequest = false; - - // Unwrap the session key with the Cert server key - try { - kw = cx.getKeyWrapper(); - - kw.initUnwrap(cx.getPrivateKey(),null); - - skt = SymmetricKey.Type.DES; - ea = EncryptionAlgorithm.DES_CBC; - if (mEncryptionAlgorithm != null && mEncryptionAlgorithm.equals("DES3")) { - skt = SymmetricKey.Type.DES3; - ea = EncryptionAlgorithm.DES3_CBC; - } - - sk = kw.unwrapSymmetric(req.getWrappedKey(), + + byte[] decryptedP10bytes = null; + SymmetricKey sk; + SymmetricKey skinternal; + SymmetricKey.Type skt; + KeyWrapper kw; + Cipher cip; + EncryptionAlgorithm ea; + boolean errorInRequest = false; + + // Unwrap the session key with the Cert server key + try { + kw = cx.getKeyWrapper(); + + kw.initUnwrap(cx.getPrivateKey(), null); + + skt = SymmetricKey.Type.DES; + ea = EncryptionAlgorithm.DES_CBC; + if (mEncryptionAlgorithm != null && mEncryptionAlgorithm.equals("DES3")) { + skt = SymmetricKey.Type.DES3; + ea = EncryptionAlgorithm.DES3_CBC; + } + + sk = kw.unwrapSymmetric(req.getWrappedKey(), skt, SymmetricKey.Usage.DECRYPT, - 0); // keylength is ignored - - skinternal = cx.getDESKeyGenerator().clone(sk); - - cip = skinternal.getOwningToken().getCipherContext(ea); - - cip.initDecrypt(skinternal,(new IVParameterSpec(req.getIV()))); - - decryptedP10bytes = cip.doFinal(req.getEncryptedPkcs10()); - CMS.debug("decryptedP10bytes:"); - CMS.debug(decryptedP10bytes); - - req.setP10(new PKCS10(decryptedP10bytes)); - } catch (Exception e) { - CMS.debug("failed to unwrap PKCS10 " + e); - throw new CRSFailureException("Could not unwrap PKCS10 blob: "+e.getMessage()); - } - - } - - - -private void getDetailFromRequest(CRSPKIMessage req, CRSPKIMessage crsResp) - throws CRSFailureException { - - IRequest issueReq = null; - X509CertImpl issuedCert=null; - SubjectAlternativeNameExtension sane = null; - CertAttrSet requested_ext = null; - - try { - PKCS10 p10 = req.getP10(); - - if (p10 == null) { - crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck); - crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); - throw new CRSFailureException("Failed to decode pkcs10 from CEP request"); - } - - AuthCredentials authCreds = new AuthCredentials(); - - String challengePassword = null; - // Here, we make a new CertInfo - it's a new start for a certificate - - X509CertInfo certInfo = CMS.getDefaultX509CertInfo(); - - // get some stuff out of the request - X509Key key = p10.getSubjectPublicKeyInfo(); - X500Name p10subject = p10.getSubjectName(); - - X500Name subject=null; - - // The following code will copy all the attributes - // into the AuthCredentials so they can be used for - // authentication - // - // Optionally, you can re-map the subject name from: - // one RDN, with many AVA's to - // many RDN's with one AVA in each. - - Enumeration<RDN> rdne = p10subject.getRDNs(); - Vector<RDN> rdnv = new Vector<RDN>(); - - Hashtable<String, String> sanehash = new Hashtable<String, String>(); - - X500NameAttrMap xnap = X500NameAttrMap.getDefault(); - while (rdne.hasMoreElements()) { - RDN rdn = (RDN) rdne.nextElement(); - int i=0; - AVA[] oldavas = rdn.getAssertion(); - for (i=0; i<rdn.getAssertionLength(); i++) { - AVA[] newavas = new AVA[1]; - newavas[0] = oldavas[i]; - - authCreds.set(xnap.getName(oldavas[i].getOid()), - oldavas[i].getValue().getAsString()); - - if (oldavas[i].getOid().equals(OID_UNSTRUCTUREDNAME)) { - - sanehash.put(SANE_DNSNAME,oldavas[i].getValue().getAsString()); - } - if (oldavas[i].getOid().equals(OID_UNSTRUCTUREDADDRESS)) { - sanehash.put(SANE_IPADDRESS,oldavas[i].getValue().getAsString()); - } - - RDN newrdn = new RDN(newavas); - if (mFlattenDN) { - rdnv.addElement(newrdn); - } - } - } - - if (mFlattenDN) subject = new X500Name(rdnv); - else subject = p10subject; - - - // create default key usage extension - KeyUsageExtension kue = new KeyUsageExtension(); - kue.set(KeyUsageExtension.DIGITAL_SIGNATURE, Boolean.valueOf(true)); - kue.set(KeyUsageExtension.KEY_ENCIPHERMENT, Boolean.valueOf(true)); - - - PKCS10Attributes p10atts = p10.getAttributes(); - Enumeration<PKCS10Attribute> e = p10atts.getElements(); - - while (e.hasMoreElements()) { - PKCS10Attribute p10a = (PKCS10Attribute)e.nextElement(); - CertAttrSet attr = p10a.getAttributeValue(); - - - if (attr.getName().equals(ChallengePassword.NAME)) { - if (attr.get(ChallengePassword.PASSWORD) != null) { - req.put(AUTH_PASSWORD, - (String)attr.get(ChallengePassword.PASSWORD)); - req.put(ChallengePassword.NAME, - hashPassword( - (String)attr.get(ChallengePassword.PASSWORD))); - } - } - - if (attr.getName().equals(ExtensionsRequested.NAME)) { - - Enumeration<Extension> exts = ((ExtensionsRequested)attr).getExtensions().elements(); - while (exts.hasMoreElements()) { - Extension ext = exts.nextElement(); - - if (ext.getExtensionId().equals( - OIDMap.getOID(KeyUsageExtension.IDENT)) ) { - - kue = new KeyUsageExtension( - new Boolean(false), // noncritical - ext.getExtensionValue()); - } - - if (ext.getExtensionId().equals( - OIDMap.getOID(SubjectAlternativeNameExtension.IDENT)) ) { - DerOutputStream dos = new DerOutputStream(); - sane = new SubjectAlternativeNameExtension( - new Boolean(false), // noncritical - ext.getExtensionValue()); - - - @SuppressWarnings("unchecked") - Vector<GeneralNameInterface> v = - (Vector<GeneralNameInterface>) sane.get(SubjectAlternativeNameExtension. SUBJECT_NAME); - - Enumeration<GeneralNameInterface> gne = v.elements(); - - while (gne.hasMoreElements()) { - GeneralNameInterface gni = (GeneralNameInterface) gne.nextElement(); - if (gni instanceof GeneralName) { - GeneralName genName = (GeneralName) gni; - - String gn = genName.toString(); - int colon = gn.indexOf(':'); - String gnType = gn.substring(0,colon).trim(); - String gnValue = gn.substring(colon+1).trim(); - - authCreds.set(gnType,gnValue); - } - } - } - } - } - } - - if (authCreds != null) req.put(AUTH_CREDS,authCreds); - - try { - if (sane == null) sane = makeDefaultSubjectAltName(sanehash); - } catch (Exception sane_e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_SUBJ_ALT_NAME", - sane_e.getMessage())); - } - - - - try { - if (mAppendDN != null && ! mAppendDN.equals("")) { - - X500Name newSubject = new X500Name(subject.toString()); - subject = new X500Name( subject.toString().concat(","+mAppendDN)); - } - - } catch (Exception sne) { - log(ILogger.LL_INFO, "Unable to use appendDN parameter: "+mAppendDN+". Error is "+sne.getMessage()+" Using unmodified subjectname"); - } - - if (subject != null) req.put(SUBJECTNAME, subject); - - if (key == null || subject == null) { - // log - //throw new ERegistrationException(RegistrationResources.ERROR_MALFORMED_P10); - } - - - - certInfo.set(X509CertInfo.VERSION, + 0); // keylength is ignored + + skinternal = cx.getDESKeyGenerator().clone(sk); + + cip = skinternal.getOwningToken().getCipherContext(ea); + + cip.initDecrypt(skinternal, (new IVParameterSpec(req.getIV()))); + + decryptedP10bytes = cip.doFinal(req.getEncryptedPkcs10()); + CMS.debug("decryptedP10bytes:"); + CMS.debug(decryptedP10bytes); + + req.setP10(new PKCS10(decryptedP10bytes)); + } catch (Exception e) { + CMS.debug("failed to unwrap PKCS10 " + e); + throw new CRSFailureException("Could not unwrap PKCS10 blob: " + e.getMessage()); + } + + } + + private void getDetailFromRequest(CRSPKIMessage req, CRSPKIMessage crsResp) + throws CRSFailureException { + + IRequest issueReq = null; + X509CertImpl issuedCert = null; + SubjectAlternativeNameExtension sane = null; + CertAttrSet requested_ext = null; + + try { + PKCS10 p10 = req.getP10(); + + if (p10 == null) { + crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck); + crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); + throw new CRSFailureException("Failed to decode pkcs10 from CEP request"); + } + + AuthCredentials authCreds = new AuthCredentials(); + + String challengePassword = null; + // Here, we make a new CertInfo - it's a new start for a certificate + + X509CertInfo certInfo = CMS.getDefaultX509CertInfo(); + + // get some stuff out of the request + X509Key key = p10.getSubjectPublicKeyInfo(); + X500Name p10subject = p10.getSubjectName(); + + X500Name subject = null; + + // The following code will copy all the attributes + // into the AuthCredentials so they can be used for + // authentication + // + // Optionally, you can re-map the subject name from: + // one RDN, with many AVA's to + // many RDN's with one AVA in each. + + Enumeration<RDN> rdne = p10subject.getRDNs(); + Vector<RDN> rdnv = new Vector<RDN>(); + + Hashtable<String, String> sanehash = new Hashtable<String, String>(); + + X500NameAttrMap xnap = X500NameAttrMap.getDefault(); + while (rdne.hasMoreElements()) { + RDN rdn = (RDN) rdne.nextElement(); + int i = 0; + AVA[] oldavas = rdn.getAssertion(); + for (i = 0; i < rdn.getAssertionLength(); i++) { + AVA[] newavas = new AVA[1]; + newavas[0] = oldavas[i]; + + authCreds.set(xnap.getName(oldavas[i].getOid()), + oldavas[i].getValue().getAsString()); + + if (oldavas[i].getOid().equals(OID_UNSTRUCTUREDNAME)) { + + sanehash.put(SANE_DNSNAME, oldavas[i].getValue().getAsString()); + } + if (oldavas[i].getOid().equals(OID_UNSTRUCTUREDADDRESS)) { + sanehash.put(SANE_IPADDRESS, oldavas[i].getValue().getAsString()); + } + + RDN newrdn = new RDN(newavas); + if (mFlattenDN) { + rdnv.addElement(newrdn); + } + } + } + + if (mFlattenDN) + subject = new X500Name(rdnv); + else + subject = p10subject; + + // create default key usage extension + KeyUsageExtension kue = new KeyUsageExtension(); + kue.set(KeyUsageExtension.DIGITAL_SIGNATURE, Boolean.valueOf(true)); + kue.set(KeyUsageExtension.KEY_ENCIPHERMENT, Boolean.valueOf(true)); + + PKCS10Attributes p10atts = p10.getAttributes(); + Enumeration<PKCS10Attribute> e = p10atts.getElements(); + + while (e.hasMoreElements()) { + PKCS10Attribute p10a = (PKCS10Attribute) e.nextElement(); + CertAttrSet attr = p10a.getAttributeValue(); + + if (attr.getName().equals(ChallengePassword.NAME)) { + if (attr.get(ChallengePassword.PASSWORD) != null) { + req.put(AUTH_PASSWORD, + (String) attr.get(ChallengePassword.PASSWORD)); + req.put(ChallengePassword.NAME, + hashPassword( + (String) attr.get(ChallengePassword.PASSWORD))); + } + } + + if (attr.getName().equals(ExtensionsRequested.NAME)) { + + Enumeration<Extension> exts = ((ExtensionsRequested) attr).getExtensions().elements(); + while (exts.hasMoreElements()) { + Extension ext = exts.nextElement(); + + if (ext.getExtensionId().equals( + OIDMap.getOID(KeyUsageExtension.IDENT))) { + + kue = new KeyUsageExtension( + new Boolean(false), // noncritical + ext.getExtensionValue()); + } + + if (ext.getExtensionId().equals( + OIDMap.getOID(SubjectAlternativeNameExtension.IDENT))) { + DerOutputStream dos = new DerOutputStream(); + sane = new SubjectAlternativeNameExtension( + new Boolean(false), // noncritical + ext.getExtensionValue()); + + @SuppressWarnings("unchecked") + Vector<GeneralNameInterface> v = + (Vector<GeneralNameInterface>) sane.get(SubjectAlternativeNameExtension.SUBJECT_NAME); + + Enumeration<GeneralNameInterface> gne = v.elements(); + + while (gne.hasMoreElements()) { + GeneralNameInterface gni = (GeneralNameInterface) gne.nextElement(); + if (gni instanceof GeneralName) { + GeneralName genName = (GeneralName) gni; + + String gn = genName.toString(); + int colon = gn.indexOf(':'); + String gnType = gn.substring(0, colon).trim(); + String gnValue = gn.substring(colon + 1).trim(); + + authCreds.set(gnType, gnValue); + } + } + } + } + } + } + + if (authCreds != null) + req.put(AUTH_CREDS, authCreds); + + try { + if (sane == null) + sane = makeDefaultSubjectAltName(sanehash); + } catch (Exception sane_e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_SUBJ_ALT_NAME", + sane_e.getMessage())); + } + + try { + if (mAppendDN != null && !mAppendDN.equals("")) { + + X500Name newSubject = new X500Name(subject.toString()); + subject = new X500Name(subject.toString().concat("," + mAppendDN)); + } + + } catch (Exception sne) { + log(ILogger.LL_INFO, "Unable to use appendDN parameter: " + mAppendDN + ". Error is " + sne.getMessage() + " Using unmodified subjectname"); + } + + if (subject != null) + req.put(SUBJECTNAME, subject); + + if (key == null || subject == null) { + // log + // throw new + // ERegistrationException(RegistrationResources.ERROR_MALFORMED_P10); + } + + certInfo.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3)); - - certInfo.set(X509CertInfo.SUBJECT, + + certInfo.set(X509CertInfo.SUBJECT, new CertificateSubjectName(subject)); - - certInfo.set(X509CertInfo.KEY, + + certInfo.set(X509CertInfo.KEY, new CertificateX509Key(key)); - - CertificateExtensions ext = new CertificateExtensions(); - - if (kue != null) { - ext.set(KeyUsageExtension.class.getSimpleName(), kue); - } - - // add subjectAltName extension, if present - if (sane != null) { - ext.set(SubjectAlternativeNameExtension.class.getSimpleName(), sane); - } - - certInfo.set(X509CertInfo.EXTENSIONS,ext); - - req.put(CERTINFO, certInfo); - } catch (Exception e) { - crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck); - crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); - return ; - } // NEED TO FIX - } - - - private SubjectAlternativeNameExtension makeDefaultSubjectAltName(Hashtable<String, String> ht) { - - // if no subjectaltname extension was requested, we try to make it up - // from some of the elements of the subject name - - int itemCount = ht.size(); - GeneralNameInterface[] gn = new GeneralNameInterface[ht.size()]; - - itemCount = 0; - Enumeration<String> en = ht.keys(); - while (en.hasMoreElements()) { - String key = (String) en.nextElement(); - if (key.equals(SANE_DNSNAME)) { - gn[itemCount++] = new DNSName((String)ht.get(key)); - } - if (key.equals(SANE_IPADDRESS)) { - gn[itemCount++] = new IPAddressName((String)ht.get(key)); + + CertificateExtensions ext = new CertificateExtensions(); + + if (kue != null) { + ext.set(KeyUsageExtension.class.getSimpleName(), kue); + } + + // add subjectAltName extension, if present + if (sane != null) { + ext.set(SubjectAlternativeNameExtension.class.getSimpleName(), sane); + } + + certInfo.set(X509CertInfo.EXTENSIONS, ext); + + req.put(CERTINFO, certInfo); + } catch (Exception e) { + crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck); + crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); + return; + } // NEED TO FIX + } + + private SubjectAlternativeNameExtension makeDefaultSubjectAltName(Hashtable<String, String> ht) { + + // if no subjectaltname extension was requested, we try to make it up + // from some of the elements of the subject name + + int itemCount = ht.size(); + GeneralNameInterface[] gn = new GeneralNameInterface[ht.size()]; + + itemCount = 0; + Enumeration<String> en = ht.keys(); + while (en.hasMoreElements()) { + String key = (String) en.nextElement(); + if (key.equals(SANE_DNSNAME)) { + gn[itemCount++] = new DNSName((String) ht.get(key)); + } + if (key.equals(SANE_IPADDRESS)) { + gn[itemCount++] = new IPAddressName((String) ht.get(key)); + } + } + + try { + return new SubjectAlternativeNameExtension(new GeneralNames(gn)); + } catch (Exception e) { + log(ILogger.LL_INFO, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_SUBJ_ALT_NAME", + e.getMessage())); + return null; } } - try { - return new SubjectAlternativeNameExtension( new GeneralNames(gn) ); - } catch (Exception e) { - log(ILogger.LL_INFO, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_SUBJ_ALT_NAME", - e.getMessage())); - return null; - } - } - - - - // Perform authentication - - /* - * if the authentication is set up for CEP, and the user provides - * some credential, an attempt is made to authenticate the user - * If this fails, this method will return true - * If it is sucessful, this method will return true and - * an authtoken will be in the request - * - * If authentication is not configured, this method will - * return false. The request will be processed in the usual - * way, but no authtoken will be in the request. - * - * In other word, this method returns true if the request - * should be aborted, false otherwise. - */ - - private boolean authenticateUser(CRSPKIMessage req) { - boolean authenticationFailed = true; - - if (mAuthManagerName == null) { - return false; - } - - String password = (String)req.get(AUTH_PASSWORD); - - AuthCredentials authCreds = (AuthCredentials)req.get(AUTH_CREDS); - - if (authCreds == null) { - authCreds = new AuthCredentials(); - } - - // authtoken starts as null - AuthToken token = null; - - if (password != null && !password.equals("")) { - try { - authCreds.set(AUTH_PASSWORD,password); - } catch (Exception e) {} - } - + // Perform authentication + + /* + * if the authentication is set up for CEP, and the user provides some + * credential, an attempt is made to authenticate the user If this fails, + * this method will return true If it is sucessful, this method will return + * true and an authtoken will be in the request + * + * If authentication is not configured, this method will return false. The + * request will be processed in the usual way, but no authtoken will be in + * the request. + * + * In other word, this method returns true if the request should be aborted, + * false otherwise. + */ - try { - token = (AuthToken)mAuthSubsystem.authenticate(authCreds,mAuthManagerName); - authCreds.delete(AUTH_PASSWORD); - // if we got here, the authenticate call must not have thrown - // an exception - authenticationFailed = false; - } - catch (EInvalidCredentials ex) { - // Invalid credentials - we must reject the request - authenticationFailed = true; - } - catch (EMissingCredential mc) { - // Misssing credential - we'll log, and process manually - authenticationFailed = false; - } - catch (EBaseException ex) { - // If there's some other error, we'll reject - // So, we just continue on, - AUTH_TOKEN will not be set. - } - - if (token != null) { - req.put(AUTH_TOKEN,token); - } - - return authenticationFailed; - } - - private boolean areFingerprintsEqual(IRequest req, Hashtable<String, byte[]> fingerprints) - { - - Hashtable<String, Object> old_fprints = req.getExtDataInHashtable(IRequest.FINGERPRINTS); - if (old_fprints == null) { return false; } - - byte[] old_md5 = CMS.AtoB((String) old_fprints.get("MD5")); - byte[] new_md5 = (byte[]) fingerprints.get("MD5"); - - if (old_md5.length != new_md5.length) return false; - - for (int i=0;i<old_md5.length; i++) { - if (old_md5[i] != new_md5[i]) return false; - } - return true; - } - - public X509CertImpl handlePKCSReq(HttpServletRequest httpReq, - IRequest cmsRequest, CRSPKIMessage req, - CRSPKIMessage crsResp, CryptoContext cx) - throws ServletException, + private boolean authenticateUser(CRSPKIMessage req) { + boolean authenticationFailed = true; + + if (mAuthManagerName == null) { + return false; + } + + String password = (String) req.get(AUTH_PASSWORD); + + AuthCredentials authCreds = (AuthCredentials) req.get(AUTH_CREDS); + + if (authCreds == null) { + authCreds = new AuthCredentials(); + } + + // authtoken starts as null + AuthToken token = null; + + if (password != null && !password.equals("")) { + try { + authCreds.set(AUTH_PASSWORD, password); + } catch (Exception e) { + } + } + + try { + token = (AuthToken) mAuthSubsystem.authenticate(authCreds, mAuthManagerName); + authCreds.delete(AUTH_PASSWORD); + // if we got here, the authenticate call must not have thrown + // an exception + authenticationFailed = false; + } catch (EInvalidCredentials ex) { + // Invalid credentials - we must reject the request + authenticationFailed = true; + } catch (EMissingCredential mc) { + // Misssing credential - we'll log, and process manually + authenticationFailed = false; + } catch (EBaseException ex) { + // If there's some other error, we'll reject + // So, we just continue on, - AUTH_TOKEN will not be set. + } + + if (token != null) { + req.put(AUTH_TOKEN, token); + } + + return authenticationFailed; + } + + private boolean areFingerprintsEqual(IRequest req, Hashtable<String, byte[]> fingerprints) { + + Hashtable<String, Object> old_fprints = req.getExtDataInHashtable(IRequest.FINGERPRINTS); + if (old_fprints == null) { + return false; + } + + byte[] old_md5 = CMS.AtoB((String) old_fprints.get("MD5")); + byte[] new_md5 = (byte[]) fingerprints.get("MD5"); + + if (old_md5.length != new_md5.length) + return false; + + for (int i = 0; i < old_md5.length; i++) { + if (old_md5[i] != new_md5[i]) + return false; + } + return true; + } + + public X509CertImpl handlePKCSReq(HttpServletRequest httpReq, + IRequest cmsRequest, CRSPKIMessage req, + CRSPKIMessage crsResp, CryptoContext cx) + throws ServletException, CryptoManager.NotInitializedException, CRSFailureException { - try { - unwrapPKCS10(req,cx); - Hashtable<String, byte[]> fingerprints = makeFingerPrints(req); - - if (cmsRequest != null) { - if (areFingerprintsEqual(cmsRequest, fingerprints)) { - CMS.debug("created response from request"); - return makeResponseFromRequest(req,crsResp,cmsRequest); - } - else { - CMS.debug("duplicated transaction id"); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ENROLL_FAIL_DUP_TRANS_ID")); - crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badRequest); - crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); - return null; - } - } - - getDetailFromRequest(req,crsResp); - boolean authFailed = authenticateUser(req); - - if (authFailed) { - CMS.debug("authentication failed"); - log(ILogger.LL_SECURITY, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_AUTH")); - crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badIdentity); - crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); - - - // perform audit log - String auditMessage = CMS.getLogMessage( + try { + unwrapPKCS10(req, cx); + Hashtable<String, byte[]> fingerprints = makeFingerPrints(req); + + if (cmsRequest != null) { + if (areFingerprintsEqual(cmsRequest, fingerprints)) { + CMS.debug("created response from request"); + return makeResponseFromRequest(req, crsResp, cmsRequest); + } else { + CMS.debug("duplicated transaction id"); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ENROLL_FAIL_DUP_TRANS_ID")); + crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badRequest); + crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); + return null; + } + } + + getDetailFromRequest(req, crsResp); + boolean authFailed = authenticateUser(req); + + if (authFailed) { + CMS.debug("authentication failed"); + log(ILogger.LL_SECURITY, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_AUTH")); + crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badIdentity); + crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); + + // perform audit log + String auditMessage = CMS.getLogMessage( "LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST_5", httpReq.getRemoteAddr(), ILogger.FAILURE, req.getTransactionID(), "CRSEnrollment", ILogger.SIGNED_AUDIT_EMPTY_VALUE); - ILogger signedAuditLogger = CMS.getSignedAuditLogger(); - if (signedAuditLogger != null) { - signedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, auditMessage); - } - - return null; - } - else { - IRequest ireq = postRequest(httpReq, req,crsResp); - - - CMS.debug("created response"); - return makeResponseFromRequest(req,crsResp, ireq); - } - } catch (CryptoContext.CryptoContextException e) { - CMS.debug("failed to decrypt the request " + e); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_DECRYPT_PKCS10", - e.getMessage())); - crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck); - crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); - } catch (EBaseException e) { - CMS.debug("operation failure - " + e); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERNOLL_FAIL_NO_NEW_REQUEST_POSTED", - e.getMessage())); - crsResp.setFailInfo(CRSPKIMessage.mFailInfo_internalCAError); - crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); - } - return null; - } - - -////// post the request - -/* - needed: - - token (authtoken) - certInfo - fingerprints x - req.transactionID - crsResp -*/ - -private IRequest postRequest(HttpServletRequest httpReq, CRSPKIMessage req, CRSPKIMessage crsResp) -throws EBaseException { - X500Name subject = (X500Name)req.get(SUBJECTNAME); - - if (mCreateEntry) { - if (subject == null) { - CMS.debug( "CRSEnrollment::postRequest() - subject is null!" ); - return null; - } - createEntry(subject.toString()); - } - - // use profile framework to handle SCEP - if (mProfileId != null) { - PKCS10 pkcs10data = req.getP10(); - String pkcs10blob = CMS.BtoA(pkcs10data.toByteArray()); - - // XXX authentication handling - CMS.debug("Found profile=" + mProfileId); - IProfile profile = mProfileSubsystem.getProfile(mProfileId); - if (profile == null) { - CMS.debug("profile " + mProfileId + " not found"); - return null; - } - IProfileContext ctx = profile.createContext(); - - IProfileAuthenticator authenticator = null; - try { - CMS.debug("Retrieving authenticator"); - authenticator = profile.getAuthenticator(); + ILogger signedAuditLogger = CMS.getSignedAuditLogger(); + if (signedAuditLogger != null) { + signedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, + null, ILogger.S_SIGNED_AUDIT, + ILogger.LL_SECURITY, auditMessage); + } + + return null; + } else { + IRequest ireq = postRequest(httpReq, req, crsResp); + + CMS.debug("created response"); + return makeResponseFromRequest(req, crsResp, ireq); + } + } catch (CryptoContext.CryptoContextException e) { + CMS.debug("failed to decrypt the request " + e); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_DECRYPT_PKCS10", + e.getMessage())); + crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck); + crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); + } catch (EBaseException e) { + CMS.debug("operation failure - " + e); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERNOLL_FAIL_NO_NEW_REQUEST_POSTED", + e.getMessage())); + crsResp.setFailInfo(CRSPKIMessage.mFailInfo_internalCAError); + crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); + } + return null; + } + + // //// post the request + + /* + * needed: + * + * token (authtoken) certInfo fingerprints x req.transactionID crsResp + */ + + private IRequest postRequest(HttpServletRequest httpReq, CRSPKIMessage req, CRSPKIMessage crsResp) + throws EBaseException { + X500Name subject = (X500Name) req.get(SUBJECTNAME); + + if (mCreateEntry) { + if (subject == null) { + CMS.debug("CRSEnrollment::postRequest() - subject is null!"); + return null; + } + createEntry(subject.toString()); + } + + // use profile framework to handle SCEP + if (mProfileId != null) { + PKCS10 pkcs10data = req.getP10(); + String pkcs10blob = CMS.BtoA(pkcs10data.toByteArray()); + + // XXX authentication handling + CMS.debug("Found profile=" + mProfileId); + IProfile profile = mProfileSubsystem.getProfile(mProfileId); + if (profile == null) { + CMS.debug("profile " + mProfileId + " not found"); + return null; + } + IProfileContext ctx = profile.createContext(); + + IProfileAuthenticator authenticator = null; + try { + CMS.debug("Retrieving authenticator"); + authenticator = profile.getAuthenticator(); + if (authenticator == null) { + CMS.debug("No authenticator Found"); + } else { + CMS.debug("Got authenticator=" + authenticator.getClass().getName()); + } + } catch (EProfileException e) { + // authenticator not installed correctly + } + + IAuthToken authToken = null; + + // for ssl authentication; pass in servlet for retrieving + // ssl client certificates + SessionContext context = SessionContext.getContext(); + + // insert profile context so that input parameter can be retrieved + context.put("profileContext", ctx); + context.put("sslClientCertProvider", + new SSLClientCertProvider(httpReq)); + + String p10Password = getPasswordFromP10(pkcs10data); + AuthCredentials credentials = new AuthCredentials(); + credentials.set("UID", httpReq.getRemoteAddr()); + credentials.set("PWD", p10Password); + if (authenticator == null) { - CMS.debug("No authenticator Found"); + // XXX - to help caRouterCert to work, we need to + // add authentication to caRouterCert + authToken = new AuthToken(null); } else { - CMS.debug("Got authenticator=" + authenticator.getClass().getName()); + authToken = authenticate(credentials, authenticator, httpReq); } - } catch (EProfileException e) { - // authenticator not installed correctly - } - - IAuthToken authToken = null; - - // for ssl authentication; pass in servlet for retrieving - // ssl client certificates - SessionContext context = SessionContext.getContext(); - - - // insert profile context so that input parameter can be retrieved - context.put("profileContext", ctx); - context.put("sslClientCertProvider", - new SSLClientCertProvider(httpReq)); - - String p10Password = getPasswordFromP10(pkcs10data); - AuthCredentials credentials = new AuthCredentials(); - credentials.set("UID", httpReq.getRemoteAddr()); - credentials.set("PWD", p10Password); - - if (authenticator == null) { - // XXX - to help caRouterCert to work, we need to - // add authentication to caRouterCert - authToken = new AuthToken(null); - } else { - authToken = authenticate(credentials, authenticator, httpReq); - } - - IRequest reqs[] = null; - CMS.debug("CRSEnrollment: Creating profile requests"); - ctx.set(IEnrollProfile.CTX_CERT_REQUEST_TYPE, "pkcs10"); - ctx.set(IEnrollProfile.CTX_CERT_REQUEST, pkcs10blob); - Locale locale = Locale.getDefault(); - reqs = profile.createRequests(ctx, locale); - if (reqs == null) { - CMS.debug("CRSEnrollment: No request has been created"); - return null; - } else { - CMS.debug("CRSEnrollment: Request (" + reqs.length + ") have been created"); - } - // set transaction id - reqs[0].setSourceId(req.getTransactionID()); - reqs[0].setExtData("profile", "true"); - reqs[0].setExtData("profileId", mProfileId); - reqs[0].setExtData(IEnrollProfile.CTX_CERT_REQUEST_TYPE, IEnrollProfile.REQ_TYPE_PKCS10); - reqs[0].setExtData(IEnrollProfile.CTX_CERT_REQUEST, pkcs10blob); - reqs[0].setExtData("requestor_name", ""); - reqs[0].setExtData("requestor_email", ""); - reqs[0].setExtData("requestor_phone", ""); - reqs[0].setExtData("profileRemoteHost", httpReq.getRemoteHost()); - reqs[0].setExtData("profileRemoteAddr", httpReq.getRemoteAddr()); - reqs[0].setExtData("profileApprovedBy", profile.getApprovedBy()); - - CMS.debug("CRSEnrollment: Populating inputs"); - profile.populateInput(ctx, reqs[0]); - CMS.debug("CRSEnrollment: Populating requests"); - profile.populate(reqs[0]); - - CMS.debug("CRSEnrollment: Submitting request"); - profile.submit(authToken, reqs[0]); - CMS.debug("CRSEnrollment: Done submitting request"); - profile.getRequestQueue().markAsServiced(reqs[0]); - CMS.debug("CRSEnrollment: Request marked as serviced"); - - return reqs[0]; - - } - - IRequestQueue rq = ca.getRequestQueue(); - IRequest pkiReq = rq.newRequest(IRequest.ENROLLMENT_REQUEST); - - AuthToken token = (AuthToken) req.get(AUTH_TOKEN); - if (token != null) { - pkiReq.setExtData(IRequest.AUTH_TOKEN,token); - } - - pkiReq.setExtData(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE, IRequest.CEP_CERT); - X509CertInfo certInfo = (X509CertInfo) req.get(CERTINFO); - pkiReq.setExtData(IRequest.CERT_INFO, new X509CertInfo[] { certInfo } ); - pkiReq.setExtData("cepsubstore", mSubstoreName); - - try { - String chpwd = (String)req.get(ChallengePassword.NAME); - if (chpwd != null) { - pkiReq.setExtData("challengePhrase", - chpwd ); - } - } catch (Exception pwex) { - } - - Hashtable<?, ?> fingerprints = (Hashtable<?, ?>)req.get(IRequest.FINGERPRINTS); - if (fingerprints.size() > 0) { - Hashtable<String, String> encodedPrints = new Hashtable<String, String>(fingerprints.size()); - Enumeration<?> e = fingerprints.keys(); - while (e.hasMoreElements()) { - String key = (String)e.nextElement(); - byte[] value = (byte[])fingerprints.get(key); - encodedPrints.put(key, CMS.BtoA(value)); - } - pkiReq.setExtData(IRequest.FINGERPRINTS, encodedPrints); - } - - pkiReq.setSourceId(req.getTransactionID()); - - rq.processRequest(pkiReq); - - crsResp.setPKIStatus(CRSPKIMessage.mStatus_SUCCESS); - - mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + + IRequest reqs[] = null; + CMS.debug("CRSEnrollment: Creating profile requests"); + ctx.set(IEnrollProfile.CTX_CERT_REQUEST_TYPE, "pkcs10"); + ctx.set(IEnrollProfile.CTX_CERT_REQUEST, pkcs10blob); + Locale locale = Locale.getDefault(); + reqs = profile.createRequests(ctx, locale); + if (reqs == null) { + CMS.debug("CRSEnrollment: No request has been created"); + return null; + } else { + CMS.debug("CRSEnrollment: Request (" + reqs.length + ") have been created"); + } + // set transaction id + reqs[0].setSourceId(req.getTransactionID()); + reqs[0].setExtData("profile", "true"); + reqs[0].setExtData("profileId", mProfileId); + reqs[0].setExtData(IEnrollProfile.CTX_CERT_REQUEST_TYPE, IEnrollProfile.REQ_TYPE_PKCS10); + reqs[0].setExtData(IEnrollProfile.CTX_CERT_REQUEST, pkcs10blob); + reqs[0].setExtData("requestor_name", ""); + reqs[0].setExtData("requestor_email", ""); + reqs[0].setExtData("requestor_phone", ""); + reqs[0].setExtData("profileRemoteHost", httpReq.getRemoteHost()); + reqs[0].setExtData("profileRemoteAddr", httpReq.getRemoteAddr()); + reqs[0].setExtData("profileApprovedBy", profile.getApprovedBy()); + + CMS.debug("CRSEnrollment: Populating inputs"); + profile.populateInput(ctx, reqs[0]); + CMS.debug("CRSEnrollment: Populating requests"); + profile.populate(reqs[0]); + + CMS.debug("CRSEnrollment: Submitting request"); + profile.submit(authToken, reqs[0]); + CMS.debug("CRSEnrollment: Done submitting request"); + profile.getRequestQueue().markAsServiced(reqs[0]); + CMS.debug("CRSEnrollment: Request marked as serviced"); + + return reqs[0]; + + } + + IRequestQueue rq = ca.getRequestQueue(); + IRequest pkiReq = rq.newRequest(IRequest.ENROLLMENT_REQUEST); + + AuthToken token = (AuthToken) req.get(AUTH_TOKEN); + if (token != null) { + pkiReq.setExtData(IRequest.AUTH_TOKEN, token); + } + + pkiReq.setExtData(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE, IRequest.CEP_CERT); + X509CertInfo certInfo = (X509CertInfo) req.get(CERTINFO); + pkiReq.setExtData(IRequest.CERT_INFO, new X509CertInfo[] { certInfo }); + pkiReq.setExtData("cepsubstore", mSubstoreName); + + try { + String chpwd = (String) req.get(ChallengePassword.NAME); + if (chpwd != null) { + pkiReq.setExtData("challengePhrase", + chpwd); + } + } catch (Exception pwex) { + } + + Hashtable<?, ?> fingerprints = (Hashtable<?, ?>) req.get(IRequest.FINGERPRINTS); + if (fingerprints.size() > 0) { + Hashtable<String, String> encodedPrints = new Hashtable<String, String>(fingerprints.size()); + Enumeration<?> e = fingerprints.keys(); + while (e.hasMoreElements()) { + String key = (String) e.nextElement(); + byte[] value = (byte[]) fingerprints.get(key); + encodedPrints.put(key, CMS.BtoA(value)); + } + pkiReq.setExtData(IRequest.FINGERPRINTS, encodedPrints); + } + + pkiReq.setSourceId(req.getTransactionID()); + + rq.processRequest(pkiReq); + + crsResp.setPKIStatus(CRSPKIMessage.mStatus_SUCCESS); + + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, AuditFormat.LEVEL, AuditFormat.ENROLLMENTFORMAT, new Object[] { - pkiReq.getRequestId(), - AuditFormat.FROMROUTER, - mAuthManagerName == null ? AuditFormat.NOAUTH : mAuthManagerName, - "pending", - subject , - ""} + pkiReq.getRequestId(), + AuditFormat.FROMROUTER, + mAuthManagerName == null ? AuditFormat.NOAUTH : mAuthManagerName, + "pending", + subject, + "" } ); - - return pkiReq; - } - + return pkiReq; + } - public Hashtable<String, byte[]> makeFingerPrints(CRSPKIMessage req) { + public Hashtable<String, byte[]> makeFingerPrints(CRSPKIMessage req) { Hashtable<String, byte[]> fingerprints = new Hashtable<String, byte[]>(); MessageDigest md; - String[] hashes = new String[] {"MD2", "MD5", "SHA1", "SHA256", "SHA512"}; - PKCS10 p10 = (PKCS10)req.getP10(); + String[] hashes = new String[] { "MD2", "MD5", "SHA1", "SHA256", "SHA512" }; + PKCS10 p10 = (PKCS10) req.getP10(); - for (int i=0;i<hashes.length;i++) { - try { - md = MessageDigest.getInstance(hashes[i]); - md.update(p10.getCertRequestInfo()); - fingerprints.put(hashes[i],md.digest()); - } - catch (NoSuchAlgorithmException nsa) {} + for (int i = 0; i < hashes.length; i++) { + try { + md = MessageDigest.getInstance(hashes[i]); + md.update(p10.getCertRequestInfo()); + fingerprints.put(hashes[i], md.digest()); + } catch (NoSuchAlgorithmException nsa) { + } } - if (fingerprints != null) { - req.put(IRequest.FINGERPRINTS,fingerprints); - } - return fingerprints; - } - - - // Take a look to see if the request was successful, and fill - // in the response message + if (fingerprints != null) { + req.put(IRequest.FINGERPRINTS, fingerprints); + } + return fingerprints; + } + // Take a look to see if the request was successful, and fill + // in the response message - private X509CertImpl makeResponseFromRequest(CRSPKIMessage crsReq, CRSPKIMessage crsResp, - IRequest pkiReq) - { + private X509CertImpl makeResponseFromRequest(CRSPKIMessage crsReq, CRSPKIMessage crsResp, + IRequest pkiReq) { - X509CertImpl issuedCert=null; + X509CertImpl issuedCert = null; RequestStatus status = pkiReq.getRequestStatus(); String profileId = pkiReq.getExtDataInString("profileId"); if (profileId != null) { - CMS.debug("CRSEnrollment: Found profile request"); - X509CertImpl cert = - pkiReq.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT); - if (cert == null) { - CMS.debug("CRSEnrollment: No certificate has been found"); - } else { - CMS.debug("CRSEnrollment: Found certificate"); - } - crsResp.setPKIStatus(CRSPKIMessage.mStatus_SUCCESS); - return cert; + CMS.debug("CRSEnrollment: Found profile request"); + X509CertImpl cert = + pkiReq.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT); + if (cert == null) { + CMS.debug("CRSEnrollment: No certificate has been found"); + } else { + CMS.debug("CRSEnrollment: Found certificate"); + } + crsResp.setPKIStatus(CRSPKIMessage.mStatus_SUCCESS); + return cert; } - - if ( status.equals(RequestStatus.COMPLETE)) { + if (status.equals(RequestStatus.COMPLETE)) { Integer success = pkiReq.getExtDataInInteger(IRequest.RESULT); - if (success.equals(IRequest.RES_SUCCESS)) { // The cert was issued, lets send it back to the router X509CertImpl[] issuedCertBuf = - pkiReq.getExtDataInCertArray(IRequest.ISSUED_CERTS); + pkiReq.getExtDataInCertArray(IRequest.ISSUED_CERTS); if (issuedCertBuf == null || issuedCertBuf.length == 0) { - // writeError("Internal Error: Bad operation",httpReq,httpResp); - CMS.debug( "CRSEnrollment::makeResponseFromRequest() - " + - "Bad operation" ); + // writeError("Internal Error: Bad operation",httpReq,httpResp); + CMS.debug("CRSEnrollment::makeResponseFromRequest() - " + + "Bad operation"); return null; } issuedCert = issuedCertBuf[0]; crsResp.setPKIStatus(CRSPKIMessage.mStatus_SUCCESS); - - } - else { // status is not 'success' - there must've been a problem - + + } else { // status is not 'success' - there must've been a problem + crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badAlg); } - } - else if (status.equals(RequestStatus.REJECTED_STRING) || + } else if (status.equals(RequestStatus.REJECTED_STRING) || status.equals(RequestStatus.CANCELED_STRING)) { - crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); - crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badRequest); - } - else { // not complete + crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); + crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badRequest); + } else { // not complete crsResp.setPKIStatus(CRSPKIMessage.mStatus_PENDING); } return issuedCert; } + protected String hashPassword(String pwd) { + String salt = "lala123"; + byte[] pwdDigest = mSHADigest.digest((salt + pwd).getBytes()); + String b64E = com.netscape.osutil.OSUtil.BtoA(pwdDigest); + return "{SHA}" + b64E; + } + /** + * Make the CRSPKIMESSAGE response + */ + private void processCertRep(CryptoContext cx, + X509CertImpl issuedCert, + CRSPKIMessage crsResp, + CRSPKIMessage crsReq) + throws CRSFailureException { + byte[] msgdigest = null; + byte[] encryptedDesKey = null; + try { + if (issuedCert != null) { + SymmetricKey sk; + SymmetricKey skinternal; - protected String hashPassword(String pwd) { - String salt = "lala123"; - byte[] pwdDigest = mSHADigest.digest((salt+pwd).getBytes()); - String b64E = com.netscape.osutil.OSUtil.BtoA(pwdDigest); - return "{SHA}"+b64E; - } + KeyGenAlgorithm kga = KeyGenAlgorithm.DES; + EncryptionAlgorithm ea = EncryptionAlgorithm.DES_CBC; + if (mEncryptionAlgorithm != null && mEncryptionAlgorithm.equals("DES3")) { + kga = KeyGenAlgorithm.DES3; + ea = EncryptionAlgorithm.DES3_CBC; + } + // 1. Make the Degenerated PKCS7 with the recipient's + // certificate in it + byte toBeEncrypted[] = + crsResp.makeSignedRep(1, // version + issuedCert.getEncoded() + ); + // 2. Encrypt the above byte array with a new random DES key - /** - * Make the CRSPKIMESSAGE response - */ + sk = cx.getDESKeyGenerator().generate(); + skinternal = cx.getInternalToken().getKeyGenerator(kga).clone(sk); - private void processCertRep(CryptoContext cx, - X509CertImpl issuedCert, - CRSPKIMessage crsResp, - CRSPKIMessage crsReq) - throws CRSFailureException { - byte[] msgdigest = null; - byte[] encryptedDesKey = null; - - try { - if (issuedCert != null) { - - SymmetricKey sk; - SymmetricKey skinternal; - - KeyGenAlgorithm kga = KeyGenAlgorithm.DES; - EncryptionAlgorithm ea = EncryptionAlgorithm.DES_CBC; - if (mEncryptionAlgorithm != null && mEncryptionAlgorithm.equals("DES3")) { - kga = KeyGenAlgorithm.DES3; - ea = EncryptionAlgorithm.DES3_CBC; - } - - // 1. Make the Degenerated PKCS7 with the recipient's certificate in it - - byte toBeEncrypted[] = - crsResp.makeSignedRep(1, // version - issuedCert.getEncoded() - ); - - // 2. Encrypt the above byte array with a new random DES key - - sk = cx.getDESKeyGenerator().generate(); - - skinternal = cx.getInternalToken().getKeyGenerator(kga).clone(sk); - - byte[] padded = Cipher.pad(toBeEncrypted, ea.getBlockSize()); - - - // This should be changed to generate proper DES IV. - - Cipher cipher = cx.getInternalToken().getCipherContext(ea); - IVParameterSpec desIV = - new IVParameterSpec(new byte[]{ - (byte)0xff, (byte)0x00, - (byte)0xff, (byte)0x00, - (byte)0xff, (byte)0x00, - (byte)0xff, (byte)0x00 } ); - - cipher.initEncrypt(sk,desIV); - byte[] encryptedData = cipher.doFinal(padded); - - crsResp.makeEncryptedContentInfo(desIV.getIV(),encryptedData, mEncryptionAlgorithm); - - // 3. Extract the recipient's public key - - PublicKey rcpPK = crsReq.getSignerPublicKey(); - - - // 4. Encrypt the DES key with the public key - - // we have to move the key onto the interal token. - //skinternal = cx.getInternalKeyStorageToken().cloneKey(sk); - skinternal = cx.getInternalToken().cloneKey(sk); - - KeyWrapper kw = cx.getInternalKeyWrapper(); - kw.initWrap(rcpPK, null); - encryptedDesKey = kw.wrap(skinternal); - - crsResp.setRcpIssuerAndSerialNumber(crsReq.getSgnIssuerAndSerialNumber()); - crsResp.makeRecipientInfo(0, encryptedDesKey ); - - } - - - byte[] ed = crsResp.makeEnvelopedData(0); - - // 7. Make Digest of SignedData Content - MessageDigest md = MessageDigest.getInstance(mHashAlgorithm); - msgdigest = md.digest(ed); - - crsResp.setMsgDigest(msgdigest); - - } - - catch (Exception e) { - throw new CRSFailureException("Failed to create inner response to CEP message: "+e.getMessage()); - } - - - // 5. Make a RecipientInfo - - // The issuer name & serial number here, should be that of - // the EE's self-signed Certificate - // [I can get it from the req blob, but later, I should - // store the recipient's self-signed certificate with the request - // so I can get at it later. I need to do this to support - // 'PENDING'] - - - try { - - // 8. Make Authenticated Attributes - // we can just pull the transaction ID out of the request. - // Later, we will have to put it out of the Request queue, - // so we can support PENDING - crsResp.setTransactionID(crsReq.getTransactionID()); - // recipientNonce and SenderNonce have already been set - - crsResp.makeAuthenticatedAttributes(); - // crsResp.makeAuthenticatedAttributes_old(); - - - - // now package up the rest of the SignerInfo - { - byte[] signingcertbytes = cx.getSigningCert().getEncoded(); - - - Certificate.Template sgncert_t = new Certificate.Template(); - Certificate sgncert = - (Certificate) sgncert_t.decode(new ByteArrayInputStream(signingcertbytes)); - - IssuerAndSerialNumber sgniasn = - new IssuerAndSerialNumber(sgncert.getInfo().getIssuer(), + byte[] padded = Cipher.pad(toBeEncrypted, ea.getBlockSize()); + + // This should be changed to generate proper DES IV. + + Cipher cipher = cx.getInternalToken().getCipherContext(ea); + IVParameterSpec desIV = + new IVParameterSpec(new byte[] { + (byte) 0xff, (byte) 0x00, + (byte) 0xff, (byte) 0x00, + (byte) 0xff, (byte) 0x00, + (byte) 0xff, (byte) 0x00 }); + + cipher.initEncrypt(sk, desIV); + byte[] encryptedData = cipher.doFinal(padded); + + crsResp.makeEncryptedContentInfo(desIV.getIV(), encryptedData, mEncryptionAlgorithm); + + // 3. Extract the recipient's public key + + PublicKey rcpPK = crsReq.getSignerPublicKey(); + + // 4. Encrypt the DES key with the public key + + // we have to move the key onto the interal token. + // skinternal = cx.getInternalKeyStorageToken().cloneKey(sk); + skinternal = cx.getInternalToken().cloneKey(sk); + + KeyWrapper kw = cx.getInternalKeyWrapper(); + kw.initWrap(rcpPK, null); + encryptedDesKey = kw.wrap(skinternal); + + crsResp.setRcpIssuerAndSerialNumber(crsReq.getSgnIssuerAndSerialNumber()); + crsResp.makeRecipientInfo(0, encryptedDesKey); + + } + + byte[] ed = crsResp.makeEnvelopedData(0); + + // 7. Make Digest of SignedData Content + MessageDigest md = MessageDigest.getInstance(mHashAlgorithm); + msgdigest = md.digest(ed); + + crsResp.setMsgDigest(msgdigest); + + } + + catch (Exception e) { + throw new CRSFailureException("Failed to create inner response to CEP message: " + e.getMessage()); + } + + // 5. Make a RecipientInfo + + // The issuer name & serial number here, should be that of + // the EE's self-signed Certificate + // [I can get it from the req blob, but later, I should + // store the recipient's self-signed certificate with the request + // so I can get at it later. I need to do this to support + // 'PENDING'] + + try { + + // 8. Make Authenticated Attributes + // we can just pull the transaction ID out of the request. + // Later, we will have to put it out of the Request queue, + // so we can support PENDING + crsResp.setTransactionID(crsReq.getTransactionID()); + // recipientNonce and SenderNonce have already been set + + crsResp.makeAuthenticatedAttributes(); + // crsResp.makeAuthenticatedAttributes_old(); + + // now package up the rest of the SignerInfo + { + byte[] signingcertbytes = cx.getSigningCert().getEncoded(); + + Certificate.Template sgncert_t = new Certificate.Template(); + Certificate sgncert = + (Certificate) sgncert_t.decode(new ByteArrayInputStream(signingcertbytes)); + + IssuerAndSerialNumber sgniasn = + new IssuerAndSerialNumber(sgncert.getInfo().getIssuer(), sgncert.getInfo().getSerialNumber()); - - crsResp.setSgnIssuerAndSerialNumber(sgniasn); - - // 10. Make SignerInfo - crsResp.makeSignerInfo(1, cx.getPrivateKey(), mHashAlgorithm); - - // 11. Make SignedData - crsResp.makeSignedData(1, signingcertbytes, mHashAlgorithm); - - crsResp.debug(); - } - } - catch (Exception e) { - throw new CRSFailureException("Failed to create outer response to CEP request: "+e.getMessage()); - } - - - // if debugging, dump out the response into a file - - } - - - - class CryptoContext { - private CryptoManager cm; - private CryptoToken internalToken; - private CryptoToken keyStorageToken; - private CryptoToken internalKeyStorageToken; - private KeyGenerator DESkg; - private Enumeration<?> externalTokens = null; - private org.mozilla.jss.crypto.X509Certificate signingCert; - private org.mozilla.jss.crypto.PrivateKey signingCertPrivKey; - private int signingCertKeySize = 0; - - - class CryptoContextException extends Exception { - /** + + crsResp.setSgnIssuerAndSerialNumber(sgniasn); + + // 10. Make SignerInfo + crsResp.makeSignerInfo(1, cx.getPrivateKey(), mHashAlgorithm); + + // 11. Make SignedData + crsResp.makeSignedData(1, signingcertbytes, mHashAlgorithm); + + crsResp.debug(); + } + } catch (Exception e) { + throw new CRSFailureException("Failed to create outer response to CEP request: " + e.getMessage()); + } + + // if debugging, dump out the response into a file + + } + + class CryptoContext { + private CryptoManager cm; + private CryptoToken internalToken; + private CryptoToken keyStorageToken; + private CryptoToken internalKeyStorageToken; + private KeyGenerator DESkg; + private Enumeration<?> externalTokens = null; + private org.mozilla.jss.crypto.X509Certificate signingCert; + private org.mozilla.jss.crypto.PrivateKey signingCertPrivKey; + private int signingCertKeySize = 0; + + class CryptoContextException extends Exception { + /** * */ - private static final long serialVersionUID = -1124116326126256475L; - public CryptoContextException() { super(); } - public CryptoContextException(String s) { super(s); } - } + private static final long serialVersionUID = -1124116326126256475L; - public CryptoContext() - throws CryptoContextException - { - try { - KeyGenAlgorithm kga = KeyGenAlgorithm.DES; - if (mEncryptionAlgorithm != null && mEncryptionAlgorithm.equals("DES3")) { - kga = KeyGenAlgorithm.DES3; - } - cm = CryptoManager.getInstance(); - internalToken = cm.getInternalCryptoToken(); - DESkg = internalToken.getKeyGenerator(kga); - if (mTokenName.equalsIgnoreCase(Constants.PR_INTERNAL_TOKEN) || - mTokenName.equalsIgnoreCase("Internal Key Storage Token") || - mTokenName.length() == 0) { - keyStorageToken = cm.getInternalKeyStorageToken(); - internalKeyStorageToken = keyStorageToken; - CMS.debug("CRSEnrollment: CryptoContext: internal token name: '"+mTokenName+"'"); - } else { - keyStorageToken = cm.getTokenByName(mTokenName); - internalKeyStorageToken = null; - } - if (!mUseCA && internalKeyStorageToken == null) { - PasswordCallback cb = CMS.getPasswordCallback(); - keyStorageToken.login(cb); // ONE_TIME by default. - } - signingCert = cm.findCertByNickname(mNickname); - signingCertPrivKey = cm.findPrivKeyByCert(signingCert); - byte[] encPubKeyInfo = signingCert.getPublicKey().getEncoded(); - SEQUENCE.Template outer = SEQUENCE.getTemplate(); - outer.addElement( ANY.getTemplate() ); // algid - outer.addElement( BIT_STRING.getTemplate() ); - SEQUENCE outerSeq = (SEQUENCE) ASN1Util.decode(outer, encPubKeyInfo); - BIT_STRING bs = (BIT_STRING) outerSeq.elementAt(1); - byte[] encPubKey = bs.getBits(); - if( bs.getPadCount() != 0) { - throw new CryptoContextException("Internal error: Invalid Public key. Not an integral number of bytes."); - } - SEQUENCE.Template inner = new SEQUENCE.Template(); - inner.addElement( INTEGER.getTemplate()); - inner.addElement( INTEGER.getTemplate()); - SEQUENCE pubKeySeq = (SEQUENCE) ASN1Util.decode(inner, encPubKey); - INTEGER modulus = (INTEGER) pubKeySeq.elementAt(0); - signingCertKeySize = modulus.bitLength(); - - try { - FileOutputStream fos = new FileOutputStream("pubkey.der"); - fos.write(signingCert.getPublicKey().getEncoded()); - fos.close(); - } catch (Exception e) {} - - } - catch (InvalidBERException e) { - throw new CryptoContextException("Internal Error: Bad internal Certificate Representation. Not a valid RSA-signed certificate"); - } - catch (CryptoManager.NotInitializedException e) { - throw new CryptoContextException("Crypto Manager not initialized"); - } - catch (NoSuchAlgorithmException e) { - throw new CryptoContextException("Cannot create DES key generator"); - } - catch (ObjectNotFoundException e) { - throw new CryptoContextException("Certificate not found: "+ca.getNickname()); - } - catch (TokenException e) { - throw new CryptoContextException("Problem with Crypto Token: "+e.getMessage()); - } - catch (NoSuchTokenException e) { - throw new CryptoContextException("Crypto Token not found: "+e.getMessage()); - } - catch (IncorrectPasswordException e) { - throw new CryptoContextException("Incorrect Password."); - } - } - - - public KeyGenerator getDESKeyGenerator() { - return DESkg; - } + public CryptoContextException() { + super(); + } - public CryptoToken getInternalToken() { - return internalToken; - } + public CryptoContextException(String s) { + super(s); + } + } - public void setExternalTokens( Enumeration<?> tokens ) { - externalTokens = tokens; - } + public CryptoContext() + throws CryptoContextException { + try { + KeyGenAlgorithm kga = KeyGenAlgorithm.DES; + if (mEncryptionAlgorithm != null && mEncryptionAlgorithm.equals("DES3")) { + kga = KeyGenAlgorithm.DES3; + } + cm = CryptoManager.getInstance(); + internalToken = cm.getInternalCryptoToken(); + DESkg = internalToken.getKeyGenerator(kga); + if (mTokenName.equalsIgnoreCase(Constants.PR_INTERNAL_TOKEN) || + mTokenName.equalsIgnoreCase("Internal Key Storage Token") || + mTokenName.length() == 0) { + keyStorageToken = cm.getInternalKeyStorageToken(); + internalKeyStorageToken = keyStorageToken; + CMS.debug("CRSEnrollment: CryptoContext: internal token name: '" + mTokenName + "'"); + } else { + keyStorageToken = cm.getTokenByName(mTokenName); + internalKeyStorageToken = null; + } + if (!mUseCA && internalKeyStorageToken == null) { + PasswordCallback cb = CMS.getPasswordCallback(); + keyStorageToken.login(cb); // ONE_TIME by default. + } + signingCert = cm.findCertByNickname(mNickname); + signingCertPrivKey = cm.findPrivKeyByCert(signingCert); + byte[] encPubKeyInfo = signingCert.getPublicKey().getEncoded(); + SEQUENCE.Template outer = SEQUENCE.getTemplate(); + outer.addElement(ANY.getTemplate()); // algid + outer.addElement(BIT_STRING.getTemplate()); + SEQUENCE outerSeq = (SEQUENCE) ASN1Util.decode(outer, encPubKeyInfo); + BIT_STRING bs = (BIT_STRING) outerSeq.elementAt(1); + byte[] encPubKey = bs.getBits(); + if (bs.getPadCount() != 0) { + throw new CryptoContextException("Internal error: Invalid Public key. Not an integral number of bytes."); + } + SEQUENCE.Template inner = new SEQUENCE.Template(); + inner.addElement(INTEGER.getTemplate()); + inner.addElement(INTEGER.getTemplate()); + SEQUENCE pubKeySeq = (SEQUENCE) ASN1Util.decode(inner, encPubKey); + INTEGER modulus = (INTEGER) pubKeySeq.elementAt(0); + signingCertKeySize = modulus.bitLength(); - public Enumeration<?> getExternalTokens() { - return externalTokens; - } + try { + FileOutputStream fos = new FileOutputStream("pubkey.der"); + fos.write(signingCert.getPublicKey().getEncoded()); + fos.close(); + } catch (Exception e) { + } - public CryptoToken getInternalKeyStorageToken() { - return internalKeyStorageToken; - } + } catch (InvalidBERException e) { + throw new CryptoContextException("Internal Error: Bad internal Certificate Representation. Not a valid RSA-signed certificate"); + } catch (CryptoManager.NotInitializedException e) { + throw new CryptoContextException("Crypto Manager not initialized"); + } catch (NoSuchAlgorithmException e) { + throw new CryptoContextException("Cannot create DES key generator"); + } catch (ObjectNotFoundException e) { + throw new CryptoContextException("Certificate not found: " + ca.getNickname()); + } catch (TokenException e) { + throw new CryptoContextException("Problem with Crypto Token: " + e.getMessage()); + } catch (NoSuchTokenException e) { + throw new CryptoContextException("Crypto Token not found: " + e.getMessage()); + } catch (IncorrectPasswordException e) { + throw new CryptoContextException("Incorrect Password."); + } + } - public CryptoToken getKeyStorageToken() { - return keyStorageToken; - } + public KeyGenerator getDESKeyGenerator() { + return DESkg; + } - public CryptoManager getCryptoManager() { - return cm; - } + public CryptoToken getInternalToken() { + return internalToken; + } - public KeyWrapper getKeyWrapper() - throws CryptoContextException { - try { - return signingCertPrivKey.getOwningToken().getKeyWrapper(KeyWrapAlgorithm.RSA); + public void setExternalTokens(Enumeration<?> tokens) { + externalTokens = tokens; } - catch (TokenException e) { - throw new CryptoContextException("Problem with Crypto Token: "+e.getMessage()); + + public Enumeration<?> getExternalTokens() { + return externalTokens; } - catch (NoSuchAlgorithmException e) { - throw new CryptoContextException(e.getMessage()); + + public CryptoToken getInternalKeyStorageToken() { + return internalKeyStorageToken; } - } - public KeyWrapper getInternalKeyWrapper() - throws CryptoContextException { - try { - return getInternalToken().getKeyWrapper(KeyWrapAlgorithm.RSA); + public CryptoToken getKeyStorageToken() { + return keyStorageToken; } - catch (TokenException e) { - throw new CryptoContextException("Problem with Crypto Token: "+e.getMessage()); + + public CryptoManager getCryptoManager() { + return cm; } - catch (NoSuchAlgorithmException e) { - throw new CryptoContextException(e.getMessage()); + + public KeyWrapper getKeyWrapper() + throws CryptoContextException { + try { + return signingCertPrivKey.getOwningToken().getKeyWrapper(KeyWrapAlgorithm.RSA); + } catch (TokenException e) { + throw new CryptoContextException("Problem with Crypto Token: " + e.getMessage()); + } catch (NoSuchAlgorithmException e) { + throw new CryptoContextException(e.getMessage()); + } } - } - public org.mozilla.jss.crypto.PrivateKey getPrivateKey() { - return signingCertPrivKey; - } + public KeyWrapper getInternalKeyWrapper() + throws CryptoContextException { + try { + return getInternalToken().getKeyWrapper(KeyWrapAlgorithm.RSA); + } catch (TokenException e) { + throw new CryptoContextException("Problem with Crypto Token: " + e.getMessage()); + } catch (NoSuchAlgorithmException e) { + throw new CryptoContextException(e.getMessage()); + } + } - public org.mozilla.jss.crypto.X509Certificate getSigningCert() { - return signingCert; - } - - } + public org.mozilla.jss.crypto.PrivateKey getPrivateKey() { + return signingCertPrivKey; + } + public org.mozilla.jss.crypto.X509Certificate getSigningCert() { + return signingCert; + } - /* General failure. The request/response cannot be processed. */ + } + /* General failure. The request/response cannot be processed. */ - class CRSFailureException extends Exception { - /** + class CRSFailureException extends Exception { + /** * */ - private static final long serialVersionUID = 1962741611501549051L; - public CRSFailureException() { super(); } - public CRSFailureException(String s) { super(s); } - } + private static final long serialVersionUID = 1962741611501549051L; - class CRSInvalidSignatureException extends Exception { - /** + public CRSFailureException() { + super(); + } + + public CRSFailureException(String s) { + super(s); + } + } + + class CRSInvalidSignatureException extends Exception { + /** * */ - private static final long serialVersionUID = 9096408193567657944L; - public CRSInvalidSignatureException() { super(); } - public CRSInvalidSignatureException(String s) { super(s); } - } + private static final long serialVersionUID = 9096408193567657944L; + + public CRSInvalidSignatureException() { + super(); + } - + public CRSInvalidSignatureException(String s) { + super(s); + } + } - class CRSPolicyException extends Exception { - /** + class CRSPolicyException extends Exception { + /** * */ - private static final long serialVersionUID = 5846593800658787396L; - public CRSPolicyException() { super(); } - public CRSPolicyException(String s) { super(s); } - } + private static final long serialVersionUID = 5846593800658787396L; -} + public CRSPolicyException() { + super(); + } + public CRSPolicyException(String s) { + super(s); + } + } + +} diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java index 49a591f0..79110442 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java @@ -29,115 +29,113 @@ import netscape.security.util.DerValue; import netscape.security.x509.CertAttrSet; /** - * Class for handling the decoding of a SCEP Challenge Password - * object. Currently this class cannot be used for encoding - * thus some fo the methods are unimplemented + * Class for handling the decoding of a SCEP Challenge Password object. + * Currently this class cannot be used for encoding thus some fo the methods are + * unimplemented */ public class ChallengePassword implements CertAttrSet { - public static final String NAME = "ChallengePassword"; - public static final String PASSWORD = "password"; - - private String cpw; - - - /** - * Get the password marshalled in this object - * @return the challenge password - */ - public String toString() { - return cpw; - } - - /** - * Create a ChallengePassword object - * @param stuff (must be of type byte[]) a DER-encoded by array following - * The ASN.1 template for ChallenegePassword specified in the SCEP - * documentation - * @throws IOException if the DER encoded byt array was malformed, or if it - * did not match the template - */ - - public ChallengePassword(Object stuff) - throws IOException { - - ByteArrayInputStream is = new ByteArrayInputStream((byte[])stuff); - try { - decode(is); - } catch (Exception e) { - throw new IOException(e.getMessage()); - } - - } - - /** - * Currently Unimplemented - */ - public void encode(OutputStream out) - throws CertificateException, IOException - { } - - public void decode(InputStream in) - throws CertificateException, IOException - { + public static final String NAME = "ChallengePassword"; + public static final String PASSWORD = "password"; + + private String cpw; + + /** + * Get the password marshalled in this object + * + * @return the challenge password + */ + public String toString() { + return cpw; + } + + /** + * Create a ChallengePassword object + * + * @param stuff (must be of type byte[]) a DER-encoded by array following + * The ASN.1 template for ChallenegePassword specified in the + * SCEP documentation + * @throws IOException if the DER encoded byt array was malformed, or if it + * did not match the template + */ + + public ChallengePassword(Object stuff) + throws IOException { + + ByteArrayInputStream is = new ByteArrayInputStream((byte[]) stuff); + try { + decode(is); + } catch (Exception e) { + throw new IOException(e.getMessage()); + } + + } + + /** + * Currently Unimplemented + */ + public void encode(OutputStream out) + throws CertificateException, IOException { + } + + public void decode(InputStream in) + throws CertificateException, IOException { DerValue derVal = new DerValue(in); construct(derVal); - + + } + + private void construct(DerValue derVal) throws IOException { + try { + cpw = derVal.getPrintableString(); + } catch (NullPointerException e) { + cpw = ""; + } + } + + /** + * Currently Unimplemented + */ + public void set(String name, Object obj) + throws CertificateException, IOException { } - private void construct(DerValue derVal) throws IOException { - try { - cpw = derVal.getPrintableString(); - } - catch (NullPointerException e) { - cpw = ""; - } - } - - - /** - * Currently Unimplemented - */ - public void set(String name, Object obj) - throws CertificateException, IOException - { } - - /** - * Get an attribute of this object. - * @param name the name of the attribute of this object to get. The only - * supported attribute is "password" - */ - public Object get(String name) - throws CertificateException, IOException - { + /** + * Get an attribute of this object. + * + * @param name the name of the attribute of this object to get. The only + * supported attribute is "password" + */ + public Object get(String name) + throws CertificateException, IOException { if (name.equalsIgnoreCase(PASSWORD)) { return cpw; - } - else { - throw new IOException("Attribute name not recognized by "+ + } else { + throw new IOException("Attribute name not recognized by " + "CertAttrSet: ChallengePassword"); } } - - /** - * Currently Unimplemented - */ - public void delete(String name) - throws CertificateException, IOException - { } - - /** - * @return an empty set of elements - */ - public Enumeration<String> getAttributeNames() - { return (new Vector<String>()).elements();} - - /** - * @return the String "ChallengePassword" - */ - public String getName() - { return NAME;} - - + + /** + * Currently Unimplemented + */ + public void delete(String name) + throws CertificateException, IOException { + } + + /** + * @return an empty set of elements + */ + public Enumeration<String> getAttributeNames() { + return (new Vector<String>()).elements(); + } + + /** + * @return the String "ChallengePassword" + */ + public String getName() { + return NAME; + } + } diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ExtensionsRequested.java b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ExtensionsRequested.java index 6f689b34..eb1433aa 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ExtensionsRequested.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ExtensionsRequested.java @@ -30,51 +30,46 @@ import netscape.security.util.DerValue; import netscape.security.x509.CertAttrSet; import netscape.security.x509.Extension; - public class ExtensionsRequested implements CertAttrSet { + public static final String NAME = "EXTENSIONS_REQUESTED"; - public static final String NAME = "EXTENSIONS_REQUESTED"; - public static final String KUE_DIGITAL_SIGNATURE = "kue_digital_signature"; - public static final String KUE_KEY_ENCIPHERMENT = "kue_key_encipherment"; + public static final String KUE_KEY_ENCIPHERMENT = "kue_key_encipherment"; private String kue_digital_signature = "false"; - private String kue_key_encipherment = "false"; - + private String kue_key_encipherment = "false"; + private Vector<Extension> exts = new Vector<Extension>(); public ExtensionsRequested(Object stuff) throws IOException { ByteArrayInputStream is = new ByteArrayInputStream((byte[]) stuff); - + try { decode(is); - } - catch (Exception e) { + } catch (Exception e) { e.printStackTrace(); throw new IOException(e.getMessage()); } } - - public void encode(OutputStream out) - throws CertificateException, IOException - { } - - public void decode(InputStream in) - throws CertificateException, IOException - { + + public void encode(OutputStream out) + throws CertificateException, IOException { + } + + public void decode(InputStream in) + throws CertificateException, IOException { DerValue derVal = new DerValue(in); - + construct(derVal); } - + public void set(String name, Object obj) - throws CertificateException, IOException - { } - - public Object get(String name) - throws CertificateException, IOException - { + throws CertificateException, IOException { + } + + public Object get(String name) + throws CertificateException, IOException { if (name.equalsIgnoreCase(KUE_DIGITAL_SIGNATURE)) { return kue_digital_signature; } @@ -84,107 +79,83 @@ public class ExtensionsRequested implements CertAttrSet { throw new IOException("Unsupported attribute queried"); } - - public void delete(String name) - throws CertificateException, IOException - { + + public void delete(String name) + throws CertificateException, IOException { + } + + public Enumeration<String> getAttributeNames() { + return (new Vector<String>()).elements(); + } + + public String getName() { + return NAME; } - public Enumeration<String> getAttributeNames() - { return (new Vector<String>()).elements();} - - public String getName() - { return NAME;} - - - -/** - construct - expects this in the inputstream (from the router): - - 211 30 31: SEQUENCE { - 213 06 10: OBJECT IDENTIFIER '2 16 840 1 113733 1 9 8' - 225 31 17: SET { - 227 04 15: OCTET STRING, encapsulates { - 229 30 13: SEQUENCE { - 231 30 11: SEQUENCE { - 233 06 3: OBJECT IDENTIFIER keyUsage (2 5 29 15) - 238 04 4: OCTET STRING - : 03 02 05 A0 - : } - : } - : } - - or this (from IRE client): - - 262 30 51: SEQUENCE { - 264 06 9: OBJECT IDENTIFIER extensionReq (1 2 840 113549 1 9 14) - 275 31 38: SET { - 277 30 36: SEQUENCE { - 279 30 34: SEQUENCE { - 281 06 3: OBJECT IDENTIFIER subjectAltName (2 5 29 17) - 286 04 27: OCTET STRING - : 30 19 87 04 D0 0C 3E 6F 81 03 61 61 61 82 0C 61 - : 61 61 2E 6D 63 6F 6D 2E 63 6F 6D - : } - : } - : } - : } - - - */ + /** + * construct - expects this in the inputstream (from the router): + * + * 211 30 31: SEQUENCE { 213 06 10: OBJECT IDENTIFIER '2 16 840 1 113733 1 9 + * 8' 225 31 17: SET { 227 04 15: OCTET STRING, encapsulates { 229 30 13: + * SEQUENCE { 231 30 11: SEQUENCE { 233 06 3: OBJECT IDENTIFIER keyUsage (2 + * 5 29 15) 238 04 4: OCTET STRING : 03 02 05 A0 : } : } : } + * + * or this (from IRE client): + * + * 262 30 51: SEQUENCE { 264 06 9: OBJECT IDENTIFIER extensionReq (1 2 840 + * 113549 1 9 14) 275 31 38: SET { 277 30 36: SEQUENCE { 279 30 34: SEQUENCE + * { 281 06 3: OBJECT IDENTIFIER subjectAltName (2 5 29 17) 286 04 27: OCTET + * STRING : 30 19 87 04 D0 0C 3E 6F 81 03 61 61 61 82 0C 61 : 61 61 2E 6D 63 + * 6F 6D 2E 63 6F 6D : } : } : } : } + */ private void construct(DerValue dv) throws IOException { - DerInputStream stream = null; - DerValue[] dvs; + DerInputStream stream = null; + DerValue[] dvs; - try { // try decoding as sequence first + try { // try decoding as sequence first - stream = dv.toDerInputStream(); + stream = dv.toDerInputStream(); - DerValue stream_dv = stream.getDerValue(); - stream.reset(); - + DerValue stream_dv = stream.getDerValue(); + stream.reset(); - dvs = stream.getSequence(2); - } - catch (IOException ioe) { - // if it failed, the outer sequence may be - // encapsulated in an octet string, as in the first - // example above + dvs = stream.getSequence(2); + } catch (IOException ioe) { + // if it failed, the outer sequence may be + // encapsulated in an octet string, as in the first + // example above - byte[] octet_string = dv.getOctetString(); + byte[] octet_string = dv.getOctetString(); - // Make a new input stream from the byte array, - // and re-parse it as a sequence. + // Make a new input stream from the byte array, + // and re-parse it as a sequence. - dv = new DerValue(octet_string); + dv = new DerValue(octet_string); - stream = dv.toDerInputStream(); - dvs = stream.getSequence(2); - } + stream = dv.toDerInputStream(); + dvs = stream.getSequence(2); + } - // now, the stream will be in the correct format - stream.reset(); + // now, the stream will be in the correct format + stream.reset(); - while (true) { - DerValue ext_dv=null; - try { - ext_dv = stream.getDerValue(); - } - catch (IOException ex) { - break; - } + while (true) { + DerValue ext_dv = null; + try { + ext_dv = stream.getDerValue(); + } catch (IOException ex) { + break; + } - Extension ext = new Extension(ext_dv); - exts.addElement(ext); - } + Extension ext = new Extension(ext_dv); + exts.addElement(ext); + } } - public Vector<Extension> getExtensions() { - return exts; - } + public Vector<Extension> getExtensions() { + return exts; + } } - - diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/AuthCredentials.java b/pki/base/common/src/com/netscape/cms/servlet/common/AuthCredentials.java index 759238d9..3d0f788e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/AuthCredentials.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/AuthCredentials.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.util.Enumeration; import java.util.Hashtable; @@ -25,11 +24,10 @@ import com.netscape.certsrv.authentication.IAuthCredentials; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IArgBlock; - /** * Authentication Credentials as input to the authMgr * <P> - * + * * @version $Revision$, $Date$ */ public class AuthCredentials implements IAuthCredentials { @@ -38,21 +36,23 @@ public class AuthCredentials implements IAuthCredentials { */ private static final long serialVersionUID = -5995164231849154265L; private Hashtable authCreds = null; - // Inserted by bskim + // Inserted by bskim private IArgBlock argblk = null; + // Insert end - + public AuthCredentials() { authCreds = new Hashtable(); } /** * sets a credential with credential name and the credential + * * @param name credential name * @param cred credential * @exception com.netscape.certsrv.base.EBaseException NullPointerException */ - public void set(String name, Object cred)throws EBaseException { + public void set(String name, Object cred) throws EBaseException { if (cred == null) { throw new EBaseException("AuthCredentials.set()"); } @@ -62,7 +62,8 @@ public class AuthCredentials implements IAuthCredentials { /** * returns the credential to which the specified name is mapped in this - * credential set + * credential set + * * @param name credential name * @return the named authentication credential */ @@ -71,9 +72,10 @@ public class AuthCredentials implements IAuthCredentials { } /** - * removes the name and its corresponding credential from this - * credential set. This method does nothing if the named - * credential is not in the credential set. + * removes the name and its corresponding credential from this credential + * set. This method does nothing if the named credential is not in the + * credential set. + * * @param name credential name */ public void delete(String name) { @@ -81,27 +83,27 @@ public class AuthCredentials implements IAuthCredentials { } /** - * returns an enumeration of the credentials in this credential - * set. Use the Enumeration methods on the returned object to - * fetch the elements sequentially. + * returns an enumeration of the credentials in this credential set. Use the + * Enumeration methods on the returned object to fetch the elements + * sequentially. + * * @return an enumeration of the values in this credential set * @see java.util.Enumeration */ public Enumeration getElements() { return (authCreds.elements()); } - + // Inserted by bskim public void setArgBlock(IArgBlock blk) { argblk = blk; return; - } + } // Insert end - + public IArgBlock getArgBlock() { return argblk; - } + } // Insert end } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java index 3fac4a63..9fbb04e0 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -94,33 +93,33 @@ import com.netscape.certsrv.request.RequestStatus; /** * Utility CMCOutputTemplate - * + * * @version $ $, $Date$ */ public class CMCOutputTemplate { public CMCOutputTemplate() { } - public void createFullResponseWithFailedStatus(HttpServletResponse resp, - SEQUENCE bpids, int code, UTF8String s) { + public void createFullResponseWithFailedStatus(HttpServletResponse resp, + SEQUENCE bpids, int code, UTF8String s) { SEQUENCE controlSeq = new SEQUENCE(); SEQUENCE cmsSeq = new SEQUENCE(); SEQUENCE otherMsgSeq = new SEQUENCE(); int bpid = 1; - OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, - new INTEGER(code), null); + OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, + new INTEGER(code), null); CMCStatusInfo cmcStatusInfo = new CMCStatusInfo( - new INTEGER(CMCStatusInfo.FAILED), - bpids, s, otherInfo); + new INTEGER(CMCStatusInfo.FAILED), + bpids, s, otherInfo); TaggedAttribute tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); try { ResponseBody respBody = new ResponseBody(controlSeq, - cmsSeq, otherMsgSeq); + cmsSeq, otherMsgSeq); SET certs = new SET(); ContentInfo contentInfo = getContentInfo(respBody, certs); @@ -137,13 +136,13 @@ public class CMCOutputTemplate { os.write(contentBytes); os.flush(); } catch (Exception e) { - CMS.debug("CMCOutputTemplate createFullResponseWithFailedStatus Exception: "+e.toString()); + CMS.debug("CMCOutputTemplate createFullResponseWithFailedStatus Exception: " + e.toString()); return; } } - public void createFullResponse(HttpServletResponse resp, IRequest []reqs, - String cert_request_type, int[] error_codes) { + public void createFullResponse(HttpServletResponse resp, IRequest[] reqs, + String cert_request_type, int[] error_codes) { SEQUENCE controlSeq = new SEQUENCE(); SEQUENCE cmsSeq = new SEQUENCE(); @@ -157,32 +156,32 @@ public class CMCOutputTemplate { SEQUENCE success_bpids = null; SEQUENCE failed_bpids = null; if (cert_request_type.equals("crmf") || - cert_request_type.equals("pkcs10")) { + cert_request_type.equals("pkcs10")) { String reqId = reqs[0].getRequestId().toString(); OtherInfo otherInfo = null; if (error_codes[0] == 2) { PendInfo pendInfo = new PendInfo(reqId, new Date()); otherInfo = new OtherInfo(OtherInfo.PEND, null, - pendInfo); + pendInfo); } else { - otherInfo = new OtherInfo(OtherInfo.FAIL, - new INTEGER(OtherInfo.BAD_REQUEST), null); + otherInfo = new OtherInfo(OtherInfo.FAIL, + new INTEGER(OtherInfo.BAD_REQUEST), null); } - + SEQUENCE bpids = new SEQUENCE(); bpids.addElement(new INTEGER(1)); CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.PENDING, - bpids, (String)null, otherInfo); + bpids, (String) null, otherInfo); TaggedAttribute tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); } else if (cert_request_type.equals("cmc")) { pending_bpids = new SEQUENCE(); success_bpids = new SEQUENCE(); failed_bpids = new SEQUENCE(); if (reqs != null) { - for (int i=0; i<reqs.length; i++) { + for (int i = 0; i < reqs.length; i++) { if (error_codes[i] == 0) { success_bpids.addElement(new INTEGER( reqs[i].getExtDataInBigInteger("bodyPartId"))); @@ -192,77 +191,77 @@ public class CMCOutputTemplate { } else { failed_bpids.addElement(new INTEGER( reqs[i].getExtDataInBigInteger("bodyPartId"))); - } + } } } TaggedAttribute tagattr = null; CMCStatusInfo cmcStatusInfo = null; - SEQUENCE identityBpids = (SEQUENCE)context.get("identityProof"); + SEQUENCE identityBpids = (SEQUENCE) context.get("identityProof"); if (identityBpids != null && identityBpids.size() > 0) { - OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, - new INTEGER(OtherInfo.BAD_IDENTITY), null); + OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, + new INTEGER(OtherInfo.BAD_IDENTITY), null); cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, - identityBpids, (String)null, otherInfo); + identityBpids, (String) null, otherInfo); tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); } - SEQUENCE POPLinkWitnessBpids = (SEQUENCE)context.get("POPLinkWitness"); + SEQUENCE POPLinkWitnessBpids = (SEQUENCE) context.get("POPLinkWitness"); if (POPLinkWitnessBpids != null && POPLinkWitnessBpids.size() > 0) { OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, - new INTEGER(OtherInfo.BAD_REQUEST), null); + new INTEGER(OtherInfo.BAD_REQUEST), null); cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, - POPLinkWitnessBpids, (String)null, otherInfo); + POPLinkWitnessBpids, (String) null, otherInfo); tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); } if (pending_bpids.size() > 0) { - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.PENDING, - pending_bpids, (String)null, null); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.PENDING, + pending_bpids, (String) null, null); tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); - controlSeq.addElement(tagattr); - } + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + controlSeq.addElement(tagattr); + } if (success_bpids.size() > 0) { boolean confirmRequired = false; try { - confirmRequired = - CMS.getConfigStore().getBoolean("cmc.cert.confirmRequired", - false); - } catch (Exception e) { + confirmRequired = + CMS.getConfigStore().getBoolean("cmc.cert.confirmRequired", + false); + } catch (Exception e) { } if (confirmRequired) { CMS.debug("CMCOutputTemplate: confirmRequired in the request"); - cmcStatusInfo = - new CMCStatusInfo(CMCStatusInfo.CONFIRM_REQUIRED, - success_bpids, (String)null, null); + cmcStatusInfo = + new CMCStatusInfo(CMCStatusInfo.CONFIRM_REQUIRED, + success_bpids, (String) null, null); } else { - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.SUCCESS, - success_bpids, (String)null, null); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.SUCCESS, + success_bpids, (String) null, null); } tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); - controlSeq.addElement(tagattr); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + controlSeq.addElement(tagattr); } if (failed_bpids.size() > 0) { - OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, - new INTEGER(OtherInfo.BAD_REQUEST), null); - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, - failed_bpids, (String)null, otherInfo); + OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, + new INTEGER(OtherInfo.BAD_REQUEST), null); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, + failed_bpids, (String) null, otherInfo); tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); - controlSeq.addElement(tagattr); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + controlSeq.addElement(tagattr); } } @@ -270,80 +269,80 @@ public class CMCOutputTemplate { try { // deal with controls - Integer nums = (Integer)(context.get("numOfControls")); + Integer nums = (Integer) (context.get("numOfControls")); if (nums != null && nums.intValue() > 0) { TaggedAttribute attr = - (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_getCert)); + (TaggedAttribute) (context.get(OBJECT_IDENTIFIER.id_cmc_getCert)); if (attr != null) { try { processGetCertControl(attr, certs); } catch (EBaseException ee) { - CMS.debug("CMCOutputTemplate: "+ee.toString()); + CMS.debug("CMCOutputTemplate: " + ee.toString()); OtherInfo otherInfo1 = new OtherInfo(OtherInfo.FAIL, - new INTEGER(OtherInfo.BAD_CERT_ID), null); + new INTEGER(OtherInfo.BAD_CERT_ID), null); SEQUENCE bpids1 = new SEQUENCE(); bpids1.addElement(attr.getBodyPartID()); CMCStatusInfo cmcStatusInfo1 = new CMCStatusInfo( - new INTEGER(CMCStatusInfo.FAILED), - bpids1, null, otherInfo1); + new INTEGER(CMCStatusInfo.FAILED), + bpids1, null, otherInfo1); TaggedAttribute tagattr1 = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo1); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo1); controlSeq.addElement(tagattr1); } } - attr = - (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_dataReturn)); + attr = + (TaggedAttribute) (context.get(OBJECT_IDENTIFIER.id_cmc_dataReturn)); if (attr != null) bpid = processDataReturnControl(attr, controlSeq, bpid); attr = - (TaggedAttribute)context.get(OBJECT_IDENTIFIER.id_cmc_transactionId); + (TaggedAttribute) context.get(OBJECT_IDENTIFIER.id_cmc_transactionId); if (attr != null) bpid = processTransactionControl(attr, controlSeq, bpid); attr = - (TaggedAttribute)context.get(OBJECT_IDENTIFIER.id_cmc_senderNonce); + (TaggedAttribute) context.get(OBJECT_IDENTIFIER.id_cmc_senderNonce); if (attr != null) bpid = processSenderNonceControl(attr, controlSeq, bpid); attr = - (TaggedAttribute)context.get(OBJECT_IDENTIFIER.id_cmc_QueryPending); + (TaggedAttribute) context.get(OBJECT_IDENTIFIER.id_cmc_QueryPending); if (attr != null) - bpid = processQueryPendingControl(attr, controlSeq, bpid); + bpid = processQueryPendingControl(attr, controlSeq, bpid); - attr = - (TaggedAttribute)context.get(OBJECT_IDENTIFIER.id_cmc_idConfirmCertAcceptance); + attr = + (TaggedAttribute) context.get(OBJECT_IDENTIFIER.id_cmc_idConfirmCertAcceptance); - if (attr != null) + if (attr != null) bpid = processConfirmCertAcceptanceControl(attr, controlSeq, - bpid); + bpid); - attr = - (TaggedAttribute)context.get(OBJECT_IDENTIFIER.id_cmc_revokeRequest); + attr = + (TaggedAttribute) context.get(OBJECT_IDENTIFIER.id_cmc_revokeRequest); - if (attr != null) + if (attr != null) bpid = processRevokeRequestControl(attr, controlSeq, - bpid); + bpid); } if (success_bpids != null && success_bpids.size() > 0) { - for (int i=0; i<reqs.length; i++) { + for (int i = 0; i < reqs.length; i++) { if (error_codes[i] == 0) { - X509CertImpl impl = - (reqs[i].getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT)); + X509CertImpl impl = + (reqs[i].getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT)); byte[] bin = impl.getEncoded(); Certificate.Template certTemplate = new Certificate.Template(); - Certificate cert = (Certificate)certTemplate.decode( - new ByteArrayInputStream(bin)); + Certificate cert = (Certificate) certTemplate.decode( + new ByteArrayInputStream(bin)); certs.addElement(cert); } } } ResponseBody respBody = new ResponseBody(controlSeq, - cmsSeq, otherMsgSeq); + cmsSeq, otherMsgSeq); ContentInfo contentInfo = getContentInfo(respBody, certs); ByteArrayOutputStream fos = new ByteArrayOutputStream(); @@ -354,16 +353,16 @@ public class CMCOutputTemplate { resp.setContentType("application/pkcs7-mime"); resp.setContentLength(contentBytes.length); OutputStream os = resp.getOutputStream(); - os.write(contentBytes); + os.write(contentBytes); os.flush(); } catch (java.security.cert.CertificateEncodingException e) { - CMS.debug("CMCOutputTemplate exception: "+e.toString()); + CMS.debug("CMCOutputTemplate exception: " + e.toString()); } catch (InvalidBERException e) { - CMS.debug("CMCOutputTemplate exception: "+e.toString()); + CMS.debug("CMCOutputTemplate exception: " + e.toString()); } catch (IOException e) { - CMS.debug("CMCOutputTemplate exception: "+e.toString()); + CMS.debug("CMCOutputTemplate exception: " + e.toString()); } catch (Exception e) { - CMS.debug("Exception: "+e.toString()); + CMS.debug("Exception: " + e.toString()); } } @@ -371,48 +370,46 @@ public class CMCOutputTemplate { try { ICertificateAuthority ca = null; // add CA cert chain - ca = (ICertificateAuthority)CMS.getSubsystem("ca"); + ca = (ICertificateAuthority) CMS.getSubsystem("ca"); CertificateChain certchains = ca.getCACertChain(); java.security.cert.X509Certificate[] chains = certchains.getChain(); - for (int i=0; i<chains.length; i++) { + for (int i = 0; i < chains.length; i++) { Certificate.Template certTemplate = new Certificate.Template(); - Certificate cert = (Certificate)certTemplate.decode( - new ByteArrayInputStream(chains[i].getEncoded())); + Certificate cert = (Certificate) certTemplate.decode( + new ByteArrayInputStream(chains[i].getEncoded())); certs.addElement(cert); } - + EncapsulatedContentInfo enContentInfo = new EncapsulatedContentInfo( - OBJECT_IDENTIFIER.id_cct_PKIResponse, respBody); + OBJECT_IDENTIFIER.id_cct_PKIResponse, respBody); org.mozilla.jss.crypto.X509Certificate x509CAcert = null; x509CAcert = ca.getCaX509Cert(); X509CertImpl caimpl = new X509CertImpl(x509CAcert.getEncoded()); - X500Name issuerName = (X500Name)caimpl.getIssuerDN(); + X500Name issuerName = (X500Name) caimpl.getIssuerDN(); byte[] issuerByte = issuerName.getEncoded(); - ByteArrayInputStream istream = new ByteArrayInputStream(issuerByte); + ByteArrayInputStream istream = new ByteArrayInputStream(issuerByte); Name issuer = (Name) Name.getTemplate().decode(istream); IssuerAndSerialNumber ias = new IssuerAndSerialNumber( - issuer, new INTEGER(x509CAcert.getSerialNumber().toString())); + issuer, new INTEGER(x509CAcert.getSerialNumber().toString())); SignerIdentifier si = new SignerIdentifier( - SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null); + SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null); // use CA instance's default signature and digest algorithm SignatureAlgorithm signAlg = ca.getDefaultSignatureAlgorithm(); org.mozilla.jss.crypto.PrivateKey privKey = - CryptoManager.getInstance().findPrivKeyByCert(x509CAcert); -/* - org.mozilla.jss.crypto.PrivateKey.Type keyType = privKey.getType(); - if( keyType.equals( org.mozilla.jss.crypto.PrivateKey.RSA ) ) { - signAlg = SignatureAlgorithm.RSASignatureWithSHA1Digest; - } else if( keyType.equals( org.mozilla.jss.crypto.PrivateKey.DSA ) ) { - signAlg = SignatureAlgorithm.DSASignatureWithSHA1Digest; - } else if( keyType.equals( org.mozilla.jss.crypto.PrivateKey.EC ) ) { - signAlg = SignatureAlgorithm.ECSignatureWithSHA1Digest; - } else { - CMS.debug( "CMCOutputTemplate::getContentInfo() - " - + "signAlg is unsupported!" ); - return null; - } -*/ + CryptoManager.getInstance().findPrivKeyByCert(x509CAcert); + /* + * org.mozilla.jss.crypto.PrivateKey.Type keyType = + * privKey.getType(); if( keyType.equals( + * org.mozilla.jss.crypto.PrivateKey.RSA ) ) { signAlg = + * SignatureAlgorithm.RSASignatureWithSHA1Digest; } else if( + * keyType.equals( org.mozilla.jss.crypto.PrivateKey.DSA ) ) { + * signAlg = SignatureAlgorithm.DSASignatureWithSHA1Digest; } else + * if( keyType.equals( org.mozilla.jss.crypto.PrivateKey.EC ) ) { + * signAlg = SignatureAlgorithm.ECSignatureWithSHA1Digest; } else { + * CMS.debug( "CMCOutputTemplate::getContentInfo() - " + + * "signAlg is unsupported!" ); return null; } + */ DigestAlgorithm digestAlg = signAlg.getDigestAlg(); MessageDigest msgDigest = null; byte[] digest = null; @@ -425,9 +422,9 @@ public class CMCOutputTemplate { digest = msgDigest.digest(ostream.toByteArray()); SignerInfo signInfo = new - SignerInfo(si, null, null, - OBJECT_IDENTIFIER.id_cct_PKIResponse, - digest, signAlg, privKey); + SignerInfo(si, null, null, + OBJECT_IDENTIFIER.id_cct_PKIResponse, + digest, signAlg, privKey); SET signInfos = new SET(); signInfos.addElement(signInfo); @@ -436,30 +433,30 @@ public class CMCOutputTemplate { if (digestAlg != null) { AlgorithmIdentifier ai = new - AlgorithmIdentifier(digestAlg.toOID(), null); - + AlgorithmIdentifier(digestAlg.toOID(), null); + digestAlgs.addElement(ai); } SignedData signedData = new SignedData(digestAlgs, - enContentInfo, certs, null, signInfos); + enContentInfo, certs, null, signInfos); ContentInfo contentInfo = new ContentInfo(signedData); CMS.debug("CMCOutputTemplate::getContentInfo() - done"); return contentInfo; } catch (Exception e) { - CMS.debug("CMCOutputTemplate: Failed to create CMCContentInfo. Exception: "+e.toString()); + CMS.debug("CMCOutputTemplate: Failed to create CMCContentInfo. Exception: " + e.toString()); } - return null; + return null; } - public void createSimpleResponse(HttpServletResponse resp, IRequest []reqs) { + public void createSimpleResponse(HttpServletResponse resp, IRequest[] reqs) { SET certs = new SET(); SessionContext context = SessionContext.getContext(); try { - TaggedAttribute attr = - (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_getCert)); + TaggedAttribute attr = + (TaggedAttribute) (context.get(OBJECT_IDENTIFIER.id_cmc_getCert)); processGetCertControl(attr, certs); - } catch (Exception e) { + } catch (Exception e) { CMS.debug("CMCOutputTemplate: No certificate is found."); } @@ -472,34 +469,34 @@ public class CMCOutputTemplate { try { if (reqs != null) { - for (int i=0; i<reqs.length; i++) { - X509CertImpl impl = - (reqs[i].getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT)); + for (int i = 0; i < reqs.length; i++) { + X509CertImpl impl = + (reqs[i].getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT)); byte[] bin = impl.getEncoded(); Certificate.Template certTemplate = new Certificate.Template(); - Certificate cert = - (Certificate)certTemplate.decode(new ByteArrayInputStream(bin)); + Certificate cert = + (Certificate) certTemplate.decode(new ByteArrayInputStream(bin)); certs.addElement(cert); } // Get CA certs - ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca"); + ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca"); CertificateChain certchains = ca.getCACertChain(); java.security.cert.X509Certificate[] chains = certchains.getChain(); - for (int i=0; i<chains.length; i++) { + for (int i = 0; i < chains.length; i++) { Certificate.Template certTemplate = new Certificate.Template(); - Certificate cert = (Certificate)certTemplate.decode( - new ByteArrayInputStream(chains[i].getEncoded())); + Certificate cert = (Certificate) certTemplate.decode( + new ByteArrayInputStream(chains[i].getEncoded())); certs.addElement(cert); } } - + if (certs.size() == 0) return; SignedData signedData = new SignedData(digestAlgorithms, - enContentInfo, certs, null, signedInfos); + enContentInfo, certs, null, signedInfos); ContentInfo contentInfo = new ContentInfo(signedData); ByteArrayOutputStream fos = new ByteArrayOutputStream(); @@ -510,48 +507,48 @@ public class CMCOutputTemplate { resp.setContentType("application/pkcs7-mime"); resp.setContentLength(contentBytes.length); OutputStream os = resp.getOutputStream(); - os.write(contentBytes); + os.write(contentBytes); os.flush(); } catch (java.security.cert.CertificateEncodingException e) { - CMS.debug("CMCOutputTemplate exception: "+e.toString()); + CMS.debug("CMCOutputTemplate exception: " + e.toString()); } catch (InvalidBERException e) { - CMS.debug("CMCOutputTemplate exception: "+e.toString()); + CMS.debug("CMCOutputTemplate exception: " + e.toString()); } catch (IOException e) { - CMS.debug("CMCOutputTemplate exception: "+e.toString()); + CMS.debug("CMCOutputTemplate exception: " + e.toString()); } } private int processConfirmCertAcceptanceControl( - TaggedAttribute attr, SEQUENCE controlSeq, int bpid) { + TaggedAttribute attr, SEQUENCE controlSeq, int bpid) { if (attr != null) { INTEGER bodyId = attr.getBodyPartID(); SEQUENCE seq = new SEQUENCE(); - seq.addElement(bodyId); + seq.addElement(bodyId); SET values = attr.getValues(); if (values != null && values.size() > 0) { try { - CMCCertId cmcCertId = - (CMCCertId)(ASN1Util.decode(CMCCertId.getTemplate(), - ASN1Util.encode(values.elementAt(0)))); - BigInteger serialno = (BigInteger)(cmcCertId.getSerial()); - SEQUENCE issuers = cmcCertId.getIssuer(); - //ANY issuer = (ANY)issuers.elementAt(0); - ANY issuer = - (ANY)(ASN1Util.decode(ANY.getTemplate(), - ASN1Util.encode(issuers.elementAt(0)))); + CMCCertId cmcCertId = + (CMCCertId) (ASN1Util.decode(CMCCertId.getTemplate(), + ASN1Util.encode(values.elementAt(0)))); + BigInteger serialno = (BigInteger) (cmcCertId.getSerial()); + SEQUENCE issuers = cmcCertId.getIssuer(); + // ANY issuer = (ANY)issuers.elementAt(0); + ANY issuer = + (ANY) (ASN1Util.decode(ANY.getTemplate(), + ASN1Util.encode(issuers.elementAt(0)))); byte[] b = issuer.getEncoded(); X500Name n = new X500Name(b); ICertificateAuthority ca = null; - ca = (ICertificateAuthority)CMS.getSubsystem("ca"); + ca = (ICertificateAuthority) CMS.getSubsystem("ca"); X500Name caName = ca.getX500Name(); boolean confirmAccepted = false; if (n.toString().equalsIgnoreCase(caName.toString())) { CMS.debug("CMCOutputTemplate: Issuer names are equal"); ICertificateRepository repository = - (ICertificateRepository)ca.getCertificateRepository(); + (ICertificateRepository) ca.getCertificateRepository(); X509CertImpl impl = null; try { - repository.getX509Certificate(serialno); + repository.getX509Certificate(serialno); } catch (EBaseException ee) { CMS.debug("CMCOutputTemplate: Certificate in the confirm acceptance control was not found"); } @@ -559,77 +556,77 @@ public class CMCOutputTemplate { CMCStatusInfo cmcStatusInfo = null; if (confirmAccepted) { CMS.debug("CMCOutputTemplate: Confirm Acceptance received. The certificate exists in the certificate repository."); - cmcStatusInfo = - new CMCStatusInfo(CMCStatusInfo.SUCCESS, seq, - (String)null, null); + cmcStatusInfo = + new CMCStatusInfo(CMCStatusInfo.SUCCESS, seq, + (String) null, null); } else { CMS.debug("CMCOutputTemplate: Confirm Acceptance received. The certificate does not exist in the certificate repository."); - OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, - new INTEGER(OtherInfo.BAD_CERT_ID), null); - cmcStatusInfo = - new CMCStatusInfo(CMCStatusInfo.FAILED, seq, - (String)null, otherInfo); + OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, + new INTEGER(OtherInfo.BAD_CERT_ID), null); + cmcStatusInfo = + new CMCStatusInfo(CMCStatusInfo.FAILED, seq, + (String) null, otherInfo); } TaggedAttribute statustagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); - controlSeq.addElement(statustagattr); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + controlSeq.addElement(statustagattr); } catch (Exception e) { - CMS.debug("CMCOutputTemplate exception: "+e.toString()); + CMS.debug("CMCOutputTemplate exception: " + e.toString()); } - } + } } return bpid; } private void processGetCertControl(TaggedAttribute attr, SET certs) - throws InvalidBERException, java.security.cert.CertificateEncodingException, - IOException, EBaseException { + throws InvalidBERException, java.security.cert.CertificateEncodingException, + IOException, EBaseException { if (attr != null) { SET vals = attr.getValues(); if (vals.size() == 1) { GetCert getCert = - (GetCert)(ASN1Util.decode(GetCert.getTemplate(), - ASN1Util.encode(vals.elementAt(0)))); - BigInteger serialno = (BigInteger)(getCert.getSerialNumber()); - ANY issuer = (ANY)getCert.getIssuer(); + (GetCert) (ASN1Util.decode(GetCert.getTemplate(), + ASN1Util.encode(vals.elementAt(0)))); + BigInteger serialno = (BigInteger) (getCert.getSerialNumber()); + ANY issuer = (ANY) getCert.getIssuer(); byte b[] = issuer.getEncoded(); X500Name n = new X500Name(b); - ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca"); + ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca"); X500Name caName = ca.getX500Name(); if (!n.toString().equalsIgnoreCase(caName.toString())) { CMS.debug("CMCOutputTemplate: Issuer names are equal in the GetCert Control"); throw new EBaseException("Certificate is not found"); } ICertificateRepository repository = - (ICertificateRepository)ca.getCertificateRepository(); + (ICertificateRepository) ca.getCertificateRepository(); X509CertImpl impl = repository.getX509Certificate(serialno); byte[] bin = impl.getEncoded(); Certificate.Template certTemplate = new Certificate.Template(); Certificate cert = - (Certificate)certTemplate.decode(new ByteArrayInputStream(bin)); + (Certificate) certTemplate.decode(new ByteArrayInputStream(bin)); certs.addElement(cert); } } } - + private int processQueryPendingControl(TaggedAttribute attr, - SEQUENCE controlSeq, int bpid) { + SEQUENCE controlSeq, int bpid) { if (attr != null) { SET values = attr.getValues(); - if (values != null && values.size() > 0) { + if (values != null && values.size() > 0) { SEQUENCE pending_bpids = new SEQUENCE(); SEQUENCE success_bpids = new SEQUENCE(); SEQUENCE failed_bpids = new SEQUENCE(); - for (int i=0; i<values.size(); i++) { + for (int i = 0; i < values.size(); i++) { try { INTEGER reqId = (INTEGER) - ASN1Util.decode(INTEGER.getTemplate(), - ASN1Util.encode(values.elementAt(i))); + ASN1Util.decode(INTEGER.getTemplate(), + ASN1Util.encode(values.elementAt(i))); String requestId = new String(reqId.toByteArray()); - ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca"); + ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca"); IRequestQueue queue = ca.getRequestQueue(); IRequest r = queue.findRequest(new RequestId(requestId)); if (r != null) { @@ -649,43 +646,43 @@ public class CMCOutputTemplate { if (pending_bpids.size() > 0) { CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.PENDING, - pending_bpids, (String)null, null); + pending_bpids, (String) null, null); TaggedAttribute tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); } if (success_bpids.size() > 0) { CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.SUCCESS, - pending_bpids, (String)null, null); + pending_bpids, (String) null, null); TaggedAttribute tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); } if (failed_bpids.size() > 0) { CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, - pending_bpids, (String)null, null); + pending_bpids, (String) null, null); TaggedAttribute tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); } - } + } } return bpid; } - private int processTransactionControl(TaggedAttribute attr, - SEQUENCE controlSeq, int bpid) { + private int processTransactionControl(TaggedAttribute attr, + SEQUENCE controlSeq, int bpid) { if (attr != null) { SET transIds = attr.getValues(); if (transIds != null) { TaggedAttribute tagattr = new TaggedAttribute( - new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_transactionId, - transIds); + new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_transactionId, + transIds); controlSeq.addElement(tagattr); } } @@ -694,16 +691,16 @@ public class CMCOutputTemplate { } private int processSenderNonceControl(TaggedAttribute attr, - SEQUENCE controlSeq, int bpid) { + SEQUENCE controlSeq, int bpid) { if (attr != null) { SET sNonce = attr.getValues(); if (sNonce != null) { TaggedAttribute tagattr = new TaggedAttribute( - new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_recipientNonce, - sNonce); + new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_recipientNonce, + sNonce); controlSeq.addElement(tagattr); Date date = new Date(); - String salt = "lala123"+date.toString(); + String salt = "lala123" + date.toString(); byte[] dig; try { MessageDigest SHA1Digest = MessageDigest.getInstance("SHA1"); @@ -714,8 +711,8 @@ public class CMCOutputTemplate { String b64E = CMS.BtoA(dig); tagattr = new TaggedAttribute( - new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_senderNonce, - new OCTET_STRING(b64E.getBytes())); + new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_senderNonce, + new OCTET_STRING(b64E.getBytes())); controlSeq.addElement(tagattr); } } @@ -723,29 +720,29 @@ public class CMCOutputTemplate { return bpid; } - private int processDataReturnControl(TaggedAttribute attr, - SEQUENCE controlSeq, int bpid) throws InvalidBERException { + private int processDataReturnControl(TaggedAttribute attr, + SEQUENCE controlSeq, int bpid) throws InvalidBERException { if (attr != null) { SET vals = attr.getValues(); - + if (vals.size() > 0) { - OCTET_STRING str = - (OCTET_STRING)(ASN1Util.decode(OCTET_STRING.getTemplate(), - ASN1Util.encode(vals.elementAt(0)))); + OCTET_STRING str = + (OCTET_STRING) (ASN1Util.decode(OCTET_STRING.getTemplate(), + ASN1Util.encode(vals.elementAt(0)))); TaggedAttribute tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_dataReturn, str); - controlSeq.addElement(tagattr); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_dataReturn, str); + controlSeq.addElement(tagattr); } - } + } return bpid; } - private int processRevokeRequestControl(TaggedAttribute attr, - SEQUENCE controlSeq, int bpid) throws InvalidBERException, EBaseException, - IOException { + private int processRevokeRequestControl(TaggedAttribute attr, + SEQUENCE controlSeq, int bpid) throws InvalidBERException, EBaseException, + IOException { boolean revoke = false; SessionContext context = SessionContext.getContext(); if (attr != null) { @@ -754,10 +751,10 @@ public class CMCOutputTemplate { SET vals = attr.getValues(); if (vals.size() > 0) { RevRequest revRequest = - (RevRequest)(ASN1Util.decode(new RevRequest.Template(), - ASN1Util.encode(vals.elementAt(0)))); + (RevRequest) (ASN1Util.decode(new RevRequest.Template(), + ASN1Util.encode(vals.elementAt(0)))); OCTET_STRING str = revRequest.getSharedSecret(); - INTEGER pid = attr.getBodyPartID(); + INTEGER pid = attr.getBodyPartID(); TaggedAttribute tagattr = null; INTEGER revokeCertSerial = revRequest.getSerialNumber(); BigInteger revokeSerial = new BigInteger(revokeCertSerial.toByteArray()); @@ -767,25 +764,25 @@ public class CMCOutputTemplate { needVerify = CMS.getConfigStore().getBoolean("cmc.revokeCert.verify", true); } catch (Exception e) { } - + if (needVerify) { - Integer num1 = (Integer)context.get("numOfOtherMsgs"); + Integer num1 = (Integer) context.get("numOfOtherMsgs"); int num = num1.intValue(); - for (int i=0; i<num; i++) { - OtherMsg data = (OtherMsg)context.get("otherMsg"+i); - INTEGER dpid = data.getBodyPartID(); + for (int i = 0; i < num; i++) { + OtherMsg data = (OtherMsg) context.get("otherMsg" + i); + INTEGER dpid = data.getBodyPartID(); if (pid.longValue() == dpid.longValue()) { - ANY msgValue = data.getOtherMsgValue(); - SignedData msgData = - (SignedData)msgValue.decodeWith(SignedData.getTemplate()); + ANY msgValue = data.getOtherMsgValue(); + SignedData msgData = + (SignedData) msgValue.decodeWith(SignedData.getTemplate()); if (!verifyRevRequestSignature(msgData)) { OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_MESSAGE_CHECK), null); SEQUENCE failed_bpids = new SEQUENCE(); failed_bpids.addElement(attrbpid); - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo); tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); return bpid; } @@ -794,7 +791,7 @@ public class CMCOutputTemplate { } revoke = true; - // check shared secret + // check shared secret } else { ISharedToken tokenClass = null; boolean sharedSecretFound = true; @@ -810,15 +807,15 @@ public class CMCOutputTemplate { } try { - tokenClass = (ISharedToken)Class.forName(name).newInstance(); + tokenClass = (ISharedToken) Class.forName(name).newInstance(); } catch (ClassNotFoundException e) { - CMS.debug("EnrollProfile: Failed to find class name: "+name); + CMS.debug("EnrollProfile: Failed to find class name: " + name); sharedSecretFound = false; } catch (InstantiationException e) { - CMS.debug("EnrollProfile: Failed to instantiate class: "+name); + CMS.debug("EnrollProfile: Failed to instantiate class: " + name); sharedSecretFound = false; } catch (IllegalAccessException e) { - CMS.debug("EnrollProfile: Illegal access: "+name); + CMS.debug("EnrollProfile: Illegal access: " + name); sharedSecretFound = false; } @@ -827,10 +824,10 @@ public class CMCOutputTemplate { OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.INTERNAL_CA_ERROR), null); SEQUENCE failed_bpids = new SEQUENCE(); failed_bpids.addElement(attrbpid); - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo); tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); return bpid; } @@ -846,10 +843,10 @@ public class CMCOutputTemplate { OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.INTERNAL_CA_ERROR), null); SEQUENCE failed_bpids = new SEQUENCE(); failed_bpids.addElement(attrbpid); - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo); tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); return bpid; } @@ -864,23 +861,23 @@ public class CMCOutputTemplate { OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_MESSAGE_CHECK), null); SEQUENCE failed_bpids = new SEQUENCE(); failed_bpids.addElement(attrbpid); - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo); tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); return bpid; } - } + } if (revoke) { - ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca"); - ICertificateRepository repository = (ICertificateRepository)ca.getCertificateRepository(); + ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca"); + ICertificateRepository repository = (ICertificateRepository) ca.getCertificateRepository(); ICertRecord record = null; try { record = repository.readCertificateRecord(revokeSerial); } catch (EBaseException ee) { - CMS.debug("CMCOutputTemplate: Exception: "+ee.toString()); + CMS.debug("CMCOutputTemplate: Exception: " + ee.toString()); } if (record == null) { @@ -888,10 +885,10 @@ public class CMCOutputTemplate { OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_CERT_ID), null); SEQUENCE failed_bpids = new SEQUENCE(); failed_bpids.addElement(attrbpid); - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo); tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); return bpid; } @@ -901,10 +898,10 @@ public class CMCOutputTemplate { SEQUENCE success_bpids = new SEQUENCE(); success_bpids.addElement(attrbpid); cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.SUCCESS, - success_bpids, (String)null, null); + success_bpids, (String) null, null); tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); return bpid; } @@ -928,7 +925,7 @@ public class CMCOutputTemplate { RevokedCertImpl revCertImpl = new RevokedCertImpl(impl.getSerialNumber(), CMS.getCurrentDate(), entryExtn); RevokedCertImpl[] revCertImpls = new RevokedCertImpl[1]; revCertImpls[0] = revCertImpl; - IRequestQueue queue = ca.getRequestQueue(); + IRequestQueue queue = ca.getRequestQueue(); IRequest revReq = queue.newRequest(IRequest.REVOCATION_REQUEST); revReq.setExtData(IRequest.CERT_INFO, revCertImpls); revReq.setExtData(IRequest.REVOKED_REASON, @@ -941,17 +938,17 @@ public class CMCOutputTemplate { RequestStatus stat = revReq.getRequestStatus(); if (stat == RequestStatus.COMPLETE) { Integer result = revReq.getExtDataInInteger(IRequest.RESULT); - CMS.debug("CMCOutputTemplate: revReq result = "+result); + CMS.debug("CMCOutputTemplate: revReq result = " + result); if (result.equals(IRequest.RES_ERROR)) { CMS.debug("CMCOutputTemplate: revReq exception: " + revReq.getExtDataInString(IRequest.ERROR)); OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_REQUEST), null); SEQUENCE failed_bpids = new SEQUENCE(); failed_bpids.addElement(attrbpid); - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo); tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); return bpid; } @@ -960,36 +957,36 @@ public class CMCOutputTemplate { ILogger logger = CMS.getLogger(); String initiative = AuditFormat.FROMUSER; logger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, new Object[] { - revReq.getRequestId(), initiative, "completed", - impl.getSubjectDN(), - impl.getSerialNumber().toString(16), - reason.toString()}); + AuditFormat.DOREVOKEFORMAT, new Object[] { + revReq.getRequestId(), initiative, "completed", + impl.getSubjectDN(), + impl.getSerialNumber().toString(16), + reason.toString() }); CMS.debug("CMCOutputTemplate: Certificate get revoked."); SEQUENCE success_bpids = new SEQUENCE(); success_bpids.addElement(attrbpid); cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.SUCCESS, - success_bpids, (String)null, null); + success_bpids, (String) null, null); tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); return bpid; } else { OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_MESSAGE_CHECK), null); SEQUENCE failed_bpids = new SEQUENCE(); failed_bpids.addElement(attrbpid); - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo); tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); return bpid; } } } - return bpid; + return bpid; } private RevocationReason toRevocationReason(ENUMERATED n) { @@ -998,7 +995,7 @@ public class CMCOutputTemplate { return RevocationReason.UNSPECIFIED; else if (code == RevRequest.affiliationChanged.getValue()) return RevocationReason.AFFILIATION_CHANGED; - else if (code == RevRequest.cACompromise.getValue()) + else if (code == RevRequest.cACompromise.getValue()) return RevocationReason.CA_COMPROMISE; else if (code == RevRequest.certificateHold.getValue()) return RevocationReason.CERTIFICATE_HOLD; @@ -1022,33 +1019,33 @@ public class CMCOutputTemplate { EncapsulatedContentInfo ci = msgData.getContentInfo(); OCTET_STRING content = ci.getContent(); ByteArrayInputStream s = new ByteArrayInputStream(content.toByteArray()); - TaggedAttribute tattr = (TaggedAttribute)(new TaggedAttribute.Template()).decode(s); + TaggedAttribute tattr = (TaggedAttribute) (new TaggedAttribute.Template()).decode(s); SET values = tattr.getValues(); RevRequest revRequest = null; if (values != null && values.size() > 0) revRequest = - (RevRequest)(ASN1Util.decode(new RevRequest.Template(), - ASN1Util.encode(values.elementAt(0)))); + (RevRequest) (ASN1Util.decode(new RevRequest.Template(), + ASN1Util.encode(values.elementAt(0)))); SET dias = msgData.getDigestAlgorithmIdentifiers(); int numDig = dias.size(); Hashtable<String, byte[]> digs = new Hashtable<String, byte[]>(); - for (int i=0; i<numDig; i++) { + for (int i = 0; i < numDig; i++) { AlgorithmIdentifier dai = - (AlgorithmIdentifier) dias.elementAt(i); + (AlgorithmIdentifier) dias.elementAt(i); String name = - DigestAlgorithm.fromOID(dai.getOID()).toString(); + DigestAlgorithm.fromOID(dai.getOID()).toString(); MessageDigest md = - MessageDigest.getInstance(name); + MessageDigest.getInstance(name); byte[] digest = md.digest(content.toByteArray()); digs.put(name, digest); } SET sis = msgData.getSignerInfos(); - int numSis = sis.size(); - for (int i=0; i<numSis; i++) { + int numSis = sis.size(); + for (int i = 0; i < numSis; i++) { org.mozilla.jss.pkix.cms.SignerInfo si = - (org.mozilla.jss.pkix.cms.SignerInfo)sis.elementAt(i); + (org.mozilla.jss.pkix.cms.SignerInfo) sis.elementAt(i); String name = si.getDigestAlgorithm().toString(); byte[] digest = digs.get(name); if (digest == null) { @@ -1060,21 +1057,21 @@ public class CMCOutputTemplate { SignerIdentifier sid = si.getSignerIdentifier(); if (sid.getType().equals(SignerIdentifier.ISSUER_AND_SERIALNUMBER)) { org.mozilla.jss.pkix.cms.IssuerAndSerialNumber issuerAndSerialNumber = - sid.getIssuerAndSerialNumber(); + sid.getIssuerAndSerialNumber(); java.security.cert.X509Certificate cert = null; if (msgData.hasCertificates()) { SET certs = msgData.getCertificates(); int numCerts = certs.size(); - for (int j=0; j<numCerts; j++) { + for (int j = 0; j < numCerts; j++) { org.mozilla.jss.pkix.cert.Certificate certJss = - (Certificate) certs.elementAt(j); - org.mozilla.jss.pkix.cert.CertificateInfo certI = - certJss.getInfo(); + (Certificate) certs.elementAt(j); + org.mozilla.jss.pkix.cert.CertificateInfo certI = + certJss.getInfo(); Name issuer = certI.getIssuer(); byte[] issuerB = ASN1Util.encode(issuer); INTEGER sn = certI.getSerialNumber(); if (new String(issuerB).equalsIgnoreCase(new String(ASN1Util.encode(issuerAndSerialNumber.getIssuer()))) && - sn.toString().equals(issuerAndSerialNumber.getSerialNumber().toString())) { + sn.toString().equals(issuerAndSerialNumber.getSerialNumber().toString())) { ByteArrayOutputStream os = new ByteArrayOutputStream(); certJss.encode(os); cert = new X509CertImpl(os.toByteArray()); @@ -1082,23 +1079,23 @@ public class CMCOutputTemplate { } } } - + if (cert != null) { PublicKey pbKey = cert.getPublicKey(); - String type = ((X509Key)pbKey).getAlgorithm(); + String type = ((X509Key) pbKey).getAlgorithm(); PrivateKey.Type kType = PrivateKey.RSA; if (type.equals("DSA")) kType = PrivateKey.DSA; - PK11PubKey pubK = PK11PubKey.fromRaw(kType, ((X509Key)pbKey).getKey()); + PK11PubKey pubK = PK11PubKey.fromRaw(kType, ((X509Key) pbKey).getKey()); si.verify(digest, ci.getContentType(), pubK); return true; } - } - } - + } + } + return false; } catch (Exception e) { - CMS.debug("CMCOutputTemplate: verifyRevRequestSignature. Exception: "+e.toString()); + CMS.debug("CMCOutputTemplate: verifyRevRequestSignature. Exception: " + e.toString()); return false; } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSFile.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSFile.java index 7f89297c..4d7c4cdd 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSFile.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSFile.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.io.File; import java.io.FileInputStream; import java.io.IOException; @@ -27,10 +26,9 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.logging.ILogger; - /** * CMSFile represents a file from the filesystem cached in memory - * + * * @version $Revision$, $Date$ */ public class CMSFile { diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSFileLoader.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSFileLoader.java index bf4c3cf6..1d1d3479 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSFileLoader.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSFileLoader.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.io.File; import java.io.IOException; import java.util.Enumeration; @@ -26,10 +25,9 @@ import java.util.Hashtable; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; - /** * CMSFileLoader - file cache. - * + * * @version $Revision$, $Date$ */ @@ -45,14 +43,14 @@ public class CMSFileLoader { // property to cache templates only public final String PROP_CACHE_TEMPLATES_ONLY = "cacheTemplatesOnly"; - // hash of files to their content. + // hash of files to their content. private Hashtable mLoadedFiles = new Hashtable(); - // max number of files + // max number of files private int mMaxSize = MAX_SIZE; // number of files to clear when max is reached. - private int mClearSize = CLEAR_SIZE; + private int mClearSize = CLEAR_SIZE; // whether to cache templates and forms only. private boolean mCacheTemplatesOnly = true; @@ -63,15 +61,15 @@ public class CMSFileLoader { public void init(IConfigStore config) throws EBaseException { mMaxSize = config.getInteger(PROP_MAX_SIZE, MAX_SIZE); mClearSize = config.getInteger(PROP_CLEAR_SIZE, CLEAR_SIZE); - mCacheTemplatesOnly = + mCacheTemplatesOnly = config.getBoolean(PROP_CACHE_TEMPLATES_ONLY, true); } // Changed by bskim - //public byte[] get(String absPath) throws EBaseException, IOException { - // File file = new File(absPath); - // return get(file); - //} + // public byte[] get(String absPath) throws EBaseException, IOException { + // File file = new File(absPath); + // return get(file); + // } public byte[] get(String absPath, String enc) throws EBaseException, IOException { File file = new File(absPath); @@ -81,19 +79,19 @@ public class CMSFileLoader { // Change end // Changed by bskim - //public byte[] get(File file) throws EBaseException, IOException { - // CMSFile cmsFile = getCMSFile(file); + // public byte[] get(File file) throws EBaseException, IOException { + // CMSFile cmsFile = getCMSFile(file); public byte[] get(File file, String enc) throws EBaseException, IOException { CMSFile cmsFile = getCMSFile(file, enc); - // Change end + // Change end return cmsFile.getContent(); } // Changed by bskim - //public CMSFile getCMSFile(File file) throws EBaseException, IOException { + // public CMSFile getCMSFile(File file) throws EBaseException, IOException { public CMSFile getCMSFile(File file, String enc) throws EBaseException, IOException { - // Change end + // Change end String absPath = file.getAbsolutePath(); long modified = file.lastModified(); CMSFile cmsFile = (CMSFile) mLoadedFiles.get(absPath); @@ -102,8 +100,8 @@ public class CMSFileLoader { // new file. if (cmsFile == null || modified != lastModified) { // Changed by bskim - //cmsFile = updateFile(absPath, file); - cmsFile = updateFile(absPath, file, enc); + // cmsFile = updateFile(absPath, file); + cmsFile = updateFile(absPath, file, enc); // Change end } cmsFile.setLastAccess(System.currentTimeMillis()); @@ -111,10 +109,10 @@ public class CMSFileLoader { } // Changed by bskim - //private CMSFile updateFile(String absPath, File file) - private CMSFile updateFile(String absPath, File file, String enc) - // Change end - throws EBaseException, IOException { + // private CMSFile updateFile(String absPath, File file) + private CMSFile updateFile(String absPath, File file, String enc) + // Change end + throws EBaseException, IOException { // clear if cache size exceeded. if (mLoadedFiles.size() >= mMaxSize) { clearSomeFiles(); @@ -125,24 +123,24 @@ public class CMSFileLoader { // check if file is a js template or plain template by its first String if (absPath.endsWith(CMSTemplate.SUFFIX)) { // Changed by bskim - //cmsFile = new CMSTemplate(file); + // cmsFile = new CMSTemplate(file); cmsFile = new CMSTemplate(file, enc); // End of Change } else { cmsFile = new CMSFile(file); } - mLoadedFiles.put(absPath, cmsFile); // replace old one if any. + mLoadedFiles.put(absPath, cmsFile); // replace old one if any. return cmsFile; } private synchronized void clearSomeFiles() { // recheck this in case some other thread has cleared it. - if (mLoadedFiles.size() < mMaxSize) + if (mLoadedFiles.size() < mMaxSize) return; - // remove the LRU files. - // XXX could be optimized more. + // remove the LRU files. + // XXX could be optimized more. Enumeration elements = mLoadedFiles.elements(); for (int i = mClearSize; i > 0; i--) { @@ -160,4 +158,3 @@ public class CMSFileLoader { } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSGWResources.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSGWResources.java index a76b1c75..c3854935 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSGWResources.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSGWResources.java @@ -17,14 +17,12 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.util.ListResourceBundle; - /** * A class represents a resource bundle for cms gateway. * <P> - * + * * @version $Revision$, $Date$ * @see java.util.ListResourceBundle */ @@ -38,8 +36,7 @@ public class CMSGWResources extends ListResourceBundle { } /* - * Constants. The suffix represents the number of - * possible parameters. + * Constants. The suffix represents the number of possible parameters. */ static final Object[][] contents = {}; diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSGateway.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSGateway.java index b5c6e3c7..8fa9471e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSGateway.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSGateway.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.io.File; import java.io.IOException; import java.security.cert.X509Certificate; @@ -41,10 +40,9 @@ import com.netscape.certsrv.base.IArgBlock; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.logging.ILogger; - /** * This class is to hold some general method for servlets. - * + * * @version $Revision$, $Date$ */ public class CMSGateway { @@ -52,8 +50,8 @@ public class CMSGateway { private final static String PROP_ENABLE_ADMIN_ENROLL = "enableAdminEnroll"; private final static String PROP_SERVER_XML = "server.xml"; - public static final String CERT_ATTR = - "javax.servlet.request.X509Certificate"; + public static final String CERT_ATTR = + "javax.servlet.request.X509Certificate"; protected static CMSFileLoader mFileLoader = new CMSFileLoader(); @@ -68,11 +66,11 @@ public class CMSGateway { mEnableFileServing = true; mConfig = CMS.getConfigStore().getSubStore(PROP_CMSGATEWAY); try { - mEnableAdminEnroll = + mEnableAdminEnroll = mConfig.getBoolean(PROP_ENABLE_ADMIN_ENROLL, false); } catch (EBaseException e) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_BAD_CONFIG_PARAM")); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_BAD_CONFIG_PARAM")); } } @@ -88,7 +86,7 @@ public class CMSGateway { httpReqHash.put(name, req.getParameter(name)); } - + String ip = req.getRemoteAddr(); if (ip != null) httpReqHash.put("clientHost", ip); @@ -99,11 +97,11 @@ public class CMSGateway { return mEnableAdminEnroll; } - public static void setEnableAdminEnroll(boolean enableAdminEnroll) - throws EBaseException { + public static void setEnableAdminEnroll(boolean enableAdminEnroll) + throws EBaseException { IConfigStore mainConfig = CMS.getConfigStore(); - //!!! Is it thread safe? xxxx + // !!! Is it thread safe? xxxx mEnableAdminEnroll = enableAdminEnroll; mConfig.putBoolean(PROP_ENABLE_ADMIN_ENROLL, enableAdminEnroll); mainConfig.commit(true); @@ -112,9 +110,9 @@ public class CMSGateway { public static void disableAdminEnroll() throws EBaseException { setEnableAdminEnroll(false); - /* need to do this in web.xml and restart ws - removeServlet("/ca/adminEnroll", "AdminEnroll"); - initGateway(); + /* + * need to do this in web.xml and restart ws + * removeServlet("/ca/adminEnroll", "AdminEnroll"); initGateway(); */ } @@ -123,14 +121,14 @@ public class CMSGateway { * manager. */ public static AuthCredentials getAuthCreds( - IAuthManager authMgr, IArgBlock argBlock, X509Certificate clientCert) - throws EBaseException { + IAuthManager authMgr, IArgBlock argBlock, X509Certificate clientCert) + throws EBaseException { // get credentials from http parameters. if (authMgr == null) - return null; + return null; String[] reqCreds = authMgr.getRequiredCreds(); AuthCredentials creds = new AuthCredentials(); - + if (clientCert instanceof java.security.cert.X509Certificate) { try { clientCert = new netscape.security.x509.X509CertImpl(clientCert.getEncoded()); @@ -144,8 +142,8 @@ public class CMSGateway { if (reqCred.equals(IAuthManager.CRED_SSL_CLIENT_CERT)) { // cert could be null; - creds.set(reqCred, new X509Certificate[] { clientCert} - ); + creds.set(reqCred, new X509Certificate[] { clientCert } + ); } else { String value = argBlock.getValueAsString(reqCred); @@ -163,9 +161,9 @@ public class CMSGateway { protected final static String AUTHMGR_PARAM = "authenticator"; public static AuthToken checkAuthManager( - HttpServletRequest httpReq, IArgBlock httpParams, - X509Certificate cert, String authMgrName) - throws EBaseException { + HttpServletRequest httpReq, IArgBlock httpParams, + X509Certificate cert, String authMgrName) + throws EBaseException { IArgBlock httpArgs = httpParams; if (httpArgs == null) @@ -181,43 +179,43 @@ public class CMSGateway { } if (authMgrName == null || authMgrName.length() == 0) { - throw new EBaseException(CMS.getLogMessage("BASE_INTERNAL_ERROR_1", + throw new EBaseException(CMS.getLogMessage("BASE_INTERNAL_ERROR_1", CMS.getLogMessage("CMSGW_AUTH_MAN_EXPECTED"))); } - - IAuthManager authMgr = - authSub.getAuthManager(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID); + + IAuthManager authMgr = + authSub.getAuthManager(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID); authMgr = authSub.getAuthManager(authMgrName); if (authMgr == null) return null; - IAuthCredentials creds = - getAuthCreds(authMgr, CMS.createArgBlock(toHashtable(httpReq)), cert); + IAuthCredentials creds = + getAuthCreds(authMgr, CMS.createArgBlock(toHashtable(httpReq)), cert); AuthToken authToken = null; try { - authToken = (AuthToken) authMgr.authenticate(creds); + authToken = (AuthToken) authMgr.authenticate(creds); } catch (EBaseException e) { throw e; } catch (Exception e) { CMS.debug("CMSGateway: " + e); // catch all errors from authentication manager. - throw new ECMSGWException(CMS.getLogMessage("CMSGW_AUTH_ERROR_2", + throw new ECMSGWException(CMS.getLogMessage("CMSGW_AUTH_ERROR_2", e.toString(), e.getMessage())); } return authToken; } public static void renderTemplate( - String templateName, - HttpServletRequest req, - HttpServletResponse resp, - ServletConfig servletConfig, - CMSFileLoader fileLoader) - throws EBaseException, IOException { - CMSTemplate template = - getTemplate(templateName, req, - servletConfig, fileLoader, new Locale[1]); + String templateName, + HttpServletRequest req, + HttpServletResponse resp, + ServletConfig servletConfig, + CMSFileLoader fileLoader) + throws EBaseException, IOException { + CMSTemplate template = + getTemplate(templateName, req, + servletConfig, fileLoader, new Locale[1]); ServletOutputStream out = resp.getOutputStream(); template.renderOutput(out, new CMSTemplateParams(null, null)); @@ -240,8 +238,8 @@ public class CMSGateway { * @param locale array of at least one to be filled with locale found. */ public static File getLangFile( - HttpServletRequest req, File realpathFile, Locale[] locale) - throws IOException { + HttpServletRequest req, File realpathFile, Locale[] locale) + throws IOException { File file = null; String acceptLang = req.getHeader("accept-language"); @@ -258,7 +256,7 @@ public class CMSGateway { } String name = realpathFile.getName(); - if (name == null) { // filename should never be null. + if (name == null) { // filename should never be null. throw new IOException("file has no name"); } int i; @@ -287,8 +285,8 @@ public class CMSGateway { } String langfilepath = - parent + File.separatorChar + - lang + File.separatorChar + name; + parent + File.separatorChar + + lang + File.separatorChar + name; file = new File(langfilepath); if (file.exists()) { @@ -311,54 +309,54 @@ public class CMSGateway { } /** - * get a template + * get a template */ protected static CMSTemplate getTemplate( - String templateName, - HttpServletRequest httpReq, - ServletConfig servletConfig, - CMSFileLoader fileLoader, - Locale[] locale) - throws EBaseException, IOException { + String templateName, + HttpServletRequest httpReq, + ServletConfig servletConfig, + CMSFileLoader fileLoader, + Locale[] locale) + throws EBaseException, IOException { // this converts to system dependent file seperator char. if (servletConfig == null) { - CMS.debug( "CMSGateway:getTemplate() - servletConfig is null!" ); + CMS.debug("CMSGateway:getTemplate() - servletConfig is null!"); return null; } if (servletConfig.getServletContext() == null) { } if (templateName == null) { } - String realpath = - servletConfig.getServletContext().getRealPath("/" + templateName); + String realpath = + servletConfig.getServletContext().getRealPath("/" + templateName); File realpathFile = new File(realpath); - File templateFile = - getLangFile(httpReq, realpathFile, locale); - CMSTemplate template = - //(CMSTemplate)fileLoader.getCMSFile(templateFile); - (CMSTemplate) fileLoader.getCMSFile(templateFile, httpReq.getCharacterEncoding()); + File templateFile = + getLangFile(httpReq, realpathFile, locale); + CMSTemplate template = + // (CMSTemplate)fileLoader.getCMSFile(templateFile); + (CMSTemplate) fileLoader.getCMSFile(templateFile, httpReq.getCharacterEncoding()); return template; } /** - * Get the If-Modified-Since header and compare it to the millisecond - * epoch value passed in. If there is no header, or there is a problem - * parsing the value, or if the file has been modified this will return - * true, indicating the file has changed. - * + * Get the If-Modified-Since header and compare it to the millisecond epoch + * value passed in. If there is no header, or there is a problem parsing the + * value, or if the file has been modified this will return true, indicating + * the file has changed. + * * @param lastModified The time value in milliseconds past the epoch to - * compare the If-Modified-Since header to. + * compare the If-Modified-Since header to. */ public static boolean modifiedSince(HttpServletRequest req, long lastModified) { long ifModSinceStr; try { ifModSinceStr = req.getDateHeader("If-Modified-Since"); - }catch (IllegalArgumentException e) { + } catch (IllegalArgumentException e) { return true; } - + if (ifModSinceStr < 0) { return true; } @@ -371,4 +369,3 @@ public class CMSGateway { } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSLoadTemplate.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSLoadTemplate.java index ca5abf03..62276df1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSLoadTemplate.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSLoadTemplate.java @@ -17,12 +17,9 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - - - /** - * handy class containing cms templates to load & fill. - * + * handy class containing cms templates to load & fill. + * * @version $Revision$, $Date$ */ public class CMSLoadTemplate { @@ -35,9 +32,9 @@ public class CMSLoadTemplate { } public CMSLoadTemplate( - String propName, String fillerPropName, - String templateName, ICMSTemplateFiller filler) { - + String propName, String fillerPropName, + String templateName, ICMSTemplateFiller filler) { + mPropName = propName; mFillerPropName = fillerPropName; mTemplateName = templateName; diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSRequest.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSRequest.java index 27f1d3a5..53f9ac22 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSRequest.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSRequest.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.util.Hashtable; import java.util.Vector; @@ -35,7 +34,7 @@ import com.netscape.certsrv.request.RequestStatus; /** * This represents a user request. - * + * * @version $Revision$, $Date$ */ public class CMSRequest { @@ -46,7 +45,8 @@ public class CMSRequest { public static final Integer SVC_PENDING = Integer.valueOf(4); public static final Integer REJECTED = Integer.valueOf(5); public static final Integer ERROR = Integer.valueOf(6); - public static final Integer EXCEPTION = Integer.valueOf(7); // unexpected error. + public static final Integer EXCEPTION = Integer.valueOf(7); // unexpected + // error. private static final String RESULT = "cmsRequestResult"; @@ -59,7 +59,7 @@ public class CMSRequest { // http headers & other info. private HttpServletRequest mHttpReq = null; - // http response. + // http response. private HttpServletResponse mHttpResp = null; // http servlet config. @@ -68,11 +68,11 @@ public class CMSRequest { // http servlet context. private ServletContext mServletContext = null; - // permanent request in request queue. + // permanent request in request queue. private IRequest mRequest = null; // whether request processed successfully - private Integer mStatus = SUCCESS; + private Integer mStatus = SUCCESS; // exception message containing error that occured. // note exception could also be thrown seperately. @@ -85,13 +85,13 @@ public class CMSRequest { Object mResult = null; Hashtable mResults = new Hashtable(); - /** + /** * Constructor */ public CMSRequest() { } - // set methods use by servlets. + // set methods use by servlets. /** * set the HTTP parameters @@ -115,46 +115,46 @@ public class CMSRequest { } /** - * set the HTTP Response object which is used to create the - * HTTP response which is sent back to the user + * set the HTTP Response object which is used to create the HTTP response + * which is sent back to the user */ public void setHttpResp(HttpServletResponse httpResp) { mHttpResp = httpResp; } /** - * set the servlet configuration. The servlet configuration is - * read from the WEB-APPS/web.xml file under the <servlet> - * XML definition. The parameters are delimited by init-param - * param-name/param-value options as described in the servlet - * documentation. + * set the servlet configuration. The servlet configuration is read from the + * WEB-APPS/web.xml file under the <servlet> XML definition. The + * parameters are delimited by init-param param-name/param-value options as + * described in the servlet documentation. */ public void setServletConfig(ServletConfig servletConfig) { mServletConfig = servletConfig; } - /* - * set the servlet context. the servletcontext has detail - * about the currently running request + /* + * set the servlet context. the servletcontext has detail about the + * currently running request */ public void setServletContext(ServletContext servletContext) { mServletContext = servletContext; } - /** - * Set request status. - * @param status request status. Allowed values are - * UNAUTHORIZED, SUCCESS, REJECTED, PENDING, ERROR, SVC_PENDING + /** + * Set request status. + * + * @param status request status. Allowed values are UNAUTHORIZED, SUCCESS, + * REJECTED, PENDING, ERROR, SVC_PENDING * @throws IllegalArgumentException if status is not one of the above values */ public void setStatus(Integer status) { - if ( !status.equals( UNAUTHORIZED ) && - !status.equals( SUCCESS ) && - !status.equals( REJECTED ) && - !status.equals( PENDING ) && - !status.equals( ERROR ) && - !status.equals( SVC_PENDING ) && - !status.equals( EXCEPTION ) ) { + if (!status.equals(UNAUTHORIZED) && + !status.equals(SUCCESS) && + !status.equals(REJECTED) && + !status.equals(PENDING) && + !status.equals(ERROR) && + !status.equals(SVC_PENDING) && + !status.equals(EXCEPTION)) { throw new IllegalArgumentException(CMS.getLogMessage("CMSGW_BAD_REQ_STATUS")); } mStatus = status; @@ -169,9 +169,9 @@ public class CMSRequest { } public void setErrorDescription(String descr) { - if (mErrorDescr == null) + if (mErrorDescr == null) mErrorDescr = new Vector(); - mErrorDescr.addElement(descr); + mErrorDescr.addElement(descr); } public void setResult(Object result) { @@ -235,7 +235,7 @@ public class CMSRequest { return reason; } - // handy routines for IRequest. + // handy routines for IRequest. public void setExtData(String type, String value) { if (mRequest != null) { @@ -251,7 +251,7 @@ public class CMSRequest { } } - // policy errors; set on rejection or possibly deferral. + // policy errors; set on rejection or possibly deferral. public Vector getPolicyMessages() { if (mRequest != null) { return mRequest.getExtDataInStringVector(IRequest.ERRORS); @@ -259,13 +259,13 @@ public class CMSRequest { return null; } - /** - * set default CMS status according to IRequest status. + /** + * set default CMS status according to IRequest status. */ public void setIRequestStatus() throws EBaseException { if (mRequest == null) { - EBaseException e = - new ECMSGWException(CMS.getLogMessage("CMSGW_MISSING_REQUEST")); + EBaseException e = + new ECMSGWException(CMS.getLogMessage("CMSGW_MISSING_REQUEST")); throw e; } @@ -277,11 +277,11 @@ public class CMSRequest { mStatus = CMSRequest.SUCCESS; return; } - // unexpected resulting request status. + // unexpected resulting request status. if (status == RequestStatus.REJECTED) { mStatus = CMSRequest.REJECTED; return; - } // pending or service pending. + } // pending or service pending. else if (status == RequestStatus.PENDING) { mStatus = CMSRequest.PENDING; return; @@ -292,8 +292,8 @@ public class CMSRequest { RequestId reqId = mRequest.getRequestId(); throw new ECMSGWException( - CMS.getLogMessage("CMSGW_UNEXPECTED_REQUEST_STATUS_2", - status.toString(), reqId.toString())); + CMS.getLogMessage("CMSGW_UNEXPECTED_REQUEST_STATUS_2", + status.toString(), reqId.toString())); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java index b90278fa..748b769e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.io.BufferedReader; import java.io.File; import java.io.FileInputStream; @@ -39,23 +38,21 @@ import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IArgBlock; import com.netscape.certsrv.logging.ILogger; - /** - * File templates. This implementation will take - * an HTML file with a special customer tag - * <CMS_TEMPLATE> and replace the tag with - * a series of javascript variable definitions - * (depending on the servlet) - * + * File templates. This implementation will take an HTML file with a special + * customer tag <CMS_TEMPLATE> and replace the tag with a series of + * javascript variable definitions (depending on the servlet) + * * @version $Revision$, $Date$ */ public class CMSTemplate extends CMSFile { public static final String SUFFIX = ".template"; - /*========================================================== - * variables - *==========================================================*/ + /* + * ========================================================== variables + * ========================================================== + */ /* private variables */ private String mTemplateFileName = ""; @@ -68,19 +65,21 @@ public class CMSTemplate extends CMSFile { public static final String TEMPLATE_TAG = "<CMS_TEMPLATE>"; /* Character set for i18n */ - + /* Will be set by CMSServlet.getTemplate() */ private String mCharset = null; - /*========================================================== - * constructors - *==========================================================*/ + /* + * ========================================================== constructors + * ========================================================== + */ /** * Constructor + * * @param file template file to load * @param charset character set - * @throws IOException if the there was an error opening the file + * @throws IOException if the there was an error opening the file */ public CMSTemplate(File file, String charset) throws IOException, EBaseException { mCharset = charset; @@ -89,8 +88,8 @@ public class CMSTemplate extends CMSFile { try { init(file); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_LOAD_TEMPLATE", mAbsPath, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CANT_LOAD_TEMPLATE", mAbsPath, e.toString())); throw new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_LOADING_TEMPLATE")); } @@ -99,16 +98,17 @@ public class CMSTemplate extends CMSFile { mContent = content.getBytes(mCharset); } - /*========================================================== - * public methods - *==========================================================*/ + /* + * ========================================================== public methods + * ========================================================== + */ /* * - * Load the form from the file and setup the - * pre/post output buffer if it is a template - * file. Otherwise, only post output buffer is - * filled. + * Load the form from the file and setup the pre/post output buffer if it is + * a template file. Otherwise, only post output buffer is filled. + * * @param template the template file to load + * * @return true if successful */ public boolean init(File template) throws EBaseException, IOException { @@ -128,8 +128,9 @@ public class CMSTemplate extends CMSFile { mTimeStamp = now.getTime(); - /* if template file, find template tag substring and set - * pre/post output string + /* + * if template file, find template tag substring and set pre/post output + * string */ int location = content.indexOf(TEMPLATE_TAG); @@ -137,8 +138,8 @@ public class CMSTemplate extends CMSFile { log(ILogger.LL_FAILURE, CMS.getLogMessage( "CMSGW_TEMPLATE_MISSING", mAbsPath, TEMPLATE_TAG)); throw new ECMSGWException( - CMS.getLogMessage("CMSGW_MISSING_TEMPLATE_TAG_2", - TEMPLATE_TAG, mAbsPath)); + CMS.getLogMessage("CMSGW_MISSING_TEMPLATE_TAG_2", + TEMPLATE_TAG, mAbsPath)); } mPreOutput = content.substring(0, location); mPostOutput = content.substring(TEMPLATE_TAG.length() + location); @@ -146,16 +147,17 @@ public class CMSTemplate extends CMSFile { return true; } - /** - * Write a javascript representation of 'input' - * surrounded by SCRIPT tags to the outputstream + /** + * Write a javascript representation of 'input' surrounded by SCRIPT tags to + * the outputstream + * * @param rout the outputstream to write to * @param input the parameters to write */ public void renderOutput(OutputStream rout, CMSTemplateParams input) - throws IOException { + throws IOException { Enumeration<String> e = null; - Enumeration<IArgBlock> q = null; + Enumeration<IArgBlock> q = null; IArgBlock r = null; boolean headerBlock = false, fixedBlock = false, queryBlock = false; CMSTemplateParams data = (CMSTemplateParams) input; @@ -165,7 +167,7 @@ public class CMSTemplate extends CMSFile { http_out = new HTTPOutputStreamWriter(rout); else http_out = new HTTPOutputStreamWriter(rout, mCharset); - + try { templateLine out = new templateLine(); @@ -179,7 +181,7 @@ public class CMSTemplate extends CMSFile { out.println("var recordSet = new Array;"); out.println("var result = new Object();"); - // hack + // hack out.println("var httpParamsCount = 0;"); out.println("var httpHeadersCount = 0;"); out.println("var authTokenCount = 0;"); @@ -194,7 +196,7 @@ public class CMSTemplate extends CMSFile { e = r.elements(); while (e.hasMoreElements()) { headerBlock = true; - String n = e.nextElement(); + String n = e.nextElement(); Object v = r.getValue(n); out.println("header." + n + " = " + renderValue(v) + ";"); @@ -228,7 +230,7 @@ public class CMSTemplate extends CMSFile { out.println("record.SERVER_ATTRS = new Array;"); // Get a query record - r = q.nextElement(); + r = q.nextElement(); e = r.elements(); while (e.hasMoreElements()) { String n = e.nextElement(); @@ -241,11 +243,11 @@ public class CMSTemplate extends CMSFile { out.println("record.recordSet = recordSet;"); } - //if (headerBlock) + // if (headerBlock) out.println("result.header = header;"); - //if (fixedBlock) + // if (fixedBlock) out.println("result.fixed = fixed;"); - //if (queryBlock) + // if (queryBlock) out.println("result.recordSet = recordSet;"); out.println("</SCRIPT>"); out.println(mPostOutput); @@ -257,15 +259,14 @@ public class CMSTemplate extends CMSFile { } /** - * Ouput the pre-amble HTML Header including - * the pre-output buffer. - * + * Ouput the pre-amble HTML Header including the pre-output buffer. + * * @param out output stream specified * @return success or error */ public boolean outputProlog(PrintWriter out) { - //Debug.trace("FormCache:outputProlog"); + // Debug.trace("FormCache:outputProlog"); /* output pre-output buffer */ out.print(mPreOutput); @@ -279,9 +280,8 @@ public class CMSTemplate extends CMSFile { } /** - * Output the post HTML tags and post-output - * buffer. - * + * Output the post HTML tags and post-output buffer. + * * @param out output stream specified * @return success or error */ @@ -300,11 +300,12 @@ public class CMSTemplate extends CMSFile { return mAbsPath; } - // inherit getabspath, getContent, get last access and set last access + // inherit getabspath, getContent, get last access and set last access - /*========================================================== - * private methods - *==========================================================*/ + /* + * ========================================================== private + * methods========================================================== + */ /* load file into string */ private String loadFile(File template) throws IOException { @@ -313,7 +314,8 @@ public class CMSTemplate extends CMSFile { /* create input stream, can throw IOException */ FileInputStream inStream = new FileInputStream(template); - InputStreamReader inReader = new InputStreamReader(inStream, mCharset);; + InputStreamReader inReader = new InputStreamReader(inStream, mCharset); + ; BufferedReader in = new BufferedReader(inReader); StringBuffer buf = new StringBuffer(); String line; @@ -326,8 +328,8 @@ public class CMSTemplate extends CMSFile { in.close(); inStream.close(); } catch (IOException e) { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERR_CLOSE_TEMPL_FILE", mAbsPath, e.getMessage())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_ERR_CLOSE_TEMPL_FILE", mAbsPath, e.getMessage())); } return buf.toString(); } @@ -354,8 +356,8 @@ public class CMSTemplate extends CMSFile { } } else if (v instanceof BigInteger) { s = ((BigInteger) v).toString(10); - } else if (v instanceof Character && - ((Character) v).equals(Character.valueOf((char) 0))) { + } else if (v instanceof Character && + ((Character) v).equals(Character.valueOf((char) 0))) { s = "null"; } else { s = "\"" + v.toString() + "\""; @@ -365,10 +367,10 @@ public class CMSTemplate extends CMSFile { } /** - * Escape the contents of src string in preparation to be enclosed in - * double quotes as a JavaScript String Literal within an <script> - * portion of an HTML document. - * stevep - performance improvements - about 4 times faster than before. + * Escape the contents of src string in preparation to be enclosed in double + * quotes as a JavaScript String Literal within an <script> portion of an + * HTML document. stevep - performance improvements - about 4 times faster + * than before. */ public static String escapeJavaScriptString(String v) { int l = v.length(); @@ -381,25 +383,25 @@ public class CMSTemplate extends CMSFile { for (int i = 0; i < l; i++) { char c = in[i]; - if ((c > 0x23) && (c!= 0x5c) && (c!= 0x3c) && (c!= 0x3e)) { + if ((c > 0x23) && (c != 0x5c) && (c != 0x3c) && (c != 0x3e)) { out[j++] = c; continue; } - if ((c == 0x5c) && ((i+1)<l) && (in[i+1] == 'n' || - in[i+1] == 'r' || in[i+1] == 'f' || in[i+1] == 't' || - in[i+1] == '<' || in[i+1] == '>' || - in[i+1] == '\"' || in[i+1] == '\'' || in[i+1] == '\\')) { - if (in[i+1] == 'x' && ((i+3)<l) && in[i+2] == '3' && - (in[i+3] == 'c' || in[i+3] == 'e')) { + if ((c == 0x5c) && ((i + 1) < l) && (in[i + 1] == 'n' || + in[i + 1] == 'r' || in[i + 1] == 'f' || in[i + 1] == 't' || + in[i + 1] == '<' || in[i + 1] == '>' || + in[i + 1] == '\"' || in[i + 1] == '\'' || in[i + 1] == '\\')) { + if (in[i + 1] == 'x' && ((i + 3) < l) && in[i + 2] == '3' && + (in[i + 3] == 'c' || in[i + 3] == 'e')) { out[j++] = '\\'; - out[j++] = in[i+1]; - out[j++] = in[i+2]; - out[j++] = in[i+3]; + out[j++] = in[i + 1]; + out[j++] = in[i + 2]; + out[j++] = in[i + 3]; i += 3; - } else { + } else { out[j++] = '\\'; - out[j++] = in[i+1]; + out[j++] = in[i + 1]; i++; } continue; @@ -457,9 +459,9 @@ public class CMSTemplate extends CMSFile { return new String(out, 0, j); } - /** - * Like escapeJavaScriptString(String s) but also escape '[' for - * HTML processing. + /** + * Like escapeJavaScriptString(String s) but also escape '[' for HTML + * processing. */ public static String escapeJavaScriptStringHTML(String v) { int l = v.length(); @@ -477,20 +479,20 @@ public class CMSTemplate extends CMSFile { continue; } - if ((c == 0x5c) && ((i+1)<l) && (in[i+1] == 'n' || - in[i+1] == 'r' || in[i+1] == 'f' || in[i+1] == 't' || - in[i+1] == '<' || in[i+1] == '>' || - in[i+1] == '\"' || in[i+1] == '\'' || in[i+1] == '\\')) { - if (in[i+1] == 'x' && ((i+3)<l) && in[i+2] == '3' && - (in[i+3] == 'c' || in[i+3] == 'e')) { + if ((c == 0x5c) && ((i + 1) < l) && (in[i + 1] == 'n' || + in[i + 1] == 'r' || in[i + 1] == 'f' || in[i + 1] == 't' || + in[i + 1] == '<' || in[i + 1] == '>' || + in[i + 1] == '\"' || in[i + 1] == '\'' || in[i + 1] == '\\')) { + if (in[i + 1] == 'x' && ((i + 3) < l) && in[i + 2] == '3' && + (in[i + 3] == 'c' || in[i + 3] == 'e')) { out[j++] = '\\'; - out[j++] = in[i+1]; - out[j++] = in[i+2]; - out[j++] = in[i+3]; + out[j++] = in[i + 1]; + out[j++] = in[i + 2]; + out[j++] = in[i + 3]; i += 3; - } else { + } else { out[j++] = '\\'; - out[j++] = in[i+1]; + out[j++] = in[i + 1]; i++; } continue; @@ -551,25 +553,24 @@ public class CMSTemplate extends CMSFile { * for debugging, return contents that would've been outputed. */ public String getOutput(CMSTemplateParams input) - throws IOException { + throws IOException { debugOutputStream out = new debugOutputStream(); renderOutput(out, input); return out.toString(); } - private - class HTTPOutputStreamWriter extends OutputStreamWriter { + private class HTTPOutputStreamWriter extends OutputStreamWriter { public HTTPOutputStreamWriter(OutputStream out) - throws UnsupportedEncodingException { + throws UnsupportedEncodingException { super(out); } - + public HTTPOutputStreamWriter(OutputStream out, String enc) - throws UnsupportedEncodingException { + throws UnsupportedEncodingException { super(out, enc); } - + public void print(String s) throws IOException { write(s, 0, s.length()); flush(); @@ -577,9 +578,9 @@ public class CMSTemplate extends CMSFile { } } - private class templateLine { private StringBuffer s = new StringBuffer(); + void println(String p) { s.append('\n'); s.append(p); @@ -595,7 +596,6 @@ public class CMSTemplate extends CMSFile { } - private static class debugOutputStream extends ServletOutputStream { private StringWriter mStringWriter = new StringWriter(); @@ -604,7 +604,7 @@ public class CMSTemplate extends CMSFile { } public void write(int b) throws IOException { - mStringWriter.write(b); + mStringWriter.write(b); } public String toString() { diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplateParams.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplateParams.java index 4f8cfc2a..ce2c26c3 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplateParams.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplateParams.java @@ -17,16 +17,14 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.util.Enumeration; import java.util.Vector; import com.netscape.certsrv.base.IArgBlock; - /** * Holds template parameters - * + * * @version $Revision$, $Date$ */ public class CMSTemplateParams { diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/ECMSGWException.java b/pki/base/common/src/com/netscape/cms/servlet/common/ECMSGWException.java index 0cd1102d..e8b848f7 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/ECMSGWException.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/ECMSGWException.java @@ -17,14 +17,12 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import com.netscape.certsrv.base.EBaseException; - /** * A class represents a CMS gateway exception. * <P> - * + * * @version $Revision$, $Date$ */ public class ECMSGWException extends EBaseException { @@ -36,7 +34,7 @@ public class ECMSGWException extends EBaseException { /** * CA resource class name. */ - private static final String CMSGW_RESOURCES = CMSGWResources.class.getName(); + private static final String CMSGW_RESOURCES = CMSGWResources.class.getName(); /** * Constructs a CMS Gateway exception. diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenErrorTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenErrorTemplateFiller.java index 6debd2c7..b0032479 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/GenErrorTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenErrorTemplateFiller.java @@ -16,7 +16,6 @@ // All rights reserved. // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.util.Enumeration; import java.util.Locale; @@ -27,10 +26,9 @@ import com.netscape.certsrv.authority.IAuthority; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IArgBlock; - /** - * Default error template filler - * + * Default error template filler + * * @version $Revision$, $Date$ */ public class GenErrorTemplateFiller implements ICMSTemplateFiller { @@ -38,14 +36,15 @@ public class GenErrorTemplateFiller implements ICMSTemplateFiller { } /** - * fill error details and description if any. + * fill error details and description if any. + * * @param cmsReq the CMS Request. * @param authority the authority * @param locale the locale of template. * @param e unexpected error. ignored. */ public CMSTemplateParams getTemplateParams( - CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { + CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams params = new CMSTemplateParams(null, fixed); @@ -53,21 +52,22 @@ public class GenErrorTemplateFiller implements ICMSTemplateFiller { if (cmsReq != null) { Integer sts = cmsReq.getStatus(); - if (sts != null) + if (sts != null) fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString()); } else { - CMS.debug( "GenErrorTemplateFiller::getTemplateParams() - " + - "cmsReq is null!" ); + CMS.debug("GenErrorTemplateFiller::getTemplateParams() - " + + "cmsReq is null!"); return null; } - - // error + + // error String ex = cmsReq.getError(); // Changed by beomsuk - /*if (ex == null) - ex = new EBaseException(CMS.getLogMessage("BASE_UNKNOWN_ERROR")); - fixed.set(ICMSTemplateFiller.ERROR, ex.toString(locale)); + /* + * if (ex == null) ex = new + * EBaseException(CMS.getLogMessage("BASE_UNKNOWN_ERROR")); + * fixed.set(ICMSTemplateFiller.ERROR, ex.toString(locale)); */ if ((ex == null) && (cmsReq.getReason() == null)) ex = new EBaseException(CMS.getLogMessage("BASE_UNKNOWN_ERROR")).toString(); @@ -75,9 +75,9 @@ public class GenErrorTemplateFiller implements ICMSTemplateFiller { fixed.set(ICMSTemplateFiller.ERROR, ex); else if (cmsReq.getReason() != null) fixed.set(ICMSTemplateFiller.ERROR, cmsReq.getReason()); - // Change end - - // error description if any. + // Change end + + // error description if any. Vector descr = cmsReq.getErrorDescr(); if (descr != null) { @@ -85,20 +85,19 @@ public class GenErrorTemplateFiller implements ICMSTemplateFiller { while (num.hasMoreElements()) { String elem = (String) num.nextElement(); - //System.out.println("Setting description "+elem.toString()); + // System.out.println("Setting description "+elem.toString()); IArgBlock argBlock = CMS.createArgBlock(); - argBlock.set(ICMSTemplateFiller.ERROR_DESCR, - elem); + argBlock.set(ICMSTemplateFiller.ERROR_DESCR, + elem); params.addRepeatRecord(argBlock); } } // this authority - if (authority != null) - fixed.set(ICMSTemplateFiller.AUTHORITY, - authority.getOfficialName()); + if (authority != null) + fixed.set(ICMSTemplateFiller.AUTHORITY, + authority.getOfficialName()); return params; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenPendingTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenPendingTemplateFiller.java index 15456865..c5a0d9a5 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/GenPendingTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenPendingTemplateFiller.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.OutputStream; @@ -59,10 +58,9 @@ import com.netscape.certsrv.ra.IRegistrationAuthority; import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.RequestId; - /** - * default Pending template filler - * + * default Pending template filler + * * @version $Revision$, $Date$ */ public class GenPendingTemplateFiller implements ICMSTemplateFiller { @@ -72,28 +70,29 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller { } /** - * fill error details and description if any. + * fill error details and description if any. + * * @param cmsReq CMS Request * @param authority this authority * @param locale locale of template. * @param e unexpected exception e. ignored. */ public CMSTemplateParams getTemplateParams( - CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { + CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams params = new CMSTemplateParams(null, fixed); - if( cmsReq == null ) { + if (cmsReq == null) { return null; } // request status if any. Integer sts = cmsReq.getStatus(); - if (sts != null) + if (sts != null) fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString()); - // request id + // request id IRequest req = cmsReq.getIRequest(); if (req != null) { @@ -109,17 +108,17 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller { PendInfo pendInfo = new PendInfo(reqId.toString(), new Date()); OtherInfo otherInfo = new - OtherInfo(OtherInfo.PEND, null, pendInfo); + OtherInfo(OtherInfo.PEND, null, pendInfo); SEQUENCE bpids = new SEQUENCE(); String[] reqIdArray = - req.getExtDataInStringArray(IRequest.CMC_REQIDS); + req.getExtDataInStringArray(IRequest.CMC_REQIDS); for (int i = 0; i < reqIdArray.length; i++) { bpids.addElement(new INTEGER(reqIdArray[i])); } CMCStatusInfo cmcStatusInfo = new - CMCStatusInfo(CMCStatusInfo.PENDING, bpids, - (String) null, otherInfo); + CMCStatusInfo(CMCStatusInfo.PENDING, bpids, + (String) null, otherInfo); TaggedAttribute ta = new TaggedAttribute(new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, @@ -130,7 +129,7 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller { // create recipientNonce // create responseInfo if regInfo exist String[] transIds = - req.getExtDataInStringArray(IRequest.CMC_TRANSID); + req.getExtDataInStringArray(IRequest.CMC_TRANSID); SET ids = new SET(); for (int i = 0; i < transIds.length; i++) { @@ -167,7 +166,7 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller { dig = salt.getBytes(); } String b64E = CMS.BtoA(dig); - String[] newNonce = {b64E}; + String[] newNonce = { b64E }; ta = new TaggedAttribute(new INTEGER(bpid++), @@ -180,13 +179,13 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller { SEQUENCE(), new SEQUENCE()); EncapsulatedContentInfo ci = new - EncapsulatedContentInfo(OBJECT_IDENTIFIER.id_cct_PKIResponse, - rb); + EncapsulatedContentInfo(OBJECT_IDENTIFIER.id_cct_PKIResponse, + rb); org.mozilla.jss.crypto.X509Certificate x509cert = null; if (authority instanceof ICertificateAuthority) { x509cert = ((ICertificateAuthority) authority).getCaX509Cert(); - }else if (authority instanceof IRegistrationAuthority) { + } else if (authority instanceof IRegistrationAuthority) { x509cert = ((IRegistrationAuthority) authority).getRACert(); } if (x509cert == null) @@ -194,12 +193,12 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller { try { X509CertImpl cert = new X509CertImpl(x509cert.getEncoded()); ByteArrayInputStream issuer1 = new - ByteArrayInputStream(((X500Name) cert.getIssuerDN()).getEncoded()); + ByteArrayInputStream(((X500Name) cert.getIssuerDN()).getEncoded()); Name issuer = (Name) Name.getTemplate().decode(issuer1); IssuerAndSerialNumber ias = new - IssuerAndSerialNumber(issuer, new INTEGER(cert.getSerialNumber().toString())); + IssuerAndSerialNumber(issuer, new INTEGER(cert.getSerialNumber().toString())); SignerIdentifier si = new - SignerIdentifier(SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null); + SignerIdentifier(SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null); // SHA1 is the default digest Alg for now. DigestAlgorithm digestAlg = null; @@ -207,14 +206,14 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller { org.mozilla.jss.crypto.PrivateKey privKey = CryptoManager.getInstance().findPrivKeyByCert(x509cert); org.mozilla.jss.crypto.PrivateKey.Type keyType = privKey.getType(); - if( keyType.equals(org.mozilla.jss.crypto.PrivateKey.RSA ) ) { + if (keyType.equals(org.mozilla.jss.crypto.PrivateKey.RSA)) { signAlg = SignatureAlgorithm.RSASignatureWithSHA1Digest; - } else if( keyType.equals(org.mozilla.jss.crypto.PrivateKey.DSA ) ) { + } else if (keyType.equals(org.mozilla.jss.crypto.PrivateKey.DSA)) { signAlg = SignatureAlgorithm.DSASignatureWithSHA1Digest; } else { - CMS.debug( "GenPendingTemplateFiller::getTemplateParams() - " + CMS.debug("GenPendingTemplateFiller::getTemplateParams() - " + "keyType " + keyType.toString() - + " is unsupported!" ); + + " is unsupported!"); return null; } @@ -224,41 +223,41 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller { try { SHADigest = MessageDigest.getInstance("SHA1"); digestAlg = DigestAlgorithm.SHA1; - + ByteArrayOutputStream ostream = new ByteArrayOutputStream(); rb.encode((OutputStream) ostream); digest = SHADigest.digest(ostream.toByteArray()); } catch (NoSuchAlgorithmException ex) { - //log("digest fail"); + // log("digest fail"); } SignerInfo signInfo = new - SignerInfo(si, null, null, - OBJECT_IDENTIFIER.id_cct_PKIResponse, - digest, signAlg, - privKey); + SignerInfo(si, null, null, + OBJECT_IDENTIFIER.id_cct_PKIResponse, + digest, signAlg, + privKey); SET signInfos = new SET(); signInfos.addElement(signInfo); - + SET digestAlgs = new SET(); if (digestAlg != null) { AlgorithmIdentifier ai = new - AlgorithmIdentifier(digestAlg.toOID(), - null); + AlgorithmIdentifier(digestAlg.toOID(), + null); digestAlgs.addElement(ai); } - + SignedData fResponse = new - SignedData(digestAlgs, ci, - null, null, signInfos); + SignedData(digestAlgs, ci, + null, null, signInfos); ContentInfo fullResponse = new - ContentInfo(ContentInfo.SIGNED_DATA, fResponse); + ContentInfo(ContentInfo.SIGNED_DATA, fResponse); ByteArrayOutputStream ostream = new - ByteArrayOutputStream(); + ByteArrayOutputStream(); fullResponse.encode((OutputStream) ostream); byte[] fr = ostream.toByteArray(); @@ -270,9 +269,9 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller { } } // this authority - if (authority != null) - fixed.set(ICMSTemplateFiller.AUTHORITY, - authority.getOfficialName()); + if (authority != null) + fixed.set(ICMSTemplateFiller.AUTHORITY, + authority.getOfficialName()); return params; } @@ -286,4 +285,3 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller { return false; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenRejectedTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenRejectedTemplateFiller.java index 798b7f0d..d1396b79 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/GenRejectedTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenRejectedTemplateFiller.java @@ -16,7 +16,6 @@ // All rights reserved. // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.util.Enumeration; import java.util.Locale; @@ -27,10 +26,9 @@ import com.netscape.certsrv.authority.IAuthority; import com.netscape.certsrv.base.IArgBlock; import com.netscape.certsrv.request.IRequest; - /** - * default Service Pending template filler - * + * default Service Pending template filler + * * @version $Revision$, $Date$ */ public class GenRejectedTemplateFiller implements ICMSTemplateFiller { @@ -46,7 +44,7 @@ public class GenRejectedTemplateFiller implements ICMSTemplateFiller { * @param e unexpected exception e. ignored. */ public CMSTemplateParams getTemplateParams( - CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { + CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams params = new CMSTemplateParams(null, fixed); @@ -54,15 +52,15 @@ public class GenRejectedTemplateFiller implements ICMSTemplateFiller { if (cmsReq != null) { Integer sts = cmsReq.getStatus(); - if (sts != null) + if (sts != null) fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString()); } else { - CMS.debug( "GenRejectedTemplateFiller::getTemplateParams() - " + - "cmsReq is null!" ); + CMS.debug("GenRejectedTemplateFiller::getTemplateParams() - " + + "cmsReq is null!"); return null; } - // request id + // request id IRequest req = cmsReq.getIRequest(); if (req != null) { @@ -76,7 +74,7 @@ public class GenRejectedTemplateFiller implements ICMSTemplateFiller { while (msgs.hasMoreElements()) { String ex = (String) msgs.nextElement(); - IArgBlock messageArgBlock = CMS.createArgBlock(); + IArgBlock messageArgBlock = CMS.createArgBlock(); messageArgBlock.set(POLICY_MESSAGE, ex); params.addRepeatRecord(messageArgBlock); @@ -86,10 +84,9 @@ public class GenRejectedTemplateFiller implements ICMSTemplateFiller { // this authority - if (authority != null) - fixed.set(ICMSTemplateFiller.AUTHORITY, - authority.getOfficialName()); + if (authority != null) + fixed.set(ICMSTemplateFiller.AUTHORITY, + authority.getOfficialName()); return params; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenSuccessTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenSuccessTemplateFiller.java index ff3d4f8c..67cad94f 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/GenSuccessTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenSuccessTemplateFiller.java @@ -16,7 +16,6 @@ // All rights reserved. // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.util.Locale; @@ -24,10 +23,9 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.authority.IAuthority; import com.netscape.certsrv.base.IArgBlock; - /** - * default Success template filler - * + * default Success template filler + * * @version $Revision$, $Date$ */ public class GenSuccessTemplateFiller implements ICMSTemplateFiller { @@ -36,14 +34,15 @@ public class GenSuccessTemplateFiller implements ICMSTemplateFiller { } /** - * fill error details and description if any. + * fill error details and description if any. + * * @param cmsReq CMS Request * @param authority this authority * @param locale locale of template. * @param e unexpected exception e. ignored. */ public CMSTemplateParams getTemplateParams( - CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { + CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams params = new CMSTemplateParams(null, fixed); @@ -51,15 +50,14 @@ public class GenSuccessTemplateFiller implements ICMSTemplateFiller { if (cmsReq != null) { Integer sts = cmsReq.getStatus(); - if (sts != null) + if (sts != null) fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString()); } - // this authority - if (authority != null) - fixed.set(ICMSTemplateFiller.AUTHORITY, - authority.getOfficialName()); + // this authority + if (authority != null) + fixed.set(ICMSTemplateFiller.AUTHORITY, + authority.getOfficialName()); return params; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenSvcPendingTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenSvcPendingTemplateFiller.java index d08b83a8..ec1b9777 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/GenSvcPendingTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenSvcPendingTemplateFiller.java @@ -16,7 +16,6 @@ // All rights reserved. // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.util.Locale; @@ -25,10 +24,9 @@ import com.netscape.certsrv.authority.IAuthority; import com.netscape.certsrv.base.IArgBlock; import com.netscape.certsrv.request.IRequest; - /** - * default Service Pending template filler - * + * default Service Pending template filler + * * @version $Revision$, $Date$ */ public class GenSvcPendingTemplateFiller implements ICMSTemplateFiller { @@ -38,14 +36,15 @@ public class GenSvcPendingTemplateFiller implements ICMSTemplateFiller { } /** - * fill error details and description if any. + * fill error details and description if any. + * * @param cmsReq CMS Request * @param authority this authority * @param locale locale of template. * @param e unexpected exception e. ignored. */ public CMSTemplateParams getTemplateParams( - CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { + CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams params = new CMSTemplateParams(null, fixed); @@ -72,10 +71,9 @@ public class GenSvcPendingTemplateFiller implements ICMSTemplateFiller { } // this authority - if (authority != null) - fixed.set(ICMSTemplateFiller.AUTHORITY, - authority.getOfficialName()); + if (authority != null) + fixed.set(ICMSTemplateFiller.AUTHORITY, + authority.getOfficialName()); return params; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenUnauthorizedTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenUnauthorizedTemplateFiller.java index befacf83..567b01d0 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/GenUnauthorizedTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenUnauthorizedTemplateFiller.java @@ -16,7 +16,6 @@ // All rights reserved. // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.util.Locale; @@ -24,10 +23,9 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.authority.IAuthority; import com.netscape.certsrv.base.IArgBlock; - /** - * default Unauthorized template filler - * + * default Unauthorized template filler + * * @version $Revision$, $Date$ */ public class GenUnauthorizedTemplateFiller implements ICMSTemplateFiller { @@ -36,14 +34,15 @@ public class GenUnauthorizedTemplateFiller implements ICMSTemplateFiller { } /** - * fill error details and description if any. + * fill error details and description if any. + * * @param cmsReq CMS Request * @param authority this authority * @param locale locale of template. * @param e unexpected exception e. ignored. */ public CMSTemplateParams getTemplateParams( - CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { + CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams params = new CMSTemplateParams(null, fixed); @@ -51,19 +50,18 @@ public class GenUnauthorizedTemplateFiller implements ICMSTemplateFiller { if (cmsReq != null) { Integer sts = cmsReq.getStatus(); - if (sts != null) + if (sts != null) fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString()); } // set unauthorized error - fixed.set(ICMSTemplateFiller.ERROR, - new ECMSGWException(CMS.getLogMessage("CMSGW_UNAUTHORIZED"))); + fixed.set(ICMSTemplateFiller.ERROR, + new ECMSGWException(CMS.getLogMessage("CMSGW_UNAUTHORIZED"))); - // this authority - if (authority != null) - fixed.set(ICMSTemplateFiller.AUTHORITY, - authority.getOfficialName()); + // this authority + if (authority != null) + fixed.set(ICMSTemplateFiller.AUTHORITY, + authority.getOfficialName()); return params; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenUnexpectedErrorTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenUnexpectedErrorTemplateFiller.java index 1ae6ee45..757440b1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/GenUnexpectedErrorTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenUnexpectedErrorTemplateFiller.java @@ -16,7 +16,6 @@ // All rights reserved. // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.util.Locale; @@ -25,10 +24,9 @@ import com.netscape.certsrv.authority.IAuthority; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IArgBlock; - /** - * default unexpected error template filler - * + * default unexpected error template filler + * * @version $Revision$, $Date$ */ public class GenUnexpectedErrorTemplateFiller implements ICMSTemplateFiller { @@ -37,41 +35,42 @@ public class GenUnexpectedErrorTemplateFiller implements ICMSTemplateFiller { } /** - * fill error details and description if any. + * fill error details and description if any. + * * @param cmsReq CMS Request * @param authority this authority * @param locale locale of template. * @param e unexpected exception e. ignored. */ public CMSTemplateParams getTemplateParams( - CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { + CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams params = new CMSTemplateParams(null, fixed); - + // When an exception occurs the exit is non-local which probably // will leave the requestStatus value set to something other - // than CMSRequest.EXCEPTION, so force the requestStatus to - // EXCEPTION since it must be that if we're here. + // than CMSRequest.EXCEPTION, so force the requestStatus to + // EXCEPTION since it must be that if we're here. Integer sts = CMSRequest.EXCEPTION; - if (cmsReq != null) cmsReq.setStatus(sts); + if (cmsReq != null) + cmsReq.setStatus(sts); fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString()); // the unexpected error (exception) - if (e == null) + if (e == null) e = new EBaseException(CMS.getLogMessage("BASE_UNKNOWN_ERROR")); String errMsg = null; - if (e instanceof EBaseException) + if (e instanceof EBaseException) errMsg = ((EBaseException) e).toString(locale); - else + else errMsg = e.toString(); fixed.set(ICMSTemplateFiller.EXCEPTION, errMsg); // this authority - if (authority != null) - fixed.set(ICMSTemplateFiller.AUTHORITY, - authority.getOfficialName()); + if (authority != null) + fixed.set(ICMSTemplateFiller.AUTHORITY, + authority.getOfficialName()); return params; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/ICMSTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/ICMSTemplateFiller.java index ddd6f0a1..b8c84e7d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/ICMSTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/ICMSTemplateFiller.java @@ -17,35 +17,33 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.util.Locale; import com.netscape.certsrv.authority.IAuthority; - /** * This interface represents a template filler. - * + * * @version $Revision$, $Date$ */ public interface ICMSTemplateFiller { - // common template variables. + // common template variables. public final static String ERROR = "errorDetails"; public final static String ERROR_DESCR = "errorDescription"; public final static String EXCEPTION = "unexpectedError"; - public static final String HOST = "host"; - public static final String PORT = "port"; - public static final String SCHEME = "scheme"; + public static final String HOST = "host"; + public static final String PORT = "port"; + public static final String SCHEME = "scheme"; - public static final String AUTHORITY = "authorityName"; + public static final String AUTHORITY = "authorityName"; - public static final String REQUEST_STATUS = "requestStatus"; + public static final String REQUEST_STATUS = "requestStatus"; - public static final String KEYREC_ID = "keyrecId"; - public static final String REQUEST_ID = "requestId"; + public static final String KEYREC_ID = "keyrecId"; + public static final String REQUEST_ID = "requestId"; public CMSTemplateParams getTemplateParams( - CMSRequest cmsReq, IAuthority mAuthority, Locale locale, Exception e) - throws Exception; + CMSRequest cmsReq, IAuthority mAuthority, Locale locale, Exception e) + throws Exception; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/IRawJS.java b/pki/base/common/src/com/netscape/cms/servlet/common/IRawJS.java index 27ea5ec1..827f24f1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/IRawJS.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/IRawJS.java @@ -17,10 +17,9 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - /** * This represents raw JS parameters. - * + * * @version $Revision$, $Date$ */ public interface IRawJS { diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/IndexTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/IndexTemplateFiller.java index ce1a5082..23f962e5 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/IndexTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/IndexTemplateFiller.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.util.Locale; import com.netscape.certsrv.apps.CMS; @@ -26,15 +25,13 @@ import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IArgBlock; import com.netscape.certsrv.base.ISubsystem; - /** - * A class represents a certificate server kernel. This - * kernel contains a list of resident subsystems such - * as logging, security, remote administration. Additional - * subsystems can be loaded into this kernel by specifying - * parameters in the configuration store. + * A class represents a certificate server kernel. This kernel contains a list + * of resident subsystems such as logging, security, remote administration. + * Additional subsystems can be loaded into this kernel by specifying parameters + * in the configuration store. * <P> - * + * * @version $Revision$, $Date$ */ public class IndexTemplateFiller implements ICMSTemplateFiller { @@ -53,7 +50,7 @@ public class IndexTemplateFiller implements ICMSTemplateFiller { } public CMSTemplateParams getTemplateParams( - CMSRequest cmsReq, IAuthority mAuthority, Locale locale, Exception e) { + CMSRequest cmsReq, IAuthority mAuthority, Locale locale, Exception e) { IArgBlock header = CMS.createArgBlock(); IArgBlock ctx = CMS.createArgBlock(); CMSTemplateParams params = new CMSTemplateParams(header, ctx); @@ -103,11 +100,11 @@ public class IndexTemplateFiller implements ICMSTemplateFiller { count++; } // information about what is selected is provided - // from the caller. This parameter (selected) is used + // from the caller. This parameter (selected) is used // by header servlet try { - header.addStringValue("selected", - cmsReq.getHttpParams().getValueAsString("selected")); + header.addStringValue("selected", + cmsReq.getHttpParams().getValueAsString("selected")); } catch (EBaseException ex) { } header.addIntegerValue(OUT_TOTAL_COUNT, count); diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/RawJS.java b/pki/base/common/src/com/netscape/cms/servlet/common/RawJS.java index fb31fec1..f936e075 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/RawJS.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/RawJS.java @@ -17,10 +17,9 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - /** * This represents raw JS parameters. - * + * * @version $Revision$, $Date$ */ public class RawJS implements IRawJS { diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/Utils.java b/pki/base/common/src/com/netscape/cms/servlet/common/Utils.java index 580909cb..9c728c03 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/Utils.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/Utils.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.util.StringTokenizer; import javax.servlet.ServletConfig; @@ -28,10 +27,9 @@ import com.netscape.certsrv.authorization.IAuthzSubsystem; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; - /** * Utility class - * + * * @version $Revision$, $Date$ */ public class Utils { @@ -45,13 +43,13 @@ public class Utils { public final static String AUTHZ_MGR_BASIC = "BasicAclAuthz"; public final static String AUTHZ_MGR_LDAP = "DirAclAuthz"; - public static String initializeAuthz(ServletConfig sc, - IAuthzSubsystem authz, String id) throws ServletException { + public static String initializeAuthz(ServletConfig sc, + IAuthzSubsystem authz, String id) throws ServletException { String srcType = AUTHZ_SRC_LDAP; try { IConfigStore authzConfig = - CMS.getConfigStore().getSubStore(AUTHZ_CONFIG_STORE); + CMS.getConfigStore().getSubStore(AUTHZ_CONFIG_STORE); srcType = authzConfig.getString(AUTHZ_SRC_TYPE, AUTHZ_SRC_LDAP); } catch (EBaseException e) { @@ -64,7 +62,7 @@ public class Utils { CMS.debug(CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_INITED", "")); aclMethod = sc.getInitParameter(PROP_AUTHZ_MGR); if (aclMethod != null && - aclMethod.equalsIgnoreCase(AUTHZ_MGR_BASIC)) { + aclMethod.equalsIgnoreCase(AUTHZ_MGR_BASIC)) { String aclInfo = sc.getInitParameter(PROP_ACL); if (aclInfo != null) { @@ -95,7 +93,7 @@ public class Utils { } public static void addACLInfo(IAuthzSubsystem authz, String aclMethod, - String aclInfo) throws EBaseException { + String aclInfo) throws EBaseException { StringTokenizer tokenizer = new StringTokenizer(aclInfo, "#"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java b/pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java index b3809579..439b201a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.connector; - import java.io.BufferedReader; import java.io.IOException; import java.io.InputStream; @@ -58,12 +57,10 @@ import com.netscape.certsrv.request.RequestStatus; import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; - /** - * Clone servlet - part of the Clone Authority (CLA) - * processes Revoked certs from its dependant clone CAs - * service request and return status. - * + * Clone servlet - part of the Clone Authority (CLA) processes Revoked certs + * from its dependant clone CAs service request and return status. + * * @version $Revision$, $Date$ */ public class CloneServlet extends CMSServlet { @@ -94,8 +91,8 @@ public class CloneServlet extends CMSServlet { mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); } - public void service(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException { + public void service(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException { boolean running_state = CMS.isInRunningState(); if (!running_state) @@ -130,14 +127,14 @@ public class CloneServlet extends CMSServlet { IRequest r = null; IRequest reply = null; - // NOTE must read all bufer before redoing handshake for + // NOTE must read all bufer before redoing handshake for // ssl client auth for client auth to work. // get request method - method = req.getMethod(); + method = req.getMethod(); // get content length - len = req.getContentLength(); + len = req.getContentLength(); // get content, a base 64 encoded serialized request. if (len > 0) { @@ -159,16 +156,16 @@ public class CloneServlet extends CMSServlet { // force client auth handshake, validate clone CA (CCA) // and get CCA's Id. - // NOTE must do this after all contents are read for ssl - // redohandshake to work + // NOTE must do this after all contents are read for ssl + // redohandshake to work X509Certificate peerCert; try { peerCert = getPeerCert(req); - }catch (EBaseException e) { - mAuthority.log(ILogger.LL_SECURITY, - CMS.getLogMessage("CMSGW_HAS_NO_CLIENT_CERT")); + } catch (EBaseException e) { + mAuthority.log(ILogger.LL_SECURITY, + CMS.getLogMessage("CMSGW_HAS_NO_CLIENT_CERT")); resp.sendError(HttpServletResponse.SC_UNAUTHORIZED); return; } @@ -190,7 +187,7 @@ public class CloneServlet extends CMSServlet { CMS.debug("CloneServlet: about to authenticate"); token = authenticate(peerCert); // cfu maybe don't need CCA_Id, because the above check - // was good enough + // was good enough CCAUserId = token.getInString("userid"); CCA_Id = (String) peerCert.getSubjectDN().toString(); } catch (EInvalidCredentials e) { @@ -203,8 +200,8 @@ public class CloneServlet extends CMSServlet { return; } - mAuthority.log(ILogger.LL_INFO, - "Clone Certificate Authority authenticated: " + peerCert.getSubjectDN()); + mAuthority.log(ILogger.LL_INFO, + "Clone Certificate Authority authenticated: " + peerCert.getSubjectDN()); // authorize, any authenticated user are authorized AuthzToken authzToken = null; @@ -232,29 +229,29 @@ public class CloneServlet extends CMSServlet { } // now process CCA request - should just be posting revoked - // certs for now + // certs for now try { // decode request. CMS.debug("Cloneservlet: before decoding request, encodedreq= " + encodedreq); msg = (IPKIMessage) mReqEncoder.decode(encodedreq); - // process request + // process request CMS.debug("Cloneservlet: decoded request"); replymsg = processRequest(CCA_Id, CCAUserId, msg, token); } catch (IOException e) { e.printStackTrace(); - mAuthority.log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString())); + mAuthority.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString())); resp.sendError(HttpServletResponse.SC_BAD_REQUEST); return; } catch (EBaseException e) { - mAuthority.log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString())); + mAuthority.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString())); resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); return; } - // encode reply + // encode reply String encodedrep = mReqEncoder.encode(replymsg); resp.setStatus(HttpServletResponse.SC_OK); @@ -271,46 +268,46 @@ public class CloneServlet extends CMSServlet { out.flush(); } - //cfu ++change this to just check the subject and signer + // cfu ++change this to just check the subject and signer protected IAuthToken authenticate( - X509Certificate peerCert) - throws EBaseException { + X509Certificate peerCert) + throws EBaseException { try { - // XXX using agent authentication now since we're only - // verifying that the cert belongs to a user in the db. - // XXX change this to ACL in the future. + // XXX using agent authentication now since we're only + // verifying that the cert belongs to a user in the db. + // XXX change this to ACL in the future. // build JAVA X509Certificate from peerCert. X509CertImpl cert = new X509CertImpl(peerCert.getEncoded()); AuthCredentials creds = new AuthCredentials(); - creds.set(IAuthManager.CRED_SSL_CLIENT_CERT, - new X509Certificate[] {cert} - ); + creds.set(IAuthManager.CRED_SSL_CLIENT_CERT, + new X509Certificate[] { cert } + ); - IAuthToken token = mAuthSubsystem.authenticate(creds, + IAuthToken token = mAuthSubsystem.authenticate(creds, IAuthSubsystem.CERTUSERDB_AUTHMGR_ID); return token; } catch (CertificateException e) { - mAuthority.log(ILogger.LL_SECURITY, - CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString())); + mAuthority.log(ILogger.LL_SECURITY, + CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString())); throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); } catch (EInvalidCredentials e) { - mAuthority.log(ILogger.LL_SECURITY, - CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString())); + mAuthority.log(ILogger.LL_SECURITY, + CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString())); throw e; } catch (EBaseException e) { - mAuthority.log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString())); + mAuthority.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString())); throw e; } } protected IPKIMessage processRequest( - String source, String sourceUserId, IPKIMessage msg, IAuthToken token) - throws EBaseException { + String source, String sourceUserId, IPKIMessage msg, IAuthToken token) + throws EBaseException { IPKIMessage replymsg = null; IRequest r = null; IRequestQueue queue = mAuthority.getRequestQueue(); @@ -331,8 +328,8 @@ public class CloneServlet extends CMSServlet { mAuthority.log(ILogger.LL_FAILURE, errormsg); throw new EBaseException(errormsg); } else { - mAuthority.log(ILogger.LL_INFO, - "Found request " + thisreqid + " for " + srcid); + mAuthority.log(ILogger.LL_INFO, + "Found request " + thisreqid + " for " + srcid); replymsg = CMS.getHttpPKIMessage(); replymsg.fromRequest(thisreq); return replymsg; @@ -348,7 +345,7 @@ public class CloneServlet extends CMSServlet { // setting requestor type must come after copy contents. because // requestor is a regular attribute. thisreq.setExtData(IRequest.REQUESTOR_TYPE, - IRequest.REQUESTOR_RA); + IRequest.REQUESTOR_RA); mAuthority.log(ILogger.LL_INFO, "Processing remote request " + srcid); // Set this so that request's updateBy is recorded @@ -362,17 +359,17 @@ public class CloneServlet extends CMSServlet { replymsg = CMS.getHttpPKIMessage(); replymsg.fromRequest(thisreq); - //for audit log + // for audit log String agentID = sourceUserId; String initiative = AuditFormat.FROMRA + " trustedManagerID: " + - agentID + " remote reqID " + msg.getReqId(); + agentID + " remote reqID " + msg.getReqId(); String authMgr = AuditFormat.NOAUTH; if (token != null) { - authMgr = + authMgr = token.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); } - + // Get the certificate info from the request X509CertInfo certInfo[] = thisreq.getExtDataInCertInfoArray(IRequest.CERT_INFO); @@ -380,36 +377,35 @@ public class CloneServlet extends CMSServlet { if (!thisreq.getRequestStatus().equals(RequestStatus.COMPLETE)) { if (certInfo != null) { for (int i = 0; i < certInfo.length; i++) { - mLogger.log(ILogger.EV_AUDIT, + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + thisreq.getRequestType(), + thisreq.getRequestId(), + initiative, + authMgr, + thisreq.getRequestStatus(), + certInfo[i].get(X509CertInfo.SUBJECT), + "" } + ); + } + } else { + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, AuditFormat.LEVEL, - AuditFormat.FORMAT, + AuditFormat.NODNFORMAT, new Object[] { - thisreq.getRequestType(), - thisreq.getRequestId(), - initiative, - authMgr, - thisreq.getRequestStatus(), - certInfo[i].get(X509CertInfo.SUBJECT), - ""} - ); - } - } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - thisreq.getRequestType(), - thisreq.getRequestId(), - initiative, - authMgr, - thisreq.getRequestStatus()} - ); + thisreq.getRequestType(), + thisreq.getRequestId(), + initiative, + authMgr, + thisreq.getRequestStatus() } + ); } } else { - if - (thisreq.getRequestType().equals(IRequest.CLA_CERT4CRL_REQUEST)) { + if (thisreq.getRequestType().equals(IRequest.CLA_CERT4CRL_REQUEST)) { Integer result = thisreq.getExtDataInInteger(IRequest.RESULT); if (result.equals(IRequest.RES_ERROR)) { @@ -420,155 +416,83 @@ public class CloneServlet extends CMSServlet { } } - /* cfu --- - if (thisreq.getRequestType().equals(IRequest.ENROLLMENT_REQUEST)) { - // XXX make the repeat record. - // Get the certificate(s) from the request - X509CertImpl issuedCerts[] = - (X509CertImpl[])thisreq.get(IRequest.ISSUED_CERTS); - // return potentially more than one certificates. - if (issuedCerts != null) { - for (int i = 0; i < issuedCerts.length; i++) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - thisreq.getRequestType(), - thisreq.getRequestId() , - initiative , - authMgr , - "completed", - issuedCerts[i].getSubjectDN() , - "cert issued serial number: 0x" + - issuedCerts[i].getSerialNumber().toString(16)} - ); - } - } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - thisreq.getRequestType(), - thisreq.getRequestId() , - initiative , - authMgr , - "completed"} - ); - } - } else if (thisreq.getRequestType().equals(IRequest.RENEWAL_REQUEST)) { - X509CertImpl[] certs = (X509CertImpl[])thisreq.get(IRequest.OLD_CERTS); - X509CertImpl old_cert = certs[0]; - certs = (X509CertImpl[])thisreq.get(IRequest.ISSUED_CERTS); - X509CertImpl renewed_cert = certs[0]; - if (old_cert != null && renewed_cert != null) { - mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.RENEWALFORMAT, - new Object[] { - thisreq.getRequestId(), - initiative , - authMgr , - "completed", - old_cert.getSubjectDN() , - old_cert.getSerialNumber().toString(16) , - "new serial number: 0x" + - renewed_cert.getSerialNumber().toString(16)} - ); - } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - thisreq.getRequestType(), - thisreq.getRequestId() , - initiative , - authMgr , - "completed with error"} - ); - } - } else if (thisreq.getRequestType().equals(IRequest.REVOCATION_REQUEST)) { - X509CertImpl[] oldCerts = (X509CertImpl[])thisreq.get(IRequest.OLD_CERTS); - RevokedCertImpl crlentries[] = - (RevokedCertImpl[])thisreq.get(IRequest.REVOKED_CERTS); - CRLExtensions crlExts = crlentries[0].getExtensions(); - int reason = 0; - if (crlExts != null) { - Enumeration enum = crlExts.getElements(); - while(enum.hasMoreElements()){ - Extension ext = (Extension) enum.nextElement(); - if (ext instanceof CRLReasonExtension) { - reason = ((CRLReasonExtension)ext).getReason().toInt - (); - break; - } - } - } - - int count = oldCerts.length; - Integer result = (Integer)thisreq.get(IRequest.RESULT); - if (result.equals(IRequest.RES_ERROR)) { - EBaseException ex = (EBaseException)thisreq.get(IRequest.ERROR); - EBaseException[] svcErrors = - (EBaseException[])thisreq.get(IRequest.SVCERRORS); - if (svcErrors != null && svcErrors.length > 0) { - for (int i = 0; i < svcErrors.length; i++) { - EBaseException err = svcErrors[i]; - if (err != null) { - for (int j = 0; j < count; j++) { - if (oldCerts[j] != null) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - thisreq.getRequestId(), - initiative , - "completed with error: " + - err.toString() , - oldCerts[j].getSubjectDN() , - oldCerts[j].getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); - } - } - } - } - } - } else { - // the success. - for (int j = 0; j < count; j++) { - if (oldCerts[j] != null) { - mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - thisreq.getRequestId(), - initiative , - "completed" , - oldCerts[j].getSubjectDN() , - oldCerts[j].getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); - } - } - } - } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - thisreq.getRequestType(), - thisreq.getRequestId() , - initiative , - authMgr , - "completed"} - ); - } - cfu */ + /* + * cfu --- if + * (thisreq.getRequestType().equals(IRequest.ENROLLMENT_REQUEST + * )) { // XXX make the repeat record. // Get the certificate(s) + * from the request X509CertImpl issuedCerts[] = + * (X509CertImpl[])thisreq.get(IRequest.ISSUED_CERTS); // return + * potentially more than one certificates. if (issuedCerts != + * null) { for (int i = 0; i < issuedCerts.length; i++) { + * mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + * AuditFormat.LEVEL, AuditFormat.FORMAT, new Object[] { + * thisreq.getRequestType(), thisreq.getRequestId() , initiative + * , authMgr , "completed", issuedCerts[i].getSubjectDN() , + * "cert issued serial number: 0x" + + * issuedCerts[i].getSerialNumber().toString(16)} ); } } else { + * mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + * AuditFormat.LEVEL, AuditFormat.NODNFORMAT, new Object[] { + * thisreq.getRequestType(), thisreq.getRequestId() , initiative + * , authMgr , "completed"} ); } } else if + * (thisreq.getRequestType().equals(IRequest.RENEWAL_REQUEST)) { + * X509CertImpl[] certs = + * (X509CertImpl[])thisreq.get(IRequest.OLD_CERTS); X509CertImpl + * old_cert = certs[0]; certs = + * (X509CertImpl[])thisreq.get(IRequest.ISSUED_CERTS); + * X509CertImpl renewed_cert = certs[0]; if (old_cert != null && + * renewed_cert != null) { mLogger.log(ILogger.EV_AUDIT, + * ILogger.S_OTHER, AuditFormat.LEVEL, + * AuditFormat.RENEWALFORMAT, new Object[] { + * thisreq.getRequestId(), initiative , authMgr , "completed", + * old_cert.getSubjectDN() , + * old_cert.getSerialNumber().toString(16) , + * "new serial number: 0x" + + * renewed_cert.getSerialNumber().toString(16)} ); } else { + * mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + * AuditFormat.LEVEL, AuditFormat.NODNFORMAT, new Object[] { + * thisreq.getRequestType(), thisreq.getRequestId() , initiative + * , authMgr , "completed with error"} ); } } else if + * (thisreq.getRequestType + * ().equals(IRequest.REVOCATION_REQUEST)) { X509CertImpl[] + * oldCerts = (X509CertImpl[])thisreq.get(IRequest.OLD_CERTS); + * RevokedCertImpl crlentries[] = + * (RevokedCertImpl[])thisreq.get(IRequest.REVOKED_CERTS); + * CRLExtensions crlExts = crlentries[0].getExtensions(); int + * reason = 0; if (crlExts != null) { Enumeration enum = + * crlExts.getElements(); while(enum.hasMoreElements()){ + * Extension ext = (Extension) enum.nextElement(); if (ext + * instanceof CRLReasonExtension) { reason = + * ((CRLReasonExtension)ext).getReason().toInt (); break; } } } + * + * int count = oldCerts.length; Integer result = + * (Integer)thisreq.get(IRequest.RESULT); if + * (result.equals(IRequest.RES_ERROR)) { EBaseException ex = + * (EBaseException)thisreq.get(IRequest.ERROR); EBaseException[] + * svcErrors = + * (EBaseException[])thisreq.get(IRequest.SVCERRORS); if + * (svcErrors != null && svcErrors.length > 0) { for (int i = 0; + * i < svcErrors.length; i++) { EBaseException err = + * svcErrors[i]; if (err != null) { for (int j = 0; j < count; + * j++) { if (oldCerts[j] != null) { + * mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + * AuditFormat.LEVEL, AuditFormat.DOREVOKEFORMAT, new Object[] { + * thisreq.getRequestId(), initiative , "completed with error: " + * + err.toString() , oldCerts[j].getSubjectDN() , + * oldCerts[j].getSerialNumber().toString(16), + * RevocationReason.fromInt(reason).toString()} ); } } } } } } + * else { // the success. for (int j = 0; j < count; j++) { if + * (oldCerts[j] != null) { mLogger.log(ILogger.EV_AUDIT, + * ILogger.S_OTHER, AuditFormat.LEVEL, + * AuditFormat.DOREVOKEFORMAT, new Object[] { + * thisreq.getRequestId(), initiative , "completed" , + * oldCerts[j].getSubjectDN() , + * oldCerts[j].getSerialNumber().toString(16), + * RevocationReason.fromInt(reason).toString()} ); } } } } else + * { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + * AuditFormat.LEVEL, AuditFormat.NODNFORMAT, new Object[] { + * thisreq.getRequestType(), thisreq.getRequestId() , initiative + * , authMgr , "completed"} ); } cfu + */ } } catch (IOException e) { } catch (CertificateException e) { @@ -578,7 +502,7 @@ public class CloneServlet extends CMSServlet { } protected X509Certificate - getPeerCert(HttpServletRequest req) throws EBaseException { + getPeerCert(HttpServletRequest req) throws EBaseException { return getSSLClientCertificate(req); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/connector/ConnectorServlet.java b/pki/base/common/src/com/netscape/cms/servlet/connector/ConnectorServlet.java index 67956bd8..cc496bd6 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/connector/ConnectorServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/connector/ConnectorServlet.java @@ -72,12 +72,10 @@ import com.netscape.certsrv.request.RequestStatus; import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; - /** - * Connector servlet - * process requests from remote authority - - * service request or return status. - * + * Connector servlet process requests from remote authority - service request or + * return status. + * * @version $Revision$, $Date$ */ public class ConnectorServlet extends CMSServlet { @@ -96,13 +94,13 @@ public class ConnectorServlet extends CMSServlet { protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); private final static String SIGNED_AUDIT_PROTECTION_METHOD_SSL = "ssl"; private final static String SIGNED_AUDIT_PROTECTION_METHOD_UNKNOWN = - "unknown"; + "unknown"; private final static String LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS = - "LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS_5"; + "LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS_5"; private final static String LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST = - "LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST_5"; + "LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST_5"; private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = - "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; + "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; private final static byte EOL[] = { Character.LINE_SEPARATOR }; @@ -118,13 +116,13 @@ public class ConnectorServlet extends CMSServlet { mAuthority = (IAuthority) CMS.getSubsystem(authority); mReqEncoder = CMS.getHttpRequestEncoder(); - + mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); } - public void service(HttpServletRequest request, - HttpServletResponse response) - throws ServletException, IOException { + public void service(HttpServletRequest request, + HttpServletResponse response) + throws ServletException, IOException { boolean running_state = CMS.isInRunningState(); @@ -163,14 +161,14 @@ public class ConnectorServlet extends CMSServlet { IRequest r = null; IRequest reply = null; - // NOTE must read all bufer before redoing handshake for + // NOTE must read all bufer before redoing handshake for // ssl client auth for client auth to work. // get request method - method = req.getMethod(); + method = req.getMethod(); // get content length - len = request.getContentLength(); + len = request.getContentLength(); // get content, a base 64 encoded serialized request. if (len > 0) { @@ -191,16 +189,16 @@ public class ConnectorServlet extends CMSServlet { } // force client auth handshake, validate RA and get RA's Id. - // NOTE must do this after all contents are read for ssl - // redohandshake to work + // NOTE must do this after all contents are read for ssl + // redohandshake to work X509Certificate peerCert; try { peerCert = getPeerCert(req); - }catch (EBaseException e) { - mAuthority.log(ILogger.LL_SECURITY, - CMS.getLogMessage("CMSGW_HAS_NO_CLIENT_CERT")); + } catch (EBaseException e) { + mAuthority.log(ILogger.LL_SECURITY, + CMS.getLogMessage("CMSGW_HAS_NO_CLIENT_CERT")); resp.sendError(HttpServletResponse.SC_UNAUTHORIZED); return; } @@ -211,7 +209,7 @@ public class ConnectorServlet extends CMSServlet { return; } - // authenticate RA + // authenticate RA String RA_Id = null; String raUserId = null; @@ -231,8 +229,8 @@ public class ConnectorServlet extends CMSServlet { return; } - mAuthority.log(ILogger.LL_INFO, - "Remote Authority authenticated: " + peerCert.getSubjectDN()); + mAuthority.log(ILogger.LL_INFO, + "Remote Authority authenticated: " + peerCert.getSubjectDN()); // authorize AuthzToken authzToken = null; @@ -265,20 +263,20 @@ public class ConnectorServlet extends CMSServlet { try { // decode request. msg = (IPKIMessage) mReqEncoder.decode(encodedreq); - // process request + // process request replymsg = processRequest(RA_Id, raUserId, msg, token); } catch (IOException e) { CMS.debug("ConnectorServlet: service " + e.toString()); CMS.debug(e); - mAuthority.log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString())); + mAuthority.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString())); resp.sendError(HttpServletResponse.SC_BAD_REQUEST); return; } catch (EBaseException e) { CMS.debug("ConnectorServlet: service " + e.toString()); CMS.debug(e); - mAuthority.log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString())); + mAuthority.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString())); resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); return; } catch (Exception e) { @@ -288,7 +286,7 @@ public class ConnectorServlet extends CMSServlet { CMS.debug("ConnectorServlet: done processRequest"); - // encode reply + // encode reply try { String encodedrep = mReqEncoder.encode(replymsg); @@ -328,8 +326,8 @@ public class ConnectorServlet extends CMSServlet { try { info = request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); - // request.set(IEnrollProfile.REQUEST_SEQ_NUM, new Integer("0")); - CertificateX509Key certKey = (CertificateX509Key)info.get(X509CertInfo.KEY); + // request.set(IEnrollProfile.REQUEST_SEQ_NUM, new Integer("0")); + CertificateX509Key certKey = (CertificateX509Key) info.get(X509CertInfo.KEY); if (certKey != null) { byteStream = new ByteArrayOutputStream(); certKey.encode(byteStream); @@ -369,16 +367,16 @@ public class ConnectorServlet extends CMSServlet { certAlgOut.toByteArray()); } } catch (Exception e) { - CMS.debug("ConnectorServlet: profile normalization " + - e.toString()); + CMS.debug("ConnectorServlet: profile normalization " + + e.toString()); } String profileId = request.getExtDataInString("profileId"); IProfileSubsystem ps = (IProfileSubsystem) - CMS.getSubsystem("profile"); + CMS.getSubsystem("profile"); IEnrollProfile profile = null; - // profile subsystem may not be available. In case of KRA for + // profile subsystem may not be available. In case of KRA for // example if (ps == null) { CMS.debug("ConnectorServlet: Profile Subsystem not found "); @@ -399,15 +397,15 @@ public class ConnectorServlet extends CMSServlet { /** * Process request * <P> - * + * * (Certificate Request - all "agent" profile cert requests made through a - * connector) + * connector) * <P> - * - * (Certificate Request Processed - all automated "agent" profile based - * cert acceptance made through a connector) + * + * (Certificate Request Processed - all automated "agent" profile based cert + * acceptance made through a connector) * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST used when a * profile cert request is made (before approval process) @@ -417,6 +415,7 @@ public class ConnectorServlet extends CMSServlet { * inter-CIMC_Boundary data transfer is successful (this is used when data * does not need to be captured) * </ul> + * * @param source string containing source * @param sourceUserId string containing source user ID * @param msg PKI message @@ -425,8 +424,8 @@ public class ConnectorServlet extends CMSServlet { * @return PKI message */ protected IPKIMessage processRequest( - String source, String sourceUserId, IPKIMessage msg, IAuthToken token) - throws EBaseException { + String source, String sourceUserId, IPKIMessage msg, IAuthToken token) + throws EBaseException { String auditMessage = null; String auditSubjectID = sourceUserId; String auditProtectionMethod = SIGNED_AUDIT_PROTECTION_METHOD_SSL; @@ -477,12 +476,12 @@ public class ConnectorServlet extends CMSServlet { if (thisreq == null) { // strange case. String errormsg = "Cannot find request in request queue " + - thisreqid; + thisreqid; mAuthority.log(ILogger.LL_FAILURE, - CMS.getLogMessage( - "CMSGW_REQUEST_ID_NOT_FOUND_1", - thisreqid.toString())); + CMS.getLogMessage( + "CMSGW_REQUEST_ID_NOT_FOUND_1", + thisreqid.toString())); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -495,14 +494,14 @@ public class ConnectorServlet extends CMSServlet { audit(auditMessage); - // NOTE: The signed audit event - // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST - // does not yet matter at this point! + // NOTE: The signed audit event + // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST + // does not yet matter at this point! throw new EBaseException(errormsg); } else { - mAuthority.log(ILogger.LL_INFO, - "Found request " + thisreqid + " for " + srcid); + mAuthority.log(ILogger.LL_INFO, + "Found request " + thisreqid + " for " + srcid); replymsg = CMS.getHttpPKIMessage(); replymsg.fromRequest(thisreq); @@ -517,9 +516,9 @@ public class ConnectorServlet extends CMSServlet { audit(auditMessage); - // NOTE: The signed audit event - // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST - // does not yet matter at this point! + // NOTE: The signed audit event + // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST + // does not yet matter at this point! return replymsg; } @@ -527,77 +526,77 @@ public class ConnectorServlet extends CMSServlet { // if not found process request. thisreq = queue.newRequest(msg.getReqType()); - CMS.debug("ConnectorServlet: created requestId=" + - thisreq.getRequestId().toString()); + CMS.debug("ConnectorServlet: created requestId=" + + thisreq.getRequestId().toString()); thisreq.setSourceId(srcid); - // NOTE: For the following signed audit message, since we only - // care about the "msg.toRequest( thisreq );" command, and - // since this command does not throw an EBaseException - // (which is the only exception designated by this method), - // then this code does NOT need to be contained within its - // own special try/catch block. - msg.toRequest( thisreq ); + // NOTE: For the following signed audit message, since we only + // care about the "msg.toRequest( thisreq );" command, and + // since this command does not throw an EBaseException + // (which is the only exception designated by this method), + // then this code does NOT need to be contained within its + // own special try/catch block. + msg.toRequest(thisreq); - if( isProfileRequest( thisreq ) ) { + if (isProfileRequest(thisreq)) { X509CertInfo info = thisreq.getExtDataInCertInfo( - IEnrollProfile.REQUEST_CERTINFO ); + IEnrollProfile.REQUEST_CERTINFO); try { - CertificateSubjectName sn = ( CertificateSubjectName ) - info.get( X509CertInfo.SUBJECT ); + CertificateSubjectName sn = (CertificateSubjectName) + info.get(X509CertInfo.SUBJECT); // if the cert subject name is NOT MISSING, retrieve the // actual "auditCertificateSubjectName" and "normalize" // it - if( sn != null ) { + if (sn != null) { subject = sn.toString(); - if( subject != null ) { - // NOTE: This is ok even if the cert subject - // name is "" (empty)! + if (subject != null) { + // NOTE: This is ok even if the cert subject + // name is "" (empty)! auditCertificateSubjectName = subject.trim(); } } // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - auditProfileID(), - auditCertificateSubjectName ); + LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + auditProfileID(), + auditCertificateSubjectName); - audit( auditMessage ); - } catch( CertificateException e ) { - CMS.debug( "ConnectorServlet: processRequest " - + e.toString() ); + audit(auditMessage); + } catch (CertificateException e) { + CMS.debug("ConnectorServlet: processRequest " + + e.toString()); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditProfileID(), - auditCertificateSubjectName ); + LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditProfileID(), + auditCertificateSubjectName); - audit( auditMessage ); - } catch( IOException e ) { - CMS.debug( "ConnectorServlet: processRequest " - + e.toString() ); + audit(auditMessage); + } catch (IOException e) { + CMS.debug("ConnectorServlet: processRequest " + + e.toString()); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditProfileID(), - auditCertificateSubjectName ); + LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditProfileID(), + auditCertificateSubjectName); - audit( auditMessage ); + audit(auditMessage); } } @@ -606,9 +605,9 @@ public class ConnectorServlet extends CMSServlet { // setting requestor type must come after copy contents. because // requestor is a regular attribute. thisreq.setExtData(IRequest.REQUESTOR_TYPE, - IRequest.REQUESTOR_RA); + IRequest.REQUESTOR_RA); mAuthority.log(ILogger.LL_INFO, "Processing remote request " + - srcid); + srcid); // Set this so that request's updateBy is recorded SessionContext s = SessionContext.getContext(); @@ -622,52 +621,52 @@ public class ConnectorServlet extends CMSServlet { } CMS.debug("ConnectorServlet: calling processRequest instance=" + - thisreq); + thisreq); if (isProfileRequest(thisreq)) { normalizeProfileRequest(thisreq); } try { - queue.processRequest( thisreq ); + queue.processRequest(thisreq); - if( isProfileRequest( thisreq ) ) { + if (isProfileRequest(thisreq)) { // reset the "auditInfoCertValue" - auditInfoCertValue = auditInfoCertValue( thisreq ); + auditInfoCertValue = auditInfoCertValue(thisreq); - if( auditInfoCertValue != null ) { - if( !( auditInfoCertValue.equals( - ILogger.SIGNED_AUDIT_EMPTY_VALUE ) ) ) { + if (auditInfoCertValue != null) { + if (!(auditInfoCertValue.equals( + ILogger.SIGNED_AUDIT_EMPTY_VALUE))) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - ILogger.SIGNED_AUDIT_ACCEPTANCE, - auditInfoCertValue ); - - audit( auditMessage ); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + ILogger.SIGNED_AUDIT_ACCEPTANCE, + auditInfoCertValue); + + audit(auditMessage); } } } - } catch( EBaseException eAudit1 ) { - if( isProfileRequest( thisreq ) ) { + } catch (EBaseException eAudit1) { + if (isProfileRequest(thisreq)) { // reset the "auditInfoCertValue" - auditInfoCertValue = auditInfoCertValue( thisreq ); + auditInfoCertValue = auditInfoCertValue(thisreq); - if( auditInfoCertValue != null ) { - if( !( auditInfoCertValue.equals( - ILogger.SIGNED_AUDIT_EMPTY_VALUE ) ) ) { + if (auditInfoCertValue != null) { + if (!(auditInfoCertValue.equals( + ILogger.SIGNED_AUDIT_EMPTY_VALUE))) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - ILogger.SIGNED_AUDIT_ACCEPTANCE, - auditInfoCertValue ); - - audit( auditMessage ); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + ILogger.SIGNED_AUDIT_ACCEPTANCE, + auditInfoCertValue); + + audit(auditMessage); } } } @@ -681,23 +680,23 @@ public class ConnectorServlet extends CMSServlet { replymsg.fromRequest(thisreq); CMS.debug("ConnectorServlet: replymsg.reqStatus=" + - replymsg.getReqStatus()); + replymsg.getReqStatus()); - //for audit log + // for audit log String agentID = sourceUserId; String initiative = AuditFormat.FROMRA + " trustedManagerID: " + - agentID + " remote reqID " + msg.getReqId(); + agentID + " remote reqID " + msg.getReqId(); String authMgr = AuditFormat.NOAUTH; if (token != null) { - authMgr = + authMgr = token.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); } if (isProfileRequest(thisreq)) { // XXX audit log - CMS.debug("ConnectorServlet: done requestId=" + - thisreq.getRequestId().toString()); + CMS.debug("ConnectorServlet: done requestId=" + + thisreq.getRequestId().toString()); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -710,9 +709,9 @@ public class ConnectorServlet extends CMSServlet { audit(auditMessage); - // NOTE: The signed audit event - // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST - // has already been logged at this point! + // NOTE: The signed audit event + // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST + // has already been logged at this point! return replymsg; } @@ -724,32 +723,32 @@ public class ConnectorServlet extends CMSServlet { if (!thisreq.getRequestStatus().equals(RequestStatus.COMPLETE)) { if (x509Info != null) { for (int i = 0; i < x509Info.length; i++) { - mLogger.log(ILogger.EV_AUDIT, + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + thisreq.getRequestType(), + thisreq.getRequestId(), + initiative, + authMgr, + thisreq.getRequestStatus(), + x509Info[i].get(X509CertInfo.SUBJECT), + "" } + ); + } + } else { + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, AuditFormat.LEVEL, - AuditFormat.FORMAT, + AuditFormat.NODNFORMAT, new Object[] { - thisreq.getRequestType(), - thisreq.getRequestId(), - initiative, - authMgr, - thisreq.getRequestStatus(), - x509Info[i].get(X509CertInfo.SUBJECT), - ""} - ); - } - } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - thisreq.getRequestType(), - thisreq.getRequestId(), - initiative, - authMgr, - thisreq.getRequestStatus()} - ); + thisreq.getRequestType(), + thisreq.getRequestId(), + initiative, + authMgr, + thisreq.getRequestStatus() } + ); } } else { if (thisreq.getRequestType().equals(IRequest.ENROLLMENT_REQUEST)) { @@ -761,40 +760,40 @@ public class ConnectorServlet extends CMSServlet { x509Certs = thisreq.getExtDataInCertArray(IRequest.ISSUED_CERTS); - // return potentially more than one certificates. + // return potentially more than one certificates. if (x509Certs != null) { for (int i = 0; i < x509Certs.length; i++) { - mLogger.log(ILogger.EV_AUDIT, + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + thisreq.getRequestType(), + thisreq.getRequestId(), + initiative, + authMgr, + "completed", + x509Certs[i].getSubjectDN(), + "cert issued serial number: 0x" + + x509Certs[i].getSerialNumber().toString(16) } + ); + } + } else { + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, AuditFormat.LEVEL, - AuditFormat.FORMAT, + AuditFormat.NODNFORMAT, new Object[] { - thisreq.getRequestType(), - thisreq.getRequestId(), - initiative, - authMgr, - "completed", - x509Certs[i].getSubjectDN(), - "cert issued serial number: 0x" + - x509Certs[i].getSerialNumber().toString(16)} - ); - } - } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - thisreq.getRequestType(), - thisreq.getRequestId(), - initiative, - authMgr, - "completed"} - ); + thisreq.getRequestType(), + thisreq.getRequestId(), + initiative, + authMgr, + "completed" } + ); } } else if (thisreq.getRequestType().equals(IRequest.RENEWAL_REQUEST)) { X509CertImpl[] certs = - thisreq.getExtDataInCertArray(IRequest.OLD_CERTS); + thisreq.getExtDataInCertArray(IRequest.OLD_CERTS); X509CertImpl old_cert = certs[0]; certs = thisreq.getExtDataInCertArray(IRequest.ISSUED_CERTS); @@ -802,36 +801,36 @@ public class ConnectorServlet extends CMSServlet { if (old_cert != null && renewed_cert != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.RENEWALFORMAT, - new Object[] { - thisreq.getRequestId(), - initiative, - authMgr, - "completed", - old_cert.getSubjectDN(), - old_cert.getSerialNumber().toString(16), - "new serial number: 0x" + - renewed_cert.getSerialNumber().toString(16)} - ); + AuditFormat.LEVEL, + AuditFormat.RENEWALFORMAT, + new Object[] { + thisreq.getRequestId(), + initiative, + authMgr, + "completed", + old_cert.getSubjectDN(), + old_cert.getSerialNumber().toString(16), + "new serial number: 0x" + + renewed_cert.getSerialNumber().toString(16) } + ); } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - thisreq.getRequestType(), - thisreq.getRequestId(), - initiative, - authMgr, - "completed with error"} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.NODNFORMAT, + new Object[] { + thisreq.getRequestType(), + thisreq.getRequestId(), + initiative, + authMgr, + "completed with error" } + ); } } else if (thisreq.getRequestType().equals(IRequest.REVOCATION_REQUEST)) { Certificate[] oldCerts = - thisreq.getExtDataInCertArray(IRequest.OLD_CERTS); + thisreq.getExtDataInCertArray(IRequest.OLD_CERTS); RevokedCertImpl crlentries[] = - thisreq.getExtDataInRevokedCertArray(IRequest.REVOKED_CERTS); + thisreq.getExtDataInRevokedCertArray(IRequest.REVOKED_CERTS); CRLExtensions crlExts = crlentries[0].getExtensions(); int reason = 0; @@ -839,7 +838,7 @@ public class ConnectorServlet extends CMSServlet { Enumeration<Extension> enum1 = crlExts.getElements(); while (enum1.hasMoreElements()) { - Extension ext = enum1.nextElement(); + Extension ext = enum1.nextElement(); if (ext instanceof CRLReasonExtension) { reason = ((CRLReasonExtension) ext).getReason().toInt(); @@ -853,7 +852,7 @@ public class ConnectorServlet extends CMSServlet { if (result.equals(IRequest.RES_ERROR)) { String[] svcErrors = - thisreq.getExtDataInStringArray(IRequest.SVCERRORS); + thisreq.getExtDataInStringArray(IRequest.SVCERRORS); if (svcErrors != null && svcErrors.length > 0) { for (int i = 0; i < svcErrors.length; i++) { @@ -866,18 +865,18 @@ public class ConnectorServlet extends CMSServlet { X509CertImpl cert = (X509CertImpl) oldCerts[j]; mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - thisreq.getRequestId(), - initiative, - "completed with error: " + - err, - cert.getSubjectDN(), - cert.getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + thisreq.getRequestId(), + initiative, + "completed with error: " + + err, + cert.getSubjectDN(), + cert.getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString() } + ); } } } @@ -892,32 +891,32 @@ public class ConnectorServlet extends CMSServlet { X509CertImpl cert = (X509CertImpl) oldCerts[j]; mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - thisreq.getRequestId(), - initiative, - "completed", - cert.getSubjectDN(), - cert.getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + thisreq.getRequestId(), + initiative, + "completed", + cert.getSubjectDN(), + cert.getSerialNumber().toString(16), + RevocationReason.fromInt(reason).toString() } + ); } } } } } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - thisreq.getRequestType(), - thisreq.getRequestId(), - initiative, - authMgr, - "completed"} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.NODNFORMAT, + new Object[] { + thisreq.getRequestType(), + thisreq.getRequestId(), + initiative, + authMgr, + "completed" } + ); } } @@ -974,9 +973,9 @@ public class ConnectorServlet extends CMSServlet { SessionContext.releaseContext(); } - // NOTE: The signed audit event - // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST - // has already been logged at this point! + // NOTE: The signed audit event + // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST + // has already been logged at this point! return replymsg; } catch (EBaseException e) { @@ -991,17 +990,17 @@ public class ConnectorServlet extends CMSServlet { audit(auditMessage); - // NOTE: The signed audit event - // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST - // has either already been logged, or - // does not yet matter at this point! + // NOTE: The signed audit event + // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST + // has either already been logged, or + // does not yet matter at this point! return replymsg; } } protected X509Certificate - getPeerCert(HttpServletRequest req) throws EBaseException { + getPeerCert(HttpServletRequest req) throws EBaseException { return getSSLClientCertificate(req); } @@ -1011,11 +1010,11 @@ public class ConnectorServlet extends CMSServlet { /** * Signed Audit Log - * - * This method is inherited by all extended "CMSServlet"s, - * and is called to store messages to the signed audit log. + * + * This method is inherited by all extended "CMSServlet"s, and is called to + * store messages to the signed audit log. * <P> - * + * * @param msg signed audit log message */ protected void audit(String msg) { @@ -1027,20 +1026,19 @@ public class ConnectorServlet extends CMSServlet { } mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + null, + ILogger.S_SIGNED_AUDIT, + ILogger.LL_SECURITY, + msg); } /** * Signed Audit Log Profile ID - * - * This method is inherited by all extended "EnrollProfile"s, - * and is called to obtain the "ProfileID" for - * a signed audit log message. + * + * This method is inherited by all extended "EnrollProfile"s, and is called + * to obtain the "ProfileID" for a signed audit log message. * <P> - * + * * @return id string containing the signed audit log message ProfileID */ protected String auditProfileID() { @@ -1062,11 +1060,11 @@ public class ConnectorServlet extends CMSServlet { /** * Signed Audit Log Info Certificate Value - * + * * This method is called to obtain the certificate from the passed in * "X509CertImpl" for a signed audit log message. * <P> - * + * * @param request a Request containing an X509CertImpl * @return cert string containing the certificate */ @@ -1122,4 +1120,3 @@ public class ConnectorServlet extends CMSServlet { } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java b/pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java index 2a024c3a..7c5f1fea 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java @@ -40,17 +40,14 @@ import com.netscape.certsrv.request.IRequestQueue; import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; - - /** - * GenerateKeyPairServlet - * handles "server-side key pair generation" requests from the - * netkey RA. - * + * GenerateKeyPairServlet handles "server-side key pair generation" requests + * from the netkey RA. + * * @author Christina Fu (cfu) * @version $Revision$, $Date$ */ -//XXX add auditing later +// XXX add auditing later public class GenerateKeyPairServlet extends CMSServlet { /** @@ -68,7 +65,7 @@ public class GenerateKeyPairServlet extends CMSServlet { /** * Constructs GenerateKeyPair servlet. - * + * */ public GenerateKeyPairServlet() { super(); @@ -82,35 +79,29 @@ public class GenerateKeyPairServlet extends CMSServlet { if (authority != null) mAuthority = (IAuthority) CMS.getSubsystem(authority); - + mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); } /** * Returns serlvet information. - * + * * @return name of this servlet */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /* - * processServerSideKeyGen - - * handles netkey DRM serverside keygen. - * netkey operations: - * 1. generate keypair (archive user priv key) - * 2. unwrap des key with transport key, then url decode it - * 3. wrap user priv key with des key - * 4. send the following to RA: - * * des key wrapped(user priv key) - * * user public key - * (note: RA should have kek-wrapped des key from TKS) - * * recovery blob (used for recovery) + * processServerSideKeyGen - handles netkey DRM serverside keygen. netkey + * operations: 1. generate keypair (archive user priv key) 2. unwrap des key + * with transport key, then url decode it 3. wrap user priv key with des key + * 4. send the following to RA: * des key wrapped(user priv key) * user + * public key (note: RA should have kek-wrapped des key from TKS) * recovery + * blob (used for recovery) */ private void processServerSideKeyGen(HttpServletRequest req, - HttpServletResponse resp) throws EBaseException - { + HttpServletResponse resp) throws EBaseException { IRequestQueue queue = mAuthority.getRequestQueue(); IRequest thisreq = null; @@ -123,8 +114,8 @@ public class GenerateKeyPairServlet extends CMSServlet { String rCUID = req.getParameter("CUID"); String rUserid = req.getParameter("userid"); String rdesKeyString = req.getParameter("drm_trans_desKey"); - String rArchive = req.getParameter("archive"); - String rKeysize = req.getParameter("keysize"); + String rArchive = req.getParameter("archive"); + String rKeysize = req.getParameter("keysize"); if ((rCUID == null) || (rCUID.equals(""))) { CMS.debug("GenerateKeyPairServlet: processServerSideKeygen(): missing request parameter: CUID"); @@ -136,19 +127,19 @@ public class GenerateKeyPairServlet extends CMSServlet { missingParam = true; } - if ((rKeysize == null) || (rKeysize.equals(""))) { - rKeysize = "1024"; // default to 1024 - } + if ((rKeysize == null) || (rKeysize.equals(""))) { + rKeysize = "1024"; // default to 1024 + } if ((rdesKeyString == null) || - (rdesKeyString.equals(""))) { + (rdesKeyString.equals(""))) { CMS.debug("GenerateKeyPairServlet: processServerSideKeygen(): missing request parameter: DRM-transportKey-wrapped DES key"); missingParam = true; } if ((rArchive == null) || (rArchive.equals(""))) { CMS.debug("GenerateKeyPairServlet: processServerSideKeygen(): missing key archival flag 'archive' ,default to true"); - rArchive = "true"; + rArchive = "true"; } String selectedToken = null; @@ -160,17 +151,17 @@ public class GenerateKeyPairServlet extends CMSServlet { thisreq.setExtData(IRequest.NETKEY_ATTR_CUID, rCUID); thisreq.setExtData(IRequest.NETKEY_ATTR_USERID, rUserid); thisreq.setExtData(IRequest.NETKEY_ATTR_DRMTRANS_DES_KEY, rdesKeyString); - thisreq.setExtData(IRequest.NETKEY_ATTR_ARCHIVE_FLAG, rArchive); - thisreq.setExtData(IRequest.NETKEY_ATTR_KEY_SIZE, rKeysize); + thisreq.setExtData(IRequest.NETKEY_ATTR_ARCHIVE_FLAG, rArchive); + thisreq.setExtData(IRequest.NETKEY_ATTR_KEY_SIZE, rKeysize); - queue.processRequest( thisreq ); + queue.processRequest(thisreq); Integer result = thisreq.getExtDataInInteger(IRequest.RESULT); if (result != null) { - // sighs! tps thinks 0 is good, and DRM thinks 1 is good - if (result.intValue() == 1) - status = "0"; - else - status = result.toString(); + // sighs! tps thinks 0 is good, and DRM thinks 1 is good + if (result.intValue() == 1) + status = "0"; + else + status = result.toString(); } else status = "7"; @@ -184,40 +175,39 @@ public class GenerateKeyPairServlet extends CMSServlet { String wrappedPrivKeyString = ""; String publicKeyString = ""; - if( thisreq == null ) { - CMS.debug( "GenerateKeyPairServlet::processServerSideKeyGen() - " - + "thisreq is null!" ); - throw new EBaseException( "thisreq is null" ); + if (thisreq == null) { + CMS.debug("GenerateKeyPairServlet::processServerSideKeyGen() - " + + "thisreq is null!"); + throw new EBaseException("thisreq is null"); } publicKeyString = thisreq.getExtDataInString("public_key"); wrappedPrivKeyString = thisreq.getExtDataInString("wrappedUserPrivate"); - String ivString = thisreq.getExtDataInString("iv_s"); + String ivString = thisreq.getExtDataInString("iv_s"); /* - if (selectedToken == null) - status = "4"; - */ - if (!status.equals("0")) - value = "status="+status; + * if (selectedToken == null) status = "4"; + */ + if (!status.equals("0")) + value = "status=" + status; else { StringBuffer sb = new StringBuffer(); sb.append("status=0&"); - sb.append("wrapped_priv_key="); - sb.append(wrappedPrivKeyString); - sb.append("&iv_param="); - sb.append(ivString); + sb.append("wrapped_priv_key="); + sb.append(wrappedPrivKeyString); + sb.append("&iv_param="); + sb.append(ivString); sb.append("&public_key="); - sb.append(publicKeyString); + sb.append(publicKeyString); value = sb.toString(); } - CMS.debug("processServerSideKeyGen:outputString.encode " +value); + CMS.debug("processServerSideKeyGen:outputString.encode " + value); - try{ + try { resp.setContentLength(value.length()); - CMS.debug("GenerateKeyPairServlet:outputString.length " +value.length()); + CMS.debug("GenerateKeyPairServlet:outputString.length " + value.length()); OutputStream ooss = resp.getOutputStream(); ooss.write(value.getBytes()); ooss.flush(); @@ -227,20 +217,14 @@ public class GenerateKeyPairServlet extends CMSServlet { } } - - /* - - * For GenerateKeyPair: - * - * input: - * CUID=value0 - * trans-wrapped-desKey=value1 - * - * output: - * status=value0 - * publicKey=value1 - * desKey-wrapped-userPrivateKey=value2 - * proofOfArchival=value3 + /* + * + * For GenerateKeyPair: + * + * input: CUID=value0 trans-wrapped-desKey=value1 + * + * output: status=value0 publicKey=value1 + * desKey-wrapped-userPrivateKey=value2 proofOfArchival=value3 */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -258,7 +242,7 @@ public class GenerateKeyPairServlet extends CMSServlet { if (authzToken == null) { - try{ + try { resp.setContentType("text/html"); String value = "unauthorized="; CMS.debug("GenerateKeyPairServlet: Unauthorized"); @@ -268,7 +252,7 @@ public class GenerateKeyPairServlet extends CMSServlet { ooss.write(value.getBytes()); ooss.flush(); mRenderResult = false; - }catch (Exception e) { + } catch (Exception e) { CMS.debug("GenerateKeyPairServlet: " + e.toString()); } @@ -277,28 +261,28 @@ public class GenerateKeyPairServlet extends CMSServlet { } // begin Netkey serverSideKeyGen and archival - CMS.debug("GenerateKeyPairServlet: processServerSideKeyGen would be called"); - processServerSideKeyGen(req, resp); - return; + CMS.debug("GenerateKeyPairServlet: processServerSideKeyGen would be called"); + processServerSideKeyGen(req, resp); + return; // end Netkey functions } - /** XXX remember tocheck peer SSL cert and get RA id later - * + /** + * XXX remember tocheck peer SSL cert and get RA id later + * * Serves HTTP admin request. - * + * * @param req HTTP request * @param resp HTTP response */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { String scope = req.getParameter(Constants.OP_SCOPE); String op = req.getParameter(Constants.OP_TYPE); - super.service(req, resp); + super.service(req, resp); - } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java b/pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java index fa454bd6..758fb423 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java @@ -39,16 +39,14 @@ import com.netscape.certsrv.request.IRequestQueue; import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; - /** - * TokenKeyRecoveryServlet - * handles "key recovery service" requests from the + * TokenKeyRecoveryServlet handles "key recovery service" requests from the * netkey TPS - * + * * @author Christina Fu (cfu) * @version $Revision$, $Date$ */ -//XXX add auditing later +// XXX add auditing later public class TokenKeyRecoveryServlet extends CMSServlet { /** @@ -65,7 +63,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet { /** * Constructs TokenKeyRecovery servlet. - * + * */ public TokenKeyRecoveryServlet() { super(); @@ -79,25 +77,25 @@ public class TokenKeyRecoveryServlet extends CMSServlet { if (authority != null) mAuthority = (IAuthority) CMS.getSubsystem(authority); - + mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); } /** * Returns serlvet information. - * + * * @return name of this servlet */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } - /** + /** * Process the HTTP request. - * + * * @param s The URL to decode */ - protected String URLdecode(String s) { + protected String URLdecode(String s) { if (s == null) return null; ByteArrayOutputStream out = new ByteArrayOutputStream(s.length()); @@ -117,39 +115,30 @@ public class TokenKeyRecoveryServlet extends CMSServlet { } } // end for return out.toString(); - } + } /* - * processTokenKeyRecovery - * handles netkey key recovery requests - * input params are: - * CUID - the CUID of the old token where the keys/certs were initially for - * userid - the userid that belongs to both the old token and the new token - * drm_trans_desKey - the des key generated for the NEW token - * wrapped with DRM transport key - * cert - the user cert corresponding to the key to be recovered - * - * operations: - * 1. unwrap des key with transport key, then url decode it - * 2. retrieve user private key - * 3. wrap user priv key with des key - * 4. send the following to RA: - * * des key wrapped(user priv key) - * (note: RA should have kek-wrapped des key from TKS) - * * recovery blob (used for recovery) - * - * output params are: - * status=value0 - * publicKey=value1 - * desKey-wrapped-userPrivateKey=value2 + * processTokenKeyRecovery handles netkey key recovery requests input params + * are: CUID - the CUID of the old token where the keys/certs were initially + * for userid - the userid that belongs to both the old token and the new + * token drm_trans_desKey - the des key generated for the NEW token wrapped + * with DRM transport key cert - the user cert corresponding to the key to + * be recovered + * + * operations: 1. unwrap des key with transport key, then url decode it 2. + * retrieve user private key 3. wrap user priv key with des key 4. send the + * following to RA: * des key wrapped(user priv key) (note: RA should have + * kek-wrapped des key from TKS) * recovery blob (used for recovery) + * + * output params are: status=value0 publicKey=value1 + * desKey-wrapped-userPrivateKey=value2 */ private void processTokenKeyRecovery(HttpServletRequest req, - HttpServletResponse resp) throws EBaseException - { + HttpServletResponse resp) throws EBaseException { IRequestQueue queue = mAuthority.getRequestQueue(); IRequest thisreq = null; - - // IConfigStore sconfig = CMS.getConfigStore(); + + // IConfigStore sconfig = CMS.getConfigStore(); boolean missingParam = false; String status = "0"; @@ -158,7 +147,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet { String rCUID = req.getParameter("CUID"); String rUserid = req.getParameter("userid"); String rdesKeyString = req.getParameter("drm_trans_desKey"); - String rCert = req.getParameter("cert"); + String rCert = req.getParameter("cert"); if ((rCUID == null) || (rCUID.equals(""))) { CMS.debug("TokenKeyRecoveryServlet: processTokenKeyRecovery(): missing request parameter: CUID"); @@ -171,7 +160,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet { } if ((rdesKeyString == null) || - (rdesKeyString.equals(""))) { + (rdesKeyString.equals(""))) { CMS.debug("TokenKeyRecoveryServlet: processTokenKeyRecovery(): missing request parameter: DRM-transportKey-wrapped des key"); missingParam = true; } @@ -192,18 +181,18 @@ public class TokenKeyRecoveryServlet extends CMSServlet { thisreq.setExtData(IRequest.NETKEY_ATTR_DRMTRANS_DES_KEY, rdesKeyString); thisreq.setExtData(IRequest.NETKEY_ATTR_USER_CERT, rCert); - //XXX auto process for netkey - queue.processRequest( thisreq ); - // IService svc = (IService) new TokenKeyRecoveryService(kra); - // svc.serviceRequest(thisreq); + // XXX auto process for netkey + queue.processRequest(thisreq); + // IService svc = (IService) new TokenKeyRecoveryService(kra); + // svc.serviceRequest(thisreq); Integer result = thisreq.getExtDataInInteger(IRequest.RESULT); if (result != null) { - // sighs! tps thinks 0 is good, and drm thinks 1 is good - if (result.intValue() == 1) - status ="0"; - else - status = result.toString(); + // sighs! tps thinks 0 is good, and drm thinks 1 is good + if (result.intValue() == 1) + status = "0"; + else + status = result.toString(); } else status = "7"; @@ -218,25 +207,25 @@ public class TokenKeyRecoveryServlet extends CMSServlet { String wrappedPrivKeyString = ""; String publicKeyString = ""; String ivString = ""; - /* if is RECOVERY_PROTOTYPE - String recoveryBlobString = ""; - - IKeyRecord kr = (IKeyRecord) thisreq.get("keyRecord"); - byte publicKey_b[] = kr.getPublicKeyData(); - - BigInteger serialNo = kr.getSerialNumber(); - - String serialNumberString = - com.netscape.cmsutil.util.Utils.SpecialEncode(serialNo.toByteArray()); - - recoveryBlobString = (String) - thisreq.get("recoveryBlob"); - */ - - if( thisreq == null ) { - CMS.debug( "TokenKeyRecoveryServlet::processTokenKeyRecovery() - " - + "thisreq is null!" ); - throw new EBaseException( "thisreq is null" ); + /* + * if is RECOVERY_PROTOTYPE String recoveryBlobString = ""; + * + * IKeyRecord kr = (IKeyRecord) thisreq.get("keyRecord"); byte + * publicKey_b[] = kr.getPublicKeyData(); + * + * BigInteger serialNo = kr.getSerialNumber(); + * + * String serialNumberString = + * com.netscape.cmsutil.util.Utils.SpecialEncode + * (serialNo.toByteArray()); + * + * recoveryBlobString = (String) thisreq.get("recoveryBlob"); + */ + + if (thisreq == null) { + CMS.debug("TokenKeyRecoveryServlet::processTokenKeyRecovery() - " + + "thisreq is null!"); + throw new EBaseException("thisreq is null"); } publicKeyString = thisreq.getExtDataInString("public_key"); @@ -244,11 +233,10 @@ public class TokenKeyRecoveryServlet extends CMSServlet { ivString = thisreq.getExtDataInString("iv_s"); /* - if (selectedToken == null) - status = "4"; - */ - if (!status.equals("0")) - value = "status="+status; + * if (selectedToken == null) status = "4"; + */ + if (!status.equals("0")) + value = "status=" + status; else { StringBuffer sb = new StringBuffer(); sb.append("status=0&"); @@ -259,13 +247,13 @@ public class TokenKeyRecoveryServlet extends CMSServlet { sb.append("&iv_param="); sb.append(ivString); value = sb.toString(); - + } - CMS.debug("ProcessTokenKeyRecovery:outputString.encode " +value); + CMS.debug("ProcessTokenKeyRecovery:outputString.encode " + value); - try{ + try { resp.setContentLength(value.length()); - CMS.debug("TokenKeyRecoveryServlet:outputString.length " +value.length()); + CMS.debug("TokenKeyRecoveryServlet:outputString.length " + value.length()); OutputStream ooss = resp.getOutputStream(); ooss.write(value.getBytes()); ooss.flush(); @@ -275,19 +263,13 @@ public class TokenKeyRecoveryServlet extends CMSServlet { } } - - /* - * For TokenKeyRecovery - * - * input: - * CUID=value0 - * trans-wrapped-desKey=value1 - * - * output: - * status=value0 - * publicKey=value1 - * desKey-wrapped-userPrivateKey=value2 - * proofOfArchival=value3 + /* + * For TokenKeyRecovery + * + * input: CUID=value0 trans-wrapped-desKey=value1 + * + * output: status=value0 publicKey=value1 + * desKey-wrapped-userPrivateKey=value2 proofOfArchival=value3 */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -305,7 +287,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet { if (authzToken == null) { - try{ + try { resp.setContentType("text/html"); String value = "unauthorized="; CMS.debug("TokenKeyRecoveryServlet: Unauthorized"); @@ -315,7 +297,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet { ooss.write(value.getBytes()); ooss.flush(); mRenderResult = false; - }catch (Exception e) { + } catch (Exception e) { CMS.debug("TokenKeyRecoveryServlet: " + e.toString()); } @@ -324,28 +306,28 @@ public class TokenKeyRecoveryServlet extends CMSServlet { } // begin Netkey serverSideKeyGen and archival - CMS.debug("TokenKeyRecoveryServlet: processTokenKeyRecovery would be called"); - processTokenKeyRecovery(req, resp); - return; + CMS.debug("TokenKeyRecoveryServlet: processTokenKeyRecovery would be called"); + processTokenKeyRecovery(req, resp); + return; // end Netkey functions } - /** XXX remember to check peer SSL cert and get RA id later - * + /** + * XXX remember to check peer SSL cert and get RA id later + * * Serves HTTP admin request. - * + * * @param req HTTP request * @param resp HTTP response */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { String scope = req.getParameter(Constants.OP_SCOPE); String op = req.getParameter(Constants.OP_TYPE); - super.service(req, resp); + super.service(req, resp); - } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java index a2509287..8482e71b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.util.StringTokenizer; @@ -41,19 +40,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class AdminAuthenticatePanel extends WizardPanelBase { - public AdminAuthenticatePanel() {} + public AdminAuthenticatePanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Admin Authentication"); } public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + throws ServletException { setPanelNo(panelno); setName("Admin Authentication"); setId(id); @@ -62,24 +62,24 @@ public class AdminAuthenticatePanel extends WizardPanelBase { public boolean isSubPanel() { return true; } - + /** * Should we skip this panel for the configuration. */ public boolean shouldSkip() { CMS.debug("AdminAuthenticatePanel: should skip"); - + IConfigStore cs = CMS.getConfigStore(); // if we are root, no need to get the certificate chain. - + try { - String select = cs.getString("preop.subsystem.select",""); + String select = cs.getString("preop.subsystem.select", ""); if (select.equals("new")) { return true; } } catch (EBaseException e) { } - + return false; } @@ -103,15 +103,16 @@ public class AdminAuthenticatePanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -125,12 +126,12 @@ public class AdminAuthenticatePanel extends WizardPanelBase { IConfigStore config = CMS.getConfigStore(); if (isPanelDone()) { - + try { String s = config.getString("preop.master.admin.uid", ""); String type = config.getString("preop.subsystem.select", ""); if (type.equals("clone")) - context.put("uid", s); + context.put("uid", s); else context.put("uid", ""); } catch (Exception e) { @@ -170,7 +171,7 @@ public class AdminAuthenticatePanel extends WizardPanelBase { cstype = toLowerCaseSubsystemType(cstype); if (subsystemtype.equals("clone")) { - CMS.debug("AdminAuthenticatePanel: this is the clone subsystem"); + CMS.debug("AdminAuthenticatePanel: this is the clone subsystem"); String uid = HttpInput.getUID(request, "uid"); if (uid == null) { context.put("errorString", "Uid is empty"); @@ -185,7 +186,7 @@ public class AdminAuthenticatePanel extends WizardPanelBase { try { host = config.getString("preop.master.hostname"); } catch (Exception e) { - CMS.debug("AdminAuthenticatePanel update: "+e.toString()); + CMS.debug("AdminAuthenticatePanel update: " + e.toString()); context.put("errorString", "Missing hostname for master"); throw new IOException("Missing hostname"); } @@ -193,7 +194,7 @@ public class AdminAuthenticatePanel extends WizardPanelBase { try { httpsport = config.getInteger("preop.master.httpsadminport"); } catch (Exception e) { - CMS.debug("AdminAuthenticatePanel update: "+e.toString()); + CMS.debug("AdminAuthenticatePanel update: " + e.toString()); context.put("errorString", "Missing port for master"); throw new IOException("Missing port"); } @@ -235,10 +236,10 @@ public class AdminAuthenticatePanel extends WizardPanelBase { c1.append("cloning."); c1.append(t1); c1.append(".pubkey.encoded"); - - if (s1.length()!=0) + + if (s1.length() != 0) s1.append(","); - + s1.append(cstype); s1.append("."); s1.append(t1); @@ -248,11 +249,11 @@ public class AdminAuthenticatePanel extends WizardPanelBase { c1.append(",preop.ca.hostname,preop.ca.httpport,preop.ca.httpsport,preop.ca.list,preop.ca.pkcs7,preop.ca.type"); } - String content = "uid="+uid+"&pwd="+pwd+"&op=get&names=cloning.module.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,internaldb.replication.password,internaldb.ldapconn.host,internaldb.ldapconn.port,internaldb.ldapauth.bindDN"+c1.toString()+"&substores="+s1.toString(); + String content = "uid=" + uid + "&pwd=" + pwd + "&op=get&names=cloning.module.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,internaldb.replication.password,internaldb.ldapconn.host,internaldb.ldapconn.port,internaldb.ldapauth.bindDN" + c1.toString() + "&substores=" + s1.toString(); boolean success = updateConfigEntries(host, httpsport, true, - "/"+cstype+"/admin/"+cstype+"/getConfigEntries", content, config, - response); + "/" + cstype + "/admin/" + cstype + "/getConfigEntries", content, config, + response); try { config.commit(false); @@ -285,16 +286,15 @@ public class AdminAuthenticatePanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) - { + HttpServletResponse response, + Context context) { context.put("title", "Admin Authentication"); context.put("password", ""); context.put("panel", "admin/console/config/adminauthenticatepanel.vm"); } private boolean isCertdbCloned(HttpServletRequest request, - Context context) { + Context context) { IConfigStore config = CMS.getConfigStore(); String certList = ""; try { @@ -306,13 +306,13 @@ public class AdminAuthenticatePanel extends WizardPanelBase { String tokenname = config.getString("preop.module.token", ""); CryptoToken tok = cm.getTokenByName(tokenname); CryptoStore store = tok.getCryptoStore(); - String name1 = "preop.master."+token+".nickname"; + String name1 = "preop.master." + token + ".nickname"; String nickname = config.getString(name1, ""); if (!tokenname.equals("Internal Key Storage Token") && - !tokenname.equals("internal")) - nickname = tokenname+":"+nickname; + !tokenname.equals("internal")) + nickname = tokenname + ":" + nickname; - CMS.debug("AdminAuthenticatePanel isCertdbCloned: "+nickname); + CMS.debug("AdminAuthenticatePanel isCertdbCloned: " + nickname); X509Certificate cert = cm.findCertByNickname(nickname); if (cert == null) return false; diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java index 78bb9485..c865741c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.File; @@ -70,13 +69,14 @@ public class AdminPanel extends WizardPanelBase { private static final String ADMIN_UID = "admin"; private final static String CERT_TAG = "admin"; - public AdminPanel() {} + public AdminPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Administrator"); } @@ -101,27 +101,37 @@ public class AdminPanel extends WizardPanelBase { } else { return true; } - } catch (Exception e) {} + } catch (Exception e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - - Descriptor emailDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */ + + Descriptor emailDesc = new Descriptor(IDescriptor.STRING, null, /* + * no + * constraint + */ null, /* no default parameter */ "Email address for an administrator"); set.add("admin_email", emailDesc); - Descriptor pwdDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */ + Descriptor pwdDesc = new Descriptor(IDescriptor.STRING, null, /* + * no + * constraint + */ null, /* no default parameter */ "Administrator's password"); set.add("pwd", pwdDesc); - Descriptor pwdAgainDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */ + Descriptor pwdAgainDesc = new Descriptor(IDescriptor.STRING, null, /* + * no + * constraint + */ null, /* no default parameter */ "Administrator's password again"); @@ -152,7 +162,8 @@ public class AdminPanel extends WizardPanelBase { try { type = cs.getString("preop.ca.type", ""); subsystemtype = cs.getString("cs.type", ""); - } catch (Exception e) {} + } catch (Exception e) { + } if (isPanelDone()) { try { @@ -161,11 +172,12 @@ public class AdminPanel extends WizardPanelBase { context.put("admin_pwd", ""); context.put("admin_pwd_again", ""); context.put("admin_uid", cs.getString("preop.admin.uid")); - } catch (Exception e) {} + } catch (Exception e) { + } } else { String def_admin_name = ""; try { - def_admin_name = cs.getString("cs.type") + " Administrator of Instance " + cs.getString("instanceId"); + def_admin_name = cs.getString("cs.type") + " Administrator of Instance " + cs.getString("instanceId"); } catch (EBaseException e) { } context.put("admin_name", def_admin_name); @@ -176,7 +188,7 @@ public class AdminPanel extends WizardPanelBase { } ISubsystem ca = (ISubsystem) CMS.getSubsystem("ca"); - if (ca == null) { + if (ca == null) { context.put("ca", "false"); } else { context.put("ca", "true"); @@ -186,13 +198,14 @@ public class AdminPanel extends WizardPanelBase { String domainname = ""; try { domainname = cs.getString("securitydomain.name", ""); - } catch (EBaseException e1) {} + } catch (EBaseException e1) { + } context.put("securityDomain", domainname); context.put("title", "Administrator"); context.put("panel", "admin/console/config/adminpanel.vm"); context.put("errorString", ""); context.put("info", info); - + } /** @@ -200,8 +213,7 @@ public class AdminPanel extends WizardPanelBase { */ public void validate(HttpServletRequest request, HttpServletResponse response, - Context context) throws IOException - { + Context context) throws IOException { String pwd = HttpInput.getPassword(request, "__pwd"); String pwd_again = HttpInput.getPassword(request, "__admin_password_again"); String email = HttpInput.getEmail(request, "email"); @@ -256,13 +268,14 @@ public class AdminPanel extends WizardPanelBase { try { type = config.getString(PRE_CA_TYPE, ""); subsystemtype = config.getString("cs.type", ""); - security_domain_type = config.getString("securitydomain.select",""); + security_domain_type = config.getString("securitydomain.select", ""); selected_hierarchy = config.getString("preop.hierarchy.select", ""); - } catch (Exception e) {} + } catch (Exception e) { + } ISubsystem ca = (ISubsystem) CMS.getSubsystem("ca"); - if (ca == null) { + if (ca == null) { context.put("ca", "false"); } else { context.put("ca", "true"); @@ -286,13 +299,13 @@ public class AdminPanel extends WizardPanelBase { throw e; } - // REMINDER: This panel is NOT used by "clones" - if( ca != null ) { - if( selected_hierarchy.equals( "root" ) ) { - CMS.debug( "AdminPanel update: " + // REMINDER: This panel is NOT used by "clones" + if (ca != null) { + if (selected_hierarchy.equals("root")) { + CMS.debug("AdminPanel update: " + "Root CA subsystem"); } else { - CMS.debug( "AdminPanel update: " + CMS.debug("AdminPanel update: " + "Subordinate CA subsystem"); } @@ -309,10 +322,10 @@ public class AdminPanel extends WizardPanelBase { String ca_hostname = null; int ca_port = -1; - // REMINDER: This panel is NOT used by "clones" - CMS.debug( "AdminPanel update: " + // REMINDER: This panel is NOT used by "clones" + CMS.debug("AdminPanel update: " + subsystemtype - + " subsystem" ); + + " subsystem"); if (type.equals("sdca")) { try { @@ -339,10 +352,11 @@ public class AdminPanel extends WizardPanelBase { try { config.commit(false); - } catch (Exception e) {} + } catch (Exception e) { + } context.put("updateStatus", "success"); - + } private void createAdmin(HttpServletRequest request) throws IOException { @@ -459,13 +473,15 @@ public class AdminPanel extends WizardPanelBase { try { sd_hostname = config.getString("securitydomain.host", ""); sd_port = config.getInteger("securitydomain.httpseeport"); - } catch (Exception e) {} + } catch (Exception e) { + } String profileId = HttpInput.getID(request, "profileId"); if (profileId == null) { try { profileId = config.getString("preop.admincert.profile", "caAdminCert"); - } catch (Exception e) {} + } catch (Exception e) { + } } String cert_request_type = HttpInput.getID(request, "cert_request_type"); @@ -474,7 +490,7 @@ public class AdminPanel extends WizardPanelBase { String session_id = CMS.getConfigSDSessionId(); String subjectDN = HttpInput.getString(request, "subject"); - String content = "profileId="+profileId+"&cert_request_type="+cert_request_type+"&cert_request="+cert_request+"&xmlOutput=true&sessionID="+session_id+"&subject="+subjectDN; + String content = "profileId=" + profileId + "&cert_request_type=" + cert_request_type + "&cert_request=" + cert_request + "&xmlOutput=true&sessionID=" + session_id + "&subject=" + subjectDN; HttpClient httpclient = new HttpClient(); String c = null; @@ -497,7 +513,7 @@ public class AdminPanel extends WizardPanelBase { c = httpresponse.getContent(); CMS.debug("AdminPanel submitRequest: content=" + c); - + // retrieve the request Id ad admin certificate if (c != null) { try { @@ -508,15 +524,15 @@ public class AdminPanel extends WizardPanelBase { try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "AdminPanel::submitRequest() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("AdminPanel::submitRequest() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); CMS.debug("AdminPanel update: status=" + status); if (status.equals("2")) { - //relogin to the security domain + // relogin to the security domain reloginSecurityDomain(response); return; } else if (!status.equals("0")) { @@ -525,7 +541,7 @@ public class AdminPanel extends WizardPanelBase { context.put("errorString", error); throw new IOException(error); } - + IConfigStore cs = CMS.getConfigStore(); String id = parser.getValue("Id"); @@ -539,7 +555,7 @@ public class AdminPanel extends WizardPanelBase { + File.separator + "admin.b64"; cs.putString("preop.admincert.b64", dir); - PrintStream ps = new PrintStream(new FileOutputStream(dir)); + PrintStream ps = new PrintStream(new FileOutputStream(dir)); ps.println(b64); ps.flush(); @@ -564,9 +580,9 @@ public class AdminPanel extends WizardPanelBase { String cert_request_type = HttpInput.getID(request, "cert_request_type"); IConfigStore cs = CMS.getConfigStore(); - if( cs == null ) { - CMS.debug( "AdminPanel::createAdminCertificate() - cs is null!" ); - throw new IOException( "cs is null" ); + if (cs == null) { + CMS.debug("AdminPanel::createAdminCertificate() - cs is null!"); + throw new IOException("cs is null"); } String subject = ""; @@ -582,10 +598,10 @@ public class AdminPanel extends WizardPanelBase { "AdminPanel createAdminCertificate: Exception=" + e.toString()); } - // this request is from IE. The VBScript has problem of generating - // certificate request if the subject name has E and UID components. - // For now, we always hardcoded the subject DN to be cn=NAME in - // the IE browser. + // this request is from IE. The VBScript has problem of generating + // certificate request if the subject name has E and UID components. + // For now, we always hardcoded the subject DN to be cn=NAME in + // the IE browser. } else if (cert_request_type.equals("pkcs10")) { try { byte[] b = CMS.AtoB(cert_request); @@ -594,33 +610,33 @@ public class AdminPanel extends WizardPanelBase { x509key = pkcs10.getSubjectPublicKeyInfo(); } catch (Exception e) { CMS.debug("AdminPanel createAdminCertificate: Exception=" - + e.toString()); + + e.toString()); } } - if( x509key == null ) { - CMS.debug( "AdminPanel::createAdminCertificate() - x509key is null!" ); - throw new IOException( "x509key is null" ); + if (x509key == null) { + CMS.debug("AdminPanel::createAdminCertificate() - x509key is null!"); + throw new IOException("x509key is null"); } try { cs.putString(PCERT_PREFIX + CERT_TAG + ".dn", subject); String caType = cs.getString(PCERT_PREFIX + CERT_TAG + ".type", "local"); X509CertImpl impl = CertUtil.createLocalCert(cs, x509key, - PCERT_PREFIX, CERT_TAG, caType, context); + PCERT_PREFIX, CERT_TAG, caType, context); // update the locally created request for renewal - CertUtil.updateLocalRequest(cs, CERT_TAG, cert_request,cert_request_type, subject); + CertUtil.updateLocalRequest(cs, CERT_TAG, cert_request, cert_request_type, subject); ISubsystem ca = (ISubsystem) CMS.getSubsystem("ca"); if (ca != null) { createPKCS7(impl); } cs.putString("preop.admincert.serialno.0", - impl.getSerialNumber().toString(16)); + impl.getSerialNumber().toString(16)); } catch (Exception e) { CMS.debug("AdminPanel createAdminCertificate: Exception=" - + e.toString()); + + e.toString()); } } @@ -640,8 +656,9 @@ public class AdminPanel extends WizardPanelBase { try { type = cs.getString("preop.ca.type", ""); - } catch (Exception e) {} - if (ca == null && type.equals("otherca")) { + } catch (Exception e) { + } + if (ca == null && type.equals("otherca")) { info = "Since you do not join the Redhat CA network, the administrator's certificate will not be generated automatically."; } context.put("info", info); @@ -655,7 +672,7 @@ public class AdminPanel extends WizardPanelBase { public boolean shouldSkip() { try { IConfigStore c = CMS.getConfigStore(); - String s = c.getString("preop.subsystem.select",null); + String s = c.getString("preop.subsystem.select", null); if (s != null && s.equals("clone")) { return true; } @@ -665,11 +682,10 @@ public class AdminPanel extends WizardPanelBase { return false; } - private void createPKCS7(X509CertImpl cert) { try { IConfigStore cs = CMS.getConfigStore(); - ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca"); + ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca"); CertificateChain cachain = ca.getCACertChain(); X509Certificate[] cacerts = cachain.getChain(); X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1]; @@ -681,7 +697,7 @@ public class AdminPanel extends WizardPanelBase { userChain[0] = cert; PKCS7 p7 = new PKCS7(new AlgorithmId[0], - new ContentInfo(new byte[0]), userChain, new SignerInfo[0]); + new ContentInfo(new byte[0]), userChain, new SignerInfo[0]); ByteArrayOutputStream bos = new ByteArrayOutputStream(); p7.encodeSignedData(bos); @@ -689,7 +705,7 @@ public class AdminPanel extends WizardPanelBase { String p7Str = CMS.BtoA(p7Bytes); cs.putString("preop.admincert.pkcs7", CryptoUtil.normalizeCertStr(p7Str)); } catch (Exception e) { - CMS.debug("AdminPanel createPKCS7: Failed to create pkcs7 file. Exception: "+e.toString()); + CMS.debug("AdminPanel createPKCS7: Failed to create pkcs7 file. Exception: " + e.toString()); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java index a62b22b7..4e2ab363 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import javax.servlet.ServletConfig; @@ -36,19 +35,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class AgentAuthenticatePanel extends WizardPanelBase { - public AgentAuthenticatePanel() {} + public AgentAuthenticatePanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Agent Authentication"); } public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + throws ServletException { setPanelNo(panelno); setName("Agent Authentication"); setId(id); @@ -57,18 +57,18 @@ public class AgentAuthenticatePanel extends WizardPanelBase { public boolean isSubPanel() { return true; } - + /** * Should we skip this panel for the configuration. */ public boolean shouldSkip() { CMS.debug("DisplayCertChainPanel: should skip"); - + IConfigStore cs = CMS.getConfigStore(); // if we are root, no need to get the certificate chain. - + try { - String select = cs.getString("securitydomain.select",""); + String select = cs.getString("securitydomain.select", ""); if (select.equals("new")) { return true; } @@ -78,7 +78,7 @@ public class AgentAuthenticatePanel extends WizardPanelBase { return true; } catch (EBaseException e) { } - + return false; } @@ -96,15 +96,16 @@ public class AgentAuthenticatePanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -118,14 +119,14 @@ public class AgentAuthenticatePanel extends WizardPanelBase { IConfigStore config = CMS.getConfigStore(); if (isPanelDone()) { - + try { String s = config.getString("preop.ca.agent.uid", ""); String type = config.getString("preop.hierarchy.select", ""); if (type.equals("root")) context.put("uid", ""); else - context.put("uid", s); + context.put("uid", s); } catch (Exception e) { CMS.debug(e.toString()); } @@ -143,8 +144,7 @@ public class AgentAuthenticatePanel extends WizardPanelBase { */ public void validate(HttpServletRequest request, HttpServletResponse response, - Context context) throws IOException - { + Context context) throws IOException { } /** @@ -182,34 +182,34 @@ public class AgentAuthenticatePanel extends WizardPanelBase { try { host = config.getString("preop.ca.hostname"); } catch (Exception e) { - CMS.debug("AgentAuthenticatePanel update: "+e.toString()); + CMS.debug("AgentAuthenticatePanel update: " + e.toString()); context.put("errorString", "Missing hostname"); throw new IOException("Missing hostname"); } - + try { httpsport = config.getInteger("preop.ca.httpsport"); } catch (Exception e) { - CMS.debug("AgentAuthenticatePanel update: "+e.toString()); + CMS.debug("AgentAuthenticatePanel update: " + e.toString()); context.put("errorString", "Missing port"); throw new IOException("Missing port"); } -/* - // Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from - // web.xml as part of CC interface review - boolean authenticated = authenticate(host, httpsport, true, - "/ca/ee/ca/checkIdentity", "uid="+uid+"&pwd="+pwd); - - if (!authenticated) { - context.put("errorString", "Wrong user id or password"); - throw new IOException("Wrong user id or password"); - } -*/ + /* + * // Bugzilla Bug #583825 - CC: Obsolete servlets to be removed + * from // web.xml as part of CC interface review boolean + * authenticated = authenticate(host, httpsport, true, + * "/ca/ee/ca/checkIdentity", "uid="+uid+"&pwd="+pwd); + * + * if (!authenticated) { context.put("errorString", + * "Wrong user id or password"); throw new + * IOException("Wrong user id or password"); } + */ try { config.commit(false); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } } } @@ -217,9 +217,8 @@ public class AgentAuthenticatePanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) - { + HttpServletResponse response, + Context context) { context.put("password", ""); context.put("title", "Agent Authentication"); context.put("panel", "admin/console/config/agentauthenticatepanel.vm"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AuthenticatePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AuthenticatePanel.java index ceab1d8d..6700b931 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AuthenticatePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AuthenticatePanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import javax.servlet.ServletConfig; @@ -36,19 +35,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class AuthenticatePanel extends WizardPanelBase { - public AuthenticatePanel() {} + public AuthenticatePanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Authentication"); } public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + throws ServletException { setPanelNo(panelno); setName("Authentication"); setId(id); @@ -62,21 +62,22 @@ public class AuthenticatePanel extends WizardPanelBase { public boolean isPanelDone() { IConfigStore cs = CMS.getConfigStore(); try { - String s = cs.getString("preop.ca.agent.uid",""); + String s = cs.getString("preop.ca.agent.uid", ""); if (s == null || s.equals("")) { return false; } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -90,14 +91,14 @@ public class AuthenticatePanel extends WizardPanelBase { IConfigStore config = CMS.getConfigStore(); if (isPanelDone()) { - + try { String s = config.getString("preop.ca.agent.uid", ""); String type = config.getString("preop.hierarchy.select", ""); if (type.equals("root")) context.put("uid", ""); else - context.put("uid", s); + context.put("uid", s); } catch (Exception e) { CMS.debug(e.toString()); } @@ -151,30 +152,31 @@ public class AuthenticatePanel extends WizardPanelBase { try { host = config.getString("preop.ca.hostname"); } catch (Exception e) { - CMS.debug("AuthenticatePanel update: "+e.toString()); + CMS.debug("AuthenticatePanel update: " + e.toString()); context.put("errorString", "Missing hostname"); throw new IOException("Missing hostname"); } - + try { httpsport = config.getInteger("preop.ca.httpsport"); } catch (Exception e) { - CMS.debug("AuthenticatePanel update: "+e.toString()); + CMS.debug("AuthenticatePanel update: " + e.toString()); context.put("errorString", "Missing port"); throw new IOException("Missing port"); } - boolean authenticated = authenticate(host, httpsport, true, - "/ca/ee/ca/configSubsystem", "uid="+uid+"&pwd="+pwd); + boolean authenticated = authenticate(host, httpsport, true, + "/ca/ee/ca/configSubsystem", "uid=" + uid + "&pwd=" + pwd); - if (!authenticated) { - context.put("errorString", "Wrong user id or password"); - throw new IOException("Wrong user id or password"); - } + if (!authenticated) { + context.put("errorString", "Wrong user id or password"); + throw new IOException("Wrong user id or password"); + } try { config.commit(false); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } } } @@ -182,9 +184,8 @@ public class AuthenticatePanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) - { + HttpServletResponse response, + Context context) { context.put("password", ""); context.put("panel", "admin/console/config/authenticatepanel.vm"); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java index 77977808..d7f35540 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.ByteArrayOutputStream; import java.io.CharConversionException; import java.io.IOException; @@ -71,19 +70,20 @@ import com.netscape.cmsutil.crypto.CryptoUtil; public class BackupKeyCertPanel extends WizardPanelBase { - public BackupKeyCertPanel() {} + public BackupKeyCertPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Export Keys and Certificates"); } public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + throws ServletException { setPanelNo(panelno); setName("Export Keys and Certificates"); setId(id); @@ -105,11 +105,11 @@ public class BackupKeyCertPanel extends WizardPanelBase { try { String s = cs.getString("preop.module.token", ""); - if (s.equals("Internal Key Storage Token")) + if (s.equals("Internal Key Storage Token")) return false; } catch (Exception e) { } - + return true; } @@ -122,15 +122,16 @@ public class BackupKeyCertPanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -170,7 +171,7 @@ public class BackupKeyCertPanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { String select = HttpInput.getID(request, "choice"); if (select.equals("backupkey")) { String pwd = request.getParameter("__pwd"); @@ -219,9 +220,8 @@ public class BackupKeyCertPanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) - { + HttpServletResponse response, + Context context) { String select = ""; try { select = HttpInput.getID(request, "choice"); @@ -242,8 +242,8 @@ public class BackupKeyCertPanel extends WizardPanelBase { context.put("panel", "admin/console/config/backupkeycertpanel.vm"); } - public void backupKeysCerts(HttpServletRequest request) - throws IOException { + public void backupKeysCerts(HttpServletRequest request) + throws IOException { CMS.debug("BackupKeyCertPanel backupKeysCerts: start"); IConfigStore cs = CMS.getConfigStore(); String certlist = ""; @@ -257,9 +257,9 @@ public class BackupKeyCertPanel extends WizardPanelBase { try { cm = CryptoManager.getInstance(); } catch (Exception e) { - CMS.debug( "BackupKeyCertPanel::backupKeysCerts() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("BackupKeyCertPanel::backupKeysCerts() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String pwd = request.getParameter("__pwd"); @@ -273,12 +273,12 @@ public class BackupKeyCertPanel extends WizardPanelBase { String nickname = ""; String modname = ""; try { - nickname = cs.getString("preop.cert."+t+".nickname"); + nickname = cs.getString("preop.cert." + t + ".nickname"); modname = cs.getString("preop.module.token"); } catch (Exception e) { } if (!modname.equals("Internal Key Storage Token")) - nickname = modname+":"+nickname; + nickname = modname + ":" + nickname; X509Certificate x509cert = null; byte localKeyId[] = null; @@ -288,7 +288,7 @@ public class BackupKeyCertPanel extends WizardPanelBase { } catch (IOException e) { throw e; } catch (Exception e) { - CMS.debug("BackupKeyCertPanel: Exception="+e.toString()); + CMS.debug("BackupKeyCertPanel: Exception=" + e.toString()); throw new IOException("Failed to create pkcs12 file."); } @@ -296,22 +296,22 @@ public class BackupKeyCertPanel extends WizardPanelBase { PrivateKey pkey = cm.findPrivKeyByCert(x509cert); addKeyBag(pkey, x509cert, pass, localKeyId, encSafeContents); } catch (Exception e) { - CMS.debug("BackupKeyCertPanel: Exception="+e.toString()); + CMS.debug("BackupKeyCertPanel: Exception=" + e.toString()); throw new IOException("Failed to create pkcs12 file."); } - } //while loop - + } // while loop + X509Certificate[] cacerts = cm.getCACerts(); - for (int i=0; i<cacerts.length; i++) { - //String nickname = cacerts[i].getSubjectDN().toString(); + for (int i = 0; i < cacerts.length; i++) { + // String nickname = cacerts[i].getSubjectDN().toString(); String nickname = null; try { byte[] localKeyId = addCertBag(cacerts[i], nickname, safeContents); } catch (IOException e) { throw e; } catch (Exception e) { - CMS.debug("BackupKeyCertPanel backKeysCerts: Exception="+e.toString()); + CMS.debug("BackupKeyCertPanel backKeysCerts: Exception=" + e.toString()); throw new IOException("Failed to create pkcs12 file."); } } @@ -319,9 +319,9 @@ public class BackupKeyCertPanel extends WizardPanelBase { try { AuthenticatedSafes authSafes = new AuthenticatedSafes(); authSafes.addSafeContents(safeContents); - authSafes.addSafeContents(encSafeContents); + authSafes.addSafeContents(encSafeContents); PFX pfx = new PFX(authSafes); - pfx.computeMacData(pass, null, 5); + pfx.computeMacData(pass, null, 5); ByteArrayOutputStream bos = new ByteArrayOutputStream(); pfx.encode(bos); byte[] output = bos.toByteArray(); @@ -329,13 +329,13 @@ public class BackupKeyCertPanel extends WizardPanelBase { pass.clear(); cs.commit(false); } catch (Exception e) { - CMS.debug("BackupKeyCertPanel backupKeysCerts: Exception="+e.toString()); + CMS.debug("BackupKeyCertPanel backupKeysCerts: Exception=" + e.toString()); } } private void addKeyBag(PrivateKey pkey, X509Certificate x509cert, - Password pass, byte[] localKeyId, SEQUENCE safeContents) - throws IOException { + Password pass, byte[] localKeyId, SEQUENCE safeContents) + throws IOException { try { PasswordConverter passConverter = new PasswordConverter(); @@ -344,23 +344,23 @@ public class BackupKeyCertPanel extends WizardPanelBase { byte[] priData = getEncodedKey(pkey); PrivateKeyInfo pki = (PrivateKeyInfo) - ASN1Util.decode(PrivateKeyInfo.getTemplate(), priData); + ASN1Util.decode(PrivateKeyInfo.getTemplate(), priData); ASN1Value key = EncryptedPrivateKeyInfo.createPBE( - PBEAlgorithm.PBE_SHA1_DES3_CBC, - pass, salt, 1, passConverter, pki); + PBEAlgorithm.PBE_SHA1_DES3_CBC, + pass, salt, 1, passConverter, pki); SET keyAttrs = createBagAttrs( - x509cert.getSubjectDN().toString(), localKeyId); - SafeBag keyBag = new SafeBag(SafeBag.PKCS8_SHROUDED_KEY_BAG, - key, keyAttrs); + x509cert.getSubjectDN().toString(), localKeyId); + SafeBag keyBag = new SafeBag(SafeBag.PKCS8_SHROUDED_KEY_BAG, + key, keyAttrs); safeContents.addElement(keyBag); } catch (Exception e) { - CMS.debug("BackupKeyCertPanel getKeyBag: Exception="+e.toString()); + CMS.debug("BackupKeyCertPanel getKeyBag: Exception=" + e.toString()); throw new IOException("Failed to create pk12 file."); } } - private byte[] addCertBag(X509Certificate x509cert, String nickname, - SEQUENCE safeContents) throws IOException { + private byte[] addCertBag(X509Certificate x509cert, String nickname, + SEQUENCE safeContents) throws IOException { byte[] localKeyId = null; try { ASN1Value cert = new OCTET_STRING(x509cert.getEncoded()); @@ -369,10 +369,10 @@ public class BackupKeyCertPanel extends WizardPanelBase { if (nickname != null) certAttrs = createBagAttrs(nickname, localKeyId); SafeBag certBag = new SafeBag(SafeBag.CERT_BAG, - new CertBag(CertBag.X509_CERT_TYPE, cert), certAttrs); + new CertBag(CertBag.X509_CERT_TYPE, cert), certAttrs); safeContents.addElement(certBag); } catch (Exception e) { - CMS.debug("BackupKeyCertPanel addCertBag: "+e.toString()); + CMS.debug("BackupKeyCertPanel addCertBag: " + e.toString()); throw new IOException("Failed to create pk12 file."); } @@ -386,7 +386,7 @@ public class BackupKeyCertPanel extends WizardPanelBase { KeyGenerator kg = token.getKeyGenerator(KeyGenAlgorithm.DES3); SymmetricKey sk = kg.generate(); KeyWrapper wrapper = token.getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD); - byte iv[] = {0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1}; + byte iv[] = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 }; IVParameterSpec param = new IVParameterSpec(iv); wrapper.initWrap(sk, param); byte[] enckey = wrapper.wrap(pkey); @@ -395,14 +395,14 @@ public class BackupKeyCertPanel extends WizardPanelBase { byte[] recovered = c.doFinal(enckey); return recovered; } catch (Exception e) { - CMS.debug("BackupKeyCertPanel getEncodedKey: Exception="+e.toString()); + CMS.debug("BackupKeyCertPanel getEncodedKey: Exception=" + e.toString()); } return null; } - private byte[] createLocalKeyId(X509Certificate cert) - throws IOException { + private byte[] createLocalKeyId(X509Certificate cert) + throws IOException { try { // SHA1 hash of the X509Cert der encoding byte certDer[] = cert.getEncoded(); @@ -412,16 +412,16 @@ public class BackupKeyCertPanel extends WizardPanelBase { md.update(certDer); return md.digest(); } catch (CertificateEncodingException e) { - CMS.debug("BackupKeyCertPanel createLocalKeyId: Exception: "+e.toString()); + CMS.debug("BackupKeyCertPanel createLocalKeyId: Exception: " + e.toString()); throw new IOException("Failed to encode certificate."); } catch (NoSuchAlgorithmException e) { - CMS.debug("BackupKeyCertPanel createLocalKeyId: Exception: "+e.toString()); + CMS.debug("BackupKeyCertPanel createLocalKeyId: Exception: " + e.toString()); throw new IOException("No such algorithm supported."); } } private SET createBagAttrs(String nickName, byte localKeyId[]) - throws IOException { + throws IOException { try { SET attrs = new SET(); SEQUENCE nickNameAttr = new SEQUENCE(); @@ -442,7 +442,7 @@ public class BackupKeyCertPanel extends WizardPanelBase { attrs.addElement(localKeyAttr); return attrs; } catch (CharConversionException e) { - CMS.debug("BackupKeyCertPanel createBagAttrs: Exception="+e.toString()); + CMS.debug("BackupKeyCertPanel createBagAttrs: Exception=" + e.toString()); throw new IOException("Failed to create PKCS12 file."); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java index 01d06631..46371017 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.util.Enumeration; @@ -30,7 +29,6 @@ import org.apache.velocity.servlet.VelocityServlet; import com.netscape.certsrv.apps.CMS; - public class BaseServlet extends VelocityServlet { /** @@ -53,7 +51,8 @@ public class BaseServlet extends VelocityServlet { if (pin == null) { try { response.sendRedirect("login"); - } catch (IOException e) {} + } catch (IOException e) { + } return false; } return true; @@ -66,29 +65,29 @@ public class BaseServlet extends VelocityServlet { while (paramNames.hasMoreElements()) { String pn = (String) paramNames.nextElement(); // added this facility so that password can be hidden, - // all sensitive parameters should be prefixed with + // all sensitive parameters should be prefixed with // __ (double underscores); however, in the event that // a security parameter slips through, we perform multiple // additional checks to insure that it is NOT displayed - if( pn.startsWith("__") || - pn.endsWith("password") || - pn.endsWith("passwd") || - pn.endsWith("pwd") || - pn.equalsIgnoreCase("admin_password_again") || - pn.equalsIgnoreCase("directoryManagerPwd") || - pn.equalsIgnoreCase("bindpassword") || - pn.equalsIgnoreCase("bindpwd") || - pn.equalsIgnoreCase("passwd") || - pn.equalsIgnoreCase("password") || - pn.equalsIgnoreCase("pin") || - pn.equalsIgnoreCase("pwd") || - pn.equalsIgnoreCase("pwdagain") || - pn.equalsIgnoreCase("uPasswd") ) { - CMS.debug("BaseServlet::service() param name='" + pn + - "' value='(sensitive)'" ); + if (pn.startsWith("__") || + pn.endsWith("password") || + pn.endsWith("passwd") || + pn.endsWith("pwd") || + pn.equalsIgnoreCase("admin_password_again") || + pn.equalsIgnoreCase("directoryManagerPwd") || + pn.equalsIgnoreCase("bindpassword") || + pn.equalsIgnoreCase("bindpwd") || + pn.equalsIgnoreCase("passwd") || + pn.equalsIgnoreCase("password") || + pn.equalsIgnoreCase("pin") || + pn.equalsIgnoreCase("pwd") || + pn.equalsIgnoreCase("pwdagain") || + pn.equalsIgnoreCase("uPasswd")) { + CMS.debug("BaseServlet::service() param name='" + pn + + "' value='(sensitive)'"); } else { - CMS.debug("BaseServlet::service() param name='" + pn + - "' value='" + httpReq.getParameter(pn) + "'" ); + CMS.debug("BaseServlet::service() param name='" + pn + + "' value='" + httpReq.getParameter(pn) + "'"); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java index 33a0ff69..f48f4d2f 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.net.URL; import java.util.StringTokenizer; @@ -39,19 +38,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class CAInfoPanel extends WizardPanelBase { - public CAInfoPanel() {} + public CAInfoPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("CA Information"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException { setPanelNo(panelno); setName("CA Information"); setId(id); @@ -82,14 +82,15 @@ public class CAInfoPanel extends WizardPanelBase { } else { return true; } - } catch (Exception e) {} + } catch (Exception e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + return set; } @@ -118,15 +119,18 @@ public class CAInfoPanel extends WizardPanelBase { try { hostname = cs.getString("preop.ca.hostname"); - } catch (Exception e) {} + } catch (Exception e) { + } try { httpport = cs.getString("preop.ca.httpport"); - } catch (Exception e) {} + } catch (Exception e) { + } try { httpsport = cs.getString("preop.ca.httpsport"); - } catch (Exception e) {} + } catch (Exception e) { + } if (type.equals("sdca")) { context.put("check_sdca", "checked"); @@ -143,12 +147,11 @@ public class CAInfoPanel extends WizardPanelBase { String cstype = "CA"; String portType = "SecurePort"; -/* - try { - cstype = cs.getString("cs.type", ""); - } catch (EBaseException e) {} -*/ - + /* + * try { cstype = cs.getString("cs.type", ""); } catch (EBaseException + * e) {} + */ + CMS.debug("CAInfoPanel: Ready to get url"); Vector v = getUrlListFromSecurityDomain(cs, cstype, portType); v.addElement("External CA"); @@ -163,12 +166,13 @@ public class CAInfoPanel extends WizardPanelBase { list.append(","); } } - + try { cs.putString("preop.ca.list", list.toString()); cs.commit(false); - } catch (Exception e) {} - + } catch (Exception e) { + } + context.put("urls", v); context.put("sdcaHostname", hostname); @@ -196,11 +200,9 @@ public class CAInfoPanel extends WizardPanelBase { Context context) throws IOException { /* - String select = request.getParameter("choice"); - if (select == null) { - CMS.debug("CAInfoPanel: choice not found"); - throw new IOException("choice not found"); - } + * String select = request.getParameter("choice"); if (select == null) { + * CMS.debug("CAInfoPanel: choice not found"); throw new + * IOException("choice not found"); } */ IConfigStore config = CMS.getConfigStore(); @@ -213,25 +215,26 @@ public class CAInfoPanel extends WizardPanelBase { String select = null; String index = request.getParameter("urls"); - String url = ""; + String url = ""; if (index.startsWith("http")) { - // user may submit url directlry - url = index; + // user may submit url directlry + url = index; } else { - try { - int x = Integer.parseInt(index); - String list = config.getString("preop.ca.list", ""); - StringTokenizer tokenizer = new StringTokenizer(list, ","); - int counter = 0; - - while (tokenizer.hasMoreTokens()) { - url = tokenizer.nextToken(); - if (counter == x) { - break; + try { + int x = Integer.parseInt(index); + String list = config.getString("preop.ca.list", ""); + StringTokenizer tokenizer = new StringTokenizer(list, ","); + int counter = 0; + + while (tokenizer.hasMoreTokens()) { + url = tokenizer.nextToken(); + if (counter == x) { + break; + } + counter++; } - counter++; + } catch (Exception e) { } - } catch (Exception e) {} } URL urlx = null; @@ -240,7 +243,7 @@ public class CAInfoPanel extends WizardPanelBase { select = "otherca"; config.putString("preop.ca.pkcs7", ""); config.putInteger("preop.ca.certchain.size", 0); - } else { + } else { select = "sdca"; // parse URL (CA1 - https://...) @@ -272,7 +275,8 @@ public class CAInfoPanel extends WizardPanelBase { try { config.commit(false); - } catch (Exception e) {} + } catch (Exception e) { + } } private void sdca(HttpServletRequest request, Context context, String hostname, String httpsPortStr) throws IOException { @@ -301,9 +305,9 @@ public class CAInfoPanel extends WizardPanelBase { config.putString("preop.ca.hostname", hostname); config.putString("preop.ca.httpsport", httpsPortStr); ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); - updateCertChainUsingSecureEEPort( config, "ca", hostname, + updateCertChainUsingSecureEEPort(config, "ca", hostname, httpsport, true, context, - certApprovalCallback ); + certApprovalCallback); } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/Cert.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/Cert.java index fb8c2d9c..0aedded8 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/Cert.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/Cert.java @@ -17,9 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - - - public class Cert { private String mNickname = ""; private String mTokenname = ""; @@ -116,8 +113,8 @@ public class Cert { } public String escapeForHTML(String s) { - s = s.replaceAll("\"", """); - return s; + s = s.replaceAll("\"", """); + return s; } public String getEscapedDN() { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertPrettyPrintPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertPrettyPrintPanel.java index 30bcc78d..119dead0 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertPrettyPrintPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertPrettyPrintPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.util.Locale; import java.util.StringTokenizer; @@ -42,19 +41,20 @@ import com.netscape.cmsutil.crypto.CryptoUtil; public class CertPrettyPrintPanel extends WizardPanelBase { private Vector mCerts = null; - public CertPrettyPrintPanel() {} + public CertPrettyPrintPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Certificates"); } public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + throws ServletException { setPanelNo(panelno); setName("Certificates"); setId(id); @@ -63,7 +63,7 @@ public class CertPrettyPrintPanel extends WizardPanelBase { public PropertySet getUsage() { // expects no input from client PropertySet set = new PropertySet(); - + return set; } @@ -83,7 +83,8 @@ public class CertPrettyPrintPanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } @@ -153,7 +154,7 @@ public class CertPrettyPrintPanel extends WizardPanelBase { } catch (Exception e) { CMS.debug( "CertPrettyPrintPanel: display() certTag " + certTag - + " Exception caught: " + e.toString()); + + " Exception caught: " + e.toString()); } } } catch (Exception e) { @@ -192,7 +193,7 @@ public class CertPrettyPrintPanel extends WizardPanelBase { config.commit(false); } catch (EBaseException e) { CMS.debug( - "CertPrettyPrintPanel: update() Exception caught at config commit: " + "CertPrettyPrintPanel: update() Exception caught at config commit: " + e.toString()); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java index 5e783b1a..d8710c08 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.math.BigInteger; import java.security.Principal; @@ -58,35 +57,39 @@ public class CertRequestPanel extends WizardPanelBase { private Vector mCerts = null; private WizardServlet mServlet = null; - public CertRequestPanel() {} + public CertRequestPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Requests & Certificates"); } public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + throws ServletException { setPanelNo(panelno); setName("Requests and Certificates"); mServlet = servlet; setId(id); } - // XXX how do you do this? There could be multiple certs. + // XXX how do you do this? There could be multiple certs. public PropertySet getUsage() { PropertySet set = new PropertySet(); - - Descriptor certDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */ + + Descriptor certDesc = new Descriptor(IDescriptor.STRING, null, /* + * no + * constraint + */ null, /* no default parameters */ null); set.add("cert", certDesc); - + return set; } @@ -95,13 +98,13 @@ public class CertRequestPanel extends WizardPanelBase { */ public boolean showApplyButton() { if (isPanelDone()) - return false; + return false; else - return true; + return true; } - private boolean findCertificate(String tokenname, String nickname) - throws IOException { + private boolean findCertificate(String tokenname, String nickname) + throws IOException { IConfigStore cs = CMS.getConfigStore(); CryptoManager cm = null; try { @@ -114,7 +117,7 @@ public class CertRequestPanel extends WizardPanelBase { boolean hardware = false; if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token")) { hardware = true; - fullnickname = tokenname+":"+nickname; + fullnickname = tokenname + ":" + nickname; } try { @@ -126,16 +129,16 @@ public class CertRequestPanel extends WizardPanelBase { return true; } catch (Exception ee) { if (hardware) { - CMS.debug("CertRequestPanel findCertificate: The certificate with the same nickname: "+ fullnickname +" has been found on HSM. Please remove it before proceeding."); - throw new IOException("The certificate with the same nickname: "+ fullnickname +" has been found on HSM. Please remove it before proceeding."); + CMS.debug("CertRequestPanel findCertificate: The certificate with the same nickname: " + fullnickname + " has been found on HSM. Please remove it before proceeding."); + throw new IOException("The certificate with the same nickname: " + fullnickname + " has been found on HSM. Please remove it before proceeding."); } return true; } } catch (IOException e) { - CMS.debug("CertRequestPanel findCertificate: throw exception:"+e.toString()); + CMS.debug("CertRequestPanel findCertificate: throw exception:" + e.toString()); throw e; } catch (Exception e) { - CMS.debug("CertRequestPanel findCertificate: Exception="+e.toString()); + CMS.debug("CertRequestPanel findCertificate: Exception=" + e.toString()); return false; } } @@ -148,13 +151,13 @@ public class CertRequestPanel extends WizardPanelBase { try { select = cs.getString("preop.subsystem.select", ""); list = cs.getString("preop.cert.list", ""); - tokenname = cs.getString("preop.module.token", ""); + tokenname = cs.getString("preop.module.token", ""); } catch (Exception e) { } ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem( - ICertificateAuthority.ID); - + ICertificateAuthority.ID); + if (ca != null) { CMS.debug("CertRequestPanel cleanup: get certificate repository"); BigInteger beginS = null; @@ -176,27 +179,26 @@ public class CertRequestPanel extends WizardPanelBase { try { cr.removeCertRecords(beginS, endS); } catch (Exception e) { - CMS.debug("CertRequestPanel cleanUp exception in removing all objects: "+e.toString()); + CMS.debug("CertRequestPanel cleanUp exception in removing all objects: " + e.toString()); } - + try { - cr.resetSerialNumber(new BigInteger(beginNum,16)); + cr.resetSerialNumber(new BigInteger(beginNum, 16)); } catch (Exception e) { - CMS.debug("CertRequestPanel cleanUp exception in resetting serial number: "+e.toString()); + CMS.debug("CertRequestPanel cleanUp exception in resetting serial number: " + e.toString()); } } } - StringTokenizer st = new StringTokenizer(list, ","); String nickname = ""; boolean enable = false; while (st.hasMoreTokens()) { String t = st.nextToken(); - + try { - enable = cs.getBoolean(PCERT_PREFIX+t+".enable", true); - nickname = cs.getString(PCERT_PREFIX +t+".nickname", ""); + enable = cs.getBoolean(PCERT_PREFIX + t + ".enable", true); + nickname = cs.getString(PCERT_PREFIX + t + ".nickname", ""); } catch (Exception e) { } @@ -208,10 +210,10 @@ public class CertRequestPanel extends WizardPanelBase { if (findCertificate(tokenname, nickname)) { try { - CMS.debug("CertRequestPanel cleanup: deleting certificate ("+nickname+")."); - deleteCert(tokenname, nickname); + CMS.debug("CertRequestPanel cleanup: deleting certificate (" + nickname + ")."); + deleteCert(tokenname, nickname); } catch (Exception e) { - CMS.debug("CertRequestPanel cleanup: failed to delete certificate (" +nickname+"). Exception: " +e.toString()); + CMS.debug("CertRequestPanel cleanup: failed to delete certificate (" + nickname + "). Exception: " + e.toString()); } } } @@ -235,7 +237,8 @@ public class CertRequestPanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } @@ -254,19 +257,19 @@ public class CertRequestPanel extends WizardPanelBase { CMS.debug( "CertRequestPanel getCert: certTag=" + certTag - + " cert=" + certs); - //get and set formated cert - if (!certs.startsWith("...")) { + + " cert=" + certs); + // get and set formated cert + if (!certs.startsWith("...")) { certf = CryptoUtil.certFormat(certs); } cert.setCert(certf); - //get and set cert pretty print + // get and set cert pretty print byte[] certb = CryptoUtil.base64Decode(certs); CertPrettyPrint pp = new CertPrettyPrint(certb); cert.setCertpp(pp.toString(Locale.getDefault())); } else { - CMS.debug( "CertRequestPanel::getCert() - cert is null!" ); + CMS.debug("CertRequestPanel::getCert() - cert is null!"); return; } String userfriendlyname = config.getString( @@ -285,18 +288,16 @@ public class CertRequestPanel extends WizardPanelBase { } public X509Key getECCX509Key(IConfigStore config, String certTag) - throws Exception - { + throws Exception { X509Key pubk = null; String pubKeyEncoded = config.getString( PCERT_PREFIX + certTag + ".pubkey.encoded"); - pubk = CryptoUtil.getPublicX509ECCKey(CryptoUtil.string2byte(pubKeyEncoded)); + pubk = CryptoUtil.getPublicX509ECCKey(CryptoUtil.string2byte(pubKeyEncoded)); return pubk; } public X509Key getRSAX509Key(IConfigStore config, String certTag) - throws Exception - { + throws Exception { X509Key pubk = null; String pubKeyModulus = config.getString( @@ -305,7 +306,7 @@ public class CertRequestPanel extends WizardPanelBase { PCERT_PREFIX + certTag + ".pubkey.exponent"); pubk = CryptoUtil.getPublicX509Key( CryptoUtil.string2byte(pubKeyModulus), - CryptoUtil.string2byte(pubKeyPublicExponent)); + CryptoUtil.string2byte(pubKeyPublicExponent)); return pubk; } @@ -323,8 +324,8 @@ public class CertRequestPanel extends WizardPanelBase { } else if (pubKeyType.equals("ecc")) { pubk = getECCX509Key(config, certTag); } else { - CMS.debug( "CertRequestPanel::handleCertRequest() - " - + "pubKeyType " + pubKeyType + " is unsupported!" ); + CMS.debug("CertRequestPanel::handleCertRequest() - " + + "pubKeyType " + pubKeyType + " is unsupported!"); return; } @@ -341,7 +342,7 @@ public class CertRequestPanel extends WizardPanelBase { PCERT_PREFIX + certTag + ".privkey.id"); CMS.debug("CertRequestPanel: privKeyID=" + privKeyID); byte[] keyIDb = CryptoUtil.string2byte(privKeyID); - + PrivateKey privk = CryptoUtil.findPrivateKeyFromID(keyIDb); if (privk != null) { @@ -349,7 +350,7 @@ public class CertRequestPanel extends WizardPanelBase { } else { CMS.debug("CertRequestPanel: error getting private key null"); } - + // construct cert request String caDN = config.getString(PCERT_PREFIX + certTag + ".dn"); @@ -361,7 +362,7 @@ public class CertRequestPanel extends WizardPanelBase { byte[] certReqb = certReq.toByteArray(); String certReqs = CryptoUtil.base64Encode(certReqb); String certReqf = CryptoUtil.reqFormat(certReqs); - + String subsystem = config.getString( PCERT_PREFIX + certTag + ".subsystem"); config.putString(subsystem + "." + certTag + ".certreq", certReqs); @@ -410,7 +411,7 @@ public class CertRequestPanel extends WizardPanelBase { PCERT_PREFIX + certTag + ".type"); c.setType(type); - boolean enable = config.getBoolean(PCERT_PREFIX+certTag+".enable", true); + boolean enable = config.getBoolean(PCERT_PREFIX + certTag + ".enable", true); c.setEnable(enable); getCert(config, context, certTag, c); @@ -458,7 +459,7 @@ public class CertRequestPanel extends WizardPanelBase { if (issuerDN.equals(subjectDN)) return true; } catch (Exception e) { - CMS.debug("CertRequestPanel findBootstrapServerCert Exception="+e.toString()); + CMS.debug("CertRequestPanel findBootstrapServerCert Exception=" + e.toString()); } return false; @@ -472,7 +473,7 @@ public class CertRequestPanel extends WizardPanelBase { deleteCert("Internal Key Storage Token", nickname); } catch (Exception e) { - CMS.debug("CertRequestPanel deleteBootstrapServerCert Exception="+e.toString()); + CMS.debug("CertRequestPanel deleteBootstrapServerCert Exception=" + e.toString()); } } @@ -502,7 +503,7 @@ public class CertRequestPanel extends WizardPanelBase { String tokenname = ""; try { - tokenname = config.getString("preop.module.token", ""); + tokenname = config.getString("preop.module.token", ""); } catch (Exception e) { } @@ -510,11 +511,11 @@ public class CertRequestPanel extends WizardPanelBase { Cert cert = (Cert) c.nextElement(); String certTag = cert.getCertTag(); String subsystem = cert.getSubsystem(); - boolean enable = config.getBoolean(PCERT_PREFIX+certTag+".enable", true); + boolean enable = config.getBoolean(PCERT_PREFIX + certTag + ".enable", true); if (!enable) continue; - if (hasErr) + if (hasErr) continue; String nickname = cert.getNickname(); @@ -522,7 +523,8 @@ public class CertRequestPanel extends WizardPanelBase { CMS.debug( "CertRequestPanel: update() for cert tag " + cert.getCertTag()); - // String b64 = config.getString(CERT_PREFIX+ certTag +".cert", ""); + // String b64 = config.getString(CERT_PREFIX+ certTag +".cert", + // ""); String b64 = HttpInput.getCert(request, certTag); if (cert.getType().equals("local") @@ -533,20 +535,20 @@ public class CertRequestPanel extends WizardPanelBase { PCERT_PREFIX + certTag + ".keytype"); X509Key x509key = null; if (pubKeyType.equals("rsa")) { - x509key = getRSAX509Key(config, certTag); + x509key = getRSAX509Key(config, certTag); } else if (pubKeyType.equals("ecc")) { - x509key = getECCX509Key(config, certTag); + x509key = getECCX509Key(config, certTag); } - + if (findCertificate(tokenname, nickname)) { if (!certTag.equals("sslserver")) - continue; + continue; } - X509CertImpl impl = CertUtil.createLocalCert(config, x509key, + X509CertImpl impl = CertUtil.createLocalCert(config, x509key, PCERT_PREFIX, certTag, cert.getType(), context); if (impl != null) { - byte[] certb = impl.getEncoded(); + byte[] certb = impl.getEncoded(); String certs = CryptoUtil.base64Encode(certb); cert.setCert(certs); @@ -574,13 +576,13 @@ public class CertRequestPanel extends WizardPanelBase { + certTag + " Exception: " + ee.toString()); CMS.debug("ok"); -// hasErr = true; + // hasErr = true; } } } else if (cert.getType().equals("remote")) { if (b64 != null && b64.length() > 0 && !b64.startsWith("...")) { - String b64chain = HttpInput.getCertChain(request, certTag+"_cc"); + String b64chain = HttpInput.getCertChain(request, certTag + "_cc"); CMS.debug( "CertRequestPanel: in update() process remote...import cert"); @@ -590,11 +592,11 @@ public class CertRequestPanel extends WizardPanelBase { try { if (certTag.equals("sslserver") && findBootstrapServerCert()) deleteBootstrapServerCert(); - if (findCertificate(tokenname, nickname)) { - deleteCert(tokenname, nickname); + if (findCertificate(tokenname, nickname)) { + deleteCert(tokenname, nickname); } } catch (Exception e) { - CMS.debug("CertRequestPanel update (remote): deleteCert Exception="+e.toString()); + CMS.debug("CertRequestPanel update (remote): deleteCert Exception=" + e.toString()); } input = CryptoUtil.stripCertBrackets(input.trim()); String certs = CryptoUtil.normalizeCertStr(input); @@ -619,21 +621,21 @@ public class CertRequestPanel extends WizardPanelBase { leaf = certchains[certchains.length - 1]; } - if( leaf == null ) { - CMS.debug( "CertRequestPanel::update() - " - + "leaf is null!" ); - throw new IOException( "leaf is null" ); + if (leaf == null) { + CMS.debug("CertRequestPanel::update() - " + + "leaf is null!"); + throw new IOException("leaf is null"); } - if (/*(certchains.length <= 1) &&*/ - (b64chain != null && b64chain.length() != 0)) { - CMS.debug("CertRequestPanel: cert might not have contained chain...calling importCertificateChain: " + b64chain); - try { - CryptoUtil.importCertificateChain( - CryptoUtil.normalizeCertAndReq(b64chain)); - } catch (Exception e) { - CMS.debug("CertRequestPanel: importCertChain: Exception: "+e.toString()); - } + if (/* (certchains.length <= 1) && */ + (b64chain != null && b64chain.length() != 0)) { + CMS.debug("CertRequestPanel: cert might not have contained chain...calling importCertificateChain: " + b64chain); + try { + CryptoUtil.importCertificateChain( + CryptoUtil.normalizeCertAndReq(b64chain)); + } catch (Exception e) { + CMS.debug("CertRequestPanel: importCertChain: Exception: " + e.toString()); + } } InternalCertificate icert = (InternalCertificate) leaf; @@ -651,17 +653,17 @@ public class CertRequestPanel extends WizardPanelBase { + certTag + " Exception: " + ee.toString()); CMS.debug("ok"); -// hasErr=true; + // hasErr=true; } } else { CMS.debug("CertRequestPanel: in update() input null"); hasErr = true; } } else { - CMS.debug("CertRequestPanel: in update() b64 not set"); - hasErr=true; + CMS.debug("CertRequestPanel: in update() b64 not set"); + hasErr = true; } - + } else { b64 = CryptoUtil.stripCertBrackets(b64.trim()); String certs = CryptoUtil.normalizeCertStr(b64); @@ -671,10 +673,10 @@ public class CertRequestPanel extends WizardPanelBase { if (certTag.equals("sslserver") && findBootstrapServerCert()) deleteBootstrapServerCert(); if (findCertificate(tokenname, nickname)) { - deleteCert(tokenname, nickname); + deleteCert(tokenname, nickname); } } catch (Exception ee) { - CMS.debug("CertRequestPanel update: deleteCert Exception="+ee.toString()); + CMS.debug("CertRequestPanel update: deleteCert Exception=" + ee.toString()); } try { @@ -683,12 +685,13 @@ public class CertRequestPanel extends WizardPanelBase { else CryptoUtil.importUserCertificate(impl, nickname, false); } catch (Exception ee) { - CMS.debug("CertRequestPanel: Failed to import user certificate."+ee.toString()); - hasErr=true; + CMS.debug("CertRequestPanel: Failed to import user certificate." + ee.toString()); + hasErr = true; } } - //update requests in request queue for local certs to allow renewal + // update requests in request queue for local certs to allow + // renewal if ((cert.getType().equals("local")) || (cert.getType().equals("selfsign"))) { CertUtil.updateLocalRequest(config, certTag, cert.getRequest(), "pkcs10", null); } @@ -696,16 +699,16 @@ public class CertRequestPanel extends WizardPanelBase { if (certTag.equals("signing") && subsystem.equals("ca")) { String NickName = nickname; if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token")) - NickName = tokenname+ ":"+ nickname; + NickName = tokenname + ":" + nickname; - CMS.debug("CertRequestPanel update: set trust on CA signing cert "+NickName); + CMS.debug("CertRequestPanel update: set trust on CA signing cert " + NickName); CryptoUtil.trustCertByNickname(NickName); CMS.reinit(ICertificateAuthority.ID); - } - } //while loop + } + } // while loop if (hasErr == false) { - config.putBoolean("preop.CertRequestPanel.done", true); + config.putBoolean("preop.CertRequestPanel.done", true); } config.commit(false); } catch (Exception e) { @@ -713,7 +716,7 @@ public class CertRequestPanel extends WizardPanelBase { System.err.println("Exception caught: " + e.toString()); } - //reset the attribute of the user certificate to u,u,u + // reset the attribute of the user certificate to u,u,u String certlist = ""; try { certlist = config.getString("preop.cert.list", ""); @@ -723,13 +726,13 @@ public class CertRequestPanel extends WizardPanelBase { String tag = tokenizer.nextToken(); if (tag.equals("signing")) continue; - String nickname = config.getString("preop.cert."+tag+".nickname", ""); + String nickname = config.getString("preop.cert." + tag + ".nickname", ""); String tokenname = config.getString("preop.module.token", ""); if (!tokenname.equals("Internal Key Storage Token")) - nickname = tokenname+":"+nickname; + nickname = tokenname + ":" + nickname; X509Certificate c = cm.findCertByNickname(nickname); if (c instanceof InternalCertificate) { - InternalCertificate ic = (InternalCertificate)c; + InternalCertificate ic = (InternalCertificate) c; ic.setSSLTrust(InternalCertificate.USER); ic.setEmailTrust(InternalCertificate.USER); if (tag.equals("audit_signing")) { @@ -738,10 +741,10 @@ public class CertRequestPanel extends WizardPanelBase { ic.setObjectSigningTrust(InternalCertificate.USER); } } - } + } } catch (Exception e) { } - if (!hasErr) { + if (!hasErr) { context.put("updateStatus", "success"); } else { context.put("updateStatus", "failure"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java index 3725149d..dc81d3e4 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java @@ -64,13 +64,12 @@ import com.netscape.cmsutil.http.HttpResponse; import com.netscape.cmsutil.http.JssSSLSocketFactory; import com.netscape.cmsutil.xml.XMLObject; - public class CertUtil { static final int LINE_COUNT = 76; - public static X509CertImpl createRemoteCert(String hostname, - int port, String content, HttpServletResponse response, WizardPanelBase panel) - throws IOException { + public static X509CertImpl createRemoteCert(String hostname, + int port, String content, HttpServletResponse response, WizardPanelBase panel) + throws IOException { HttpClient httpclient = new HttpClient(); String c = null; CMS.debug("CertUtil createRemoteCert: content " + content); @@ -104,15 +103,15 @@ public class CertUtil { try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "CertUtil::createRemoteCert() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("CertUtil::createRemoteCert() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); CMS.debug("CertUtil createRemoteCert: status=" + status); if (status.equals("2")) { - //relogin to the security domain + // relogin to the security domain panel.reloginSecurityDomain(response); return null; } else if (!status.equals("0")) { @@ -136,7 +135,7 @@ public class CertUtil { return null; } - public static String getPKCS10(IConfigStore config, String prefix, + public static String getPKCS10(IConfigStore config, String prefix, Cert certObj, Context context) throws IOException { String certTag = certObj.getCertTag(); @@ -147,29 +146,29 @@ public class CertUtil { String algorithm = config.getString( prefix + certTag + ".keyalgorithm"); if (pubKeyType.equals("rsa")) { - String pubKeyModulus = config.getString( - prefix + certTag + ".pubkey.modulus"); - String pubKeyPublicExponent = config.getString( - prefix + certTag + ".pubkey.exponent"); - pubk = CryptoUtil.getPublicX509Key( - CryptoUtil.string2byte(pubKeyModulus), - CryptoUtil.string2byte(pubKeyPublicExponent)); + String pubKeyModulus = config.getString( + prefix + certTag + ".pubkey.modulus"); + String pubKeyPublicExponent = config.getString( + prefix + certTag + ".pubkey.exponent"); + pubk = CryptoUtil.getPublicX509Key( + CryptoUtil.string2byte(pubKeyModulus), + CryptoUtil.string2byte(pubKeyPublicExponent)); } else if (pubKeyType.equals("ecc")) { - String pubKeyEncoded = config.getString( + String pubKeyEncoded = config.getString( prefix + certTag + ".pubkey.encoded"); - pubk = CryptoUtil.getPublicX509ECCKey( - CryptoUtil.string2byte(pubKeyEncoded)); + pubk = CryptoUtil.getPublicX509ECCKey( + CryptoUtil.string2byte(pubKeyEncoded)); } else { - CMS.debug( "CertRequestPanel::getPKCS10() - " - + "public key type is unsupported!" ); - throw new IOException( "public key type is unsupported" ); + CMS.debug("CertRequestPanel::getPKCS10() - " + + "public key type is unsupported!"); + throw new IOException("public key type is unsupported"); } if (pubk != null) { CMS.debug("CertRequestPanel: got public key"); } else { CMS.debug("CertRequestPanel: error getting public key null"); - throw new IOException( "public key is null" ); + throw new IOException("public key is null"); } // get private key String privKeyID = config.getString(prefix + certTag + ".privkey.id"); @@ -201,15 +200,14 @@ public class CertUtil { } } - -/* - * create requests so renewal can work on these initial certs - */ + /* + * create requests so renewal can work on these initial certs + */ public static IRequest createLocalRequest(IRequestQueue queue, String serialNum, X509CertInfo info) throws EBaseException { -// RequestId rid = new RequestId(serialNum); + // RequestId rid = new RequestId(serialNum); // just need a request, no need to get into a queue -// IRequest r = new EnrollmentRequest(rid); - CMS.debug("CertUtil: createLocalRequest for serial: "+ serialNum); + // IRequest r = new EnrollmentRequest(rid); + CMS.debug("CertUtil: createLocalRequest for serial: " + serialNum); IRequest req = queue.newRequest("enrollment"); CMS.debug("certUtil: newRequest called"); req.setExtData("profile", "true"); @@ -224,7 +222,7 @@ public class CertUtil { req.setExtData("requestor_phone", ""); req.setExtData("profileRemoteHost", ""); req.setExtData("profileRemoteAddr", ""); - req.setExtData("requestnotes",""); + req.setExtData("requestnotes", ""); req.setExtData("isencryptioncert", "false"); req.setExtData("profileapprovedby", "system"); @@ -235,13 +233,12 @@ public class CertUtil { return req; } -/** - * update local cert request with the actual request - * called from CertRequestPanel.java - */ - public static void updateLocalRequest(IConfigStore config, String certTag, String certReq, String reqType, String subjectName) - { - try { + /** + * update local cert request with the actual request called from + * CertRequestPanel.java + */ + public static void updateLocalRequest(IConfigStore config, String certTag, String certReq, String reqType, String subjectName) { + try { CMS.debug("Updating local request... certTag=" + certTag); RequestId rid = new RequestId(config.getString("preop.cert." + certTag + ".reqId")); @@ -262,54 +259,56 @@ public class CertUtil { } queue.updateRequest(req); } else { - CMS.debug("CertUtil:updateLocalRequest - request queue = null"); + CMS.debug("CertUtil:updateLocalRequest - request queue = null"); } } catch (Exception e) { CMS.debug("CertUtil:updateLocalRequest - Exception:" + e.toString()); } } -/** - * reads from the admin cert profile caAdminCert.profile and takes the first - * entry in the list of allowed algorithms. Users that wish a different algorithm - * can specify it in the profile using default.params.signingAlg - */ + /** + * reads from the admin cert profile caAdminCert.profile and takes the first + * entry in the list of allowed algorithms. Users that wish a different + * algorithm can specify it in the profile using default.params.signingAlg + */ public static String getAdminProfileAlgorithm(IConfigStore config) { String algorithm = "SHA256withRSA"; try { - String caSigningKeyType = config.getString("preop.cert.signing.keytype","rsa"); + String caSigningKeyType = config.getString("preop.cert.signing.keytype", "rsa"); String pfile = config.getString("profile.caAdminCert.config"); FileInputStream fis = new FileInputStream(pfile); DataInputStream in = new DataInputStream(fis); BufferedReader br = new BufferedReader(new InputStreamReader(in)); - String strLine; - while ((strLine = br.readLine()) != null) { - String marker2 = "default.params.signingAlg="; - int indx = strLine.indexOf(marker2); - if (indx != -1) { - String alg = strLine.substring(indx + marker2.length()); - if ((alg.length() > 0) && (!alg.equals("-"))) { - algorithm = alg; - break; - }; - }; - - String marker = "signingAlgsAllowed="; - indx = strLine.indexOf(marker); - if (indx != -1) { - String[] algs = strLine.substring(indx + marker.length()).split(","); - for (int i=0; i<algs.length; i++) { - if ((caSigningKeyType.equals("rsa") && (algs[i].indexOf("RSA") != -1)) || - (caSigningKeyType.equals("ecc") && (algs[i].indexOf("EC" ) != -1)) ) { - algorithm = algs[i]; - break; - } - } - } - } - in.close(); + String strLine; + while ((strLine = br.readLine()) != null) { + String marker2 = "default.params.signingAlg="; + int indx = strLine.indexOf(marker2); + if (indx != -1) { + String alg = strLine.substring(indx + marker2.length()); + if ((alg.length() > 0) && (!alg.equals("-"))) { + algorithm = alg; + break; + } + ; + } + ; + + String marker = "signingAlgsAllowed="; + indx = strLine.indexOf(marker); + if (indx != -1) { + String[] algs = strLine.substring(indx + marker.length()).split(","); + for (int i = 0; i < algs.length; i++) { + if ((caSigningKeyType.equals("rsa") && (algs[i].indexOf("RSA") != -1)) || + (caSigningKeyType.equals("ecc") && (algs[i].indexOf("EC") != -1))) { + algorithm = algs[i]; + break; + } + } + } + } + in.close(); } catch (Exception e) { CMS.debug("getAdminProfleAlgorithm: exception: " + e); } @@ -324,14 +323,15 @@ public class CertUtil { try { profile = config.getString(prefix + certTag + ".profile"); - } catch (Exception e) {} + } catch (Exception e) { + } X509CertImpl cert = null; ICertificateAuthority ca = null; ICertificateRepository cr = null; RequestId reqId = null; String profileId = null; - IRequestQueue queue = null; + IRequestQueue queue = null; IRequest req = null; try { @@ -355,7 +355,7 @@ public class CertUtil { CMS.debug("Creating local certificate... dn=" + dn); info = CryptoUtil.createX509CertInfo(x509key, serialNo.intValue(), dn, dn, date, date, keyAlgorithm); - } else { + } else { String issuerdn = config.getString("preop.cert.signing.dn", ""); CMS.debug("Creating local certificate... issuerdn=" + issuerdn); CMS.debug("Creating local certificate... dn=" + dn); @@ -375,7 +375,7 @@ public class CertUtil { queue = ca.getRequestQueue(); if (queue != null) { req = createLocalRequest(queue, serialNo.toString(), info); - CMS.debug("CertUtil profile name= "+profile); + CMS.debug("CertUtil profile name= " + profile); req.setExtData("req_key", x509key.toString()); // store original profile id in cert request @@ -387,7 +387,7 @@ public class CertUtil { String name = profile.substring(0, idx); req.setExtData("origprofileid", name); } - + // store mapped profile ID for use in renewal profileId = processor.getProfileIDMapping(); req.setExtData("profileid", profileId); @@ -399,7 +399,7 @@ public class CertUtil { CMS.debug("certUtil: requestQueue null"); } } catch (Exception e) { - CMS.debug("Creating local request exception:"+e.toString()); + CMS.debug("Creating local request exception:" + e.toString()); } processor.populate(info); @@ -410,36 +410,36 @@ public class CertUtil { PrivateKey caPrik = CryptoUtil.findPrivateKeyFromID( keyIDb); - if( caPrik == null ) { - CMS.debug( "CertUtil::createSelfSignedCert() - " - + "CA private key is null!" ); - throw new IOException( "CA private key is null" ); + if (caPrik == null) { + CMS.debug("CertUtil::createSelfSignedCert() - " + + "CA private key is null!"); + throw new IOException("CA private key is null"); } else { CMS.debug("CertUtil createSelfSignedCert: got CA private key"); } String keyAlgo = x509key.getAlgorithm(); CMS.debug("key algorithm is " + keyAlgo); - String caSigningKeyType = - config.getString("preop.cert.signing.keytype","rsa"); - String caSigningKeyAlgo = ""; - if (type.equals("selfsign")) { - caSigningKeyAlgo = config.getString("preop.cert.signing.keyalgorithm","SHA256withRSA"); + String caSigningKeyType = + config.getString("preop.cert.signing.keytype", "rsa"); + String caSigningKeyAlgo = ""; + if (type.equals("selfsign")) { + caSigningKeyAlgo = config.getString("preop.cert.signing.keyalgorithm", "SHA256withRSA"); } else { - caSigningKeyAlgo = config.getString("preop.cert.signing.signingalgorithm","SHA256withRSA"); + caSigningKeyAlgo = config.getString("preop.cert.signing.signingalgorithm", "SHA256withRSA"); } CMS.debug("CA Signing Key type " + caSigningKeyType); CMS.debug("CA Signing Key algorithm " + caSigningKeyAlgo); if (caSigningKeyType.equals("ecc")) { - CMS.debug("CA signing cert is ECC"); - cert = CryptoUtil.signECCCert(caPrik, info, - caSigningKeyAlgo); + CMS.debug("CA signing cert is ECC"); + cert = CryptoUtil.signECCCert(caPrik, info, + caSigningKeyAlgo); } else { - CMS.debug("CA signing cert is not ecc"); - cert = CryptoUtil.signCert(caPrik, info, - caSigningKeyAlgo); + CMS.debug("CA signing cert is not ecc"); + cert = CryptoUtil.signCert(caPrik, info, + caSigningKeyAlgo); } if (cert != null) { @@ -462,13 +462,13 @@ public class CertUtil { if (reqId != null) { meta.set(ICertRecord.META_REQUEST_ID, reqId.toString()); } - + meta.set(ICertRecord.META_PROFILE_ID, profileId); record = (ICertRecord) cr.createCertRecord( - cert.getSerialNumber(), cert, meta); + cert.getSerialNumber(), cert, meta); } catch (Exception e) { CMS.debug( - "NamePanel configCert: failed to add metainfo. Exception: " + e.toString()); + "NamePanel configCert: failed to add metainfo. Exception: " + e.toString()); } try { @@ -488,10 +488,10 @@ public class CertUtil { } if (req != null) { - // update request with cert + // update request with cert req.setExtData(IEnrollProfile.REQUEST_ISSUED_CERT, cert); - // store request in db + // store request in db try { CMS.debug("certUtil: before updateRequest"); if (queue != null) { @@ -507,21 +507,21 @@ public class CertUtil { public static void addUserCertificate(X509CertImpl cert) { IConfigStore cs = CMS.getConfigStore(); - int num=0; + int num = 0; try { num = cs.getInteger("preop.subsystem.count", 0); } catch (Exception e) { } IUGSubsystem system = (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID)); - String id = "user"+num; + String id = "user" + num; - try { - String sysType = cs.getString("cs.type", ""); - String machineName = cs.getString("machineName", ""); - String securePort = cs.getString("service.securePort", ""); - id = sysType + "-" + machineName + "-" + securePort; + try { + String sysType = cs.getString("cs.type", ""); + String machineName = cs.getString("machineName", ""); + String securePort = cs.getString("service.securePort", ""); + id = sysType + "-" + machineName + "-" + securePort; } catch (Exception e1) { - // ignore + // ignore } num++; @@ -566,7 +566,7 @@ public class CertUtil { system.addUserCert(user); CMS.debug("CertUtil addUserCertificate: successfully add the user certificate"); } catch (Exception e) { - CMS.debug("CertUtil addUserCertificate exception="+e.toString()); + CMS.debug("CertUtil addUserCertificate exception=" + e.toString()); } IGroup group = null; @@ -603,17 +603,17 @@ public class CertUtil { } if (content.length() > 0) result.append(content); - result.append("\n"); + result.append("\n"); return result.toString(); } public static boolean privateKeyExistsOnToken(String certTag, - String tokenname, String nickname) { + String tokenname, String nickname) { IConfigStore cs = CMS.getConfigStore(); String givenid = ""; try { - givenid = cs.getString("preop.cert."+certTag+".privkey.id"); + givenid = cs.getString("preop.cert." + certTag + ".privkey.id"); } catch (Exception e) { CMS.debug("CertUtil privateKeyExistsOnToken: we did not generate private key yet."); return false; @@ -624,7 +624,7 @@ public class CertUtil { boolean hardware = false; if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token")) { hardware = true; - fullnickname = tokenname+":"+nickname; + fullnickname = tokenname + ":" + nickname; } X509Certificate cert = null; @@ -633,7 +633,7 @@ public class CertUtil { cm = CryptoManager.getInstance(); cert = cm.findCertByNickname(fullnickname); } catch (Exception e) { - CMS.debug("CertUtil privateKeyExistsOnToken: nickname="+fullnickname+" Exception:"+e.toString()); + CMS.debug("CertUtil privateKeyExistsOnToken: nickname=" + fullnickname + " Exception:" + e.toString()); return false; } @@ -641,19 +641,19 @@ public class CertUtil { try { privKey = cm.findPrivKeyByCert(cert); } catch (Exception e) { - CMS.debug("CertUtil privateKeyExistsOnToken: cant find private key ("+fullnickname+") exception: "+e.toString()); + CMS.debug("CertUtil privateKeyExistsOnToken: cant find private key (" + fullnickname + ") exception: " + e.toString()); return false; } if (privKey == null) { - CMS.debug("CertUtil privateKeyExistsOnToken: cant find private key ("+fullnickname+")"); + CMS.debug("CertUtil privateKeyExistsOnToken: cant find private key (" + fullnickname + ")"); return false; } else { String str = ""; try { str = CryptoUtil.byte2string(privKey.getUniqueID()); } catch (Exception e) { - CMS.debug("CertUtil privateKeyExistsOnToken: encode string Exception: "+e.toString()); + CMS.debug("CertUtil privateKeyExistsOnToken: encode string Exception: " + e.toString()); } if (str.equals(givenid)) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CheckIdentity.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CheckIdentity.java index b3c10b6e..a28ae76b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CheckIdentity.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CheckIdentity.java @@ -36,7 +36,6 @@ import com.netscape.cms.servlet.base.UserInfo; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cmsutil.xml.XMLObject; - public class CheckIdentity extends CMSServlet { /** @@ -52,6 +51,7 @@ public class CheckIdentity extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -61,7 +61,8 @@ public class CheckIdentity extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -74,12 +75,12 @@ public class CheckIdentity extends CMSServlet { authToken = authenticate(cmsReq); } catch (Exception e) { CMS.debug("CheckIdentity authentication failed"); - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", - e.toString())); + e.toString())); outputError(httpResp, "Error: Not authenticated"); return; - } + } try { XMLObject xmlObj = null; diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java index f2587300..b538dbb5 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.util.Enumeration; import javax.servlet.http.HttpServletRequest; @@ -28,7 +27,6 @@ import org.apache.velocity.context.Context; import com.netscape.certsrv.apps.CMS; - public abstract class ConfigBaseServlet extends BaseServlet { /** * @@ -50,7 +48,7 @@ public abstract class ConfigBaseServlet extends BaseServlet { public abstract void display(HttpServletRequest request, HttpServletResponse response, Context context); - public abstract void update(HttpServletRequest request, + public abstract void update(HttpServletRequest request, HttpServletResponse response, Context context); public abstract Template getTemplate(HttpServletRequest request, @@ -64,29 +62,29 @@ public abstract class ConfigBaseServlet extends BaseServlet { while (paramNames.hasMoreElements()) { String pn = (String) paramNames.nextElement(); // added this facility so that password can be hidden, - // all sensitive parameters should be prefixed with + // all sensitive parameters should be prefixed with // __ (double underscores); however, in the event that // a security parameter slips through, we perform multiple // additional checks to insure that it is NOT displayed - if( pn.startsWith("__") || - pn.endsWith("password") || - pn.endsWith("passwd") || - pn.endsWith("pwd") || - pn.equalsIgnoreCase("admin_password_again") || - pn.equalsIgnoreCase("directoryManagerPwd") || - pn.equalsIgnoreCase("bindpassword") || - pn.equalsIgnoreCase("bindpwd") || - pn.equalsIgnoreCase("passwd") || - pn.equalsIgnoreCase("password") || - pn.equalsIgnoreCase("pin") || - pn.equalsIgnoreCase("pwd") || - pn.equalsIgnoreCase("pwdagain") || - pn.equalsIgnoreCase("uPasswd") ) { - CMS.debug("ConfigBaseServlet::service() param name='" + pn + - "' value='(sensitive)'" ); + if (pn.startsWith("__") || + pn.endsWith("password") || + pn.endsWith("passwd") || + pn.endsWith("pwd") || + pn.equalsIgnoreCase("admin_password_again") || + pn.equalsIgnoreCase("directoryManagerPwd") || + pn.equalsIgnoreCase("bindpassword") || + pn.equalsIgnoreCase("bindpwd") || + pn.equalsIgnoreCase("passwd") || + pn.equalsIgnoreCase("password") || + pn.equalsIgnoreCase("pin") || + pn.equalsIgnoreCase("pwd") || + pn.equalsIgnoreCase("pwdagain") || + pn.equalsIgnoreCase("uPasswd")) { + CMS.debug("ConfigBaseServlet::service() param name='" + pn + + "' value='(sensitive)'"); } else { - CMS.debug("ConfigBaseServlet::service() param name='" + pn + - "' value='" + httpReq.getParameter(pn) + "'" ); + CMS.debug("ConfigBaseServlet::service() param name='" + pn + + "' value='" + httpReq.getParameter(pn) + "'"); } } } @@ -97,7 +95,7 @@ public abstract class ConfigBaseServlet extends BaseServlet { public Template process(HttpServletRequest request, HttpServletResponse response, Context context) { - + if (CMS.debugOn()) { outputHttpParameters(request); } @@ -107,16 +105,16 @@ public abstract class ConfigBaseServlet extends BaseServlet { } else { update(request, response, context); } - + Template template = null; - + try { context.put("name", "Velocity Test"); template = getTemplate(request, response, context); } catch (Exception e) { System.err.println("Exception caught: " + e.getMessage()); } - + return template; } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertApprovalCallback.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertApprovalCallback.java index d95c85d1..956c285b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertApprovalCallback.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertApprovalCallback.java @@ -20,16 +20,14 @@ package com.netscape.cms.servlet.csadmin; import org.mozilla.jss.crypto.X509Certificate; import org.mozilla.jss.ssl.SSLCertificateApprovalCallback; - -public class ConfigCertApprovalCallback - implements SSLCertificateApprovalCallback { +public class ConfigCertApprovalCallback + implements SSLCertificateApprovalCallback { public ConfigCertApprovalCallback() { } public boolean approve(X509Certificate cert, - SSLCertificateApprovalCallback.ValidityStatus status) { - return true; + SSLCertificateApprovalCallback.ValidityStatus status) { + return true; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertReqServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertReqServlet.java index 37493b6b..b04de414 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertReqServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertReqServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -25,7 +24,6 @@ import org.apache.velocity.Template; import org.apache.velocity.app.Velocity; import org.apache.velocity.context.Context; - public class ConfigCertReqServlet extends BaseServlet { /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCloneServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCloneServlet.java index e7d88a35..ed1d9cc0 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCloneServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCloneServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -25,7 +24,6 @@ import org.apache.velocity.Template; import org.apache.velocity.app.Velocity; import org.apache.velocity.context.Context; - public class ConfigCloneServlet extends BaseServlet { /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigDatabaseServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigDatabaseServlet.java index 08ebf08e..2b4a82a0 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigDatabaseServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigDatabaseServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -28,7 +27,6 @@ import org.apache.velocity.context.Context; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.IConfigStore; - public class ConfigDatabaseServlet extends ConfigBaseServlet { /** @@ -47,7 +45,8 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet { try { modified = cs.getString("preop.configDatabase.modified", ""); - } catch (Exception e) {} + } catch (Exception e) { + } if (modified.equals("true")) { return true; @@ -75,7 +74,8 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet { basedn = cs.getString("internaldb.basedn", ""); binddn = cs.getString("internaldb.ldapauth.bindDN", ""); database = cs.getString("internaldb.database", ""); - } catch (Exception e) {} + } catch (Exception e) { + } } else { hostname = HOST; portStr = PORT; @@ -113,7 +113,7 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet { int port = -1; try { - port = Integer.parseInt(portStr); + port = Integer.parseInt(portStr); cs.putInteger("internaldb.ldapconn.port", port); } catch (Exception e) { errorString = "Port is invalid"; @@ -159,7 +159,7 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet { CMS.debug("ConfigDatabaseServlet update: " + e.toString()); return; } - psStore.putString("internaldb", bindpwd); + psStore.putString("internaldb", bindpwd); } else { errorString = "Bind password is empty string"; } @@ -189,7 +189,8 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet { Context context) { try { return Velocity.getTemplate("admin/console/config/config_db.vm"); - } catch (Exception e) {} + } catch (Exception e) { + } return null; } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java index d04fbf2f..fa9dbb05 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.FileNotFoundException; import java.io.IOException; @@ -46,7 +45,8 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { private CryptoManager mCryptoManager = null; private String mPwdFilePath = ""; - public ConfigHSMLoginPanel() {} + public ConfigHSMLoginPanel() { + } public void init(ServletConfig config, int panelno) throws ServletException { try { @@ -132,7 +132,7 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { CMS.debug("ConfigHSMLoginPanel: passwrd file path: " + e.toString()); } CMS.debug("ConfigHSMLoginPanel: checking if passwd in cache"); - String tokPwd = pr.getPassword("hardware-"+tokName); + String tokPwd = pr.getPassword("hardware-" + tokName); boolean loggedIn = false; @@ -157,48 +157,52 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { password = new Password(tokPwd.toCharArray()); try { - if (token.passwordIsInitialized()) { - CMS.debug( - "ConfigHSMLoginPanel: loginToken():token password is initialized"); - if (!token.isLoggedIn()) { - CMS.debug( - "ConfigHSMLoginPanel: loginToken():Token is not logged in, try it"); - token.login(password); - context.put("status", "justLoggedIn"); - } else { - CMS.debug( - "ConfigHSMLoginPanel:Token has already logged on"); - context.put("status", "alreadyLoggedIn"); - } - } else { - CMS.debug( - "ConfigHSMLoginPanel: loginToken():Token password not initialized"); - context.put("status", "tokenPasswordNotInitialized"); - rv = false; - } - - } catch (IncorrectPasswordException e) { - context.put("status", "incorrectPassword"); - context.put("errorString", e.toString()); - CMS.debug("ConfigHSMLoginPanel: loginToken():" + e.toString()); - rv = false; - } catch (Exception e) { - CMS.debug("ConfigHSMLoginPanel: loginToken():" + e.toString()); - context.put("errorString", e.toString()); - rv = false; - } + if (token.passwordIsInitialized()) { + CMS.debug( + "ConfigHSMLoginPanel: loginToken():token password is initialized"); + if (!token.isLoggedIn()) { + CMS.debug( + "ConfigHSMLoginPanel: loginToken():Token is not logged in, try it"); + token.login(password); + context.put("status", "justLoggedIn"); + } else { + CMS.debug( + "ConfigHSMLoginPanel:Token has already logged on"); + context.put("status", "alreadyLoggedIn"); + } + } else { + CMS.debug( + "ConfigHSMLoginPanel: loginToken():Token password not initialized"); + context.put("status", "tokenPasswordNotInitialized"); + rv = false; + } + + } catch (IncorrectPasswordException e) { + context.put("status", "incorrectPassword"); + context.put("errorString", e.toString()); + CMS.debug("ConfigHSMLoginPanel: loginToken():" + e.toString()); + rv = false; + } catch (Exception e) { + CMS.debug("ConfigHSMLoginPanel: loginToken():" + e.toString()); + context.put("errorString", e.toString()); + rv = false; + } return rv; } // XXX how do you do this? public PropertySet getUsage() { PropertySet set = new PropertySet(); - - Descriptor choiceDesc = new Descriptor(IDescriptor.CHOICE, "", "", null); /* no default parameters */ + + Descriptor choiceDesc = new Descriptor(IDescriptor.CHOICE, "", "", null); /* + * no + * default + * parameters + */ set.add( "choice", choiceDesc); - + return set; } @@ -220,10 +224,10 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { select = cs.getString("preop.subsystem.select", ""); } catch (Exception e) { } - -// if (select.equals("clone")) - // return; - + + // if (select.equals("clone")) + // return; + CMS.debug("ConfigHSMLoginPanel: in update()"); String uTokName = null; @@ -233,7 +237,7 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { uPasswd = HttpInput.getPassword(request, "__uPasswd"); } catch (Exception e) { } - + if (uPasswd == null) { CMS.debug("ConfigHSMLoginPanel: password not found"); context.put("error", "no password"); @@ -270,13 +274,13 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { PlainPasswordWriter pw = new PlainPasswordWriter(); pw.init(mPwdFilePath); - pw.putPassword("hardware-"+uTokName, uPasswd); + pw.putPassword("hardware-" + uTokName, uPasswd); pw.commit(); } catch (FileNotFoundException e) { CMS.debug( "ConfigHSMLoginPanel: update(): Exception caught: " - + e.toString() + " writing to "+ mPwdFilePath); + + e.toString() + " writing to " + mPwdFilePath); CMS.debug( "ConfigHSMLoginPanel: update(): password not written to cache"); System.err.println("Exception caught: " + e.toString()); @@ -288,7 +292,7 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { System.err.println("Exception caught: " + e.toString()); context.put("error", "Exception:" + e.toString()); } - + } // found password context.put("panel", "admin/console/config/config_hsmloginpanel.vm"); @@ -308,4 +312,3 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { context.put("panel", "admin/console/config/config_hsmloginpanel.vm"); } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMServlet.java index bfc6e278..9428ecce 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.util.Enumeration; import java.util.Hashtable; import java.util.Vector; @@ -39,7 +38,6 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.IConfigStore; import com.netscape.cmsutil.crypto.Module; - public class ConfigHSMServlet extends ConfigBaseServlet { /** * @@ -131,9 +129,9 @@ public class ConfigHSMServlet extends ConfigBaseServlet { } else { CMS.debug( "ConfigHSMServlet: token " + token.getName() - + " not to be added"); + + " not to be added"); } - + } catch (TokenException ex) { CMS.debug("ConfigHSMServlet:" + ex.toString()); } @@ -165,11 +163,11 @@ public class ConfigHSMServlet extends ConfigBaseServlet { if ((cn == null) || (cn.equals(""))) { break; } - + CMS.debug("ConfigHSMServlet: got from config module: " + cn); // create a Module object Module module = new Module(cn, pn, img); - + if (mCurrModTable.containsKey(cn)) { CMS.debug("ConfigHSMServlet: module found: " + cn); module.setFound(true); @@ -178,7 +176,7 @@ public class ConfigHSMServlet extends ConfigBaseServlet { loadModTokens(module, m); } - + CMS.debug("ConfigHSMServlet: adding module " + cn); // add module to set if (!mSupportedModules.contains(module)) { @@ -290,8 +288,8 @@ public class ConfigHSMServlet extends ConfigBaseServlet { Context context) { try { return Velocity.getTemplate("admin/console/config/config_hsm.vm"); - } catch (Exception e) {} + } catch (Exception e) { + } return null; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigImportCertServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigImportCertServlet.java index 3b3b8a64..c65e559d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigImportCertServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigImportCertServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -25,7 +24,6 @@ import org.apache.velocity.Template; import org.apache.velocity.app.Velocity; import org.apache.velocity.context.Context; - public class ConfigImportCertServlet extends BaseServlet { /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigJoinServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigJoinServlet.java index 01917303..5d50193c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigJoinServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigJoinServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -30,7 +29,6 @@ import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.cmsutil.crypto.CryptoUtil; - public class ConfigJoinServlet extends ConfigBaseServlet { /** @@ -52,12 +50,13 @@ public class ConfigJoinServlet extends ConfigBaseServlet { public boolean isPanelModified() { IConfigStore config = CMS.getConfigStore(); - + String cert = null; try { cert = config.getString("preop.join.cert", null); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } if (cert == null || cert.equals("")) { return false; } else { @@ -69,7 +68,7 @@ public class ConfigJoinServlet extends ConfigBaseServlet { * Displays panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, + HttpServletResponse response, Context context) { IConfigStore config = CMS.getConfigStore(); @@ -85,7 +84,8 @@ public class ConfigJoinServlet extends ConfigBaseServlet { CryptoUtil.string2byte(pubKeyPublicExponent), CryptoUtil.string2byte(priKeyID)); context.put("certreq", pkcs10); - } catch (Exception e) {} + } catch (Exception e) { + } String select = "auto"; boolean select_manual = true; @@ -94,8 +94,8 @@ public class ConfigJoinServlet extends ConfigBaseServlet { try { select = config.getString("preop.join.select", null); } catch (EBaseException e) { - CMS.debug( "ConfigJoinServlet::display() - " - + "Exception="+e.toString() ); + CMS.debug("ConfigJoinServlet::display() - " + + "Exception=" + e.toString()); return; } if (select.equals("auto")) { @@ -109,12 +109,13 @@ public class ConfigJoinServlet extends ConfigBaseServlet { String cert = config.getString("preop.join.cert", ""); context.put("cert", cert); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } } } else { context.put("cert", ""); } - if (select_manual) { + if (select_manual) { context.put("check_manual", "checked"); context.put("check_auto", ""); } else { @@ -128,7 +129,7 @@ public class ConfigJoinServlet extends ConfigBaseServlet { * Updates panel. */ public void update(HttpServletRequest request, - HttpServletResponse response, + HttpServletResponse response, Context context) { CMS.debug("JoinServlet: update"); IConfigStore config = CMS.getConfigStore(); @@ -160,9 +161,10 @@ public class ConfigJoinServlet extends ConfigBaseServlet { } config.putString("preop.join.select", select); config.commit(false); - } catch (Exception e) {} + } catch (Exception e) { + } } - + public Template getTemplate(HttpServletRequest request, HttpServletResponse response, Context context) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigRootCAServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigRootCAServlet.java index 895c75ac..44046fdc 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigRootCAServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigRootCAServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.util.Vector; import javax.servlet.http.HttpServletRequest; @@ -32,7 +31,6 @@ import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.profile.CertInfoProfile; - public class ConfigRootCAServlet extends ConfigBaseServlet { /** @@ -54,12 +52,13 @@ public class ConfigRootCAServlet extends ConfigBaseServlet { public boolean isPanelModified() { IConfigStore config = CMS.getConfigStore(); - + String profile = null; try { profile = config.getString("preop.hierarchy.profile", null); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } if (profile == null || profile.equals("")) { return false; } else { @@ -73,7 +72,8 @@ public class ConfigRootCAServlet extends ConfigBaseServlet { try { instancePath = config.getString("instanceRoot"); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } String p[] = { "caCert.profile" }; Vector profiles = new Vector(); @@ -81,13 +81,14 @@ public class ConfigRootCAServlet extends ConfigBaseServlet { try { profiles.addElement( new CertInfoProfile(instancePath + "/conf/" + p[i])); - } catch (Exception e) {} + } catch (Exception e) { + } } return profiles; } public void display(HttpServletRequest request, - HttpServletResponse response, + HttpServletResponse response, Context context) { IConfigStore config = CMS.getConfigStore(); String profile = null; @@ -95,7 +96,8 @@ public class ConfigRootCAServlet extends ConfigBaseServlet { if (isPanelModified()) { try { profile = config.getString("preop.hierarchy.profile", null); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } } if (profile == null) { profile = "caCert.profile"; @@ -108,15 +110,16 @@ public class ConfigRootCAServlet extends ConfigBaseServlet { } public void update(HttpServletRequest request, - HttpServletResponse response, + HttpServletResponse response, Context context) { String profile = request.getParameter("profile"); IConfigStore config = CMS.getConfigStore(); config.putString("preop.hierarchy.profile", profile); try { - config.commit(false); - } catch (Exception e) {} + config.commit(false); + } catch (Exception e) { + } context.put("status", "update"); context.put("error", ""); Vector profiles = getProfiles(); @@ -124,7 +127,7 @@ public class ConfigRootCAServlet extends ConfigBaseServlet { context.put("profiles", profiles); context.put("selected_profile_id", profile); } - + public Template getTemplate(HttpServletRequest request, HttpServletResponse response, Context context) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java index daf14c9e..377043d5 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.net.URL; import java.util.StringTokenizer; @@ -39,19 +38,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class CreateSubsystemPanel extends WizardPanelBase { - public CreateSubsystemPanel() {} + public CreateSubsystemPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Subsystem Selection"); } public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + throws ServletException { setPanelNo(panelno); setName("Subsystem Type"); setId(id); @@ -72,15 +72,16 @@ public class CreateSubsystemPanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -112,8 +113,8 @@ public class CreateSubsystemPanel extends WizardPanelBase { context.put("check_newsubsystem", ""); context.put("check_clonesubsystem", "checked"); } - context.put("subsystemName", - config.getString("preop.subsystem.name")); + context.put("subsystemName", + config.getString("preop.subsystem.name")); } catch (Exception e) { CMS.debug(e.toString()); } @@ -121,8 +122,8 @@ public class CreateSubsystemPanel extends WizardPanelBase { context.put("check_newsubsystem", "checked"); context.put("check_clonesubsystem", ""); try { - context.put("subsystemName", - config.getString("preop.system.fullname")); + context.put("subsystemName", + config.getString("preop.system.fullname")); } catch (Exception e) { CMS.debug(e.toString()); } @@ -144,7 +145,7 @@ public class CreateSubsystemPanel extends WizardPanelBase { } catch (EBaseException e) { } - Vector v = getUrlListFromSecurityDomain(config, cstype, "SecurePort" ); + Vector v = getUrlListFromSecurityDomain(config, cstype, "SecurePort"); StringBuffer list = new StringBuffer(); int size = v.size(); @@ -164,7 +165,7 @@ public class CreateSubsystemPanel extends WizardPanelBase { errorString = "Internal error, cs.type is missing from CS.cfg"; } - if (list.length()==0) + if (list.length() == 0) context.put("disableClone", "true"); context.put("panel", "admin/console/config/createsubsystempanel.vm"); @@ -196,8 +197,8 @@ public class CreateSubsystemPanel extends WizardPanelBase { throw new IOException("choice not found"); } - config.putString("preop.subsystem.name", - HttpInput.getName(request, "subsystemName")); + config.putString("preop.subsystem.name", + HttpInput.getName(request, "subsystemName")); if (select.equals("newsubsystem")) { config.putString("preop.subsystem.select", "new"); config.putString("subsystem.select", "New"); @@ -209,7 +210,7 @@ public class CreateSubsystemPanel extends WizardPanelBase { } cstype = toLowerCaseSubsystemType(cstype); - + config.putString("preop.subsystem.select", "clone"); config.putString("subsystem.select", "Clone"); @@ -223,9 +224,9 @@ public class CreateSubsystemPanel extends WizardPanelBase { while (t.hasMoreTokens()) { String tag = t.nextToken(); if (tag.equals("sslserver")) - config.putBoolean(PCERT_PREFIX+tag+".enable", true); - else - config.putBoolean(PCERT_PREFIX+tag+".enable", false); + config.putBoolean(PCERT_PREFIX + tag + ".enable", true); + else + config.putBoolean(PCERT_PREFIX + tag + ".enable", false); } // get the master CA @@ -254,10 +255,10 @@ public class CreateSubsystemPanel extends WizardPanelBase { String host = u.getHost(); int https_ee_port = u.getPort(); - String https_admin_port = getSecurityDomainAdminPort( config, + String https_admin_port = getSecurityDomainAdminPort(config, host, String.valueOf(https_ee_port), - cstype ); + cstype); config.putString("preop.master.hostname", host); config.putInteger("preop.master.httpsport", https_ee_port); @@ -265,12 +266,12 @@ public class CreateSubsystemPanel extends WizardPanelBase { ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); if (cstype.equals("ca")) { - updateCertChainUsingSecureEEPort( config, "clone", host, https_ee_port, - true, context, certApprovalCallback ); + updateCertChainUsingSecureEEPort(config, "clone", host, https_ee_port, + true, context, certApprovalCallback); } - getTokenInfo(config, cstype, host, https_ee_port, true, context, - certApprovalCallback); + getTokenInfo(config, cstype, host, https_ee_port, true, context, + certApprovalCallback); } else { CMS.debug("CreateSubsystemPanel: invalid choice " + select); errorString = "Invalid choice"; diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java index e18d86cf..a69f462a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.BufferedReader; import java.io.File; import java.io.FileOutputStream; @@ -64,7 +63,7 @@ import com.netscape.cmsutil.ldap.LDAPUtil; public class DatabasePanel extends WizardPanelBase { private static final String HOST = "localhost"; - private static final String CLONE_HOST="Enter FQDN here"; + private static final String CLONE_HOST = "Enter FQDN here"; private static final String PORT = "389"; private static final String BASEDN = "o=netscapeCertificateServer"; private static final String BINDDN = "cn=Directory Manager"; @@ -74,19 +73,20 @@ public class DatabasePanel extends WizardPanelBase { private WizardServlet mServlet = null; - public DatabasePanel() {} + public DatabasePanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Internal Database"); } public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + throws ServletException { setPanelNo(panelno); setName("Internal Database"); setId(id); @@ -109,7 +109,8 @@ public class DatabasePanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } @@ -120,7 +121,7 @@ public class DatabasePanel extends WizardPanelBase { "Host name"); set.add("hostname", hostDesc); - + Descriptor portDesc = new Descriptor(IDescriptor.INTEGER, null, null, "Port"); @@ -130,14 +131,14 @@ public class DatabasePanel extends WizardPanelBase { "Base DN"); set.add("basedn", basednDesc); - + Descriptor binddnDesc = new Descriptor(IDescriptor.STRING, null, null, "Bind DN"); set.add("binddn", binddnDesc); Descriptor bindpwdDesc = new Descriptor(IDescriptor.PASSWORD, null, null, - "Bind Password"); + "Bind Password"); set.add("bindpwd", bindpwdDesc); @@ -187,8 +188,8 @@ public class DatabasePanel extends WizardPanelBase { basedn = cs.getString("internaldb.basedn", ""); binddn = cs.getString("internaldb.ldapauth.bindDN", ""); database = cs.getString("internaldb.database", ""); - secure = cs.getString("internaldb.ldapconn.secureConn", ""); - cloneStartTLS = cs.getString("internaldb.ldapconn.cloneStartTLS", ""); + secure = cs.getString("internaldb.ldapconn.secureConn", ""); + cloneStartTLS = cs.getString("internaldb.ldapconn.cloneStartTLS", ""); errorString = cs.getString("preop.database.errorString", ""); } catch (Exception e) { CMS.debug("DatabasePanel display: " + e.toString()); @@ -199,12 +200,12 @@ public class DatabasePanel extends WizardPanelBase { try { basedn = cs.getString("internaldb.basedn", ""); } catch (Exception e) { - CMS.debug( "DatabasePanel::display() - " - + "Exception="+e.toString() ); + CMS.debug("DatabasePanel::display() - " + + "Exception=" + e.toString()); return; } binddn = BINDDN; - database = basedn.substring(basedn.lastIndexOf('=')+1); + database = basedn.substring(basedn.lastIndexOf('=') + 1); CMS.debug("Clone: database=" + database); } else { hostname = HOST; @@ -223,11 +224,10 @@ public class DatabasePanel extends WizardPanelBase { boolean multipleEnable = false; try { multipleEnable = cs.getBoolean( - "internaldb.multipleSuffix.enable", false); + "internaldb.multipleSuffix.enable", false); } catch (Exception e) { } - - + if (multipleEnable) basedn = "ou=" + instanceId + "," + suffix; else @@ -243,15 +243,14 @@ public class DatabasePanel extends WizardPanelBase { context.put("binddn", binddn); context.put("bindpwd", bindpwd); context.put("database", database); - context.put("secureConn", (secure.equals("true")? "on":"off")); - context.put("cloneStartTLS", (cloneStartTLS.equals("true")? "on":"off")); + context.put("secureConn", (secure.equals("true") ? "on" : "off")); + context.put("cloneStartTLS", (cloneStartTLS.equals("true") ? "on" : "off")); context.put("panel", "admin/console/config/databasepanel.vm"); context.put("errorString", errorString); } public void initParams(HttpServletRequest request, Context context) - throws IOException - { + throws IOException { IConfigStore config = CMS.getConfigStore(); String select = ""; try { @@ -323,7 +322,7 @@ public class DatabasePanel extends WizardPanelBase { } catch (Exception e) { } - //get the real host name + // get the real host name String realhostname = ""; if (hostname.equals("localhost")) { try { @@ -395,8 +394,7 @@ public class DatabasePanel extends WizardPanelBase { } private LDAPConnection getLocalLDAPConn(Context context, String secure) - throws IOException - { + throws IOException { IConfigStore cs = CMS.getConfigStore(); String host = ""; @@ -409,7 +407,7 @@ public class DatabasePanel extends WizardPanelBase { host = cs.getString("internaldb.ldapconn.host"); port = cs.getString("internaldb.ldapconn.port"); binddn = cs.getString("internaldb.ldapauth.bindDN"); - pwd = (String) context.get("bindpwd"); + pwd = (String) context.get("bindpwd"); security = cs.getString("internaldb.ldapconn.secureConn"); } catch (Exception e) { CMS.debug("DatabasePanel populateDB: " + e.toString()); @@ -428,12 +426,12 @@ public class DatabasePanel extends WizardPanelBase { LDAPConnection conn = null; if (security.equals("true")) { - CMS.debug("DatabasePanel populateDB: creating secure (SSL) connection for internal ldap"); - conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); - } else { - CMS.debug("DatabasePanel populateDB: creating non-secure (non-SSL) connection for internal ldap"); - conn = new LDAPConnection(); - } + CMS.debug("DatabasePanel populateDB: creating secure (SSL) connection for internal ldap"); + conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); + } else { + CMS.debug("DatabasePanel populateDB: creating non-secure (non-SSL) connection for internal ldap"); + conn = new LDAPConnection(); + } CMS.debug("DatabasePanel connecting to " + host + ":" + p); try { @@ -443,81 +441,78 @@ public class DatabasePanel extends WizardPanelBase { throw new IOException("Failed to connect to the internal database."); } - return conn; + return conn; } - private boolean deleteDir(File dir) - { + private boolean deleteDir(File dir) { if (dir.isDirectory()) { String[] children = dir.list(); - for (int i=0; i<children.length; i++) { + for (int i = 0; i < children.length; i++) { boolean success = deleteDir(new File(dir, children[i])); if (!success) { return false; } } } - + // The directory is now empty so delete it return dir.delete(); - } + } - private void cleanupDB(LDAPConnection conn, String baseDN, String database) - { + private void cleanupDB(LDAPConnection conn, String baseDN, String database) { String[] entries = {}; String filter = "objectclass=*"; LDAPSearchConstraints cons = null; String[] attrs = null; - String dn=""; + String dn = ""; try { CMS.debug("Deleting baseDN: " + baseDN); LDAPSearchResults res = conn.search(baseDN, LDAPConnection.SCOPE_BASE, filter, - attrs, true, cons); - if (res != null) - deleteEntries(res, conn, baseDN, entries); + attrs, true, cons); + if (res != null) + deleteEntries(res, conn, baseDN, entries); + } catch (LDAPException e) { } - catch (LDAPException e) {} - + try { - dn="cn=mapping tree, cn=config"; - filter = "nsslapd-backend=" + database; - LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_ONE, filter, - attrs, true, cons); - if (res != null) { - while (res.hasMoreElements()) { - dn = res.next().getDN(); - filter = "objectclass=*"; - LDAPSearchResults res2 = conn.search(dn, LDAPConnection.SCOPE_BASE, filter, - attrs, true, cons); - if (res2 != null) - deleteEntries(res2, conn, dn, entries); - } - } - } - catch (LDAPException e) {} + dn = "cn=mapping tree, cn=config"; + filter = "nsslapd-backend=" + database; + LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_ONE, filter, + attrs, true, cons); + if (res != null) { + while (res.hasMoreElements()) { + dn = res.next().getDN(); + filter = "objectclass=*"; + LDAPSearchResults res2 = conn.search(dn, LDAPConnection.SCOPE_BASE, filter, + attrs, true, cons); + if (res2 != null) + deleteEntries(res2, conn, dn, entries); + } + } + } catch (LDAPException e) { + } try { dn = "cn=" + database + ",cn=ldbm database, cn=plugins, cn=config"; LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_BASE, filter, - attrs, true, cons); + attrs, true, cons); if (res != null) { deleteEntries(res, conn, dn, entries); - String dbdir = getInstanceDir(conn) + "/db/" + database; - if (dbdir != null) { - CMS.debug(" Deleting dbdir " + dbdir); + String dbdir = getInstanceDir(conn) + "/db/" + database; + if (dbdir != null) { + CMS.debug(" Deleting dbdir " + dbdir); boolean success = deleteDir(new File(dbdir)); if (!success) { CMS.debug("Unable to delete database directory " + dbdir); } } } + } catch (LDAPException e) { } - catch (LDAPException e) {} } - - private void populateDB(HttpServletRequest request, Context context, String secure) - throws IOException { + private void populateDB(HttpServletRequest request, Context context, String secure) + throws IOException { IConfigStore cs = CMS.getConfigStore(); String baseDN = ""; @@ -542,41 +537,44 @@ public class DatabasePanel extends WizardPanelBase { boolean foundDatabase = false; try { LDAPEntry entry = conn.read(baseDN); - if (entry != null) foundBaseDN = true; + if (entry != null) + foundBaseDN = true; } catch (LDAPException e) { - switch( e.getLDAPResultCode() ) { - case LDAPException.NO_SUCH_OBJECT: - break; - default: - CMS.debug("DatabasePanel update: LDAPException " + e.toString()); - throw new IOException("Failed to create the database"); + switch (e.getLDAPResultCode()) { + case LDAPException.NO_SUCH_OBJECT: + break; + default: + CMS.debug("DatabasePanel update: LDAPException " + e.toString()); + throw new IOException("Failed to create the database"); } } try { dn = "cn=" + database + ",cn=ldbm database, cn=plugins, cn=config"; LDAPEntry entry = conn.read(dn); - if (entry != null) foundDatabase = true; + if (entry != null) + foundDatabase = true; } catch (LDAPException e) { - switch( e.getLDAPResultCode() ) { - case LDAPException.NO_SUCH_OBJECT: - break; - default: - CMS.debug("DatabasePanel update: LDAPException " + e.toString()); - throw new IOException("Failed to create the database"); + switch (e.getLDAPResultCode()) { + case LDAPException.NO_SUCH_OBJECT: + break; + default: + CMS.debug("DatabasePanel update: LDAPException " + e.toString()); + throw new IOException("Failed to create the database"); } } try { dn = "cn=\"" + baseDN + "\",cn=mapping tree, cn=config"; LDAPEntry entry = conn.read(dn); - if (entry != null) foundDatabase = true; + if (entry != null) + foundDatabase = true; } catch (LDAPException e) { - switch( e.getLDAPResultCode() ) { - case LDAPException.NO_SUCH_OBJECT: - break; - default: - CMS.debug("DatabasePanel update: LDAPException " + e.toString()); - throw new IOException("Failed to create the database"); + switch (e.getLDAPResultCode()) { + case LDAPException.NO_SUCH_OBJECT: + break; + default: + CMS.debug("DatabasePanel update: LDAPException " + e.toString()); + throw new IOException("Failed to create the database"); } } @@ -584,8 +582,7 @@ public class DatabasePanel extends WizardPanelBase { CMS.debug("DatabasePanel update: This database has already been used."); if (remove == null) { throw new IOException("This database has already been used. Select the checkbox below to remove all data and reuse this database"); - } - else { + } else { CMS.debug("DatabasePanel update: Deleting existing DB and reusing base DN"); cleanupDB(conn, baseDN, database); foundBaseDN = false; @@ -596,9 +593,8 @@ public class DatabasePanel extends WizardPanelBase { if (foundBaseDN) { CMS.debug("DatabasePanel update: This base DN has already been used."); if (remove == null) { - throw new IOException("This base DN ("+baseDN+") has already been used. Select the checkbox below to remove all data and reuse this base DN"); - } - else { + throw new IOException("This base DN (" + baseDN + ") has already been used. Select the checkbox below to remove all data and reuse this base DN"); + } else { CMS.debug("DatabasePanel update: Deleting existing DB and reusing base DN"); cleanupDB(conn, baseDN, database); foundBaseDN = false; @@ -609,7 +605,7 @@ public class DatabasePanel extends WizardPanelBase { // create database try { LDAPAttributeSet attrs = new LDAPAttributeSet(); - String oc[] = { "top", "extensibleObject", "nsBackendInstance"}; + String oc[] = { "top", "extensibleObject", "nsBackendInstance" }; attrs.add(new LDAPAttribute("objectClass", oc)); attrs.add(new LDAPAttribute("cn", database)); attrs.add(new LDAPAttribute("nsslapd-suffix", baseDN)); @@ -623,7 +619,7 @@ public class DatabasePanel extends WizardPanelBase { try { LDAPAttributeSet attrs = new LDAPAttributeSet(); - String oc2[] = { "top", "extensibleObject", "nsMappingTree"}; + String oc2[] = { "top", "extensibleObject", "nsMappingTree" }; attrs.add(new LDAPAttribute("objectClass", oc2)); attrs.add(new LDAPAttribute("cn", baseDN)); attrs.add(new LDAPAttribute("nsslapd-backend", database)); @@ -644,19 +640,19 @@ public class DatabasePanel extends WizardPanelBase { String n = st.nextToken(); String v = st.nextToken(); LDAPAttributeSet attrs = new LDAPAttributeSet(); - String oc3[] = { "top", "domain"}; + String oc3[] = { "top", "domain" }; if (n.equals("o")) { - oc3[1] = "organization"; + oc3[1] = "organization"; } else if (n.equals("ou")) { - oc3[1] = "organizationalUnit"; - } + oc3[1] = "organizationalUnit"; + } attrs.add(new LDAPAttribute("objectClass", oc3)); attrs.add(new LDAPAttribute(n, v)); LDAPEntry entry = new LDAPEntry(baseDN, attrs); conn.add(entry); } catch (Exception e) { CMS.debug("Warning: suffix creation error - " + e.toString()); - throw new IOException("Failed to create the base DN: "+baseDN); + throw new IOException("Failed to create the base DN: " + baseDN); } // check to see if the base dn exists @@ -666,15 +662,17 @@ public class DatabasePanel extends WizardPanelBase { LDAPEntry entry = conn.read(baseDN); if (entry != null) { - foundBaseDN = true; + foundBaseDN = true; } - } catch (LDAPException e) {} + } catch (LDAPException e) { + } boolean createBaseDN = true; boolean testing = false; try { testing = cs.getBoolean("internaldb.multipleSuffix.enable", false); - } catch (Exception e) {} + } catch (Exception e) { + } if (!foundBaseDN) { if (!testing) { @@ -697,7 +695,7 @@ public class DatabasePanel extends WizardPanelBase { // support only one level creation - create new entry // right under the suffix LDAPAttributeSet attrs = new LDAPAttributeSet(); - String oc[] = { "top", "organizationalUnit"}; + String oc[] = { "top", "organizationalUnit" }; attrs.add(new LDAPAttribute("objectClass", oc)); attrs.add(new LDAPAttribute("ou", dns2[0])); @@ -705,7 +703,7 @@ public class DatabasePanel extends WizardPanelBase { try { conn.add(entry); - foundBaseDN = true; + foundBaseDN = true; CMS.debug("DatabasePanel added " + baseDN); } catch (LDAPException e) { throw new IOException("Failed to create " + baseDN); @@ -723,25 +721,26 @@ public class DatabasePanel extends WizardPanelBase { } if (select.equals("clone")) { - // if this is clone, add index before replication - // don't put in the schema or bad things will happen - - importLDIFS("preop.internaldb.ldif", conn); - importLDIFS("preop.internaldb.index_ldif", conn); + // if this is clone, add index before replication + // don't put in the schema or bad things will happen + + importLDIFS("preop.internaldb.ldif", conn); + importLDIFS("preop.internaldb.index_ldif", conn); } else { - // data will be replicated from the master to the clone - // so clone does not need the data - // + // data will be replicated from the master to the clone + // so clone does not need the data + // - importLDIFS("preop.internaldb.schema.ldif", conn); - importLDIFS("preop.internaldb.ldif", conn); - importLDIFS("preop.internaldb.data_ldif", conn); - importLDIFS("preop.internaldb.index_ldif", conn); + importLDIFS("preop.internaldb.schema.ldif", conn); + importLDIFS("preop.internaldb.ldif", conn); + importLDIFS("preop.internaldb.data_ldif", conn); + importLDIFS("preop.internaldb.index_ldif", conn); } try { conn.disconnect(); - } catch (LDAPException e) {} + } catch (LDAPException e) { + } } private void importLDIFS(String param, LDAPConnection conn) throws IOException { @@ -751,11 +750,11 @@ public class DatabasePanel extends WizardPanelBase { CMS.debug("DatabasePanel populateDB param=" + param); try { v = cs.getString(param); - } catch (EBaseException e) { + } catch (EBaseException e) { CMS.debug("DatabasePanel populateDB: " + e.toString()); throw new IOException("Cant find ldif files."); } - + StringTokenizer tokenizer = new StringTokenizer(v, ","); String baseDN = null; String database = null; @@ -787,13 +786,12 @@ public class DatabasePanel extends WizardPanelBase { String instanceId = null; try { - instanceId = cs.getString("instanceId"); + instanceId = cs.getString("instanceId"); } catch (EBaseException e) { throw new IOException("instanceId is missing"); } - - String configDir = instancePath + File.separator + "conf"; + String configDir = instancePath + File.separator + "conf"; while (tokenizer.hasMoreTokens()) { String token = tokenizer.nextToken().trim(); @@ -846,11 +844,11 @@ public class DatabasePanel extends WizardPanelBase { if (!endOfline) { ps.println(s); } - } + } } in.close(); ps.close(); - } catch (Exception e) { + } catch (Exception e) { CMS.debug("DBSubsystem popuateDB: " + e.toString()); throw new IOException( "Problem of copying ldif file: " + filename); @@ -867,7 +865,7 @@ public class DatabasePanel extends WizardPanelBase { HttpServletResponse response, Context context) throws IOException { IConfigStore cs = CMS.getConfigStore(); - boolean hasErr = false; + boolean hasErr = false; boolean firsttime = false; context.put("firsttime", "false"); @@ -903,17 +901,19 @@ public class DatabasePanel extends WizardPanelBase { cs.putString("internaldb.ldapauth.bindDN", binddn); cs.putString("internaldb.database", database2); String secure = HttpInput.getCheckbox(request, "secureConn"); - cs.putString("internaldb.ldapconn.secureConn", (secure.equals("on")?"true":"false")); + cs.putString("internaldb.ldapconn.secureConn", (secure.equals("on") ? "true" : "false")); String cloneStartTLS = HttpInput.getCheckbox(request, "cloneStartTLS"); - cs.putString("internaldb.ldapconn.cloneStartTLS", (cloneStartTLS.equals("on")?"true":"false")); + cs.putString("internaldb.ldapconn.cloneStartTLS", (cloneStartTLS.equals("on") ? "true" : "false")); String remove = HttpInput.getID(request, "removeData"); if (isPanelDone() && (remove == null || remove.equals(""))) { - /* if user submits the same data, they just want to skip - to the next panel, no database population is required. */ - if (hostname1.equals(hostname2) && - portStr1.equals(portStr2) && - database1.equals(database2)) { + /* + * if user submits the same data, they just want to skip to the next + * panel, no database population is required. + */ + if (hostname1.equals(hostname2) && + portStr1.equals(portStr2) && + database1.equals(database2)) { context.put("updateStatus", "success"); return; } @@ -921,15 +921,14 @@ public class DatabasePanel extends WizardPanelBase { mServlet.cleanUpFromPanel(mServlet.getPanelNo(request)); - try { - populateDB(request, context, (secure.equals("on")?"true":"false")); + populateDB(request, context, (secure.equals("on") ? "true" : "false")); } catch (IOException e) { - CMS.debug("DatabasePanel update: populateDB Exception: "+e.toString()); + CMS.debug("DatabasePanel update: populateDB Exception: " + e.toString()); context.put("updateStatus", "failure"); throw e; } catch (Exception e) { - CMS.debug("DatabasePanel update: populateDB Exception: "+e.toString()); + CMS.debug("DatabasePanel update: populateDB Exception: " + e.toString()); context.put("errorString", e.toString()); cs.putString("preop.database.errorString", e.toString()); context.put("updateStatus", "failure"); @@ -950,11 +949,11 @@ public class DatabasePanel extends WizardPanelBase { } catch (Exception e) { CMS.debug("ConfigDatabaseServlet update: " + e.toString()); context.put("updateStatus", "failure"); - throw new IOException( e.toString() ); + throw new IOException(e.toString()); } psStore.putString("internaldb", bindpwd); psStore.putString("replicationdb", replicationpwd); - cs.putString("preop.internaldb.replicationpwd" , replicationpwd); + cs.putString("preop.internaldb.replicationpwd", replicationpwd); cs.putString("preop.database.removeData", "false"); try { @@ -983,57 +982,58 @@ public class DatabasePanel extends WizardPanelBase { // always populate the index the last try { - CMS.debug("Populating local indexes"); - LDAPConnection conn = getLocalLDAPConn(context, - (secure.equals("on")?"true":"false")); - importLDIFS("preop.internaldb.post_ldif", conn); - - /* For vlvtask, we need to check if the task has - been completed or not. Presence of nsTaskExitCode means task is complete - */ - String wait_dn = cs.getString("preop.internaldb.wait_dn", ""); - if (!wait_dn.equals("")) { - int i = 0; - LDAPEntry task = null; - boolean taskComplete = false; - CMS.debug("Checking wait_dn " + wait_dn); - do { - Thread.sleep(1000); - try { - task = conn.read(wait_dn, (String[])null); - if (task != null) { - LDAPAttribute attr = task.getAttribute("nsTaskExitCode"); - if (attr != null) { - taskComplete = true; - String val = (String) attr.getStringValues().nextElement(); - if (val.compareTo("0") != 0) { - CMS.debug("Error in populating local indexes: nsTaskExitCode=" + val); - } - } + CMS.debug("Populating local indexes"); + LDAPConnection conn = getLocalLDAPConn(context, + (secure.equals("on") ? "true" : "false")); + importLDIFS("preop.internaldb.post_ldif", conn); + + /* + * For vlvtask, we need to check if the task has been completed or + * not. Presence of nsTaskExitCode means task is complete + */ + String wait_dn = cs.getString("preop.internaldb.wait_dn", ""); + if (!wait_dn.equals("")) { + int i = 0; + LDAPEntry task = null; + boolean taskComplete = false; + CMS.debug("Checking wait_dn " + wait_dn); + do { + Thread.sleep(1000); + try { + task = conn.read(wait_dn, (String[]) null); + if (task != null) { + LDAPAttribute attr = task.getAttribute("nsTaskExitCode"); + if (attr != null) { + taskComplete = true; + String val = (String) attr.getStringValues().nextElement(); + if (val.compareTo("0") != 0) { + CMS.debug("Error in populating local indexes: nsTaskExitCode=" + val); + } + } + } + } catch (LDAPException le) { + CMS.debug("Still checking wait_dn '" + wait_dn + "' (" + le.toString() + ")"); + } catch (Exception e) { + CMS.debug("Still checking wait_dn '" + wait_dn + "' (" + e.toString() + ")."); + } + } while ((!taskComplete) && (i < 20)); + if (i < 20) { + CMS.debug("Done checking wait_dn " + wait_dn); + } else { + CMS.debug("Done checking wait_dn " + wait_dn + " due to timeout."); } - } catch (LDAPException le) { - CMS.debug("Still checking wait_dn '" + wait_dn + "' (" + le.toString() + ")"); - } catch (Exception e) { - CMS.debug("Still checking wait_dn '" + wait_dn + "' (" + e.toString() + ")."); - } - } while ((!taskComplete) && (i < 20)); - if (i < 20) { - CMS.debug("Done checking wait_dn " + wait_dn); - } else { - CMS.debug("Done checking wait_dn " + wait_dn + " due to timeout."); } - } - conn.disconnect(); - CMS.debug("Done populating local indexes"); + conn.disconnect(); + CMS.debug("Done populating local indexes"); } catch (Exception e) { - CMS.debug("Populating index failure - " + e); + CMS.debug("Populating index failure - " + e); } // setup replication after indexes have been created if (select.equals("clone")) { CMS.debug("Start setting up replication."); - setupReplication(request, context, (secure.equals("on")?"true":"false"), (cloneStartTLS.equals("on")?"true":"false")); + setupReplication(request, context, (secure.equals("on") ? "true" : "false"), (cloneStartTLS.equals("on") ? "true" : "false")); CMS.debug("Finish setting up replication."); try { @@ -1048,25 +1048,24 @@ public class DatabasePanel extends WizardPanelBase { } } - if (hasErr == false) { - cs.putBoolean("preop.Database.done", true); - try { - cs.commit(false); - } catch (EBaseException e) { - CMS.debug( - "DatabasePanel: update() Exception caught at config commit: " - + e.toString()); - } - } + cs.putBoolean("preop.Database.done", true); + try { + cs.commit(false); + } catch (EBaseException e) { + CMS.debug( + "DatabasePanel: update() Exception caught at config commit: " + + e.toString()); + } + } context.put("updateStatus", "success"); } private void setupReplication(HttpServletRequest request, - Context context, String secure, String cloneStartTLS) throws IOException { + Context context, String secure, String cloneStartTLS) throws IOException { String bindpwd = HttpInput.getPassword(request, "__bindpwd"); IConfigStore cs = CMS.getConfigStore(); - + String cstype = ""; String machinename = ""; String instanceId = ""; @@ -1078,13 +1077,12 @@ public class DatabasePanel extends WizardPanelBase { } catch (Exception e) { } - - //setup replication agreement - String masterAgreementName = "masterAgreement1-"+machinename+"-"+instanceId; + // setup replication agreement + String masterAgreementName = "masterAgreement1-" + machinename + "-" + instanceId; cs.putString("internaldb.replication.master", masterAgreementName); - String cloneAgreementName = "cloneAgreement1-"+machinename+"-"+instanceId; + String cloneAgreementName = "cloneAgreement1-" + machinename + "-" + instanceId; cs.putString("internaldb.replication.consumer", cloneAgreementName); - + try { cs.commit(false); } catch (Exception e) { @@ -1119,18 +1117,18 @@ public class DatabasePanel extends WizardPanelBase { master2_replicationpwd = cs.getString("preop.internaldb.replicationpwd", ""); } catch (Exception e) { } - + LDAPConnection conn1 = null; LDAPConnection conn2 = null; if (secure.equals("true")) { - CMS.debug("DatabasePanel setupReplication: creating secure (SSL) connections for internal ldap"); - conn1 = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); - conn2 = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); - } else { - CMS.debug("DatabasePanel setupreplication: creating non-secure (non-SSL) connections for internal ldap"); - conn1 = new LDAPConnection(); - conn2 = new LDAPConnection(); - } + CMS.debug("DatabasePanel setupReplication: creating secure (SSL) connections for internal ldap"); + conn1 = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); + conn2 = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); + } else { + CMS.debug("DatabasePanel setupreplication: creating non-secure (non-SSL) connections for internal ldap"); + conn1 = new LDAPConnection(); + conn2 = new LDAPConnection(); + } String basedn = ""; try { @@ -1140,13 +1138,13 @@ public class DatabasePanel extends WizardPanelBase { try { conn1.connect(master1_hostname, master1_port, master1_binddn, - master1_bindpwd); + master1_bindpwd); conn2.connect(master2_hostname, master2_port, master2_binddn, - master2_bindpwd); + master2_bindpwd); String suffix = cs.getString("internaldb.basedn", ""); - String replicadn = "cn=replica,cn=\""+suffix+"\",cn=mapping tree,cn=config"; - CMS.debug("DatabasePanel setupReplication: replicadn="+replicadn); + String replicadn = "cn=replica,cn=\"" + suffix + "\",cn=mapping tree,cn=config"; + CMS.debug("DatabasePanel setupReplication: replicadn=" + replicadn); String masterBindUser = "Replication Manager " + masterAgreementName; String cloneBindUser = "Replication Manager " + cloneAgreementName; @@ -1168,16 +1166,16 @@ public class DatabasePanel extends WizardPanelBase { CMS.debug("DatabasePanel setupReplication: Finished enabling replication"); - createReplicationAgreement(replicadn, conn1, masterAgreementName, - master2_hostname, master2_port, master2_replicationpwd, basedn, cloneBindUser, secure, cloneStartTLS); + createReplicationAgreement(replicadn, conn1, masterAgreementName, + master2_hostname, master2_port, master2_replicationpwd, basedn, cloneBindUser, secure, cloneStartTLS); - createReplicationAgreement(replicadn, conn2, cloneAgreementName, - master1_hostname, master1_port, master1_replicationpwd, basedn, masterBindUser, secure, cloneStartTLS); + createReplicationAgreement(replicadn, conn2, cloneAgreementName, + master1_hostname, master1_port, master1_replicationpwd, basedn, masterBindUser, secure, cloneStartTLS); // initialize consumer initializeConsumer(replicadn, conn1, masterAgreementName); - while (! replicationDone(replicadn, conn1, masterAgreementName)) { + while (!replicationDone(replicadn, conn1, masterAgreementName)) { CMS.debug("DatabasePanel setupReplication: Waiting for replication to complete"); Thread.sleep(1000); } @@ -1185,12 +1183,12 @@ public class DatabasePanel extends WizardPanelBase { String status = replicationStatus(replicadn, conn1, masterAgreementName); if (!status.startsWith("0 ")) { CMS.debug("DatabasePanel setupReplication: consumer initialization failed. " + - status); + status); throw new IOException("consumer initialization failed. " + status); - } + } } catch (Exception e) { - CMS.debug("DatabasePanel setupReplication: "+e.toString()); + CMS.debug("DatabasePanel setupReplication: " + e.toString()); throw new IOException("Failed to setup the replication for cloning."); } } @@ -1203,15 +1201,15 @@ public class DatabasePanel extends WizardPanelBase { Context context) { try { - initParams(request, context); - } catch (IOException e) { + initParams(request, context); + } catch (IOException e) { } context.put("title", "Database"); context.put("panel", "admin/console/config/databasepanel.vm"); } private void createReplicationManager(LDAPConnection conn, String bindUser, String pwd) - throws LDAPException { + throws LDAPException { LDAPAttributeSet attrs = null; LDAPEntry entry = null; String dn = "cn=" + bindUser + ",cn=config"; @@ -1231,11 +1229,11 @@ public class DatabasePanel extends WizardPanelBase { conn.delete(dn); conn.add(entry); } catch (LDAPException ee) { - CMS.debug("DatabasePanel createReplicationManager: "+ee.toString()); + CMS.debug("DatabasePanel createReplicationManager: " + ee.toString()); } return; } else { - CMS.debug("DatabasePanel createReplicationManager: Failed to create replication manager. Exception: "+e.toString()); + CMS.debug("DatabasePanel createReplicationManager: Failed to create replication manager. Exception: " + e.toString()); throw e; } } @@ -1244,7 +1242,7 @@ public class DatabasePanel extends WizardPanelBase { } private void createChangeLog(LDAPConnection conn, String dir) - throws LDAPException { + throws LDAPException { LDAPAttributeSet attrs = null; LDAPEntry entry = null; String dn = "cn=changelog5,cn=config"; @@ -1259,17 +1257,15 @@ public class DatabasePanel extends WizardPanelBase { } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS) { CMS.debug("DatabasePanel createChangeLog: Changelog entry has already used"); -/* leave it, dont delete it because it will have operation error - try { - conn.delete(dn); - conn.add(entry); - } catch (LDAPException ee) { - CMS.debug("DatabasePanel createChangeLog: "+ee.toString()); - } -*/ + /* + * leave it, dont delete it because it will have operation error + * try { conn.delete(dn); conn.add(entry); } catch + * (LDAPException ee) { + * CMS.debug("DatabasePanel createChangeLog: "+ee.toString()); } + */ return; } else { - CMS.debug("DatabasePanel createChangeLog: Failed to create changelog entry. Exception: "+e.toString()); + CMS.debug("DatabasePanel createChangeLog: Failed to create changelog entry. Exception: " + e.toString()); throw e; } } @@ -1278,8 +1274,8 @@ public class DatabasePanel extends WizardPanelBase { } private int enableReplication(String replicadn, LDAPConnection conn, String bindUser, String basedn, int id) - throws LDAPException { - CMS.debug("DatabasePanel enableReplication: replicadn: "+replicadn); + throws LDAPException { + CMS.debug("DatabasePanel enableReplication: replicadn: " + replicadn); LDAPAttributeSet attrs = null; LDAPEntry entry = null; try { @@ -1290,7 +1286,7 @@ public class DatabasePanel extends WizardPanelBase { attrs.add(new LDAPAttribute("nsDS5ReplicaRoot", basedn)); attrs.add(new LDAPAttribute("nsDS5ReplicaType", "3")); attrs.add(new LDAPAttribute("nsDS5ReplicaBindDN", - "cn=" + bindUser + ",cn=config")); + "cn=" + bindUser + ",cn=config")); attrs.add(new LDAPAttribute("cn", "replica")); attrs.add(new LDAPAttribute("nsDS5ReplicaId", Integer.toString(id))); attrs.add(new LDAPAttribute("nsds5flags", "1")); @@ -1298,49 +1294,51 @@ public class DatabasePanel extends WizardPanelBase { conn.add(entry); } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS) { - /* BZ 470918 -we cant just add the new dn. We need to do a replace instead - * until the DS code is fixed */ - CMS.debug("DatabasePanel enableReplication: "+replicadn+" has already been used"); - + /* + * BZ 470918 -we cant just add the new dn. We need to do a + * replace instead until the DS code is fixed + */ + CMS.debug("DatabasePanel enableReplication: " + replicadn + " has already been used"); + try { entry = conn.read(replicadn); LDAPAttribute attr = entry.getAttribute("nsDS5ReplicaBindDN"); - attr.addValue( "cn=" + bindUser + ",cn=config"); + attr.addValue("cn=" + bindUser + ",cn=config"); LDAPModification mod = new LDAPModification(LDAPModification.REPLACE, attr); conn.modify(replicadn, mod); } catch (LDAPException ee) { - CMS.debug("DatabasePanel enableReplication: Failed to modify " - +replicadn+" entry. Exception: "+e.toString()); + CMS.debug("DatabasePanel enableReplication: Failed to modify " + + replicadn + " entry. Exception: " + e.toString()); } return id; } else { - CMS.debug("DatabasePanel enableReplication: Failed to create "+replicadn+" entry. Exception: "+e.toString()); + CMS.debug("DatabasePanel enableReplication: Failed to create " + replicadn + " entry. Exception: " + e.toString()); return id; } } - CMS.debug("DatabasePanel enableReplication: Successfully create "+replicadn+" entry."); + CMS.debug("DatabasePanel enableReplication: Successfully create " + replicadn + " entry."); return id + 1; } - private void createReplicationAgreement(String replicadn, - LDAPConnection conn, String name, String replicahost, int replicaport, - String replicapwd, String basedn, String bindUser, String secure, String cloneStartTLS) throws LDAPException { - String dn = "cn="+name+","+replicadn; - CMS.debug("DatabasePanel createReplicationAgreement: dn: "+dn); + private void createReplicationAgreement(String replicadn, + LDAPConnection conn, String name, String replicahost, int replicaport, + String replicapwd, String basedn, String bindUser, String secure, String cloneStartTLS) throws LDAPException { + String dn = "cn=" + name + "," + replicadn; + CMS.debug("DatabasePanel createReplicationAgreement: dn: " + dn); LDAPEntry entry = null; LDAPAttributeSet attrs = null; try { attrs = new LDAPAttributeSet(); attrs.add(new LDAPAttribute("objectclass", "top")); attrs.add(new LDAPAttribute("objectclass", - "nsds5replicationagreement")); + "nsds5replicationagreement")); attrs.add(new LDAPAttribute("cn", name)); attrs.add(new LDAPAttribute("nsDS5ReplicaRoot", basedn)); attrs.add(new LDAPAttribute("nsDS5ReplicaHost", replicahost)); - attrs.add(new LDAPAttribute("nsDS5ReplicaPort", ""+replicaport)); + attrs.add(new LDAPAttribute("nsDS5ReplicaPort", "" + replicaport)); attrs.add(new LDAPAttribute("nsDS5ReplicaBindDN", - "cn=" + bindUser + ",cn=config")); + "cn=" + bindUser + ",cn=config")); attrs.add(new LDAPAttribute("nsDS5ReplicaBindMethod", "Simple")); attrs.add(new LDAPAttribute("nsds5replicacredentials", replicapwd)); @@ -1351,50 +1349,50 @@ public class DatabasePanel extends WizardPanelBase { } CMS.debug("About to set description attr to " + name); - attrs.add(new LDAPAttribute("description",name)); + attrs.add(new LDAPAttribute("description", name)); entry = new LDAPEntry(dn, attrs); conn.add(entry); } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS) { - CMS.debug("DatabasePanel createReplicationAgreement: "+dn+" has already used"); + CMS.debug("DatabasePanel createReplicationAgreement: " + dn + " has already used"); try { conn.delete(dn); } catch (LDAPException ee) { - CMS.debug("DatabasePanel createReplicationAgreement: "+ee.toString()); + CMS.debug("DatabasePanel createReplicationAgreement: " + ee.toString()); throw ee; } try { conn.add(entry); } catch (LDAPException ee) { - CMS.debug("DatabasePanel createReplicationAgreement: "+ee.toString()); + CMS.debug("DatabasePanel createReplicationAgreement: " + ee.toString()); throw ee; } } else { - CMS.debug("DatabasePanel createReplicationAgreement: Failed to create "+dn+" entry. Exception: "+e.toString()); + CMS.debug("DatabasePanel createReplicationAgreement: Failed to create " + dn + " entry. Exception: " + e.toString()); throw e; } } - CMS.debug("DatabasePanel createReplicationAgreement: Successfully create replication agreement "+name); + CMS.debug("DatabasePanel createReplicationAgreement: Successfully create replication agreement " + name); } - private void initializeConsumer(String replicadn, LDAPConnection conn, - String name) { - String dn = "cn="+name+","+replicadn; - CMS.debug("DatabasePanel initializeConsumer: initializeConsumer dn: "+dn); - CMS.debug("DatabasePanel initializeConsumer: initializeConsumer host: "+conn.getHost() + " port: " + conn.getPort()); + private void initializeConsumer(String replicadn, LDAPConnection conn, + String name) { + String dn = "cn=" + name + "," + replicadn; + CMS.debug("DatabasePanel initializeConsumer: initializeConsumer dn: " + dn); + CMS.debug("DatabasePanel initializeConsumer: initializeConsumer host: " + conn.getHost() + " port: " + conn.getPort()); try { LDAPAttribute attr = new LDAPAttribute("nsds5beginreplicarefresh", - "start"); + "start"); LDAPModification mod = new LDAPModification( - LDAPModification.REPLACE, attr); + LDAPModification.REPLACE, attr); CMS.debug("DatabasePanel initializeConsumer: start modifying"); conn.modify(dn, mod); CMS.debug("DatabasePanel initializeConsumer: Finish modification."); } catch (LDAPException e) { - CMS.debug("DatabasePanel initializeConsumer: Failed to modify "+dn+" entry. Exception: "+e.toString()); + CMS.debug("DatabasePanel initializeConsumer: Failed to modify " + dn + " entry. Exception: " + e.toString()); return; } catch (Exception e) { CMS.debug("DatabasePanel initializeConsumer: exception " + e); @@ -1405,33 +1403,33 @@ public class DatabasePanel extends WizardPanelBase { Thread.sleep(5000); CMS.debug("DatabasePanel initializeConsumer: finish sleeping."); } catch (InterruptedException ee) { - CMS.debug("DatabasePanel initializeConsumer: exception: "+ee.toString()); + CMS.debug("DatabasePanel initializeConsumer: exception: " + ee.toString()); } CMS.debug("DatabasePanel initializeConsumer: Successfully initialize consumer"); } - private boolean replicationDone(String replicadn, LDAPConnection conn, String name) - throws IOException { - String dn = "cn="+name+","+replicadn; + private boolean replicationDone(String replicadn, LDAPConnection conn, String name) + throws IOException { + String dn = "cn=" + name + "," + replicadn; String filter = "(objectclass=*)"; - String[] attrs = {"nsds5beginreplicarefresh"}; + String[] attrs = { "nsds5beginreplicarefresh" }; - CMS.debug("DatabasePanel replicationDone: dn: "+dn); + CMS.debug("DatabasePanel replicationDone: dn: " + dn); try { LDAPSearchResults results = conn.search(dn, LDAPConnection.SCOPE_BASE, filter, - attrs, true); + attrs, true); int count = results.getCount(); if (count < 1) { throw new IOException("Replication entry not found"); - } - + } + LDAPEntry entry = results.next(); LDAPAttribute refresh = entry.getAttribute("nsds5beginreplicarefresh"); if (refresh == null) { return true; - } + } return false; } catch (Exception e) { CMS.debug("DatabasePanel replicationDone: exception " + e); @@ -1439,29 +1437,29 @@ public class DatabasePanel extends WizardPanelBase { } } - private String replicationStatus(String replicadn, LDAPConnection conn, String name) - throws IOException { - String dn = "cn="+name+","+replicadn; + private String replicationStatus(String replicadn, LDAPConnection conn, String name) + throws IOException { + String dn = "cn=" + name + "," + replicadn; String filter = "(objectclass=*)"; - String[] attrs = {"nsds5replicalastinitstatus"}; + String[] attrs = { "nsds5replicalastinitstatus" }; String status = null; - CMS.debug("DatabasePanel replicationStatus: dn: "+dn); + CMS.debug("DatabasePanel replicationStatus: dn: " + dn); try { LDAPSearchResults results = conn.search(dn, LDAPConnection.SCOPE_BASE, filter, - attrs, false); + attrs, false); int count = results.getCount(); if (count < 1) { throw new IOException("Replication entry not found"); - } + } LDAPEntry entry = results.next(); LDAPAttribute attr = entry.getAttribute("nsds5replicalastinitstatus"); if (attr != null) { Enumeration valsInAttr = attr.getStringValues(); if (valsInAttr.hasMoreElements()) { - return (String)valsInAttr.nextElement(); + return (String) valsInAttr.nextElement(); } else { throw new IOException("No value returned for nsds5replicalastinitstatus"); } @@ -1475,35 +1473,35 @@ public class DatabasePanel extends WizardPanelBase { } private String getInstanceDir(LDAPConnection conn) { - String instancedir=""; + String instancedir = ""; try { String filter = "(objectclass=*)"; - String[] attrs = {"nsslapd-directory"}; + String[] attrs = { "nsslapd-directory" }; LDAPSearchResults results = conn.search("cn=config,cn=ldbm database,cn=plugins,cn=config", LDAPv3.SCOPE_SUB, - filter, attrs, false); + filter, attrs, false); while (results.hasMoreElements()) { LDAPEntry entry = results.next(); String dn = entry.getDN(); - CMS.debug("DatabasePanel getInstanceDir: DN for storing nsslapd-directory: "+dn); + CMS.debug("DatabasePanel getInstanceDir: DN for storing nsslapd-directory: " + dn); LDAPAttributeSet entryAttrs = entry.getAttributeSet(); Enumeration attrsInSet = entryAttrs.getAttributes(); while (attrsInSet.hasMoreElements()) { - LDAPAttribute nextAttr = (LDAPAttribute)attrsInSet.nextElement(); + LDAPAttribute nextAttr = (LDAPAttribute) attrsInSet.nextElement(); String attrName = nextAttr.getName(); - CMS.debug("DatabasePanel getInstanceDir: attribute name: "+attrName); + CMS.debug("DatabasePanel getInstanceDir: attribute name: " + attrName); Enumeration valsInAttr = nextAttr.getStringValues(); - while ( valsInAttr.hasMoreElements() ) { - String nextValue = (String)valsInAttr.nextElement(); + while (valsInAttr.hasMoreElements()) { + String nextValue = (String) valsInAttr.nextElement(); if (attrName.equalsIgnoreCase("nsslapd-directory")) { - CMS.debug("DatabasePanel getInstanceDir: instanceDir="+nextValue); - return nextValue.substring(0,nextValue.lastIndexOf("/db")); + CMS.debug("DatabasePanel getInstanceDir: instanceDir=" + nextValue); + return nextValue.substring(0, nextValue.lastIndexOf("/db")); } } } } } catch (LDAPException e) { - CMS.debug("DatabasePanel getInstanceDir: Error in retrieving the instance directory. Exception: "+e.toString()); + CMS.debug("DatabasePanel getInstanceDir: Error in retrieving the instance directory. Exception: " + e.toString()); } return instancedir; diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabaseServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabaseServlet.java index d8fd7526..c44f6113 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabaseServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabaseServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -25,7 +24,6 @@ import org.apache.velocity.Template; import org.apache.velocity.app.Velocity; import org.apache.velocity.context.Context; - public class DatabaseServlet extends BaseServlet { /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java index 1e1b6dec..f0a995fe 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.net.URLEncoder; import java.util.Locale; @@ -42,25 +41,26 @@ import com.netscape.cmsutil.crypto.CryptoUtil; public class DisplayCertChainPanel extends WizardPanelBase { - public DisplayCertChainPanel() {} + public DisplayCertChainPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Display Certificate Chain"); } public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + throws ServletException { setPanelNo(panelno); setName("Display Certificate Chain"); setId(id); } - - public boolean isSubPanel() { + + public boolean isSubPanel() { return true; } @@ -70,7 +70,7 @@ public class DisplayCertChainPanel extends WizardPanelBase { public PropertySet getUsage() { PropertySet set = new PropertySet(); - + return set; } @@ -86,8 +86,8 @@ public class DisplayCertChainPanel extends WizardPanelBase { IConfigStore cs = CMS.getConfigStore(); // if we are root, no need to get the certificate chain. - try { - String select = cs.getString("securitydomain.select",""); + try { + String select = cs.getString("securitydomain.select", ""); String type = cs.getString("preop.subsystem.select", ""); String hierarchy = cs.getString("preop.hierarchy.select", ""); @@ -117,7 +117,7 @@ public class DisplayCertChainPanel extends WizardPanelBase { Context context) { CMS.debug("DisplayCertChainPanel: display"); - // update session id + // update session id String session_id = request.getParameter("session_id"); if (session_id != null) { CMS.debug("DisplayCertChainPanel setting session id."); @@ -132,7 +132,8 @@ public class DisplayCertChainPanel extends WizardPanelBase { try { certchain_size = cs.getString(certChainConfigName, ""); - } catch (Exception e) {} + } catch (Exception e) { + } int size = 0; Vector v = new Vector(); @@ -140,20 +141,22 @@ public class DisplayCertChainPanel extends WizardPanelBase { if (!certchain_size.equals("")) { try { size = Integer.parseInt(certchain_size); - } catch (Exception e) {} + } catch (Exception e) { + } for (int i = 0; i < size; i++) { certChainConfigName = "preop." + type + ".certchain." + i; try { String c = cs.getString(certChainConfigName, ""); byte[] b_c = CryptoUtil.base64Decode(c); CertPrettyPrint pp = new CertPrettyPrint( - new X509CertImpl(b_c)); + new X509CertImpl(b_c)); v.addElement(pp.toString(Locale.getDefault())); - } catch (Exception e) {} + } catch (Exception e) { + } } } - + if (getId().equals("securitydomain")) { context.put("panelid", "securitydomain"); context.put("panelname", "Security Domain Trust Verification"); @@ -184,7 +187,7 @@ public class DisplayCertChainPanel extends WizardPanelBase { importCertChain(getId()); if (getId().equals("securitydomain")) { - int panel = getPanelNo()+1; + int panel = getPanelNo() + 1; IConfigStore cs = CMS.getConfigStore(); try { String sd_hostname = cs.getString("securitydomain.host", ""); @@ -192,23 +195,23 @@ public class DisplayCertChainPanel extends WizardPanelBase { String cs_hostname = cs.getString("machineName", ""); int cs_port = cs.getInteger("pkicreate.admin_secure_port", -1); String subsystem = cs.getString("cs.type", ""); - String urlVal = "https://"+cs_hostname+":"+cs_port+"/"+toLowerCaseSubsystemType(subsystem)+"/admin/console/config/wizard?p="+panel+"&subsystem="+subsystem; + String urlVal = "https://" + cs_hostname + ":" + cs_port + "/" + toLowerCaseSubsystemType(subsystem) + "/admin/console/config/wizard?p=" + panel + "&subsystem=" + subsystem; String encodedValue = URLEncoder.encode(urlVal, "UTF-8"); - String sdurl = "https://"+sd_hostname+":"+sd_port+"/ca/admin/ca/securityDomainLogin?url="+encodedValue; + String sdurl = "https://" + sd_hostname + ":" + sd_port + "/ca/admin/ca/securityDomainLogin?url=" + encodedValue; response.sendRedirect(sdurl); // The user previously specified the CA Security Domain's // SSL Admin port in the "Security Domain Panel"; // now retrieve this specified CA Security Domain's // non-SSL EE, SSL Agent, and SSL EE ports: - cs.putString( "securitydomain.httpport", - getSecurityDomainPort( cs, "UnSecurePort" ) ); - cs.putString("securitydomain.httpsagentport", - getSecurityDomainPort( cs, "SecureAgentPort" ) ); - cs.putString("securitydomain.httpseeport", - getSecurityDomainPort( cs, "SecurePort" ) ); + cs.putString("securitydomain.httpport", + getSecurityDomainPort(cs, "UnSecurePort")); + cs.putString("securitydomain.httpsagentport", + getSecurityDomainPort(cs, "SecureAgentPort")); + cs.putString("securitydomain.httpseeport", + getSecurityDomainPort(cs, "SecurePort")); } catch (Exception ee) { - CMS.debug("DisplayCertChainPanel Exception="+ee.toString()); + CMS.debug("DisplayCertChainPanel Exception=" + ee.toString()); } } context.put("updateStatus", "success"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayServlet.java index 00871921..3bb8c73c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -25,7 +24,6 @@ import org.apache.velocity.Template; import org.apache.velocity.app.Velocity; import org.apache.velocity.context.Context; - public class DisplayServlet extends BaseServlet { /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java index 9669ddb1..ed12465f 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.math.BigInteger; import java.net.URLEncoder; @@ -58,22 +57,23 @@ public class DonePanel extends WizardPanelBase { public static final BigInteger BIG_ZERO = new BigInteger("0"); public static final Long MINUS_ONE = Long.valueOf(-1); public static final String RESTART_SERVER_AFTER_CONFIGURATION = - "restart_server_after_configuration"; + "restart_server_after_configuration"; public static final String PKI_SECURITY_DOMAIN = "pki_security_domain"; - public DonePanel() {} + public DonePanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Done"); } public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + throws ServletException { setPanelNo(panelno); setName("Done"); setId(id); @@ -88,15 +88,14 @@ public class DonePanel extends WizardPanelBase { public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } private LDAPConnection getLDAPConn(Context context) - throws IOException - { + throws IOException { IConfigStore cs = CMS.getConfigStore(); String host = ""; @@ -112,8 +111,8 @@ public class DonePanel extends WizardPanelBase { pwd = pwdStore.getPassword("internaldb"); } - if ( pwd == null) { - throw new IOException("DonePanel: Failed to obtain password from password store"); + if (pwd == null) { + throw new IOException("DonePanel: Failed to obtain password from password store"); } try { @@ -138,11 +137,11 @@ public class DonePanel extends WizardPanelBase { LDAPConnection conn = null; if (security.equals("true")) { - CMS.debug("DonePanel getLDAPConn: creating secure (SSL) connection for internal ldap"); - conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); + CMS.debug("DonePanel getLDAPConn: creating secure (SSL) connection for internal ldap"); + conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); } else { - CMS.debug("DonePanel getLDAPConn: creating non-secure (non-SSL) connection for internal ldap"); - conn = new LDAPConnection(); + CMS.debug("DonePanel getLDAPConn: creating non-secure (non-SSL) connection for internal ldap"); + conn = new LDAPConnection(); } CMS.debug("DonePanel connecting to " + host + ":" + p); @@ -153,10 +152,9 @@ public class DonePanel extends WizardPanelBase { throw new IOException("Failed to connect to the internal database."); } - return conn; + return conn; } - /** * Display the panel. */ @@ -165,7 +163,7 @@ public class DonePanel extends WizardPanelBase { Context context) { CMS.debug("DonePanel: display()"); - // update session id + // update session id String session_id = request.getParameter("session_id"); if (session_id != null) { CMS.debug("NamePanel setting session id."); @@ -193,31 +191,32 @@ public class DonePanel extends WizardPanelBase { instanceRoot = cs.getString("instanceRoot"); select = cs.getString("preop.subsystem.select", ""); systemdService = cs.getString("pkicreate.systemd.servicename", ""); - } catch (Exception e) {} + } catch (Exception e) { + } String initDaemon = ""; if (type.equals("CA")) { - initDaemon = "pki-cad"; + initDaemon = "pki-cad"; } else if (type.equals("KRA")) { - initDaemon = "pki-krad"; + initDaemon = "pki-krad"; } else if (type.equals("OCSP")) { - initDaemon = "pki-ocspd"; + initDaemon = "pki-ocspd"; } else if (type.equals("TKS")) { - initDaemon = "pki-tksd"; + initDaemon = "pki-tksd"; } - String os = System.getProperty( "os.name" ); - if( os.equalsIgnoreCase( "Linux" ) ) { - if (! systemdService.equals("")) { - context.put( "initCommand", "/bin/systemctl"); - context.put( "instanceId", systemdService ); + String os = System.getProperty("os.name"); + if (os.equalsIgnoreCase("Linux")) { + if (!systemdService.equals("")) { + context.put("initCommand", "/bin/systemctl"); + context.put("instanceId", systemdService); } else { - context.put( "initCommand", "/sbin/service " + initDaemon ); - context.put( "instanceId", instanceId ); + context.put("initCommand", "/sbin/service " + initDaemon); + context.put("instanceId", instanceId); } } else { - /* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */ - context.put( "initCommand", "/etc/init.d/" + initDaemon ); - context.put( "instanceId", instanceId ); + /* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */ + context.put("initCommand", "/etc/init.d/" + initDaemon); + context.put("instanceId", instanceId); } context.put("title", "Done"); context.put("panel", "admin/console/config/donepanel.vm"); @@ -233,7 +232,7 @@ public class DonePanel extends WizardPanelBase { return; } else context.put("csstate", "0"); - + } catch (Exception e) { } @@ -280,11 +279,11 @@ public class DonePanel extends WizardPanelBase { String basedn = cs.getString("internaldb.basedn"); String secdomain = cs.getString("securitydomain.name"); - try { + try { // Create security domain ldap entry String dn = "ou=Security Domain," + basedn; CMS.debug("DonePanel: creating ldap entry : " + dn); - + LDAPEntry entry = null; LDAPAttributeSet attrs = null; attrs = new LDAPAttributeSet(); @@ -305,10 +304,10 @@ public class DonePanel extends WizardPanelBase { throw e; } - try { + try { // create list containers - String clist[] = {"CAList", "OCSPList", "KRAList", "RAList", "TKSList", "TPSList"}; - for (int i=0; i< clist.length; i++) { + String clist[] = { "CAList", "OCSPList", "KRAList", "RAList", "TKSList", "TPSList" }; + for (int i = 0; i < clist.length; i++) { LDAPEntry entry = null; LDAPAttributeSet attrs = null; String dn = "cn=" + clist[i] + ",ou=Security Domain," + basedn; @@ -320,12 +319,12 @@ public class DonePanel extends WizardPanelBase { conn.add(entry); } } catch (Exception e) { - CMS.debug("Unable to create security domain list groups" ); + CMS.debug("Unable to create security domain list groups"); throw e; - } + } try { - // Add this host (only CA can create new domain) + // Add this host (only CA can create new domain) String cn = ownhost + ":" + ownadminsport; String dn = "cn=" + cn + ",cn=CAList,ou=Security Domain," + basedn; LDAPEntry entry = null; @@ -340,8 +339,8 @@ public class DonePanel extends WizardPanelBase { attrs.add(new LDAPAttribute("SecureAdminPort", ownadminsport)); if (owneeclientauthsport != null) { - attrs.add(new LDAPAttribute("SecureEEClientAuthPort", - owneeclientauthsport)); + attrs.add(new LDAPAttribute("SecureEEClientAuthPort", + owneeclientauthsport)); } attrs.add(new LDAPAttribute("UnSecurePort", ownport)); attrs.add(new LDAPAttribute("Clone", "FALSE")); @@ -357,31 +356,32 @@ public class DonePanel extends WizardPanelBase { CMS.debug("DonePanel display: finish updating domain info"); conn.disconnect(); } catch (Exception e) { - CMS.debug("DonePanel display: "+e.toString()); + CMS.debug("DonePanel display: " + e.toString()); } int sd_admin_port_int = -1; try { - sd_admin_port_int = Integer.parseInt( sd_admin_port ); + sd_admin_port_int = Integer.parseInt(sd_admin_port); } catch (Exception e) { } try { // Fetch the "new" security domain and display it - CMS.debug( "Dump contents of new Security Domain . . ." ); - String c = getDomainXML( sd_host, sd_admin_port_int, true ); - } catch( Exception e ) {} + CMS.debug("Dump contents of new Security Domain . . ."); + String c = getDomainXML(sd_host, sd_admin_port_int, true); + } catch (Exception e) { + } // Since this instance is a new Security Domain, // create an empty file to designate this fact. String security_domain = instanceRoot + "/conf/" + PKI_SECURITY_DOMAIN; - if( !Utils.isNT() ) { - Utils.exec( "touch " + security_domain ); - Utils.exec( "chmod 00660 " + security_domain ); + if (!Utils.isNT()) { + Utils.exec("touch " + security_domain); + Utils.exec("chmod 00660 " + security_domain); } - } else { //existing domain + } else { // existing domain int sd_agent_port_int = -1; int sd_admin_port_int = -1; try { @@ -398,34 +398,34 @@ public class DonePanel extends WizardPanelBase { cloneStr = "&clone=false"; String domainMasterStr = ""; - if (cloneMaster) + if (cloneMaster) domainMasterStr = "&dm=true"; - else - domainMasterStr = "&dm=false"; + else + domainMasterStr = "&dm=false"; String eecaStr = ""; - if (owneeclientauthsport != null) - eecaStr="&eeclientauthsport=" + owneeclientauthsport; + if (owneeclientauthsport != null) + eecaStr = "&eeclientauthsport=" + owneeclientauthsport; - updateDomainXML( sd_host, sd_agent_port_int, true, - "/ca/agent/ca/updateDomainXML", + updateDomainXML(sd_host, sd_agent_port_int, true, + "/ca/agent/ca/updateDomainXML", "list=" + s - + "&type=" + type - + "&host=" + ownhost - + "&name=" + subsystemName - + "&sport=" + ownsport - + domainMasterStr - + cloneStr - + "&agentsport=" + ownagentsport - + "&adminsport=" + ownadminsport - + eecaStr - + "&httpport=" + ownport ); + + "&type=" + type + + "&host=" + ownhost + + "&name=" + subsystemName + + "&sport=" + ownsport + + domainMasterStr + + cloneStr + + "&agentsport=" + ownagentsport + + "&adminsport=" + ownadminsport + + eecaStr + + "&httpport=" + ownport); // Fetch the "updated" security domain and display it - CMS.debug( "Dump contents of updated Security Domain . . ." ); - String c = getDomainXML( sd_host, sd_admin_port_int, true ); + CMS.debug("Dump contents of updated Security Domain . . ."); + String c = getDomainXML(sd_host, sd_admin_port_int, true); } catch (Exception e) { context.put("errorString", "Failed to update the security domain on the domain master."); - //return; + // return; } } @@ -439,7 +439,6 @@ public class DonePanel extends WizardPanelBase { CMS.debug("DonePanel: exception in adding service.securityDomainPort to CS.cfg" + e); } - // need to push connector information to the CA if (type.equals("KRA") && !ca_host.equals("")) { try { @@ -469,7 +468,7 @@ public class DonePanel extends WizardPanelBase { setupClientAuthUser(); } - + if (!select.equals("clone")) { if (type.equals("CA") || type.equals("KRA")) { String beginRequestNumStr = ""; @@ -478,7 +477,7 @@ public class DonePanel extends WizardPanelBase { String endSerialNumStr = ""; String requestIncStr = ""; String serialIncStr = ""; - + try { endRequestNumStr = cs.getString("dbs.endRequestNumber", ""); endSerialNumStr = cs.getString("dbs.endSerialNumber", ""); @@ -495,25 +494,26 @@ public class DonePanel extends WizardPanelBase { serialdn = "ou=certificateRepository,ou=" + type.toLowerCase() + "," + basedn; } else { serialdn = "ou=keyRepository,ou=" + type.toLowerCase() + "," + basedn; - } - LDAPAttribute attrSerialNextRange = new LDAPAttribute( "nextRange", endSerialNum.add(oneNum).toString()); - LDAPModification serialmod = new LDAPModification( LDAPModification.REPLACE, attrSerialNextRange ); - conn.modify( serialdn, serialmod ); + } + LDAPAttribute attrSerialNextRange = new LDAPAttribute("nextRange", endSerialNum.add(oneNum).toString()); + LDAPModification serialmod = new LDAPModification(LDAPModification.REPLACE, attrSerialNextRange); + conn.modify(serialdn, serialmod); String requestdn = "ou=" + type.toLowerCase() + ",ou=requests," + basedn; - LDAPAttribute attrRequestNextRange = new LDAPAttribute( "nextRange", endRequestNum.add(oneNum).toString()); - LDAPModification requestmod = new LDAPModification( LDAPModification.REPLACE, attrRequestNextRange ); - conn.modify( requestdn, requestmod ); + LDAPAttribute attrRequestNextRange = new LDAPAttribute("nextRange", endRequestNum.add(oneNum).toString()); + LDAPModification requestmod = new LDAPModification(LDAPModification.REPLACE, attrRequestNextRange); + conn.modify(requestdn, requestmod); - conn.disconnect(); + conn.disconnect(); } catch (Exception e) { CMS.debug("Unable to update global next range numbers: " + e); - } + } } - } + } if (cloneMaster) { - // cloning a domain master CA, the clone is also master of its domain + // cloning a domain master CA, the clone is also master of its + // domain try { cs.putString("securitydomain.host", ownhost); cs.putString("securitydomain.httpport", ownport); @@ -550,24 +550,30 @@ public class DonePanel extends WizardPanelBase { // more cloning variables needed for non-ca clones - if (! type.equals("CA")) { + if (!type.equals("CA")) { String val = cs.getString("preop.ca.hostname", ""); - if (val.compareTo("") != 0) cs.putString("cloning.ca.hostname", val); + if (val.compareTo("") != 0) + cs.putString("cloning.ca.hostname", val); val = cs.getString("preop.ca.httpport", ""); - if (val.compareTo("") != 0) cs.putString("cloning.ca.httpport", val); + if (val.compareTo("") != 0) + cs.putString("cloning.ca.httpport", val); - val = cs.getString("preop.ca.httpsport", ""); - if (val.compareTo("") != 0) cs.putString("cloning.ca.httpsport", val); + val = cs.getString("preop.ca.httpsport", ""); + if (val.compareTo("") != 0) + cs.putString("cloning.ca.httpsport", val); val = cs.getString("preop.ca.list", ""); - if (val.compareTo("") != 0) cs.putString("cloning.ca.list", val); + if (val.compareTo("") != 0) + cs.putString("cloning.ca.list", val); val = cs.getString("preop.ca.pkcs7", ""); - if (val.compareTo("") != 0) cs.putString("cloning.ca.pkcs7", val); + if (val.compareTo("") != 0) + cs.putString("cloning.ca.pkcs7", val); val = cs.getString("preop.ca.type", ""); - if (val.compareTo("") != 0) cs.putString("cloning.ca.type", val); + if (val.compareTo("") != 0) + cs.putString("cloning.ca.type", val); } // save EC type for sslserver cert (if present) @@ -581,9 +587,9 @@ public class DonePanel extends WizardPanelBase { // been restarted! String restart_server = instanceRoot + "/conf/" + RESTART_SERVER_AFTER_CONFIGURATION; - if( !Utils.isNT() ) { - Utils.exec( "touch " + restart_server ); - Utils.exec( "chmod 00660 " + restart_server ); + if (!Utils.isNT()) { + Utils.exec("touch " + restart_server); + Utils.exec("chmod 00660 " + restart_server); } } catch (Exception e) { @@ -593,13 +599,12 @@ public class DonePanel extends WizardPanelBase { context.put("csstate", "1"); } - private void setupClientAuthUser() - { + private void setupClientAuthUser() { IConfigStore cs = CMS.getConfigStore(); // retrieve CA subsystem certificate from the CA IUGSubsystem system = - (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID)); + (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID)); String id = ""; try { String b64 = getCASubsystemCert(); @@ -640,9 +645,8 @@ public class DonePanel extends WizardPanelBase { } } - - private void updateOCSPConfig(HttpServletResponse response) - throws IOException { + private void updateOCSPConfig(HttpServletResponse response) + throws IOException { IConfigStore config = CMS.getConfigStore(); String cahost = ""; int caport = -1; @@ -661,7 +665,7 @@ public class DonePanel extends WizardPanelBase { int ocspport = Integer.parseInt(CMS.getAgentPort()); int ocspagentport = Integer.parseInt(CMS.getAgentPort()); String session_id = CMS.getConfigSDSessionId(); - String content = "xmlOutput=true&sessionID="+session_id+"&ocsp_host="+ocsphost+"&ocsp_port="+ocspport; + String content = "xmlOutput=true&sessionID=" + session_id + "&ocsp_host=" + ocsphost + "&ocsp_port=" + ocspport; updateOCSPConfig(cahost, caport, true, content, response); } @@ -675,7 +679,7 @@ public class DonePanel extends WizardPanelBase { if (b64.equals("")) throw new IOException("Failed to get certificate chain."); - + try { // this could be a chain X509Certificate[] certs = Cert.mapCertFromPKCS7(b64); @@ -686,9 +690,9 @@ public class DonePanel extends WizardPanelBase { } else { leafCert = certs[0]; } - - IOCSPAuthority ocsp = - (IOCSPAuthority)CMS.getSubsystem(IOCSPAuthority.ID); + + IOCSPAuthority ocsp = + (IOCSPAuthority) CMS.getSubsystem(IOCSPAuthority.ID); IDefStore defStore = ocsp.getDefaultStore(); // (1) need to normalize (sort) the chain @@ -696,9 +700,9 @@ public class DonePanel extends WizardPanelBase { // (2) store certificate (and certificate chain) into // database ICRLIssuingPointRecord rec = defStore.createCRLIssuingPointRecord( - leafCert.getSubjectDN().getName(), - BIG_ZERO, - MINUS_ONE, null, null); + leafCert.getSubjectDN().getName(), + BIG_ZERO, + MINUS_ONE, null, null); try { rec.set(ICRLIssuingPointRecord.ATTR_CA_CERT, leafCert.getEncoded()); @@ -706,7 +710,9 @@ public class DonePanel extends WizardPanelBase { // error } defStore.addCRLIssuingPoint(leafCert.getSubjectDN().getName(), rec); - //log(ILogger.EV_AUDIT, AuditFormat.LEVEL, "Added CA certificate " + leafCert.getSubjectDN().getName()); + // log(ILogger.EV_AUDIT, AuditFormat.LEVEL, + // "Added CA certificate " + + // leafCert.getSubjectDN().getName()); CMS.debug("DonePanel importCACertToOCSP: Added CA certificate."); } @@ -748,7 +754,7 @@ public class DonePanel extends WizardPanelBase { } private void updateConnectorInfo(String ownagenthost, String ownagentsport) - throws IOException { + throws IOException { IConfigStore cs = CMS.getConfigStore(); int port = -1; String url = ""; @@ -757,21 +763,21 @@ public class DonePanel extends WizardPanelBase { try { url = cs.getString("preop.ca.url", ""); if (!url.equals("")) { - host = cs.getString("preop.ca.hostname", ""); - port = cs.getInteger("preop.ca.httpsadminport", -1); - transportCert = cs.getString("kra.transport.cert", ""); + host = cs.getString("preop.ca.hostname", ""); + port = cs.getInteger("preop.ca.httpsadminport", -1); + transportCert = cs.getString("kra.transport.cert", ""); } } catch (Exception e) { } if (host == null) { - CMS.debug("DonePanel: preop.ca.url is not defined. External CA selected. No transport certificate setup is required"); + CMS.debug("DonePanel: preop.ca.url is not defined. External CA selected. No transport certificate setup is required"); } else { - CMS.debug("DonePanel: Transport certificate is being setup in " + url); - String session_id = CMS.getConfigSDSessionId(); - String content = "ca.connector.KRA.enable=true&ca.connector.KRA.local=false&ca.connector.KRA.timeout=30&ca.connector.KRA.uri=/kra/agent/kra/connector&ca.connector.KRA.host="+ownagenthost+"&ca.connector.KRA.port="+ownagentsport+"&ca.connector.KRA.transportCert="+URLEncoder.encode(transportCert)+"&sessionID="+session_id; + CMS.debug("DonePanel: Transport certificate is being setup in " + url); + String session_id = CMS.getConfigSDSessionId(); + String content = "ca.connector.KRA.enable=true&ca.connector.KRA.local=false&ca.connector.KRA.timeout=30&ca.connector.KRA.uri=/kra/agent/kra/connector&ca.connector.KRA.host=" + ownagenthost + "&ca.connector.KRA.port=" + ownagentsport + "&ca.connector.KRA.transportCert=" + URLEncoder.encode(transportCert) + "&sessionID=" + session_id; - updateConnectorInfo(host, port, true, content); + updateConnectorInfo(host, port, true, content); } } @@ -802,12 +808,14 @@ public class DonePanel extends WizardPanelBase { */ public void update(HttpServletRequest request, HttpServletResponse response, - Context context) throws IOException {} + Context context) throws IOException { + } /** * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, HttpServletResponse response, - Context context) {/* This should never be called */} + Context context) {/* This should never be called */ + } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DownloadPKCS12.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DownloadPKCS12.java index 9d7fc22a..25332d86 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DownloadPKCS12.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DownloadPKCS12.java @@ -50,6 +50,7 @@ public class DownloadPKCS12 extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -59,7 +60,7 @@ public class DownloadPKCS12 extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. */ protected void process(CMSRequest cmsReq) throws EBaseException { CMS.debug("DownloadPKCS12: processing..."); @@ -70,7 +71,7 @@ public class DownloadPKCS12 extends CMSServlet { mRenderResult = false; // check the pin from the session - String pin = (String)httpReq.getSession().getAttribute("pin"); + String pin = (String) httpReq.getSession().getAttribute("pin"); if (pin == null) { CMS.debug("DownloadPKCS12 process: Failed to get the pin from the cookie."); outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated"); @@ -101,18 +102,27 @@ public class DownloadPKCS12 extends CMSServlet { httpResp.getOutputStream().write(pkcs12); return; } catch (Exception e) { - CMS.debug("DownloadPKCS12 process: Exception="+e.toString()); + CMS.debug("DownloadPKCS12 process: Exception=" + e.toString()); } } - protected void setDefaultTemplates(ServletConfig sc) {} + protected void setDefaultTemplates(ServletConfig sc) { + } protected void renderTemplate( CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) - throws IOException {// do nothing - } + throws IOException {// do nothing + } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCertChain.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCertChain.java index 87cb7a7c..452ead98 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCertChain.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCertChain.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.ByteArrayOutputStream; import java.io.IOException; import java.util.Locale; @@ -40,7 +39,6 @@ import com.netscape.cms.servlet.base.UserInfo; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cmsutil.xml.XMLObject; - public class GetCertChain extends CMSServlet { /** @@ -56,6 +54,7 @@ public class GetCertChain extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -63,11 +62,13 @@ public class GetCertChain extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> * <li>http.param op 'downloadBIN' - return the binary certificate chain - * <li>http.param op 'displayIND' - display pretty-print of certificate chain components + * <li>http.param op 'displayIND' - display pretty-print of certificate + * chain components * </ul> + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -95,7 +96,7 @@ public class GetCertChain extends CMSServlet { } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_ENCODING_CA_CHAIN_1", - e.toString())); + e.toString())); outputError(httpResp, "Error: Failed to encode the certificate chain"); } @@ -121,7 +122,15 @@ public class GetCertChain extends CMSServlet { } } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetConfigEntries.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetConfigEntries.java index c1010b46..456bf6c1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetConfigEntries.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetConfigEntries.java @@ -59,6 +59,7 @@ public class GetConfigEntries extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -67,11 +68,13 @@ public class GetConfigEntries extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> * <li>http.param op 'downloadBIN' - return the binary certificate chain - * <li>http.param op 'displayIND' - display pretty-print of certificate chain components + * <li>http.param op 'displayIND' - display pretty-print of certificate + * chain components * </ul> + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -84,12 +87,12 @@ public class GetConfigEntries extends CMSServlet { authToken = authenticate(cmsReq); } catch (Exception e) { CMS.debug("GetConfigEntries authentication failed"); - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", - e.toString())); + e.toString())); outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated"); return; - } + } // Construct an ArgBlock IArgBlock args = cmsReq.getHttpParams(); @@ -104,32 +107,32 @@ public class GetConfigEntries extends CMSServlet { try { xmlObj = new XMLObject(); } catch (Exception e) { - CMS.debug("GetConfigEntries process: Exception: "+e.toString()); - throw new EBaseException( e.toString() ); + CMS.debug("GetConfigEntries process: Exception: " + e.toString()); + throw new EBaseException(e.toString()); } Node root = xmlObj.createRoot("XMLResponse"); AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - outputError(httpResp, "Error: Not authorized"); - return; + outputError(httpResp, "Error: Not authorized"); + return; } catch (Exception e) { - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - outputError(httpResp, + outputError(httpResp, "Error: Encountered problem during authorization."); - return; + return; } if (authzToken == null) { - outputError(httpResp, "Error: Not authorized"); - return; + outputError(httpResp, "Error: Not authorized"); + return; } if (op != null) { @@ -140,9 +143,9 @@ public class GetConfigEntries extends CMSServlet { String name1 = t.nextToken(); IConfigStore cs = config.getSubStore(name1); Enumeration enum1 = cs.getPropertyNames(); - + while (enum1.hasMoreElements()) { - String name = name1+"."+enum1.nextElement(); + String name = name1 + "." + enum1.nextElement(); try { String value = config.getString(name); Node container = xmlObj.createContainer(root, "Config"); @@ -171,10 +174,10 @@ public class GetConfigEntries extends CMSServlet { value = getLDAPPassword(); } else if (name.equals("internaldb.replication.password")) { value = getReplicationPassword(); - } else + } else continue; } - + Node container = xmlObj.createContainer(root, "Config"); xmlObj.addItemToContainer(container, "name", name); xmlObj.addItemToContainer(container, "value", value); @@ -208,7 +211,15 @@ public class GetConfigEntries extends CMSServlet { return locale; } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } private String getLDAPPassword() { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java index 74edda79..daa60911 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java @@ -45,7 +45,6 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - public class GetCookie extends CMSServlet { /** @@ -58,9 +57,9 @@ public class GetCookie extends CMSServlet { private String mFormPath = null; private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE = - "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1"; + "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1"; private final static String LOGGING_SIGNED_AUDIT_ROLE_ASSUME = - "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3"; + "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3"; public GetCookie() { super(); @@ -68,6 +67,7 @@ public class GetCookie extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -78,12 +78,13 @@ public class GetCookie extends CMSServlet { mRandom = new Random(); mErrorFormPath = sc.getInitParameter("errorTemplatePath"); if (mOutputTemplatePath != null) { - mFormPath = mOutputTemplatePath; + mFormPath = mOutputTemplatePath; } } /** - * Process the HTTP request. + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -100,14 +101,14 @@ public class GetCookie extends CMSServlet { } IArgBlock header = CMS.createArgBlock(); - IArgBlock ctx = CMS.createArgBlock(); + IArgBlock ctx = CMS.createArgBlock(); CMSTemplateParams argSet = new CMSTemplateParams(header, ctx); CMSTemplate form = null; Locale[] locale = new Locale[1]; String url = httpReq.getParameter("url"); - CMS.debug("GetCookie before auth, url ="+url); + CMS.debug("GetCookie before auth, url =" + url); String url_e = ""; URL u = null; try { @@ -115,13 +116,13 @@ public class GetCookie extends CMSServlet { u = new URL(url_e); } catch (Exception eee) { throw new ECMSGWException( - "GetCookie missing parameter: url"); + "GetCookie missing parameter: url"); } int index2 = url_e.indexOf("subsystem="); String subsystem = ""; if (index2 > 0) { - subsystem = url.substring(index2+10); + subsystem = url.substring(index2 + 10); int index1 = subsystem.indexOf("&"); if (index1 > 0) subsystem = subsystem.substring(0, index1); @@ -131,9 +132,9 @@ public class GetCookie extends CMSServlet { authToken = authenticate(cmsReq); } catch (Exception e) { CMS.debug("GetCookie authentication failed"); - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", - e.toString())); + e.toString())); header.addStringValue("sd_uid", ""); header.addStringValue("sd_pwd", ""); header.addStringValue("host", u.getHost()); @@ -149,17 +150,17 @@ public class GetCookie extends CMSServlet { form = getTemplate(mErrorFormPath, httpReq, locale); } catch (IOException eee) { CMS.debug("GetCookie process: cant locate the form"); -/* - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); -*/ - } + /* + * log(ILogger.LL_FAILURE, + * CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); + * throw new ECMSGWException( + * CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + */ + } - if( form == null ) { + if (form == null) { CMS.debug("GetCookie::process() - form is null!"); - throw new EBaseException( "form is null" ); + throw new EBaseException("form is null"); } try { @@ -170,16 +171,16 @@ public class GetCookie extends CMSServlet { form.renderOutput(out, argSet); } catch (IOException ee) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", ee.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", ee.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } return; - } + } String cookie = ""; String auditMessage = ""; - + if (authToken != null) { String uid = authToken.getInString("uid"); String groupname = getGroupName(uid, subsystem); @@ -195,7 +196,7 @@ public class GetCookie extends CMSServlet { // assign cookie long num = mRandom.nextLong(); - cookie = num+""; + cookie = num + ""; ISecurityDomainSessionTable ctable = CMS.getSecurityDomainSessionTable(); String addr = ""; try { @@ -207,11 +208,11 @@ public class GetCookie extends CMSServlet { ip = InetAddress.getByName(addr).toString(); int index = ip.indexOf("/"); if (index > 0) - ip = ip.substring(index+1); + ip = ip.substring(index + 1); } catch (Exception e) { } - String auditParams = "operation;;issue_token+token;;"+ cookie + "+ip;;" + ip + + String auditParams = "operation;;issue_token+token;;" + cookie + "+ip;;" + ip + "+uid;;" + uid + "+groupname;;" + groupname; int status = ctable.addEntry(cookie, ip, uid, groupname); @@ -232,18 +233,19 @@ public class GetCookie extends CMSServlet { } try { - String sd_url = "https://"+CMS.getEESSLHost()+":"+CMS.getEESSLPort(); + String sd_url = "https://" + CMS.getEESSLHost() + ":" + CMS.getEESSLPort(); if (!url.startsWith("$")) { try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { CMS.debug("GetCookie process: cant locate the form"); -/* - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); -*/ + /* + * log(ILogger.LL_FAILURE, + * CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", + * e.toString())); throw new ECMSGWException( + * CMS.getUserMessage + * ("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + */ } header.addStringValue("url", url); @@ -254,13 +256,13 @@ public class GetCookie extends CMSServlet { ServletOutputStream out = httpResp.getOutputStream(); cmsReq.setStatus(CMSRequest.SUCCESS); - httpResp.setContentType("text/html"); - form.renderOutput(out, argSet); + httpResp.setContentType("text/html"); + form.renderOutput(out, argSet); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } } catch (Exception e) { @@ -278,25 +280,25 @@ public class GetCookie extends CMSServlet { private String getGroupName(String uid, String subsystemname) { String groupname = ""; - IUGSubsystem subsystem = - (IUGSubsystem)(CMS.getSubsystem(IUGSubsystem.ID)); - if (subsystem.isMemberOf(uid, "Enterprise CA Administrators") && - subsystemname.equals("CA")) { + IUGSubsystem subsystem = + (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID)); + if (subsystem.isMemberOf(uid, "Enterprise CA Administrators") && + subsystemname.equals("CA")) { return "Enterprise CA Administrators"; } else if (subsystem.isMemberOf(uid, "Enterprise KRA Administrators") && - subsystemname.equals("KRA")) { + subsystemname.equals("KRA")) { return "Enterprise KRA Administrators"; } else if (subsystem.isMemberOf(uid, "Enterprise OCSP Administrators") && - subsystemname.equals("OCSP")) { + subsystemname.equals("OCSP")) { return "Enterprise OCSP Administrators"; } else if (subsystem.isMemberOf(uid, "Enterprise TKS Administrators") && - subsystemname.equals("TKS")) { + subsystemname.equals("TKS")) { return "Enterprise TKS Administrators"; } else if (subsystem.isMemberOf(uid, "Enterprise RA Administrators") && - subsystemname.equals("RA")) { + subsystemname.equals("RA")) { return "Enterprise RA Administrators"; } else if (subsystem.isMemberOf(uid, "Enterprise TPS Administrators") && - subsystemname.equals("TPS")) { + subsystemname.equals("TPS")) { return "Enterprise TPS Administrators"; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java index f9e6c70e..d983e4a1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.FileInputStream; import java.io.IOException; import java.util.Enumeration; @@ -48,7 +47,6 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ICMSTemplateFiller; import com.netscape.cmsutil.xml.XMLObject; - public class GetDomainXML extends CMSServlet { /** @@ -64,6 +62,7 @@ public class GetDomainXML extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -73,11 +72,13 @@ public class GetDomainXML extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> * <li>http.param op 'downloadBIN' - return the binary certificate chain - * <li>http.param op 'displayIND' - display pretty-print of certificate chain components + * <li>http.param op 'displayIND' - display pretty-print of certificate + * chain components * </ul> + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -95,8 +96,7 @@ public class GetDomainXML extends CMSServlet { try { secstore = cs.getString("securitydomain.store"); basedn = cs.getString("internaldb.basedn"); - } - catch (Exception e) { + } catch (Exception e) { CMS.debug("Unable to determine the security domain name or internal basedn. Please run the domaininfo migration script"); } @@ -120,16 +120,16 @@ public class GetDomainXML extends CMSServlet { connFactory.init(ldapConfig); conn = connFactory.getConn(); - // get the security domain name + // get the security domain name String secdomain = (String) conn.read(dn).getAttribute("name").getStringValues().nextElement(); XMLObject xmlObj = new XMLObject(); Node domainInfo = xmlObj.createRoot("DomainInfo"); xmlObj.addItemToContainer(domainInfo, "Name", secdomain); - // this should return CAList, KRAList etc. + // this should return CAList, KRAList etc. LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_ONE, filter, - attrs, true, cons); + attrs, true, cons); while (res.hasMoreElements()) { int count = 0; @@ -137,10 +137,10 @@ public class GetDomainXML extends CMSServlet { String listName = dn.substring(3, dn.indexOf(",")); String subType = listName.substring(0, listName.indexOf("List")); Node listNode = xmlObj.createContainer(domainInfo, listName); - + filter = "objectclass=pkiSubsystem"; - LDAPSearchResults res2 = conn.search(dn, LDAPConnection.SCOPE_ONE, filter, - attrs, false, cons); + LDAPSearchResults res2 = conn.search(dn, LDAPConnection.SCOPE_ONE, filter, + attrs, false, cons); while (res2.hasMoreElements()) { Node node = xmlObj.createContainer(listNode, subType); LDAPEntry entry = res2.next(); @@ -149,32 +149,29 @@ public class GetDomainXML extends CMSServlet { while (attrsInSet.hasMoreElements()) { LDAPAttribute nextAttr = (LDAPAttribute) attrsInSet.nextElement(); String attrName = nextAttr.getName(); - if ((! attrName.equals("cn")) && (! attrName.equals("objectClass"))) { + if ((!attrName.equals("cn")) && (!attrName.equals("objectClass"))) { String attrValue = (String) nextAttr.getStringValues().nextElement(); xmlObj.addItemToContainer(node, securityDomainLDAPtoXML(attrName), attrValue); } } - count ++; - } + count++; + } xmlObj.addItemToContainer(listNode, "SubsystemCount", Integer.toString(count)); } // Add new xml object as string to response. response.addItemToContainer(root, "DomainInfo", xmlObj.toXMLString()); - } - catch (Exception e) { + } catch (Exception e) { CMS.debug("GetDomainXML: Failed to read domain.xml from ldap " + e.toString()); status = FAILED; - } - finally { - if ((conn != null) && (connFactory!= null)) { + } finally { + if ((conn != null) && (connFactory != null)) { CMS.debug("Releasing ldap connection"); connFactory.returnConn(conn); } } - } - else { - // get data from file store + } else { + // get data from file store String path = CMS.getConfigStore().getString("instanceRoot", "") + "/conf/domain.xml"; @@ -194,10 +191,9 @@ public class GetDomainXML extends CMSServlet { CMS.debug("GetDomainXML: Done Reading domain.xml..."); response.addItemToContainer(root, "DomainInfo", new String(buf)); - } - catch (Exception e) { - CMS.debug("Failed to read domain.xml from file" + e.toString()); - status = FAILED; + } catch (Exception e) { + CMS.debug("Failed to read domain.xml from file" + e.toString()); + status = FAILED; } } @@ -211,18 +207,29 @@ public class GetDomainXML extends CMSServlet { } protected String securityDomainLDAPtoXML(String attribute) { - if (attribute.equals("host")) return "Host"; - else return attribute; + if (attribute.equals("host")) + return "Host"; + else + return attribute; } - protected void setDefaultTemplates(ServletConfig sc) {} + protected void setDefaultTemplates(ServletConfig sc) { + } protected void renderTemplate( CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) - throws IOException {// do nothing - } + throws IOException {// do nothing + } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetStatus.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetStatus.java index 02fe36c1..623acf9a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetStatus.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetStatus.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.util.Locale; @@ -36,7 +35,6 @@ import com.netscape.cms.servlet.base.UserInfo; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cmsutil.xml.XMLObject; - public class GetStatus extends CMSServlet { /** @@ -52,6 +50,7 @@ public class GetStatus extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -59,18 +58,19 @@ public class GetStatus extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); - IConfigStore config = CMS.getConfigStore(); + IConfigStore config = CMS.getConfigStore(); String outputString = null; - String state = config.getString("cs.state", ""); - String type = config.getString("cs.type", ""); + String state = config.getString("cs.state", ""); + String type = config.getString("cs.type", ""); try { XMLObject xmlObj = null; @@ -89,7 +89,15 @@ public class GetStatus extends CMSServlet { } } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java index c1bf138e..59e135a1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.util.Locale; @@ -39,7 +38,6 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cmsutil.crypto.CryptoUtil; import com.netscape.cmsutil.xml.XMLObject; - public class GetSubsystemCert extends CMSServlet { /** @@ -55,6 +53,7 @@ public class GetSubsystemCert extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -62,7 +61,7 @@ public class GetSubsystemCert extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. */ protected void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); @@ -76,16 +75,16 @@ public class GetSubsystemCert extends CMSServlet { nickname = cs.getString("ca.subsystem.nickname", ""); String tokenname = cs.getString("ca.subsystem.tokenname", ""); if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token")) - nickname = tokenname+":"+nickname; + nickname = tokenname + ":" + nickname; } catch (Exception e) { } - CMS.debug("GetSubsystemCert process: nickname="+nickname); + CMS.debug("GetSubsystemCert process: nickname=" + nickname); String s = ""; try { CryptoManager cm = CryptoManager.getInstance(); X509Certificate cert = cm.findCertByNickname(nickname); - + if (cert == null) { CMS.debug("GetSubsystemCert process: subsystem cert is null"); outputError(httpResp, "Error: Failed to get subsystem certificate."); @@ -95,7 +94,7 @@ public class GetSubsystemCert extends CMSServlet { byte[] bytes = cert.getEncoded(); s = CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bytes)); } catch (Exception e) { - CMS.debug("GetSubsystemCert process: exception: "+e.toString()); + CMS.debug("GetSubsystemCert process: exception: " + e.toString()); } try { @@ -111,7 +110,15 @@ public class GetSubsystemCert extends CMSServlet { } } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTokenInfo.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTokenInfo.java index d7af0740..f4d68392 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTokenInfo.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTokenInfo.java @@ -52,6 +52,7 @@ public class GetTokenInfo extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -60,11 +61,13 @@ public class GetTokenInfo extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> * <li>http.param op 'downloadBIN' - return the binary certificate chain - * <li>http.param op 'displayIND' - display pretty-print of certificate chain components + * <li>http.param op 'displayIND' - display pretty-print of certificate + * chain components * </ul> + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -78,8 +81,8 @@ public class GetTokenInfo extends CMSServlet { try { xmlObj = new XMLObject(); } catch (Exception e) { - CMS.debug("GetTokenInfo process: Exception: "+e.toString()); - throw new EBaseException( e.toString() ); + CMS.debug("GetTokenInfo process: Exception: " + e.toString()); + throw new EBaseException(e.toString()); } Node root = xmlObj.createRoot("XMLResponse"); @@ -97,7 +100,7 @@ public class GetTokenInfo extends CMSServlet { String name = t1.nextToken(); if (name.equals("sslserver")) continue; - name = "cloning."+name+".nickname"; + name = "cloning." + name + ".nickname"; String value = ""; try { @@ -105,7 +108,7 @@ public class GetTokenInfo extends CMSServlet { } catch (Exception ee) { continue; } - + Node container = xmlObj.createContainer(root, "Config"); xmlObj.addItemToContainer(container, "name", name); xmlObj.addItemToContainer(container, "value", value); @@ -149,6 +152,14 @@ public class GetTokenInfo extends CMSServlet { return locale; } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTransportCert.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTransportCert.java index bc29b34a..2722b0f7 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTransportCert.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTransportCert.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.security.cert.CertificateEncodingException; import java.util.Locale; @@ -63,6 +62,7 @@ public class GetTransportCert extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -72,7 +72,7 @@ public class GetTransportCert extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. */ protected void process(CMSRequest cmsReq) throws EBaseException { CMS.debug("UpdateUpdater: processing..."); @@ -86,9 +86,9 @@ public class GetTransportCert extends CMSServlet { CMS.debug("GetTransportCert authentication successful."); } catch (Exception e) { CMS.debug("GetTransportCert: authentication failed."); - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", - e.toString())); + e.toString())); outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated"); return; } @@ -101,19 +101,19 @@ public class GetTransportCert extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "read"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "read"); CMS.debug("GetTransportCert authorization successful."); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, "Error: Not authorized"); return; } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, - "Error: Encountered problem during authorization."); + "Error: Encountered problem during authorization."); return; } @@ -126,17 +126,17 @@ public class GetTransportCert extends CMSServlet { IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) mAuthority; - ITransportKeyUnit tu = kra.getTransportKeyUnit(); - org.mozilla.jss.crypto.X509Certificate transportCert = + ITransportKeyUnit tu = kra.getTransportKeyUnit(); + org.mozilla.jss.crypto.X509Certificate transportCert = tu.getCertificate(); - String mime64 = ""; + String mime64 = ""; try { mime64 = CMS.BtoA(transportCert.getEncoded()); mime64 = com.netscape.cmsutil.util.Cert.normalizeCertStrAndReq(mime64); - } catch (CertificateEncodingException eee) { + } catch (CertificateEncodingException eee) { CMS.debug("GetTransportCert: Failed to encode certificate"); - } + } // send success status back to the requestor try { @@ -154,14 +154,23 @@ public class GetTransportCert extends CMSServlet { } } - protected void setDefaultTemplates(ServletConfig sc) {} + protected void setDefaultTemplates(ServletConfig sc) { + } protected void renderTemplate( CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) - throws IOException {// do nothing - } + throws IOException {// do nothing + } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java index a00b0fb7..b42bdb7d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import javax.servlet.ServletConfig; @@ -36,19 +35,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class HierarchyPanel extends WizardPanelBase { - public HierarchyPanel() {} + public HierarchyPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("PKI Hierarchy"); } public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + throws ServletException { setPanelNo(panelno); setName("PKI Hierarchy"); setId(id); @@ -56,7 +56,7 @@ public class HierarchyPanel extends WizardPanelBase { public boolean shouldSkip() { - // we dont need to ask the hierachy if we are + // we dont need to ask the hierachy if we are // setting up a clone try { IConfigStore c = CMS.getConfigStore(); @@ -64,8 +64,8 @@ public class HierarchyPanel extends WizardPanelBase { null); if (s != null && s.equals("clone")) { // mark this panel as done - c.putString("preop.hierarchy.select","root"); - c.putString("hierarchy.select","Clone"); + c.putString("preop.hierarchy.select", "root"); + c.putString("hierarchy.select", "Clone"); return true; } } catch (EBaseException e) { @@ -89,15 +89,16 @@ public class HierarchyPanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -117,7 +118,7 @@ public class HierarchyPanel extends WizardPanelBase { if (s.equals("root")) { context.put("check_root", "checked"); } else if (s.equals("join")) { - context.put("check_join", "checked"); + context.put("check_join", "checked"); } } catch (Exception e) { CMS.debug(e.toString()); @@ -163,16 +164,17 @@ public class HierarchyPanel extends WizardPanelBase { } if (select.equals("root")) { - config.putString("preop.hierarchy.select", "root"); - config.putString("hierarchy.select", "Root"); + config.putString("preop.hierarchy.select", "root"); + config.putString("hierarchy.select", "Root"); config.putString("preop.ca.type", "sdca"); try { config.commit(false); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } } else if (select.equals("join")) { config.putString(PCERT_PREFIX + "signing.type", "remote"); config.putString("preop.hierarchy.select", "join"); - config.putString("hierarchy.select", "Subordinate"); + config.putString("hierarchy.select", "Subordinate"); } else { config.putString(PCERT_PREFIX + "signing.type", "remote"); CMS.debug("HierarchyPanel: invalid choice " + select); @@ -187,5 +189,6 @@ public class HierarchyPanel extends WizardPanelBase { */ public void displayError(HttpServletRequest request, HttpServletResponse response, - Context context) {} + Context context) { + } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java index d4f93a9b..991bb49b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.BufferedReader; import java.io.FileReader; import java.io.IOException; @@ -47,19 +46,20 @@ import com.netscape.cmsutil.crypto.CryptoUtil; public class ImportAdminCertPanel extends WizardPanelBase { - public ImportAdminCertPanel() {} + public ImportAdminCertPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Import Administrator's Certificate"); } public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + throws ServletException { setPanelNo(panelno); setName("Import Administrator's Certificate"); setId(id); @@ -102,11 +102,12 @@ public class ImportAdminCertPanel extends WizardPanelBase { try { type = cs.getString("preop.ca.type", ""); subsystemtype = cs.getString("cs.type", ""); - } catch (Exception e) {} + } catch (Exception e) { + } try { String serialno = cs.getString("preop.admincert.serialno.0"); - + context.put("serialNumber", serialno); } catch (Exception e) { context.put("errorString", "Failed to get serial number."); @@ -129,21 +130,26 @@ public class ImportAdminCertPanel extends WizardPanelBase { if (ca == null) { if (type.equals("otherca")) { try { - // this is a non-CA system that has elected to have its certificates + // this is a non-CA system that has elected to have its + // certificates // signed by a CA outside of the security domain. - // in this case, we submitted the cert request for the admin cert to + // in this case, we submitted the cert request for the admin + // cert to // to security domain host. caHost = cs.getString("securitydomain.host", ""); caPort = cs.getString("securitydomain.httpsadminport", ""); - } catch (Exception e) {} + } catch (Exception e) { + } } else if (type.equals("sdca")) { try { // this is a non-CA system that submitted its certs to a CA - // within the security domain. In this case, we submitted the cert + // within the security domain. In this case, we submitted + // the cert // request for the admin cert to this CA caHost = cs.getString("preop.ca.hostname", ""); caPort = cs.getString("preop.ca.httpsadminport", ""); - } catch (Exception e) {} + } catch (Exception e) { + } } } else { // for CAs, we always generate our own admin certs @@ -151,7 +157,8 @@ public class ImportAdminCertPanel extends WizardPanelBase { try { caHost = cs.getString("service.machineName", ""); caPort = cs.getString("pkicreate.admin_secure_port", ""); - } catch (Exception e) {} + } catch (Exception e) { + } } String pkcs7 = ""; @@ -192,12 +199,13 @@ public class ImportAdminCertPanel extends WizardPanelBase { subsystemtype = cs.getString("cs.type", ""); security_domain_type = cs.getString("securitydomain.select", ""); selected_hierarchy = cs.getString("preop.hierarchy.select", ""); - } catch (Exception e) {} + } catch (Exception e) { + } ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem( ICertificateAuthority.ID); - if (ca == null) { + if (ca == null) { context.put("ca", "false"); } else { context.put("ca", "true"); @@ -206,18 +214,18 @@ public class ImportAdminCertPanel extends WizardPanelBase { X509CertImpl certs[] = new X509CertImpl[1]; - // REMINDER: This panel is NOT used by "clones" - if( ca != null ) { + // REMINDER: This panel is NOT used by "clones" + if (ca != null) { String serialno = null; - if( selected_hierarchy.equals( "root" ) ) { - CMS.debug( "ImportAdminCertPanel update: " + if (selected_hierarchy.equals("root")) { + CMS.debug("ImportAdminCertPanel update: " + "Root CA subsystem - " - + "(new Security Domain)" ); + + "(new Security Domain)"); } else { - CMS.debug( "ImportAdminCertPanel update: " + CMS.debug("ImportAdminCertPanel update: " + "Subordinate CA subsystem - " - + "(new Security Domain)" ); + + "(new Security Domain)"); } try { @@ -234,35 +242,37 @@ public class ImportAdminCertPanel extends WizardPanelBase { try { certs[0] = repost.getX509Certificate( new BigInteger(serialno, 16)); - } catch (Exception ee) {} + } catch (Exception ee) { + } } else { String dir = null; - // REMINDER: This panel is NOT used by "clones" - if( subsystemtype.equals( "CA" ) ) { - if( selected_hierarchy.equals( "root" ) ) { - CMS.debug( "ImportAdminCertPanel update: " + // REMINDER: This panel is NOT used by "clones" + if (subsystemtype.equals("CA")) { + if (selected_hierarchy.equals("root")) { + CMS.debug("ImportAdminCertPanel update: " + "Root CA subsystem - " - + "(existing Security Domain)" ); + + "(existing Security Domain)"); } else { - CMS.debug( "ImportAdminCertPanel update: " + CMS.debug("ImportAdminCertPanel update: " + "Subordinate CA subsystem - " - + "(existing Security Domain)" ); + + "(existing Security Domain)"); } } else { - CMS.debug( "ImportAdminCertPanel update: " + CMS.debug("ImportAdminCertPanel update: " + subsystemtype - + " subsystem" ); + + " subsystem"); } try { - dir = cs.getString("preop.admincert.b64", ""); + dir = cs.getString("preop.admincert.b64", ""); CMS.debug("ImportAdminCertPanel update: dir=" + dir); - } catch (Exception ee) {} + } catch (Exception ee) { + } try { BufferedReader reader = new BufferedReader( - new FileReader(dir)); + new FileReader(dir)); String b64 = ""; StringBuffer sb = new StringBuffer(); @@ -289,7 +299,7 @@ public class ImportAdminCertPanel extends WizardPanelBase { user.setX509Certificates(certs); ug.addUserCert(user); } catch (LDAPException e) { - CMS.debug("ImportAdminCertPanel update: failed to add certificate to the internal database. Exception: "+e.toString()); + CMS.debug("ImportAdminCertPanel update: failed to add certificate to the internal database. Exception: " + e.toString()); if (e.getLDAPResultCode() != LDAPException.ATTRIBUTE_OR_VALUE_EXISTS) { context.put("updateStatus", "failure"); throw new IOException(e.toString()); @@ -312,7 +322,7 @@ public class ImportAdminCertPanel extends WizardPanelBase { public boolean shouldSkip() { try { IConfigStore c = CMS.getConfigStore(); - String s = c.getString("preop.subsystem.select",null); + String s = c.getString("preop.subsystem.select", null); if (s != null && s.equals("clone")) { return true; } @@ -322,7 +332,6 @@ public class ImportAdminCertPanel extends WizardPanelBase { return false; } - /** * If validiate() returns false, this method will be called. */ diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java index 0c2e7fa0..a26b2dc2 100755 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import javax.servlet.ServletConfig; @@ -36,19 +35,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class ImportCAChainPanel extends WizardPanelBase { - public ImportCAChainPanel() {} + public ImportCAChainPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Import CA's Certificate Chain"); } public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + throws ServletException { setPanelNo(panelno); setName("Import CA's Certificate Chain"); setId(id); @@ -89,7 +89,7 @@ public class ImportCAChainPanel extends WizardPanelBase { context.put("https_port", cs.getString("pkicreate.ee_secure_port")); context.put("http_port", cs.getString("pkicreate.unsecure_port")); } catch (EBaseException e) { - CMS.debug("ImportCACertChain:display: Exception: " + e.toString()); + CMS.debug("ImportCACertChain:display: Exception: " + e.toString()); context.put("errorString", "Error loading values for Import CA Certificate Panel"); } @@ -119,7 +119,6 @@ public class ImportCAChainPanel extends WizardPanelBase { Context context) throws IOException { IConfigStore cs = CMS.getConfigStore(); - context.put("errorString", ""); context.put("title", "Import CA's Certificate Chain"); context.put("panel", "admin/console/config/importcachainpanel.vm"); @@ -141,6 +140,7 @@ public class ImportCAChainPanel extends WizardPanelBase { context.put("http_port", cs.getString("pkicreate.unsecure_port")); context.put("title", "Import CA's Certificate Chain"); context.put("panel", "admin/console/config/importcachainpanel.vm"); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportTransportCert.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportTransportCert.java index 3f54ec1c..2cfc6cad 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportTransportCert.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportTransportCert.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.util.Locale; @@ -61,6 +60,7 @@ public class ImportTransportCert extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -70,7 +70,7 @@ public class ImportTransportCert extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. */ protected void process(CMSRequest cmsReq) throws EBaseException { CMS.debug("UpdateUpdater: processing..."); @@ -84,9 +84,9 @@ public class ImportTransportCert extends CMSServlet { CMS.debug("ImportTransportCert authentication successful."); } catch (Exception e) { CMS.debug("ImportTransportCert: authentication failed."); - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", - e.toString())); + e.toString())); outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated"); return; } @@ -99,19 +99,19 @@ public class ImportTransportCert extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "modify"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "modify"); CMS.debug("ImportTransportCert authorization successful."); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, "Error: Not authorized"); return; } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, - "Error: Encountered problem during authorization."); + "Error: Encountered problem during authorization."); return; } @@ -126,17 +126,17 @@ public class ImportTransportCert extends CMSServlet { String certsString = httpReq.getParameter("certificate"); try { - CryptoManager cm = CryptoManager.getInstance(); - CMS.debug("ImportTransportCert: Importing certificate"); - org.mozilla.jss.crypto.X509Certificate cert = - cm.importCACertPackage(CMS.AtoB(certsString)); - String nickName = cert.getNickname(); - CMS.debug("ImportTransportCert: nickname " + nickName); - cs.putString("tks.drm_transport_cert_nickname", nickName); - CMS.debug("ImportTransportCert: Commiting configuration"); - cs.commit(false); - - // send success status back to the requestor + CryptoManager cm = CryptoManager.getInstance(); + CMS.debug("ImportTransportCert: Importing certificate"); + org.mozilla.jss.crypto.X509Certificate cert = + cm.importCACertPackage(CMS.AtoB(certsString)); + String nickName = cert.getNickname(); + CMS.debug("ImportTransportCert: nickname " + nickName); + cs.putString("tks.drm_transport_cert_nickname", nickName); + CMS.debug("ImportTransportCert: Commiting configuration"); + cs.commit(false); + + // send success status back to the requestor CMS.debug("ImportTransportCert: Sending response"); XMLObject xmlObj = new XMLObject(); Node root = xmlObj.createRoot("XMLResponse"); @@ -150,14 +150,23 @@ public class ImportTransportCert extends CMSServlet { } } - protected void setDefaultTemplates(ServletConfig sc) {} + protected void setDefaultTemplates(ServletConfig sc) { + } protected void renderTemplate( CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) - throws IOException {// do nothing - } + throws IOException {// do nothing + } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java index a421302b..d661a318 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java @@ -36,11 +36,11 @@ import com.netscape.certsrv.base.ISecurityDomainSessionTable; import com.netscape.cmsutil.password.IPasswordStore; /** - * This object stores the values for IP, uid and group based on the cookie id in LDAP. - * Entries are stored under ou=Security Domain, ou=sessions, $basedn + * This object stores the values for IP, uid and group based on the cookie id in + * LDAP. Entries are stored under ou=Security Domain, ou=sessions, $basedn */ -public class LDAPSecurityDomainSessionTable - implements ISecurityDomainSessionTable { +public class LDAPSecurityDomainSessionTable + implements ISecurityDomainSessionTable { private long m_timeToLive; @@ -48,8 +48,8 @@ public class LDAPSecurityDomainSessionTable m_timeToLive = timeToLive; } - public int addEntry(String sessionId, String ip, - String uid, String group) { + public int addEntry(String sessionId, String ip, + String uid, String group) { IConfigStore cs = CMS.getConfigStore(); LDAPConnection conn = null; boolean sessions_exists = true; @@ -77,14 +77,14 @@ public class LDAPSecurityDomainSessionTable attrs.add(new LDAPAttribute("ou", "sessions")); entry = new LDAPEntry(sessionsdn, attrs); conn.add(entry); - } catch (Exception e) { + } catch (Exception e) { if ((e instanceof LDAPException) && (((LDAPException) e).getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS)) { // continue } else { CMS.debug("SecurityDomainSessionTable: unable to create ou=sessions:" + e); sessions_exists = false; } - } + } // add new entry try { @@ -106,9 +106,9 @@ public class LDAPSecurityDomainSessionTable CMS.debug("SecurityDomainSessionTable: added session entry" + sessionId); status = SUCCESS; } - } catch(Exception e) { + } catch (Exception e) { CMS.debug("SecurityDomainSessionTable: unable to create session entry" + sessionId + ": " + e); - } + } try { conn.disconnect(); @@ -155,8 +155,9 @@ public class LDAPSecurityDomainSessionTable conn = getLDAPConn(); LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false); - if (res.getCount() > 0) ret = true; - } catch(Exception e) { + if (res.getCount() > 0) + ret = true; + } catch (Exception e) { CMS.debug("SecurityDomainSessionTable: unable to query session " + sessionId + ": " + e); } @@ -168,7 +169,6 @@ public class LDAPSecurityDomainSessionTable return ret; } - public Enumeration<String> getSessionIds() { IConfigStore cs = CMS.getConfigStore(); LDAPConnection conn = null; @@ -188,13 +188,13 @@ public class LDAPSecurityDomainSessionTable } } catch (LDAPException e) { switch (e.getLDAPResultCode()) { - case LDAPException.NO_SUCH_OBJECT: - CMS.debug("SecurityDomainSessionTable: getSessionIds(): no sessions have been created"); - break; - default: - CMS.debug("SecurityDomainSessionTable: unable to query sessionIds due to ldap exception: " + e); + case LDAPException.NO_SUCH_OBJECT: + CMS.debug("SecurityDomainSessionTable: getSessionIds(): no sessions have been created"); + break; + default: + CMS.debug("SecurityDomainSessionTable: unable to query sessionIds due to ldap exception: " + e); } - } catch(Exception e) { + } catch (Exception e) { CMS.debug("SecurityDomainSessionTable: unable to query sessionIds: " + e); } @@ -211,18 +211,18 @@ public class LDAPSecurityDomainSessionTable IConfigStore cs = CMS.getConfigStore(); LDAPConnection conn = null; String ret = null; - try { + try { String basedn = cs.getString("internaldb.basedn"); String sessionsdn = "ou=sessions,ou=Security Domain," + basedn; String filter = "(cn=" + sessionId + ")"; String[] attrs = { attr }; conn = getLDAPConn(); LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false); - if (res.getCount() > 0) { + if (res.getCount() > 0) { LDAPEntry entry = res.next(); ret = entry.getAttribute(attr).getStringValueArray()[0]; } - } catch(Exception e) { + } catch (Exception e) { CMS.debug("SecurityDomainSessionTable: unable to query session " + sessionId + ": " + e); } @@ -261,7 +261,7 @@ public class LDAPSecurityDomainSessionTable public int getSize() { IConfigStore cs = CMS.getConfigStore(); LDAPConnection conn = null; - int ret =0; + int ret = 0; try { String basedn = cs.getString("internaldb.basedn"); @@ -272,7 +272,7 @@ public class LDAPSecurityDomainSessionTable conn = getLDAPConn(); LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false); ret = res.getCount(); - } catch(Exception e) { + } catch (Exception e) { CMS.debug("SecurityDomainSessionTable: unable to query sessionIds: " + e); } @@ -286,8 +286,7 @@ public class LDAPSecurityDomainSessionTable } private LDAPConnection getLDAPConn() - throws IOException - { + throws IOException { IConfigStore cs = CMS.getConfigStore(); String host = ""; @@ -299,12 +298,12 @@ public class LDAPSecurityDomainSessionTable IPasswordStore pwdStore = CMS.getPasswordStore(); if (pwdStore != null) { - //CMS.debug("SecurityDomainSessionTable: getLDAPConn: password store available"); + // CMS.debug("SecurityDomainSessionTable: getLDAPConn: password store available"); pwd = pwdStore.getPassword("internaldb"); } - if ( pwd == null) { - throw new IOException("SecurityDomainSessionTable: Failed to obtain password from password store"); + if (pwd == null) { + throw new IOException("SecurityDomainSessionTable: Failed to obtain password from password store"); } try { @@ -329,14 +328,15 @@ public class LDAPSecurityDomainSessionTable LDAPConnection conn = null; if (security.equals("true")) { - //CMS.debug("SecurityDomainSessionTable getLDAPConn: creating secure (SSL) connection for internal ldap"); - conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); + // CMS.debug("SecurityDomainSessionTable getLDAPConn: creating secure (SSL) connection for internal ldap"); + conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); } else { - //CMS.debug("SecurityDomainSessionTable getLDAPConn: creating non-secure (non-SSL) connection for internal ldap"); - conn = new LDAPConnection(); + // CMS.debug("SecurityDomainSessionTable getLDAPConn: creating non-secure (non-SSL) connection for internal ldap"); + conn = new LDAPConnection(); } - //CMS.debug("SecurityDomainSessionTable connecting to " + host + ":" + p); + // CMS.debug("SecurityDomainSessionTable connecting to " + host + ":" + + // p); try { conn.connect(host, p, binddn, pwd); } catch (LDAPException e) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LoginServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LoginServlet.java index e7fdbe3f..713cb170 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LoginServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LoginServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -27,7 +26,6 @@ import org.apache.velocity.context.Context; import com.netscape.certsrv.apps.CMS; - public class LoginServlet extends BaseServlet { /** @@ -52,7 +50,7 @@ public class LoginServlet extends BaseServlet { if (pin == null) { context.put("error", ""); } else { - String cspin = CMS.getConfigStore().getString("preop.pin"); + String cspin = CMS.getConfigStore().getString("preop.pin"); if (cspin != null && cspin.equals(pin)) { // create session @@ -62,7 +60,7 @@ public class LoginServlet extends BaseServlet { return null; } else { context.put("error", "Login Failed"); - } + } } template = Velocity.getTemplate("admin/console/config/login.vm"); } catch (Exception e) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/MainPageServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/MainPageServlet.java index a91ca979..2c68ee02 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/MainPageServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/MainPageServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.util.Locale; @@ -43,7 +42,7 @@ public class MainPageServlet extends CMSServlet { * */ private static final long serialVersionUID = 2425301522251239666L; - private static final String PROP_AUTHORITY_ID="authorityId"; + private static final String PROP_AUTHORITY_ID = "authorityId"; private String mAuthorityId = null; private String mFormPath = null; @@ -75,12 +74,12 @@ public class MainPageServlet extends CMSServlet { form = getTemplate(mFormPath, request, locale); } catch (IOException e) { CMS.debug("MainPageServlet process: cant locate the form"); -/* - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); -*/ + /* + * log(ILogger.LL_FAILURE, + * CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); throw + * new ECMSGWException( + * CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + */ } process(argSet, header, ctx, request, response); @@ -90,21 +89,21 @@ public class MainPageServlet extends CMSServlet { ServletOutputStream out = response.getOutputStream(); cmsReq.setStatus(CMSRequest.SUCCESS); - response.setContentType("text/html"); - form.renderOutput(out, argSet); + response.setContentType("text/html"); + form.renderOutput(out, argSet); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } private void process(CMSTemplateParams argSet, IArgBlock header, - IArgBlock ctx, HttpServletRequest req, HttpServletResponse resp) - throws EBaseException { + IArgBlock ctx, HttpServletRequest req, HttpServletResponse resp) + throws EBaseException { - int num = 0; + int num = 0; IArgBlock rarg = null; IConfigStore cs = CMS.getConfigStore(); int state = 0; @@ -125,8 +124,8 @@ public class MainPageServlet extends CMSServlet { rarg = CMS.createArgBlock(); rarg.addStringValue("type", "admin"); rarg.addStringValue("prefix", "http"); - rarg.addIntegerValue("port", - Integer.valueOf(CMS.getEENonSSLPort()).intValue()); + rarg.addIntegerValue("port", + Integer.valueOf(CMS.getEENonSSLPort()).intValue()); rarg.addStringValue("host", host); rarg.addStringValue("uri", adminInterface); argSet.addRepeatRecord(rarg); @@ -136,8 +135,8 @@ public class MainPageServlet extends CMSServlet { rarg = CMS.createArgBlock(); rarg.addStringValue("type", "ee"); rarg.addStringValue("prefix", "https"); - rarg.addIntegerValue("port", - Integer.valueOf(CMS.getEESSLPort()).intValue()); + rarg.addIntegerValue("port", + Integer.valueOf(CMS.getEESSLPort()).intValue()); rarg.addStringValue("host", host); rarg.addStringValue("uri", eeInterface); argSet.addRepeatRecord(rarg); @@ -147,8 +146,8 @@ public class MainPageServlet extends CMSServlet { rarg = CMS.createArgBlock(); rarg.addStringValue("type", "agent"); rarg.addStringValue("prefix", "https"); - rarg.addIntegerValue("port", - Integer.valueOf(CMS.getAgentPort()).intValue()); + rarg.addIntegerValue("port", + Integer.valueOf(CMS.getAgentPort()).intValue()); rarg.addStringValue("host", host); rarg.addStringValue("uri", agentInterface); argSet.addRepeatRecord(rarg); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModulePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModulePanel.java index 38185a33..e98df72a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModulePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModulePanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.util.Enumeration; import java.util.Hashtable; @@ -50,19 +49,21 @@ public class ModulePanel extends WizardPanelBase { private Vector mOtherModules = null; private Hashtable mCurrModTable = new Hashtable(); private WizardServlet mServlet = null; - public ModulePanel() {} + + public ModulePanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Key Store"); } public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + throws ServletException { setPanelNo(panelno); setName("Key Store"); setId(id); @@ -71,7 +72,7 @@ public class ModulePanel extends WizardPanelBase { public void cleanUp() throws IOException { IConfigStore cs = CMS.getConfigStore(); - cs.putBoolean("preop.ModulePanel.done",false); + cs.putBoolean("preop.ModulePanel.done", false); } public void loadCurrModTable() { @@ -142,14 +143,14 @@ public class ModulePanel extends WizardPanelBase { CMS.debug("ModulePanel: token logged in?" + token.isLoggedIn()); CMS.debug("ModulePanel: token is present?" + token.isPresent()); if (!token.getName().equals("Internal Crypto Services Token") && - !token.getName().equals("NSS Generic Crypto Services")) { + !token.getName().equals("NSS Generic Crypto Services")) { module.addToken(token); } else { CMS.debug( "ModulePanel: token " + token.getName() - + " not to be added"); + + " not to be added"); } - + } catch (TokenException ex) { CMS.debug("ModulePanel:" + ex.toString()); } @@ -181,11 +182,11 @@ public class ModulePanel extends WizardPanelBase { if ((cn == null) || (cn.equals(""))) { break; } - + CMS.debug("ModulePanel: got from config module: " + cn); // create a Module object Module module = new Module(cn, pn, img); - + if (mCurrModTable.containsKey(cn)) { CMS.debug("ModulePanel: module found: " + cn); module.setFound(true); @@ -194,7 +195,7 @@ public class ModulePanel extends WizardPanelBase { loadModTokens(module, m); } - + CMS.debug("ModulePanel: adding module " + cn); // add module to set if (!mSupportedModules.contains(module)) { @@ -211,16 +212,19 @@ public class ModulePanel extends WizardPanelBase { } public PropertySet getUsage() { - // it a token choice. Available tokens are discovered dynamically so + // it a token choice. Available tokens are discovered dynamically so // can't be a real CHOICE PropertySet set = new PropertySet(); - - Descriptor tokenDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */ + + Descriptor tokenDesc = new Descriptor(IDescriptor.STRING, null, /* + * no + * constraint + */ null, /* default parameter */ "module token selection"); set.add("choice", tokenDesc); - + return set; } @@ -235,7 +239,8 @@ public class ModulePanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } @@ -272,8 +277,8 @@ public class ModulePanel extends WizardPanelBase { context.put("oms", mOtherModules); context.put("sms", mSupportedModules); // context.put("status_token", "None"); - String subpanelno = String.valueOf(getPanelNo()+1); - CMS.debug("ModulePanel subpanelno =" +subpanelno); + String subpanelno = String.valueOf(getPanelNo() + 1); + CMS.debug("ModulePanel subpanelno =" + subpanelno); context.put("subpanelno", subpanelno); context.put("panel", "admin/console/config/modulepanel.vm"); } @@ -292,7 +297,7 @@ public class ModulePanel extends WizardPanelBase { public void update(HttpServletRequest request, HttpServletResponse response, Context context) throws IOException { - boolean hasErr = false; + boolean hasErr = false; try { // get the value of the choice @@ -306,13 +311,13 @@ public class ModulePanel extends WizardPanelBase { IConfigStore config = CMS.getConfigStore(); String oldtokenname = config.getString("preop.module.token", ""); - if (!oldtokenname.equals(select)) + if (!oldtokenname.equals(select)) mServlet.cleanUpFromPanel(mServlet.getPanelNo(request)); - if (hasErr == false) { - config.putString("preop.module.token", select); - config.putBoolean("preop.ModulePanel.done", true); - } + if (hasErr == false) { + config.putString("preop.module.token", select); + config.putBoolean("preop.ModulePanel.done", true); + } config.commit(false); context.put("updateStatus", "success"); } catch (Exception e) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModuleServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModuleServlet.java index a0a627ee..53a297e5 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModuleServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModuleServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -27,7 +26,6 @@ import org.apache.velocity.context.Context; import com.netscape.certsrv.apps.CMS; - public class ModuleServlet extends BaseServlet { /** @@ -36,14 +34,12 @@ public class ModuleServlet extends BaseServlet { private static final long serialVersionUID = 6518965840466227888L; /** - * Collect information on where keys are to be generated. - * Once collected, write to CS.cfg: - * "preop.module=soft" - * or - * "preop.module=hard" - * + * Collect information on where keys are to be generated. Once collected, + * write to CS.cfg: "preop.module=soft" or "preop.module=hard" + * * <ul> - * <li>http.param selection "soft" or "hard" for software token or hardware token + * <li>http.param selection "soft" or "hard" for software token or hardware + * token * </ul> */ public Template process(HttpServletRequest request, @@ -76,7 +72,7 @@ public class ModuleServlet extends BaseServlet { CMS.debug("ModuleServlet: illegal selection: " + selection); context.put("error", "failed selection"); } - + } else { CMS.debug("ModuleServlet: no selection"); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java index ec3686e9..45239586 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.File; import java.io.FileOutputStream; import java.io.IOException; @@ -54,19 +53,20 @@ public class NamePanel extends WizardPanelBase { private Vector mCerts = null; private WizardServlet mServlet = null; - public NamePanel() {} + public NamePanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Subject Names"); } public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + throws ServletException { setPanelNo(panelno); setName("Subject Names"); setId(id); @@ -79,26 +79,38 @@ public class NamePanel extends WizardPanelBase { public PropertySet getUsage() { PropertySet set = new PropertySet(); - Descriptor caDN = new Descriptor(IDescriptor.STRING, null, /* no constraint */ - null, /* no default parameter */ + Descriptor caDN = new Descriptor(IDescriptor.STRING, null, /* + * no + * constraint + */ + null, /* no default parameter */ "CA Signing Certificate's DN"); set.add("caDN", caDN); - Descriptor sslDN = new Descriptor(IDescriptor.STRING, null, /* no constraint */ - null, /* no default parameter */ + Descriptor sslDN = new Descriptor(IDescriptor.STRING, null, /* + * no + * constraint + */ + null, /* no default parameter */ "SSL Server Certificate's DN"); set.add("sslDN", sslDN); - Descriptor subsystemDN = new Descriptor(IDescriptor.STRING, null, /* no constraint */ - null, /* no default parameter */ + Descriptor subsystemDN = new Descriptor(IDescriptor.STRING, null, /* + * no + * constraint + */ + null, /* no default parameter */ "CA Subsystem Certificate's DN"); set.add("subsystemDN", subsystemDN); - Descriptor ocspDN = new Descriptor(IDescriptor.STRING, null, /* no constraint */ - null, /* no default parameter */ + Descriptor ocspDN = new Descriptor(IDescriptor.STRING, null, /* + * no + * constraint + */ + null, /* no default parameter */ "OCSP Signing Certificate's DN"); set.add("ocspDN", ocspDN); @@ -124,7 +136,7 @@ public class NamePanel extends WizardPanelBase { StringTokenizer st = new StringTokenizer(list, ","); while (st.hasMoreTokens()) { String t = st.nextToken(); - cs.remove("preop.cert."+t+".done"); + cs.remove("preop.cert." + t + ".done"); } try { @@ -142,7 +154,8 @@ public class NamePanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } @@ -164,7 +177,7 @@ public class NamePanel extends WizardPanelBase { CMS.debug("NamePanel: display()"); context.put("title", "Subject Names"); - // update session id + // update session id String session_id = request.getParameter("session_id"); if (session_id != null) { CMS.debug("NamePanel setting session id."); @@ -179,16 +192,16 @@ public class NamePanel extends WizardPanelBase { String hselect = ""; String cstype = ""; try { - //if CA, at the hierarchy panel, was it root or subord? + // if CA, at the hierarchy panel, was it root or subord? hselect = config.getString("preop.hierarchy.select", ""); select = config.getString("preop.subsystem.select", ""); cstype = config.getString("cs.type", ""); context.put("select", select); if (cstype.equals("CA") && hselect.equals("root")) { - CMS.debug("NamePanel ca is root"); + CMS.debug("NamePanel ca is root"); context.put("isRoot", "true"); } else { - CMS.debug("NamePanel not ca or not root"); + CMS.debug("NamePanel not ca or not root"); context.put("isRoot", "false"); } } catch (Exception e) { @@ -227,27 +240,27 @@ public class NamePanel extends WizardPanelBase { String type = config.getString(PCERT_PREFIX + certTag + ".type"); c.setType(type); - boolean enable = config.getBoolean(PCERT_PREFIX+certTag+".enable", true); + boolean enable = config.getBoolean(PCERT_PREFIX + certTag + ".enable", true); c.setEnable(enable); - String cert = config.getString(subsystem +"."+certTag +".cert", ""); - String certreq = - config.getString(subsystem + "." +certTag +".certreq", ""); + String cert = config.getString(subsystem + "." + certTag + ".cert", ""); + String certreq = + config.getString(subsystem + "." + certTag + ".certreq", ""); String dn = config.getString(PCERT_PREFIX + certTag + ".dn"); - boolean override = config.getBoolean(PCERT_PREFIX + certTag + - ".cncomponent.override", true); - //o_sd is to add o=secritydomainname + boolean override = config.getBoolean(PCERT_PREFIX + certTag + + ".cncomponent.override", true); + // o_sd is to add o=secritydomainname boolean o_sd = config.getBoolean(PCERT_PREFIX + certTag + - "o_securitydomain", true); - domainname = config.getString("securitydomain.name", ""); - CMS.debug("NamePanel: display() override is "+override); - CMS.debug("NamePanel: display() o_securitydomain is "+o_sd); - CMS.debug("NamePanel: display() domainname is "+domainname); + "o_securitydomain", true); + domainname = config.getString("securitydomain.name", ""); + CMS.debug("NamePanel: display() override is " + override); + CMS.debug("NamePanel: display() o_securitydomain is " + o_sd); + CMS.debug("NamePanel: display() domainname is " + domainname); boolean dnUpdated = false; try { - dnUpdated = config.getBoolean(PCERT_PREFIX+certTag+".updatedDN"); + dnUpdated = config.getBoolean(PCERT_PREFIX + certTag + ".updatedDN"); } catch (Exception e) { } @@ -259,16 +272,16 @@ public class NamePanel extends WizardPanelBase { if (select.equals("clone") || dnUpdated) { c.setDN(dn); } else if (count != 0 && override && (cert.equals("") || certreq.equals(""))) { - CMS.debug("NamePanel subsystemCount = "+count); - c.setDN(dn + " "+count+ - ((!instanceId.equals(""))? (",OU=" + instanceId):"") + - ((o_sd)? (",O=" + domainname):"")); - config.putBoolean(PCERT_PREFIX+certTag+".updatedDN", true); + CMS.debug("NamePanel subsystemCount = " + count); + c.setDN(dn + " " + count + + ((!instanceId.equals("")) ? (",OU=" + instanceId) : "") + + ((o_sd) ? (",O=" + domainname) : "")); + config.putBoolean(PCERT_PREFIX + certTag + ".updatedDN", true); } else { - c.setDN(dn + - ((!instanceId.equals(""))? (",OU=" + instanceId):"") + - ((o_sd)? (",O=" + domainname):"")); - config.putBoolean(PCERT_PREFIX+certTag+".updatedDN", true); + c.setDN(dn + + ((!instanceId.equals("")) ? (",OU=" + instanceId) : "") + + ((o_sd) ? (",O=" + domainname) : "")); + config.putBoolean(PCERT_PREFIX + certTag + ".updatedDN", true); } } @@ -302,7 +315,8 @@ public class NamePanel extends WizardPanelBase { try { config.putString("preop.ca.list", list.toString()); config.commit(false); - } catch (Exception e) {} + } catch (Exception e) { + } context.put("urls", v); @@ -334,24 +348,24 @@ public class NamePanel extends WizardPanelBase { } // while } - /* + /* * update some parameters for clones */ public void updateCloneConfig(IConfigStore config) - throws EBaseException, IOException { + throws EBaseException, IOException { String cstype = config.getString("cs.type", null); cstype = toLowerCaseSubsystemType(cstype); if (cstype.equals("kra")) { String token = config.getString(PRE_CONF_CA_TOKEN); if (!token.equals("Internal Key Storage Token")) { - CMS.debug("NamePanel: updating configuration for KRA clone with hardware token"); + CMS.debug("NamePanel: updating configuration for KRA clone with hardware token"); String subsystem = config.getString(PCERT_PREFIX + "storage.subsystem"); String storageNickname = getNickname(config, "storage"); String transportNickname = getNickname(config, "transport"); config.putString(subsystem + ".storageUnit.hardware", token); - config.putString(subsystem + ".storageUnit.nickName", token+":"+storageNickname); - config.putString(subsystem + ".transportUnit.nickName", token+":"+transportNickname); + config.putString(subsystem + ".storageUnit.nickName", token + ":" + storageNickname); + config.putString(subsystem + ".transportUnit.nickName", token + ":" + transportNickname); config.commit(false); } else { // software token // parameters already set @@ -361,12 +375,12 @@ public class NamePanel extends WizardPanelBase { // audit signing cert String audit_nn = config.getString(cstype + ".audit_signing" + ".nickname", ""); String audit_tk = config.getString(cstype + ".audit_signing" + ".tokenname", ""); - if (!audit_tk.equals("Internal Key Storage Token") && !audit_tk.equals("")) { + if (!audit_tk.equals("Internal Key Storage Token") && !audit_tk.equals("")) { config.putString("log.instance.SignedAudit.signedAuditCertNickname", - audit_tk + ":" + audit_nn); + audit_tk + ":" + audit_nn); } else { config.putString("log.instance.SignedAudit.signedAuditCertNickname", - audit_nn); + audit_nn); } } @@ -374,7 +388,7 @@ public class NamePanel extends WizardPanelBase { * get some of the "preop" parameters to persisting parameters */ public void updateConfig(IConfigStore config, String certTag) - throws EBaseException, IOException { + throws EBaseException, IOException { String token = config.getString(PRE_CONF_CA_TOKEN); String subsystem = config.getString(PCERT_PREFIX + certTag + ".subsystem"); CMS.debug("NamePanel: subsystem " + subsystem); @@ -389,34 +403,35 @@ public class NamePanel extends WizardPanelBase { config.putString(subsystem + "." + certTag + ".certnickname", nickname); } - // if KRA, hardware token needs param "kra.storageUnit.hardware" in CS.cfg + // if KRA, hardware token needs param "kra.storageUnit.hardware" in + // CS.cfg String cstype = config.getString("cs.type", null); cstype = toLowerCaseSubsystemType(cstype); if (cstype.equals("kra")) { - if (!token.equals("Internal Key Storage Token")) { - if (certTag.equals("storage")) { - config.putString(subsystem + ".storageUnit.hardware", token); - config.putString(subsystem + ".storageUnit.nickName", token+":"+nickname); - } else if (certTag.equals("transport")) { - config.putString(subsystem + ".transportUnit.nickName", token+":"+nickname); - } - } else { // software token - if (certTag.equals("storage")) { - config.putString(subsystem + ".storageUnit.nickName", nickname); - } else if (certTag.equals("transport")) { - config.putString(subsystem + ".transportUnit.nickName", nickname); - } - } + if (!token.equals("Internal Key Storage Token")) { + if (certTag.equals("storage")) { + config.putString(subsystem + ".storageUnit.hardware", token); + config.putString(subsystem + ".storageUnit.nickName", token + ":" + nickname); + } else if (certTag.equals("transport")) { + config.putString(subsystem + ".transportUnit.nickName", token + ":" + nickname); + } + } else { // software token + if (certTag.equals("storage")) { + config.putString(subsystem + ".storageUnit.nickName", nickname); + } else if (certTag.equals("transport")) { + config.putString(subsystem + ".transportUnit.nickName", nickname); + } + } } String serverCertNickname = nickname; String path = CMS.getConfigStore().getString("instanceRoot", ""); if (certTag.equals("sslserver")) { - if (!token.equals("Internal Key Storage Token")) { - serverCertNickname = token+":"+nickname; + if (!token.equals("Internal Key Storage Token")) { + serverCertNickname = token + ":" + nickname; } - File file = new File(path+"/conf/serverCertNick.conf"); - PrintStream ps = new PrintStream(new FileOutputStream(path+"/conf/serverCertNick.conf")); + File file = new File(path + "/conf/serverCertNick.conf"); + PrintStream ps = new PrintStream(new FileOutputStream(path + "/conf/serverCertNick.conf")); ps.println(serverCertNickname); ps.close(); } @@ -424,23 +439,23 @@ public class NamePanel extends WizardPanelBase { config.putString(subsystem + "." + certTag + ".nickname", nickname); config.putString(subsystem + "." + certTag + ".tokenname", token); if (certTag.equals("audit_signing")) { - if (!token.equals("Internal Key Storage Token") && !token.equals("")) { - config.putString("log.instance.SignedAudit.signedAuditCertNickname", - token + ":" + nickname); - } else { - config.putString("log.instance.SignedAudit.signedAuditCertNickname", - nickname); - } + if (!token.equals("Internal Key Storage Token") && !token.equals("")) { + config.putString("log.instance.SignedAudit.signedAuditCertNickname", + token + ":" + nickname); + } else { + config.putString("log.instance.SignedAudit.signedAuditCertNickname", + nickname); + } } /* - config.putString(CERT_PREFIX + certTag + ".defaultSigningAlgorithm", - "SHA1withRSA"); + * config.putString(CERT_PREFIX + certTag + ".defaultSigningAlgorithm", + * "SHA1withRSA"); */ // for system certs verification - if (!token.equals("Internal Key Storage Token") && !token.equals("")) { + if (!token.equals("Internal Key Storage Token") && !token.equals("")) { config.putString(subsystem + ".cert." + certTag + ".nickname", - token + ":" + nickname); + token + ":" + nickname); } else { config.putString(subsystem + ".cert." + certTag + ".nickname", nickname); } @@ -459,7 +474,7 @@ public class NamePanel extends WizardPanelBase { IConfigStore config = CMS.getConfigStore(); String caType = certObj.getType(); - CMS.debug("NamePanel: in configCert caType is "+ caType); + CMS.debug("NamePanel: in configCert caType is " + caType); X509CertImpl cert = null; String certTag = certObj.getCertTag(); @@ -469,13 +484,13 @@ public class NamePanel extends WizardPanelBase { String v = config.getString("preop.ca.type", ""); CMS.debug("NamePanel configCert: remote CA"); - String pkcs10 = CertUtil.getPKCS10(config, PCERT_PREFIX, - certObj, context); + String pkcs10 = CertUtil.getPKCS10(config, PCERT_PREFIX, + certObj, context); certObj.setRequest(pkcs10); String subsystem = config.getString( PCERT_PREFIX + certTag + ".subsystem"); config.putString(subsystem + "." + certTag + ".certreq", pkcs10); - String profileId = config.getString(PCERT_PREFIX+certTag+".profile"); + String profileId = config.getString(PCERT_PREFIX + certTag + ".profile"); String session_id = CMS.getConfigSDSessionId(); String sd_hostname = ""; int sd_ee_port = -1; @@ -483,15 +498,15 @@ public class NamePanel extends WizardPanelBase { sd_hostname = config.getString("securitydomain.host", ""); sd_ee_port = config.getInteger("securitydomain.httpseeport", -1); } catch (Exception ee) { - CMS.debug("NamePanel: configCert() exception caught:"+ee.toString()); + CMS.debug("NamePanel: configCert() exception caught:" + ee.toString()); } String sysType = config.getString("cs.type", ""); String machineName = config.getString("machineName", ""); String securePort = config.getString("service.securePort", ""); if (certTag.equals("subsystem")) { - String content = "requestor_name=" + sysType + "-" + machineName + "-" + securePort + "&profileId="+profileId+"&cert_request_type=pkcs10&cert_request="+URLEncoder.encode(pkcs10, "UTF-8")+"&xmlOutput=true&sessionID="+session_id; - cert = CertUtil.createRemoteCert(sd_hostname, sd_ee_port, - content, response, this); + String content = "requestor_name=" + sysType + "-" + machineName + "-" + securePort + "&profileId=" + profileId + "&cert_request_type=pkcs10&cert_request=" + URLEncoder.encode(pkcs10, "UTF-8") + "&xmlOutput=true&sessionID=" + session_id; + cert = CertUtil.createRemoteCert(sd_hostname, sd_ee_port, + content, response, this); if (cert == null) { throw new IOException("Error: remote certificate is null"); } @@ -504,18 +519,18 @@ public class NamePanel extends WizardPanelBase { } catch (Exception ee) { } - String content = "requestor_name=" + sysType + "-" + machineName + "-" + securePort + "&profileId="+profileId+"&cert_request_type=pkcs10&cert_request="+URLEncoder.encode(pkcs10, "UTF-8")+"&xmlOutput=true&sessionID="+session_id; - cert = CertUtil.createRemoteCert(ca_hostname, ca_port, - content, response, this); + String content = "requestor_name=" + sysType + "-" + machineName + "-" + securePort + "&profileId=" + profileId + "&cert_request_type=pkcs10&cert_request=" + URLEncoder.encode(pkcs10, "UTF-8") + "&xmlOutput=true&sessionID=" + session_id; + cert = CertUtil.createRemoteCert(ca_hostname, ca_port, + content, response, this); if (cert == null) { throw new IOException("Error: remote certificate is null"); } } else if (v.equals("otherca")) { config.putString(subsystem + "." + certTag + ".cert", "...paste certificate here..."); - } else { + } else { CMS.debug("NamePanel: no preop.ca.type is provided"); - } + } } else { // not remote CA, ie, self-signed or local ISubsystem ca = CMS.getSubsystem(ICertificateAuthority.ID); @@ -524,76 +539,76 @@ public class NamePanel extends WizardPanelBase { CMS.debug( "The value for " + s - + " should be remote, nothing else."); + + " should be remote, nothing else."); throw new IOException( "The value for " + s + " should be remote"); - } - + } + String pubKeyType = config.getString( PCERT_PREFIX + certTag + ".keytype"); if (pubKeyType.equals("rsa")) { - String pubKeyModulus = config.getString( - PCERT_PREFIX + certTag + ".pubkey.modulus"); - String pubKeyPublicExponent = config.getString( - PCERT_PREFIX + certTag + ".pubkey.exponent"); - String subsystem = config.getString( - PCERT_PREFIX + certTag + ".subsystem"); + String pubKeyModulus = config.getString( + PCERT_PREFIX + certTag + ".pubkey.modulus"); + String pubKeyPublicExponent = config.getString( + PCERT_PREFIX + certTag + ".pubkey.exponent"); + String subsystem = config.getString( + PCERT_PREFIX + certTag + ".subsystem"); - if (certTag.equals("signing")) { - X509Key x509key = CryptoUtil.getPublicX509Key( - CryptoUtil.string2byte(pubKeyModulus), - CryptoUtil.string2byte(pubKeyPublicExponent)); - - cert = CertUtil.createLocalCert(config, x509key, - PCERT_PREFIX, certTag, caType, context); - } else { - String cacert = config.getString("ca.signing.cert", ""); - - if (cacert.equals("") || cacert.startsWith("...")) { - certObj.setCert( - "...certificate be generated internally..."); - config.putString(subsystem + "." + certTag + ".cert", - "...certificate be generated internally..."); - } else { + if (certTag.equals("signing")) { X509Key x509key = CryptoUtil.getPublicX509Key( CryptoUtil.string2byte(pubKeyModulus), CryptoUtil.string2byte(pubKeyPublicExponent)); cert = CertUtil.createLocalCert(config, x509key, PCERT_PREFIX, certTag, caType, context); + } else { + String cacert = config.getString("ca.signing.cert", ""); + + if (cacert.equals("") || cacert.startsWith("...")) { + certObj.setCert( + "...certificate be generated internally..."); + config.putString(subsystem + "." + certTag + ".cert", + "...certificate be generated internally..."); + } else { + X509Key x509key = CryptoUtil.getPublicX509Key( + CryptoUtil.string2byte(pubKeyModulus), + CryptoUtil.string2byte(pubKeyPublicExponent)); + + cert = CertUtil.createLocalCert(config, x509key, + PCERT_PREFIX, certTag, caType, context); + } } - } } else if (pubKeyType.equals("ecc")) { - String pubKeyEncoded = config.getString( - PCERT_PREFIX + certTag + ".pubkey.encoded"); - String subsystem = config.getString( - PCERT_PREFIX + certTag + ".subsystem"); - - if (certTag.equals("signing")) { + String pubKeyEncoded = config.getString( + PCERT_PREFIX + certTag + ".pubkey.encoded"); + String subsystem = config.getString( + PCERT_PREFIX + certTag + ".subsystem"); - X509Key x509key = CryptoUtil.getPublicX509ECCKey(CryptoUtil.string2byte(pubKeyEncoded)); - cert = CertUtil.createLocalCert(config, x509key, - PCERT_PREFIX, certTag, caType, context); - } else { - String cacert = config.getString("ca.signing.cert", ""); - - if (cacert.equals("") || cacert.startsWith("...")) { - certObj.setCert( - "...certificate be generated internally..."); - config.putString(subsystem + "." + certTag + ".cert", - "...certificate be generated internally..."); - } else { - X509Key x509key = CryptoUtil.getPublicX509ECCKey( - CryptoUtil.string2byte(pubKeyEncoded)); + if (certTag.equals("signing")) { + X509Key x509key = CryptoUtil.getPublicX509ECCKey(CryptoUtil.string2byte(pubKeyEncoded)); cert = CertUtil.createLocalCert(config, x509key, PCERT_PREFIX, certTag, caType, context); + } else { + String cacert = config.getString("ca.signing.cert", ""); + + if (cacert.equals("") || cacert.startsWith("...")) { + certObj.setCert( + "...certificate be generated internally..."); + config.putString(subsystem + "." + certTag + ".cert", + "...certificate be generated internally..."); + } else { + X509Key x509key = CryptoUtil.getPublicX509ECCKey( + CryptoUtil.string2byte(pubKeyEncoded)); + + cert = CertUtil.createLocalCert(config, x509key, + PCERT_PREFIX, certTag, caType, context); + } } - } } else { - // invalid key type - CMS.debug("Invalid key type " + pubKeyType); + // invalid key type + CMS.debug("Invalid key type " + pubKeyType); } if (cert != null) { if (certTag.equals("subsystem")) @@ -605,7 +620,7 @@ public class NamePanel extends WizardPanelBase { byte[] certb = cert.getEncoded(); String certs = CryptoUtil.base64Encode(certb); - // certObj.setCert(certs); + // certObj.setCert(certs); String subsystem = config.getString( PCERT_PREFIX + certTag + ".subsystem"); config.putString(subsystem + "." + certTag + ".cert", certs); @@ -617,58 +632,57 @@ public class NamePanel extends WizardPanelBase { CMS.debug("NamePanel configCert() exception caught:" + e.toString()); } } - + public void configCertWithTag(HttpServletRequest request, HttpServletResponse response, - Context context, String tag) throws IOException - { - CMS.debug("NamePanel: configCertWithTag start"); - Enumeration c = mCerts.elements(); - IConfigStore config = CMS.getConfigStore(); - - while (c.hasMoreElements()) { - Cert cert = (Cert) c.nextElement(); - String ct = cert.getCertTag(); - CMS.debug("NamePanel: configCertWithTag ct=" + ct + - " tag=" +tag); - if (ct.equals(tag)) { - try { - String nickname = HttpInput.getNickname(request, ct + "_nick"); - if (nickname != null) { - CMS.debug("configCertWithTag: Setting nickname for " + ct + " to " + nickname); - config.putString(PCERT_PREFIX + ct + ".nickname", nickname); - cert.setNickname(nickname); - config.commit(false); - } - String dn = HttpInput.getDN(request, ct); - if (dn != null) { - config.putString(PCERT_PREFIX + ct + ".dn", dn); - config.commit(false); - } - } catch (Exception e) { - CMS.debug("NamePanel: configCertWithTag: Exception in setting nickname for " + ct + ": " + e.toString()); - } + Context context, String tag) throws IOException { + CMS.debug("NamePanel: configCertWithTag start"); + Enumeration c = mCerts.elements(); + IConfigStore config = CMS.getConfigStore(); - configCert(request, response, context, cert); - CMS.debug("NamePanel: configCertWithTag done with tag=" + tag); - return; + while (c.hasMoreElements()) { + Cert cert = (Cert) c.nextElement(); + String ct = cert.getCertTag(); + CMS.debug("NamePanel: configCertWithTag ct=" + ct + + " tag=" + tag); + if (ct.equals(tag)) { + try { + String nickname = HttpInput.getNickname(request, ct + "_nick"); + if (nickname != null) { + CMS.debug("configCertWithTag: Setting nickname for " + ct + " to " + nickname); + config.putString(PCERT_PREFIX + ct + ".nickname", nickname); + cert.setNickname(nickname); + config.commit(false); + } + String dn = HttpInput.getDN(request, ct); + if (dn != null) { + config.putString(PCERT_PREFIX + ct + ".dn", dn); + config.commit(false); + } + } catch (Exception e) { + CMS.debug("NamePanel: configCertWithTag: Exception in setting nickname for " + ct + ": " + e.toString()); } - } - CMS.debug("NamePanel: configCertWithTag done"); + + configCert(request, response, context, cert); + CMS.debug("NamePanel: configCertWithTag done with tag=" + tag); + return; + } + } + CMS.debug("NamePanel: configCertWithTag done"); } private boolean inputChanged(HttpServletRequest request) - throws IOException { - IConfigStore config = CMS.getConfigStore(); - + throws IOException { + IConfigStore config = CMS.getConfigStore(); + boolean hasChanged = false; try { Enumeration c = mCerts.elements(); while (c.hasMoreElements()) { Cert cert = (Cert) c.nextElement(); - String ct = cert.getCertTag(); - boolean enable = config.getBoolean(PCERT_PREFIX+ct+".enable", true); + String ct = cert.getCertTag(); + boolean enable = config.getBoolean(PCERT_PREFIX + ct + ".enable", true); if (!enable) continue; @@ -679,10 +693,10 @@ public class NamePanel extends WizardPanelBase { if (!olddn.equals(dn)) hasChanged = true; - String oldnick = config.getString(PCERT_PREFIX + ct + ".nickname"); - String nick = HttpInput.getNickname(request, ct + "_nick"); - if (!oldnick.equals(nick)) - hasChanged = true; + String oldnick = config.getString(PCERT_PREFIX + ct + ".nickname"); + String nick = HttpInput.getNickname(request, ct + "_nick"); + if (!oldnick.equals(nick)) + hasChanged = true; } } catch (Exception e) { @@ -690,34 +704,34 @@ public class NamePanel extends WizardPanelBase { return hasChanged; } - - public String getURL(HttpServletRequest request, IConfigStore config) - { + + public String getURL(HttpServletRequest request, IConfigStore config) { String index = request.getParameter("urls"); - if (index == null){ - return null; + if (index == null) { + return null; } String url = ""; if (index.startsWith("http")) { - // user may submit url directlry - url = index; + // user may submit url directlry + url = index; } else { - try { - int x = Integer.parseInt(index); - String list = config.getString("preop.ca.list", ""); - StringTokenizer tokenizer = new StringTokenizer(list, ","); - int counter = 0; - - while (tokenizer.hasMoreTokens()) { - url = tokenizer.nextToken(); - if (counter == x) { - break; + try { + int x = Integer.parseInt(index); + String list = config.getString("preop.ca.list", ""); + StringTokenizer tokenizer = new StringTokenizer(list, ","); + int counter = 0; + + while (tokenizer.hasMoreTokens()) { + url = tokenizer.nextToken(); + if (counter == x) { + break; + } + counter++; } - counter++; + } catch (Exception e) { } - } catch (Exception e) {} } - return url; + return url; } /** @@ -727,7 +741,7 @@ public class NamePanel extends WizardPanelBase { HttpServletResponse response, Context context) throws IOException { CMS.debug("NamePanel: in update()"); - boolean hasErr = false; + boolean hasErr = false; if (inputChanged(request)) { mServlet.cleanUpFromPanel(mServlet.getPanelNo(request)); @@ -736,12 +750,12 @@ public class NamePanel extends WizardPanelBase { return; } - IConfigStore config = CMS.getConfigStore(); + IConfigStore config = CMS.getConfigStore(); String hselect = ""; ISubsystem subsystem = CMS.getSubsystem(ICertificateAuthority.ID); try { - //if CA, at the hierarchy panel, was it root or subord? + // if CA, at the hierarchy panel, was it root or subord? hselect = config.getString("preop.hierarchy.select", ""); String cstype = config.getString("preop.subsystem.select", ""); if (cstype.equals("clone")) { @@ -750,13 +764,14 @@ public class NamePanel extends WizardPanelBase { configCertWithTag(request, response, context, "sslserver"); String url = getURL(request, config); if (url != null && !url.equals("External CA")) { - // preop.ca.url and admin port are required for setting KRA connector - url = url.substring(url.indexOf("https")); - config.putString("preop.ca.url", url); + // preop.ca.url and admin port are required for setting KRA + // connector + url = url.substring(url.indexOf("https")); + config.putString("preop.ca.url", url); - URL urlx = new URL(url); - updateCloneSDCAInfo(request, context, urlx.getHost(), - Integer.toString(urlx.getPort())); + URL urlx = new URL(url); + updateCloneSDCAInfo(request, context, urlx.getHost(), + Integer.toString(urlx.getPort())); } updateCloneConfig(config); @@ -770,50 +785,51 @@ public class NamePanel extends WizardPanelBase { return; } - //if no hselect, then not CA - if (hselect.equals("") || hselect.equals("join")) { - String select = null; - String url = getURL(request, config); + // if no hselect, then not CA + if (hselect.equals("") || hselect.equals("join")) { + String select = null; + String url = getURL(request, config); - URL urlx = null; + URL urlx = null; - if (url.equals("External CA")) { - CMS.debug("NamePanel: external CA selected"); - select = "otherca"; - config.putString("preop.ca.type", "otherca"); - if (subsystem != null) { - config.putString(PCERT_PREFIX+"signing.type", "remote"); - } + if (url.equals("External CA")) { + CMS.debug("NamePanel: external CA selected"); + select = "otherca"; + config.putString("preop.ca.type", "otherca"); + if (subsystem != null) { + config.putString(PCERT_PREFIX + "signing.type", "remote"); + } - config.putString("preop.ca.pkcs7", ""); - config.putInteger("preop.ca.certchain.size", 0); - context.put("check_otherca", "checked"); - CMS.debug("NamePanel: update: this is the external CA."); - } else { - CMS.debug("NamePanel: local CA selected"); - select = "sdca"; - // parse URL (CA1 - https://...) - url = url.substring(url.indexOf("https")); - config.putString("preop.ca.url", url); - - urlx = new URL(url); - config.putString("preop.ca.type", "sdca"); - CMS.debug("NamePanel: update: this is a CA in the security domain."); - context.put("check_sdca", "checked"); - sdca(request, context, urlx.getHost(), - Integer.toString(urlx.getPort())); - if (subsystem != null) { - config.putString(PCERT_PREFIX + "signing.type", "remote"); - config.putString(PCERT_PREFIX + "signing.profile", - "caInstallCACert"); + config.putString("preop.ca.pkcs7", ""); + config.putInteger("preop.ca.certchain.size", 0); + context.put("check_otherca", "checked"); + CMS.debug("NamePanel: update: this is the external CA."); + } else { + CMS.debug("NamePanel: local CA selected"); + select = "sdca"; + // parse URL (CA1 - https://...) + url = url.substring(url.indexOf("https")); + config.putString("preop.ca.url", url); + + urlx = new URL(url); + config.putString("preop.ca.type", "sdca"); + CMS.debug("NamePanel: update: this is a CA in the security domain."); + context.put("check_sdca", "checked"); + sdca(request, context, urlx.getHost(), + Integer.toString(urlx.getPort())); + if (subsystem != null) { + config.putString(PCERT_PREFIX + "signing.type", "remote"); + config.putString(PCERT_PREFIX + "signing.profile", + "caInstallCACert"); + } } - } - try { - config.commit(false); - } catch (Exception e) {} + try { + config.commit(false); + } catch (Exception e) { + } - } + } try { @@ -821,13 +837,13 @@ public class NamePanel extends WizardPanelBase { while (c.hasMoreElements()) { Cert cert = (Cert) c.nextElement(); - String ct = cert.getCertTag(); + String ct = cert.getCertTag(); String tokenname = cert.getTokenname(); - boolean enable = config.getBoolean(PCERT_PREFIX+ct+".enable", true); + boolean enable = config.getBoolean(PCERT_PREFIX + ct + ".enable", true); if (!enable) continue; - boolean certDone = config.getBoolean(PCERT_PREFIX+ct+".done", false); + boolean certDone = config.getBoolean(PCERT_PREFIX + ct + ".done", false); if (certDone) continue; @@ -850,32 +866,32 @@ public class NamePanel extends WizardPanelBase { try { configCert(request, response, context, cert); - config.putBoolean("preop.cert."+cert.getCertTag()+".done", - true); + config.putBoolean("preop.cert." + cert.getCertTag() + ".done", + true); config.commit(false); } catch (Exception e) { CMS.debug( "NamePanel: update() exception caught:" + e.toString()); - hasErr = true; + hasErr = true; System.err.println("Exception caught: " + e.toString()); } - } // while - if (hasErr == false) { - config.putBoolean("preop.NamePanel.done", true); - config.commit(false); - } + } // while + if (hasErr == false) { + config.putBoolean("preop.NamePanel.done", true); + config.commit(false); + } } catch (Exception e) { CMS.debug("NamePanel: Exception caught: " + e.toString()); System.err.println("Exception caught: " + e.toString()); }// try - try { config.commit(false); - } catch (Exception e) {} + } catch (Exception e) { + } if (!hasErr) { context.put("updateStatus", "success"); @@ -897,15 +913,15 @@ public class NamePanel extends WizardPanelBase { // Retrieve the associated HTTPS Admin port so that it // may be stored for use with ImportAdminCertPanel - https_admin_port = getSecurityDomainAdminPort( config, + https_admin_port = getSecurityDomainAdminPort(config, hostname, httpsPortStr, - "CA" ); + "CA"); int httpsport = -1; try { - httpsport = Integer.parseInt(httpsPortStr); + httpsport = Integer.parseInt(httpsPortStr); } catch (Exception e) { CMS.debug( "NamePanel update: Https port is not valid. Exception: " @@ -934,15 +950,15 @@ public class NamePanel extends WizardPanelBase { // Retrieve the associated HTTPS Admin port so that it // may be stored for use with ImportAdminCertPanel - https_admin_port = getSecurityDomainAdminPort( config, + https_admin_port = getSecurityDomainAdminPort(config, hostname, httpsPortStr, - "CA" ); + "CA"); int httpsport = -1; try { - httpsport = Integer.parseInt(httpsPortStr); + httpsport = Integer.parseInt(httpsPortStr); } catch (Exception e) { CMS.debug( "NamePanel update: Https port is not valid. Exception: " @@ -954,21 +970,19 @@ public class NamePanel extends WizardPanelBase { config.putString("preop.ca.httpsport", httpsPortStr); config.putString("preop.ca.httpsadminport", https_admin_port); ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); - updateCertChainUsingSecureEEPort( config, "ca", hostname, + updateCertChainUsingSecureEEPort(config, "ca", hostname, httpsport, true, context, - certApprovalCallback ); + certApprovalCallback); try { - CMS.debug("Importing CA chain"); - importCertChain("ca"); + CMS.debug("Importing CA chain"); + importCertChain("ca"); } catch (Exception e1) { - CMS.debug("Failed in importing CA chain"); + CMS.debug("Failed in importing CA chain"); } } - public void initParams(HttpServletRequest request, Context context) - throws IOException - { + throws IOException { context.put("certs", mCerts); } @@ -977,10 +991,9 @@ public class NamePanel extends WizardPanelBase { */ public void displayError(HttpServletRequest request, HttpServletResponse response, - Context context) - { + Context context) { try { - initParams(request, context); + initParams(request, context); } catch (IOException e) { } context.put("title", "Subject Names"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java index cf37fdff..28fdfd84 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.security.cert.X509Certificate; import java.util.Enumeration; @@ -50,11 +49,9 @@ import com.netscape.cms.servlet.common.ICMSTemplateFiller; import com.netscape.cmsutil.xml.XMLObject; /** - * This servlet creates a TPS user in the CA, - * and it associates TPS's server certificate to - * the user. Finally, it addes the user to the - * administrator group. This procedure will - * allows TPS to connect to the CA for certificate + * This servlet creates a TPS user in the CA, and it associates TPS's server + * certificate to the user. Finally, it addes the user to the administrator + * group. This procedure will allows TPS to connect to the CA for certificate * issuance. */ public class RegisterUser extends CMSServlet { @@ -68,8 +65,7 @@ public class RegisterUser extends CMSServlet { private final static String AUTH_FAILURE = "2"; private String mGroupName = null; private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE = - "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; - + "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; public RegisterUser() { super(); @@ -77,6 +73,7 @@ public class RegisterUser extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -88,7 +85,7 @@ public class RegisterUser extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. */ protected void process(CMSRequest cmsReq) throws EBaseException { CMS.debug("UpdateUpdater: processing..."); @@ -102,9 +99,9 @@ public class RegisterUser extends CMSServlet { CMS.debug("RegisterUser authentication successful."); } catch (Exception e) { CMS.debug("RegisterUser: authentication failed."); - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", - e.toString())); + e.toString())); outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated"); return; } @@ -117,19 +114,19 @@ public class RegisterUser extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "modify"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "modify"); CMS.debug("RegisterUser authorization successful."); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, "Error: Not authorized"); return; } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, - "Error: Encountered problem during authorization."); + "Error: Encountered problem during authorization."); return; } @@ -150,93 +147,93 @@ public class RegisterUser extends CMSServlet { String auditMessage = null; String auditSubjectID = auditSubjectID(); - String auditParams = "Scope;;users+Operation;;OP_ADD+source;;RegisterUser" + - "+Resource;;"+ uid + - "+fullname;;"+ name + + String auditParams = "Scope;;users+Operation;;OP_ADD+source;;RegisterUser" + + "+Resource;;" + uid + + "+fullname;;" + name + "+state;;1" + "+userType;;<null>+email;;<null>+password;;<null>+phone;;<null>"; - IUGSubsystem ugsys = (IUGSubsystem)CMS.getSubsystem(CMS.SUBSYSTEM_UG); + IUGSubsystem ugsys = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG); IUser user = null; boolean foundByCert = false; X509Certificate certs[] = new X509Certificate[1]; try { - byte bCert[] = null; - X509CertImpl cert = null; - bCert = (byte[]) (com.netscape.osutil.OSUtil.AtoB(certsString)); - cert = new X509CertImpl(bCert); - certs[0] = (X509Certificate)cert; - - // test to see if the cert already belongs to a user - ICertUserLocator cul = ugsys.getCertUserLocator(); - com.netscape.certsrv.usrgrp.Certificates c = - new com.netscape.certsrv.usrgrp.Certificates(certs); - user = (IUser) cul.locateUser(c); + byte bCert[] = null; + X509CertImpl cert = null; + bCert = (byte[]) (com.netscape.osutil.OSUtil.AtoB(certsString)); + cert = new X509CertImpl(bCert); + certs[0] = (X509Certificate) cert; + + // test to see if the cert already belongs to a user + ICertUserLocator cul = ugsys.getCertUserLocator(); + com.netscape.certsrv.usrgrp.Certificates c = + new com.netscape.certsrv.usrgrp.Certificates(certs); + user = (IUser) cul.locateUser(c); } catch (Exception ec) { - CMS.debug("RegisterUser: exception thrown: "+ec.toString()); + CMS.debug("RegisterUser: exception thrown: " + ec.toString()); } if (user == null) { - CMS.debug("RegisterUser NOT found user by cert"); - try { - user = ugsys.getUser(uid); - CMS.debug("RegisterUser found user by uid "+uid); - } catch (Exception eee) { - } + CMS.debug("RegisterUser NOT found user by cert"); + try { + user = ugsys.getUser(uid); + CMS.debug("RegisterUser found user by uid " + uid); + } catch (Exception eee) { + } } else { - foundByCert = true; - CMS.debug("RegisterUser found user by cert"); + foundByCert = true; + CMS.debug("RegisterUser found user by cert"); } - - try { - - if (user == null) { - // create user only if such user does not exist - user = ugsys.createUser(uid); - user.setFullName(name); - user.setState("1"); - user.setUserType(""); - user.setEmail(""); - user.setPhone(""); - user.setPassword(""); - - ugsys.addUser(user); - CMS.debug("RegisterUser created user " + uid); - auditMessage = CMS.getLogMessage( + + try { + + if (user == null) { + // create user only if such user does not exist + user = ugsys.createUser(uid); + user.setFullName(name); + user.setState("1"); + user.setUserType(""); + user.setEmail(""); + user.setPhone(""); + user.setPassword(""); + + ugsys.addUser(user); + CMS.debug("RegisterUser created user " + uid); + auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, ILogger.SUCCESS, auditParams); - audit(auditMessage); - } - - // extract all line separators - StringBuffer sb = new StringBuffer(); - for (int i = 0; i < certsString.length(); i++) { - if (!Character.isWhitespace(certsString.charAt(i))) { - sb.append(certsString.charAt(i)); - } - } - certsString = sb.toString(); - - auditParams = "Scope;;certs+Operation;;OP_ADD+source;;RegisterUser" + - "+Resource;;"+ uid + - "+cert;;"+certsString; - - user.setX509Certificates(certs); - if (!foundByCert) { - ugsys.addUserCert(user); - CMS.debug("RegisterUser added user certificate"); - auditMessage = CMS.getLogMessage( + audit(auditMessage); + } + + // extract all line separators + StringBuffer sb = new StringBuffer(); + for (int i = 0; i < certsString.length(); i++) { + if (!Character.isWhitespace(certsString.charAt(i))) { + sb.append(certsString.charAt(i)); + } + } + certsString = sb.toString(); + + auditParams = "Scope;;certs+Operation;;OP_ADD+source;;RegisterUser" + + "+Resource;;" + uid + + "+cert;;" + certsString; + + user.setX509Certificates(certs); + if (!foundByCert) { + ugsys.addUserCert(user); + CMS.debug("RegisterUser added user certificate"); + auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, ILogger.SUCCESS, auditParams); - audit(auditMessage); - } else - CMS.debug("RegisterUser no need to add user certificate"); - } catch (Exception eee) { + audit(auditMessage); + } else + CMS.debug("RegisterUser no need to add user certificate"); + } catch (Exception eee) { CMS.debug("RegisterUser error " + eee.toString()); auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CONFIG_ROLE, @@ -249,20 +246,19 @@ public class RegisterUser extends CMSServlet { return; } - // add user to the group auditParams = "Scope;;groups+Operation;;OP_MODIFY+source;;RegisterUser" + - "+Resource;;"+ mGroupName; + "+Resource;;" + mGroupName; try { Enumeration groups = ugsys.findGroups(mGroupName); - IGroup group = (IGroup)groups.nextElement(); + IGroup group = (IGroup) groups.nextElement(); auditParams += "+user;;"; Enumeration members = group.getMemberNames(); while (members.hasMoreElements()) { auditParams += (String) members.nextElement(); if (members.hasMoreElements()) { - auditParams +=","; + auditParams += ","; } } @@ -280,15 +276,15 @@ public class RegisterUser extends CMSServlet { audit(auditMessage); } - } catch (Exception e) { - auditMessage = CMS.getLogMessage( + } catch (Exception e) { + auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, ILogger.FAILURE, auditParams); - audit(auditMessage); - } + audit(auditMessage); + } // send success status back to the requestor try { @@ -305,14 +301,23 @@ public class RegisterUser extends CMSServlet { } } - protected void setDefaultTemplates(ServletConfig sc) {} + protected void setDefaultTemplates(ServletConfig sc) { + } protected void renderTemplate( CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) - throws IOException {// do nothing - } + throws IOException {// do nothing + } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java index 76f5a749..4763f814 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.FileInputStream; @@ -76,19 +75,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class RestoreKeyCertPanel extends WizardPanelBase { - public RestoreKeyCertPanel() {} + public RestoreKeyCertPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Import Keys and Certificates"); } public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + throws ServletException { setPanelNo(panelno); setName("Import Keys and Certificates"); setId(id); @@ -99,18 +99,18 @@ public class RestoreKeyCertPanel extends WizardPanelBase { */ public boolean shouldSkip() { CMS.debug("RestoreKeyCertPanel: should skip"); - + IConfigStore cs = CMS.getConfigStore(); // if we are root, no need to get the certificate chain. - + try { - String select = cs.getString("preop.subsystem.select",""); + String select = cs.getString("preop.subsystem.select", ""); if (select.equals("clone")) { return false; } } catch (EBaseException e) { } - + return true; } @@ -138,15 +138,16 @@ public class RestoreKeyCertPanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -160,7 +161,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase { IConfigStore config = CMS.getConfigStore(); if (isPanelDone()) { - + try { String s = config.getString("preop.pk12.path", ""); String type = config.getString("preop.subsystem.select", ""); @@ -193,15 +194,14 @@ public class RestoreKeyCertPanel extends WizardPanelBase { if (!tokenname.equals("Internal Key Storage Token")) return; - // Path can be empty. If this case, we just want to + // Path can be empty. If this case, we just want to // get to the next panel. Customer has HSM. String s = HttpInput.getString(request, "path"); // if (s == null || s.equals("")) { - // CMS.debug("RestoreKeyCertPanel validate: path is empty"); - // throw new IOException("Path is empty"); + // CMS.debug("RestoreKeyCertPanel validate: path is empty"); + // throw new IOException("Path is empty"); // } - if (s != null && !s.equals("")) { s = HttpInput.getPassword(request, "__password"); if (s == null || s.equals("")) { @@ -217,15 +217,14 @@ public class RestoreKeyCertPanel extends WizardPanelBase { */ public void update(HttpServletRequest request, HttpServletResponse response, - Context context) throws IOException - { + Context context) throws IOException { IConfigStore config = CMS.getConfigStore(); String path = HttpInput.getString(request, "path"); if (path == null || path.equals("")) { - // skip to next panel + // skip to next panel config.putBoolean("preop.restorekeycert.done", true); try { - config.commit(false); + config.commit(false); } catch (EBaseException e) { } getConfigEntriesFromMaster(request, response, context); @@ -233,7 +232,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase { return; } String pwd = HttpInput.getPassword(request, "__password"); - + String tokenn = ""; String instanceRoot = ""; @@ -246,7 +245,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase { if (tokenn.equals("Internal Key Storage Token")) { byte b[] = new byte[1000000]; FileInputStream fis = new FileInputStream(instanceRoot + "/alias/" + path); - while (fis.available() > 0) + while (fis.available() > 0) fis.read(b); fis.close(); @@ -256,10 +255,10 @@ public class RestoreKeyCertPanel extends WizardPanelBase { PFX pfx = null; boolean verifypfx = false; try { - pfx = (PFX)(new PFX.Template()).decode(bis); - verifypfx = pfx.verifyAuthSafes(password, reason); + pfx = (PFX) (new PFX.Template()).decode(bis); + verifypfx = pfx.verifyAuthSafes(password, reason); } catch (Exception e) { - CMS.debug("RestoreKeyCertPanel update: Exception="+e.toString()); + CMS.debug("RestoreKeyCertPanel update: Exception=" + e.toString()); } if (verifypfx) { @@ -267,50 +266,50 @@ public class RestoreKeyCertPanel extends WizardPanelBase { AuthenticatedSafes safes = pfx.getAuthSafes(); Vector pkeyinfo_collection = new Vector(); Vector cert_collection = new Vector(); - for (int i=0; i<safes.getSize(); i++) { + for (int i = 0; i < safes.getSize(); i++) { try { - SEQUENCE scontent = safes.getSafeContentsAt(null, i); - for (int j=0; j<scontent.size(); j++) { - SafeBag bag = (SafeBag)scontent.elementAt(j); + SEQUENCE scontent = safes.getSafeContentsAt(null, i); + for (int j = 0; j < scontent.size(); j++) { + SafeBag bag = (SafeBag) scontent.elementAt(j); OBJECT_IDENTIFIER oid = bag.getBagType(); if (oid.equals(SafeBag.PKCS8_SHROUDED_KEY_BAG)) { - EncryptedPrivateKeyInfo privkeyinfo = - (EncryptedPrivateKeyInfo)bag.getInterpretedBagContent(); + EncryptedPrivateKeyInfo privkeyinfo = + (EncryptedPrivateKeyInfo) bag.getInterpretedBagContent(); PasswordConverter passConverter = new PasswordConverter(); PrivateKeyInfo pkeyinfo = privkeyinfo.decrypt(password, new PasswordConverter()); Vector pkeyinfo_v = new Vector(); pkeyinfo_v.addElement(pkeyinfo); SET bagAttrs = bag.getBagAttributes(); - for (int k=0; k<bagAttrs.size(); k++) { - Attribute attrs = (Attribute)bagAttrs.elementAt(k); + for (int k = 0; k < bagAttrs.size(); k++) { + Attribute attrs = (Attribute) bagAttrs.elementAt(k); OBJECT_IDENTIFIER aoid = attrs.getType(); if (aoid.equals(SafeBag.FRIENDLY_NAME)) { SET val = attrs.getValues(); - ANY ss = (ANY)val.elementAt(0); + ANY ss = (ANY) val.elementAt(0); ByteArrayInputStream bbis = new ByteArrayInputStream(ss.getEncoded()); - BMPString sss = (BMPString)(new BMPString.Template()).decode(bbis); + BMPString sss = (BMPString) (new BMPString.Template()).decode(bbis); String s = sss.toString(); pkeyinfo_v.addElement(s); } } pkeyinfo_collection.addElement(pkeyinfo_v); } else if (oid.equals(SafeBag.CERT_BAG)) { - CertBag cbag = (CertBag)bag.getInterpretedBagContent(); - OCTET_STRING str = (OCTET_STRING)cbag.getInterpretedCert(); + CertBag cbag = (CertBag) bag.getInterpretedBagContent(); + OCTET_STRING str = (OCTET_STRING) cbag.getInterpretedCert(); byte[] x509cert = str.toByteArray(); Vector cert_v = new Vector(); cert_v.addElement(x509cert); SET bagAttrs = bag.getBagAttributes(); - + if (bagAttrs != null) { - for (int k=0; k<bagAttrs.size(); k++) { - Attribute attrs = (Attribute)bagAttrs.elementAt(k); + for (int k = 0; k < bagAttrs.size(); k++) { + Attribute attrs = (Attribute) bagAttrs.elementAt(k); OBJECT_IDENTIFIER aoid = attrs.getType(); if (aoid.equals(SafeBag.FRIENDLY_NAME)) { SET val = attrs.getValues(); - ANY ss = (ANY)val.elementAt(0); + ANY ss = (ANY) val.elementAt(0); ByteArrayInputStream bbis = new ByteArrayInputStream(ss.getEncoded()); - BMPString sss = (BMPString)(new BMPString.Template()).decode(bbis); + BMPString sss = (BMPString) (new BMPString.Template()).decode(bbis); String s = sss.toString(); cert_v.addElement(s); } @@ -321,10 +320,10 @@ public class RestoreKeyCertPanel extends WizardPanelBase { } } } catch (Exception e) { - CMS.debug("RestoreKeyCertPanel update: Exception="+e.toString()); + CMS.debug("RestoreKeyCertPanel update: Exception=" + e.toString()); } } - + importkeycert(pkeyinfo_collection, cert_collection); } else { context.put("updateStatus", "failure"); @@ -342,7 +341,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase { cstype = toLowerCaseSubsystemType(cstype); if (subsystemtype.equals("clone")) { - CMS.debug("RestoreKeyCertPanel: this is the clone subsystem"); + CMS.debug("RestoreKeyCertPanel: this is the clone subsystem"); boolean cloneReady = isCertdbCloned(request, context); if (!cloneReady) { CMS.debug("RestoreKeyCertPanel update: clone does not have all the certificates."); @@ -363,7 +362,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase { } private void getConfigEntriesFromMaster(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { try { IConfigStore config = CMS.getConfigStore(); String cstype = ""; @@ -388,14 +387,14 @@ public class RestoreKeyCertPanel extends WizardPanelBase { String content = ""; if (cstype.equals("ca") || cstype.equals("kra")) { - content = "type=request&xmlOutput=true&sessionID="+session_id; + content = "type=request&xmlOutput=true&sessionID=" + session_id; CMS.debug("http content=" + content); updateNumberRange(master_hostname, master_ee_port, true, content, "request", response); - content = "type=serialNo&xmlOutput=true&sessionID="+session_id; + content = "type=serialNo&xmlOutput=true&sessionID=" + session_id; updateNumberRange(master_hostname, master_ee_port, true, content, "serialNo", response); - content = "type=replicaId&xmlOutput=true&sessionID="+session_id; + content = "type=replicaId&xmlOutput=true&sessionID=" + session_id; updateNumberRange(master_hostname, master_ee_port, true, content, "replicaId", response); } @@ -406,7 +405,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase { } StringBuffer c1 = new StringBuffer(); - StringBuffer s1 = new StringBuffer(); + StringBuffer s1 = new StringBuffer(); StringTokenizer tok = new StringTokenizer(list, ","); while (tok.hasMoreTokens()) { String t1 = tok.nextToken(); @@ -438,8 +437,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase { c1.append(t1); c1.append(".pubkey.encoded"); - - if (s1.length()!=0) + if (s1.length() != 0) s1.append(","); s1.append(cstype); @@ -449,18 +447,18 @@ public class RestoreKeyCertPanel extends WizardPanelBase { if (!cstype.equals("ca")) { c1.append(",cloning.ca.hostname,cloning.ca.httpport,cloning.ca.httpsport,cloning.ca.list,cloning.ca.pkcs7,cloning.ca.type"); - } + } if (cstype.equals("ca")) { /* get ca connector details */ - if (s1.length()!=0) + if (s1.length() != 0) s1.append(","); s1.append("ca.connector.KRA"); } - content = "op=get&names=cloning.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,internaldb.replication.password,internaldb.ldapconn.host,internaldb.ldapconn.port,internaldb.ldapauth.bindDN"+c1.toString()+"&substores="+s1.toString()+"&xmlOutput=true&sessionID="+session_id; + content = "op=get&names=cloning.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,internaldb.replication.password,internaldb.ldapconn.host,internaldb.ldapconn.port,internaldb.ldapauth.bindDN" + c1.toString() + "&substores=" + s1.toString() + "&xmlOutput=true&sessionID=" + session_id; boolean success = updateConfigEntries(master_hostname, master_port, true, - "/"+cstype+"/admin/"+cstype+"/getConfigEntries", content, config, response); + "/" + cstype + "/admin/" + cstype + "/getConfigEntries", content, config, response); if (!success) { context.put("errorString", "Failed to get configuration entries from the master"); throw new IOException("Failed to get configuration entries from the master"); @@ -473,7 +471,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase { } catch (IOException eee) { throw eee; } catch (Exception eee) { - CMS.debug("RestoreKeyCertPanel: update exception caught:"+eee.toString()); + CMS.debug("RestoreKeyCertPanel: update exception caught:" + eee.toString()); } } catch (IOException ee) { @@ -491,38 +489,38 @@ public class RestoreKeyCertPanel extends WizardPanelBase { String s = st.nextToken(); if (s.equals("sslserver")) continue; - String name = "preop.master."+s+".nickname"; + String name = "preop.master." + s + ".nickname"; String nickname = cs.getString(name, ""); CryptoManager cm = CryptoManager.getInstance(); X509Certificate xcert = null; try { xcert = cm.findCertByNickname(nickname); } catch (Exception ee) { - CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception="+ee.toString()); + CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception=" + ee.toString()); } CryptoToken ct = cm.getInternalKeyStorageToken(); CryptoStore store = ct.getCryptoStore(); try { store.deleteCert(xcert); } catch (Exception ee) { - CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception="+ee.toString()); + CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception=" + ee.toString()); } } } catch (Exception e) { - CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception="+e.toString()); - } + CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception=" + e.toString()); + } } private org.mozilla.jss.crypto.PrivateKey.Type getPrivateKeyType(PublicKey pubkey) { - CMS.debug("Key Algorithm '"+pubkey.getAlgorithm()+"'"); - if (pubkey.getAlgorithm().equals("EC")) { - return org.mozilla.jss.crypto.PrivateKey.Type.EC; - } - return org.mozilla.jss.crypto.PrivateKey.Type.RSA; + CMS.debug("Key Algorithm '" + pubkey.getAlgorithm() + "'"); + if (pubkey.getAlgorithm().equals("EC")) { + return org.mozilla.jss.crypto.PrivateKey.Type.EC; + } + return org.mozilla.jss.crypto.PrivateKey.Type.RSA; } - private void importkeycert(Vector pkeyinfo_collection, - Vector cert_collection) throws IOException { + private void importkeycert(Vector pkeyinfo_collection, + Vector cert_collection) throws IOException { CryptoManager cm = null; try { cm = CryptoManager.getInstance(); @@ -532,12 +530,12 @@ public class RestoreKeyCertPanel extends WizardPanelBase { // delete all existing certificates first deleteExistingCerts(); - for (int i=0; i<pkeyinfo_collection.size(); i++) { + for (int i = 0; i < pkeyinfo_collection.size(); i++) { try { - Vector pkeyinfo_v = (Vector)pkeyinfo_collection.elementAt(i); - PrivateKeyInfo pkeyinfo = (PrivateKeyInfo)pkeyinfo_v.elementAt(0); - String nickname = (String)pkeyinfo_v.elementAt(1); - byte[] x509cert = getX509Cert(nickname, cert_collection); + Vector pkeyinfo_v = (Vector) pkeyinfo_collection.elementAt(i); + PrivateKeyInfo pkeyinfo = (PrivateKeyInfo) pkeyinfo_v.elementAt(0); + String nickname = (String) pkeyinfo_v.elementAt(1); + byte[] x509cert = getX509Cert(nickname, cert_collection); X509Certificate cert = cm.importCACertPackage(x509cert); ByteArrayOutputStream bos = new ByteArrayOutputStream(); pkeyinfo.encode(bos); @@ -550,32 +548,32 @@ public class RestoreKeyCertPanel extends WizardPanelBase { try { store.deleteCert(cert); } catch (Exception ee) { - CMS.debug("RestoreKeyCertPanel importKeyCert: Exception="+ee.toString()); + CMS.debug("RestoreKeyCertPanel importKeyCert: Exception=" + ee.toString()); } KeyGenerator kg = token.getKeyGenerator(KeyGenAlgorithm.DES3); SymmetricKey sk = kg.generate(); - byte iv[] = {0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1}; + byte iv[] = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 }; IVParameterSpec param = new IVParameterSpec(iv); Cipher c = token.getCipherContext(EncryptionAlgorithm.DES3_CBC_PAD); c.initEncrypt(sk, param); byte[] encpkey = c.doFinal(pkey); - + KeyWrapper wrapper = token.getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD); wrapper.initUnwrap(sk, param); org.mozilla.jss.crypto.PrivateKey pp = wrapper.unwrapPrivate(encpkey, getPrivateKeyType(publickey), publickey); } catch (Exception e) { - CMS.debug("RestoreKeyCertPanel importkeycert: Exception="+e.toString()); + CMS.debug("RestoreKeyCertPanel importkeycert: Exception=" + e.toString()); } } - for (int i=0; i<cert_collection.size(); i++) { + for (int i = 0; i < cert_collection.size(); i++) { try { - Vector cert_v = (Vector)cert_collection.elementAt(i); - byte[] cert = (byte[])cert_v.elementAt(0); + Vector cert_v = (Vector) cert_collection.elementAt(i); + byte[] cert = (byte[]) cert_v.elementAt(0); if (cert_v.size() > 1) { - String name = (String)cert_v.elementAt(1); + String name = (String) cert_v.elementAt(1); // we need to delete the trusted CA certificate if it is // the same as the ca signing certificate if (isCASigningCert(name)) { @@ -586,10 +584,10 @@ public class RestoreKeyCertPanel extends WizardPanelBase { CMS.debug("RestoreKeyCertPanel deleteCert: this is pk11store"); if (store instanceof PK11Store) { try { - PK11Store pk11store = (PK11Store)store; + PK11Store pk11store = (PK11Store) store; pk11store.deleteCertOnly(certchain); } catch (Exception ee) { - CMS.debug("RestoreKeyCertPanel importKeyCert: Exception="+ee.toString()); + CMS.debug("RestoreKeyCertPanel importKeyCert: Exception=" + ee.toString()); } } } @@ -598,18 +596,18 @@ public class RestoreKeyCertPanel extends WizardPanelBase { X509Certificate xcert = cm.importUserCACertPackage(cert, name); if (name.startsWith("caSigningCert")) { // we need to change the trust attribute to CT - InternalCertificate icert = (InternalCertificate)xcert; - icert.setSSLTrust(InternalCertificate.TRUSTED_CA - | InternalCertificate.TRUSTED_CLIENT_CA - | InternalCertificate.VALID_CA); + InternalCertificate icert = (InternalCertificate) xcert; + icert.setSSLTrust(InternalCertificate.TRUSTED_CA + | InternalCertificate.TRUSTED_CLIENT_CA + | InternalCertificate.VALID_CA); } else if (name.startsWith("auditSigningCert")) { - InternalCertificate icert = (InternalCertificate)xcert; + InternalCertificate icert = (InternalCertificate) xcert; icert.setObjectSigningTrust(InternalCertificate.USER | InternalCertificate.VALID_PEER | InternalCertificate.TRUSTED_PEER); } } else cm.importCACertPackage(cert); } catch (Exception e) { - CMS.debug("RestoreKeyCertPanel importkeycert: Exception="+e.toString()); + CMS.debug("RestoreKeyCertPanel importkeycert: Exception=" + e.toString()); } } } @@ -628,15 +626,15 @@ public class RestoreKeyCertPanel extends WizardPanelBase { return false; } - private X509Certificate getX509CertFromToken(byte[] cert) - throws IOException { + private X509Certificate getX509CertFromToken(byte[] cert) + throws IOException { try { X509CertImpl impl = new X509CertImpl(cert); String issuer_impl = impl.getIssuerDN().toString(); BigInteger serial_impl = impl.getSerialNumber(); CryptoManager cm = CryptoManager.getInstance(); X509Certificate[] permcerts = cm.getPermCerts(); - for (int i=0; i<permcerts.length; i++) { + for (int i = 0; i < permcerts.length; i++) { String issuer_p = permcerts[i].getSubjectDN().toString(); BigInteger serial_p = permcerts[i].getSerialNumber(); if (issuer_p.equals(issuer_impl) && serial_p.compareTo(serial_impl) == 0) { @@ -644,25 +642,25 @@ public class RestoreKeyCertPanel extends WizardPanelBase { } } } catch (Exception e) { - CMS.debug("RestoreKeyCertPanel getX509CertFromToken: Exception="+e.toString()); + CMS.debug("RestoreKeyCertPanel getX509CertFromToken: Exception=" + e.toString()); } return null; } - private byte[] getX509Cert(String nickname, Vector cert_collection) - throws IOException { - for (int i=0; i<cert_collection.size(); i++) { - Vector v = (Vector)cert_collection.elementAt(i); - byte[] b = (byte[])v.elementAt(0); + private byte[] getX509Cert(String nickname, Vector cert_collection) + throws IOException { + for (int i = 0; i < cert_collection.size(); i++) { + Vector v = (Vector) cert_collection.elementAt(i); + byte[] b = (byte[]) v.elementAt(0); X509CertImpl impl = null; try { impl = new X509CertImpl(b); } catch (Exception e) { - CMS.debug("RestoreKeyCertPanel getX509Cert: Exception="+e.toString()); - throw new IOException( e.toString() ); + CMS.debug("RestoreKeyCertPanel getX509Cert: Exception=" + e.toString()); + throw new IOException(e.toString()); } - Principal subjectdn = impl.getSubjectDN(); + Principal subjectdn = impl.getSubjectDN(); if (LDAPDN.equals(subjectdn.toString(), nickname)) return b; } @@ -674,9 +672,8 @@ public class RestoreKeyCertPanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) - { + HttpServletResponse response, + Context context) { context.put("title", "Import Keys and Certificates"); context.put("password", ""); context.put("path", ""); @@ -684,7 +681,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase { } private boolean isCertdbCloned(HttpServletRequest request, - Context context) { + Context context) { IConfigStore config = CMS.getConfigStore(); String certList = ""; try { @@ -698,13 +695,13 @@ public class RestoreKeyCertPanel extends WizardPanelBase { String tokenname = config.getString("preop.module.token", ""); CryptoToken tok = cm.getTokenByName(tokenname); CryptoStore store = tok.getCryptoStore(); - String name1 = "preop.master."+token+".nickname"; + String name1 = "preop.master." + token + ".nickname"; String nickname = config.getString(name1, ""); if (!tokenname.equals("Internal Key Storage Token") && - !tokenname.equals("internal")) - nickname = tokenname+":"+nickname; + !tokenname.equals("internal")) + nickname = tokenname + ":" + nickname; - CMS.debug("RestoreKeyCertPanel isCertdbCloned: "+nickname); + CMS.debug("RestoreKeyCertPanel isCertdbCloned: " + nickname); X509Certificate cert = cm.findCertByNickname(nickname); if (cert == null) return false; diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java index 854e8f10..0c066268 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java @@ -34,19 +34,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class SavePKCS12Panel extends WizardPanelBase { - public SavePKCS12Panel() {} + public SavePKCS12Panel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Save Keys and Certificates"); } public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + throws ServletException { setPanelNo(panelno); setName("Save Keys and Certificates"); setId(id); @@ -60,11 +61,11 @@ public class SavePKCS12Panel extends WizardPanelBase { try { boolean enable = cs.getBoolean("preop.backupkeys.enable", false); - if (!enable) + if (!enable) return true; } catch (Exception e) { } - + return false; } @@ -77,13 +78,14 @@ public class SavePKCS12Panel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + return set; } @@ -116,7 +118,7 @@ public class SavePKCS12Panel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { } /** @@ -134,9 +136,8 @@ public class SavePKCS12Panel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) - { + HttpServletResponse response, + Context context) { context.put("title", "Save Keys and Certificates"); context.put("panel", "admin/console/config/savepkcs12panel.vm"); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainLogin.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainLogin.java index 3a5d82d1..42165b08 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainLogin.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainLogin.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.net.URL; import java.net.URLDecoder; @@ -59,9 +58,9 @@ public class SecurityDomainLogin extends BaseServlet { int index = url.indexOf("subsystem="); String subsystem = ""; if (index > 0) { - subsystem = url.substring(index+10); + subsystem = url.substring(index + 10); int index1 = subsystem.indexOf("&"); - if (index1 > 0) + if (index1 > 0) subsystem = subsystem.substring(0, index1); } context.put("sd_uid", ""); @@ -70,14 +69,14 @@ public class SecurityDomainLogin extends BaseServlet { context.put("host", u.getHost()); context.put("sdhost", CMS.getEESSLHost()); if (subsystem.equals("KRA")) { - subsystem = "DRM"; + subsystem = "DRM"; } context.put("subsystem", subsystem); // The "securitydomain.name" property ONLY resides in the "CS.cfg" // associated with the CS subsystem hosting the security domain. IConfigStore cs = CMS.getConfigStore(); String sdname = cs.getString("securitydomain.name", ""); - context.put("name", sdname); + context.put("name", sdname); template = Velocity.getTemplate("admin/console/config/securitydomainloginpanel.vm"); } catch (Exception e) { System.err.println("Exception caught: " + e.getMessage()); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java index 90a6aeb0..8e52aa37 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.net.MalformedURLException; import java.net.URL; @@ -39,19 +38,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class SecurityDomainPanel extends WizardPanelBase { - public SecurityDomainPanel() {} + public SecurityDomainPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) + throws ServletException { setPanelNo(panelno); setName("Security Domain"); } public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + throws ServletException { setPanelNo(panelno); setName("Security Domain"); setId(id); @@ -72,15 +72,16 @@ public class SecurityDomainPanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -136,7 +137,8 @@ public class SecurityDomainPanel extends WizardPanelBase { context.put("https_ee_port", CMS.getEESSLPort()); context.put("https_admin_port", CMS.getAdminPort()); context.put("sdomainAdminURL", default_admin_url); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } context.put("panel", "admin/console/config/securitydomainpanel.vm"); context.put("errorString", errorString); @@ -157,18 +159,18 @@ public class SecurityDomainPanel extends WizardPanelBase { while (st.hasMoreTokens()) { count++; String n = st.nextToken(); - if (first) { //skip the hostname + if (first) { // skip the hostname first = false; continue; } if (count == numTokens) // skip the last element (e.g. com) continue; - sb.append((defaultDomain.length()==0)? "":" "); + sb.append((defaultDomain.length() == 0) ? "" : " "); sb.append(capitalize(n)); } - defaultDomain = sb.toString() + " "+ "Domain"; + defaultDomain = sb.toString() + " " + "Domain"; name = defaultDomain; - CMS.debug("SecurityDomainPanel: defaultDomain generated:"+ name); + CMS.debug("SecurityDomainPanel: defaultDomain generated:" + name); } catch (MalformedURLException e) { errorString = "Malformed URL"; // not being able to come up with default domain name is ok @@ -176,54 +178,53 @@ public class SecurityDomainPanel extends WizardPanelBase { } context.put("sdomainName", name); - if( default_admin_url != null ) { + if (default_admin_url != null) { String r = null; try { // check to see if "default" security domain exists // on local machine - URL u = new URL( default_admin_url ); + URL u = new URL(default_admin_url); String hostname = u.getHost(); int port = u.getPort(); - ConfigCertApprovalCallback - certApprovalCallback = new ConfigCertApprovalCallback(); - r = pingCS( hostname, port, true, certApprovalCallback ); + ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); + r = pingCS(hostname, port, true, certApprovalCallback); } catch (Exception e) { - CMS.debug( "SecurityDomainPanel: exception caught: " - + e.toString() ); + CMS.debug("SecurityDomainPanel: exception caught: " + + e.toString()); } - - if( r != null ) { + + if (r != null) { // "default" security domain exists on local machine; // fill "sdomainURL" in with "default" security domain // as an initial "guess" - CMS.debug( "SecurityDomainPanel: pingCS returns: "+r ); - context.put( "sdomainURL", default_admin_url ); + CMS.debug("SecurityDomainPanel: pingCS returns: " + r); + context.put("sdomainURL", default_admin_url); } else { // "default" security domain does NOT exist on local machine; // leave "sdomainURL" blank - CMS.debug( "SecurityDomainPanel: pingCS no successful response" ); - context.put( "sdomainURL", "" ); + CMS.debug("SecurityDomainPanel: pingCS no successful response"); + context.put("sdomainURL", ""); } } // Information for "existing" Security Domain CAs String initDaemon = "pki-cad"; String instanceId = "<security_domain_instance_name>"; - String os = System.getProperty( "os.name" ); - if( os.equalsIgnoreCase( "Linux" ) ) { - if (! systemdService.equals("")) { - context.put( "initCommand", "/usr/bin/pkicontrol" ); - context.put( "instanceId", "ca " + systemdService ); + String os = System.getProperty("os.name"); + if (os.equalsIgnoreCase("Linux")) { + if (!systemdService.equals("")) { + context.put("initCommand", "/usr/bin/pkicontrol"); + context.put("instanceId", "ca " + systemdService); } else { - context.put( "initCommand", "/sbin/service " + initDaemon ); - context.put( "instanceId", instanceId ); + context.put("initCommand", "/sbin/service " + initDaemon); + context.put("instanceId", instanceId); } } else { - /* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */ - context.put( "initCommand", "/etc/init.d/" + initDaemon ); - context.put( "instanceId", instanceId ); + /* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */ + context.put("initCommand", "/etc/init.d/" + initDaemon); + context.put("instanceId", instanceId); } } @@ -231,7 +232,7 @@ public class SecurityDomainPanel extends WizardPanelBase { if (s.length() == 0) { return s; } else { - return s.substring(0,1).toUpperCase() + s.substring(1); + return s.substring(0, 1).toUpperCase() + s.substring(1); } } @@ -241,7 +242,7 @@ public class SecurityDomainPanel extends WizardPanelBase { public void validate(HttpServletRequest request, HttpServletResponse response, Context context) throws IOException { - + String select = HttpInput.getID(request, "choice"); if (select.equals("newdomain")) { String name = HttpInput.getSecurityDomainName(request, "sdomainName"); @@ -251,50 +252,48 @@ public class SecurityDomainPanel extends WizardPanelBase { throw new IOException("Missing name value for the security domain"); } } else if (select.equals("existingdomain")) { - CMS.debug( "SecurityDomainPanel: validating " - + "SSL Admin HTTPS . . ." ); - String admin_url = HttpInput.getURL( request, "sdomainURL" ); - if( admin_url == null || admin_url.equals("") ) { - initParams( request, context ); + CMS.debug("SecurityDomainPanel: validating " + + "SSL Admin HTTPS . . ."); + String admin_url = HttpInput.getURL(request, "sdomainURL"); + if (admin_url == null || admin_url.equals("")) { + initParams(request, context); context.put("updateStatus", "validate-failure"); - throw new IOException( "Missing SSL Admin HTTPS url value " - + "for the security domain" ); + throw new IOException("Missing SSL Admin HTTPS url value " + + "for the security domain"); } else { String r = null; try { - URL u = new URL( admin_url ); + URL u = new URL(admin_url); String hostname = u.getHost(); int admin_port = u.getPort(); - ConfigCertApprovalCallback - certApprovalCallback = new ConfigCertApprovalCallback(); - r = pingCS( hostname, admin_port, true, - certApprovalCallback ); - } catch( Exception e ) { - CMS.debug( "SecurityDomainPanel: exception caught: " - + e.toString() ); + ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); + r = pingCS(hostname, admin_port, true, + certApprovalCallback); + } catch (Exception e) { + CMS.debug("SecurityDomainPanel: exception caught: " + + e.toString()); context.put("updateStatus", "validate-failure"); - throw new IOException( "Illegal SSL Admin HTTPS url value " - + "for the security domain" ); + throw new IOException("Illegal SSL Admin HTTPS url value " + + "for the security domain"); } if (r != null) { CMS.debug("SecurityDomainPanel: pingAdminCS returns: " - + r ); - context.put( "sdomainURL", admin_url ); + + r); + context.put("sdomainURL", admin_url); } else { - CMS.debug( "SecurityDomainPanel: pingAdminCS " - + "no successful response for SSL Admin HTTPS" ); - context.put( "sdomainURL", "" ); + CMS.debug("SecurityDomainPanel: pingAdminCS " + + "no successful response for SSL Admin HTTPS"); + context.put("sdomainURL", ""); } } } } - public void initParams(HttpServletRequest request, Context context) - throws IOException - { + public void initParams(HttpServletRequest request, Context context) + throws IOException { IConfigStore config = CMS.getConfigStore(); try { context.put("cstype", config.getString("cs.type")); @@ -306,7 +305,7 @@ public class SecurityDomainPanel extends WizardPanelBase { context.put("check_newdomain", "checked"); context.put("check_existingdomain", ""); } else if (select.equals("existingdomain")) { - context.put("check_newdomain", ""); + context.put("check_newdomain", ""); context.put("check_existingdomain", "checked"); } @@ -340,29 +339,30 @@ public class SecurityDomainPanel extends WizardPanelBase { if (select.equals("newdomain")) { config.putString("preop.securitydomain.select", "new"); config.putString("securitydomain.select", "new"); - config.putString("preop.securitydomain.name", - HttpInput.getDomainName(request, "sdomainName")); - config.putString("securitydomain.name", - HttpInput.getDomainName(request, "sdomainName")); - config.putString("securitydomain.host", - CMS.getEENonSSLHost()); - config.putString("securitydomain.httpport", - CMS.getEENonSSLPort()); - config.putString("securitydomain.httpsagentport", - CMS.getAgentPort()); - config.putString("securitydomain.httpseeport", - CMS.getEESSLPort()); - config.putString("securitydomain.httpsadminport", - CMS.getAdminPort()); - - // make sure the subsystem certificate is issued by the security + config.putString("preop.securitydomain.name", + HttpInput.getDomainName(request, "sdomainName")); + config.putString("securitydomain.name", + HttpInput.getDomainName(request, "sdomainName")); + config.putString("securitydomain.host", + CMS.getEENonSSLHost()); + config.putString("securitydomain.httpport", + CMS.getEENonSSLPort()); + config.putString("securitydomain.httpsagentport", + CMS.getAgentPort()); + config.putString("securitydomain.httpseeport", + CMS.getEESSLPort()); + config.putString("securitydomain.httpsadminport", + CMS.getAdminPort()); + + // make sure the subsystem certificate is issued by the security // domain config.putString("preop.cert.subsystem.type", "local"); config.putString("preop.cert.subsystem.profile", "subsystemCert.profile"); - + try { config.commit(false); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } String instanceRoot = ""; try { @@ -383,31 +383,32 @@ public class SecurityDomainPanel extends WizardPanelBase { String hostname = ""; int admin_port = -1; - if( admin_url != null ) { + if (admin_url != null) { try { - URL admin_u = new URL( admin_url ); + URL admin_u = new URL(admin_url); hostname = admin_u.getHost(); admin_port = admin_u.getPort(); - } catch( MalformedURLException e ) { + } catch (MalformedURLException e) { errorString = "Malformed SSL Admin HTTPS URL"; context.put("updateStatus", "failure"); - throw new IOException( errorString ); + throw new IOException(errorString); } - context.put( "sdomainURL", admin_url ); - config.putString( "securitydomain.host", hostname ); - config.putInteger( "securitydomain.httpsadminport", - admin_port ); + context.put("sdomainURL", admin_url); + config.putString("securitydomain.host", hostname); + config.putInteger("securitydomain.httpsadminport", + admin_port); } try { config.commit(false); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); - updateCertChain( config, "securitydomain", hostname, admin_port, - true, context, certApprovalCallback ); + updateCertChain(config, "securitydomain", hostname, admin_port, + true, context, certApprovalCallback); } else { CMS.debug("SecurityDomainPanel: invalid choice " + select); errorString = "Invalid choice"; @@ -425,7 +426,8 @@ public class SecurityDomainPanel extends WizardPanelBase { context.put("wizardname", config.getString("preop.wizard.name")); context.put("panelname", "Security Domain Configuration"); context.put("systemname", config.getString("preop.system.name")); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } context.put("errorString", errorString); context.put("updateStatus", "success"); @@ -446,32 +448,33 @@ public class SecurityDomainPanel extends WizardPanelBase { try { default_admin_url = config.getString("preop.securitydomain.admin_url", ""); - } catch (Exception e) {} + } catch (Exception e) { + } - if( default_admin_url != null ) { + if (default_admin_url != null) { String r = null; try { // check to see if "default" security domain exists // on local machine - URL u = new URL( default_admin_url ); + URL u = new URL(default_admin_url); String hostname = u.getHost(); int port = u.getPort(); - ConfigCertApprovalCallback - certApprovalCallback = new ConfigCertApprovalCallback(); - r = pingCS( hostname, port, true, certApprovalCallback ); - } catch (Exception e) {} - - if( r != null ) { + ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); + r = pingCS(hostname, port, true, certApprovalCallback); + } catch (Exception e) { + } + + if (r != null) { // "default" security domain exists on local machine; // refill "sdomainURL" in with "default" security domain // as an initial "guess" - context.put( "sdomainURL", default_admin_url ); + context.put("sdomainURL", default_admin_url); } else { // "default" security domain does NOT exist on local machine; // leave "sdomainURL" blank - context.put( "sdomainURL", "" ); + context.put("sdomainURL", ""); } } @@ -483,19 +486,20 @@ public class SecurityDomainPanel extends WizardPanelBase { context.put("https_admin_port", CMS.getAdminPort()); context.put("sdomainAdminURL", config.getString("preop.securitydomain.admin_url")); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } // Information for "existing" Security Domain CAs String initDaemon = "pki-cad"; String instanceId = "<security_domain_instance_name>"; - String os = System.getProperty( "os.name" ); - if( os.equalsIgnoreCase( "Linux" ) ) { - context.put( "initCommand", "/sbin/service " + initDaemon ); - context.put( "instanceId", instanceId ); + String os = System.getProperty("os.name"); + if (os.equalsIgnoreCase("Linux")) { + context.put("initCommand", "/sbin/service " + initDaemon); + context.put("instanceId", instanceId); } else { - /* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */ - context.put( "initCommand", "/etc/init.d/" + initDaemon ); - context.put( "instanceId", instanceId ); + /* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */ + context.put("initCommand", "/etc/init.d/" + initDaemon); + context.put("instanceId", instanceId); } context.put("title", "Security Domain"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java index 75cc0fb6..d15ca5ad 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java @@ -27,8 +27,8 @@ import com.netscape.certsrv.base.ISecurityDomainSessionTable; /** * This object stores the values for IP, uid and group based on the cookie id. */ -public class SecurityDomainSessionTable - implements ISecurityDomainSessionTable { +public class SecurityDomainSessionTable + implements ISecurityDomainSessionTable { private Hashtable<String, Vector<Comparable<?>>> m_sessions; private long m_timeToLive; @@ -38,8 +38,8 @@ public class SecurityDomainSessionTable m_timeToLive = timeToLive; } - public int addEntry(String sessionId, String ip, - String uid, String group) { + public int addEntry(String sessionId, String ip, + String uid, String group) { Vector<Comparable<?>> v = new Vector<Comparable<?>>(); v.addElement(ip); v.addElement(uid); @@ -67,28 +67,28 @@ public class SecurityDomainSessionTable public String getIP(String sessionId) { Vector<Comparable<?>> v = m_sessions.get(sessionId); if (v != null) - return (String)v.elementAt(0); + return (String) v.elementAt(0); return null; } public String getUID(String sessionId) { Vector<Comparable<?>> v = m_sessions.get(sessionId); if (v != null) - return (String)v.elementAt(1); + return (String) v.elementAt(1); return null; } public String getGroup(String sessionId) { Vector<Comparable<?>> v = m_sessions.get(sessionId); if (v != null) - return (String)v.elementAt(2); + return (String) v.elementAt(2); return null; } public long getBeginTime(String sessionId) { Vector<Comparable<?>> v = m_sessions.get(sessionId); - if (v != null) { - Long n = (Long)v.elementAt(3); + if (v != null) { + Long n = (Long) v.elementAt(3); if (n != null) return n.longValue(); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java index c3a1e325..49cadb9c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java @@ -29,7 +29,7 @@ public class SessionTimer extends TimerTask { private ISecurityDomainSessionTable m_sessiontable = null; private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE = - "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1"; + "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1"; public SessionTimer(ISecurityDomainSessionTable table) { super(); @@ -39,15 +39,15 @@ public class SessionTimer extends TimerTask { public void run() { Enumeration keys = m_sessiontable.getSessionIds(); while (keys.hasMoreElements()) { - String sessionId = (String)keys.nextElement(); + String sessionId = (String) keys.nextElement(); long beginTime = m_sessiontable.getBeginTime(sessionId); Date nowDate = new Date(); long nowTime = nowDate.getTime(); long timeToLive = m_sessiontable.getTimeToLive(); - if ((nowTime-beginTime) > timeToLive) { + if ((nowTime - beginTime) > timeToLive) { m_sessiontable.removeEntry(sessionId); CMS.debug("SessionTimer run: successfully remove the session id entry from the table."); - + // audit message String auditParams = "operation;;expire_token+token;;" + sessionId; String auditMessage = CMS.getLogMessage( @@ -62,9 +62,7 @@ public class SessionTimer extends TimerTask { ILogger.LL_SECURITY, auditMessage); - } } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java index 0e6a507a..8f5d6808 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.security.KeyPair; import java.security.NoSuchAlgorithmException; @@ -54,13 +53,14 @@ public class SizePanel extends WizardPanelBase { private String default_rsa_key_size; private boolean mShowSigning = false; - public SizePanel() {} + public SizePanel() { + } /** * Initializes this panel. */ - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException { setPanelNo(panelno); setName("Key Pairs"); setId(id); @@ -69,25 +69,28 @@ public class SizePanel extends WizardPanelBase { public PropertySet getUsage() { PropertySet set = new PropertySet(); - + Descriptor choiceDesc = new Descriptor(IDescriptor.CHOICE, "default,custom", null, /* no default parameter */ "If 'default', the key size will be configured automatically. If 'custom', the key size will be set to the value of the parameter 'custom_size'."); set.add("choice", choiceDesc); - - Descriptor customSizeDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */ + + Descriptor customSizeDesc = new Descriptor(IDescriptor.STRING, null, /* + * no + * constraint + */ null, /* no default parameter */ "Custom Key Size"); set.add("custom_size", customSizeDesc); - + return set; } public void cleanUp() throws IOException { IConfigStore cs = CMS.getConfigStore(); - /* clean up if necessary*/ + /* clean up if necessary */ try { boolean done = cs.getBoolean("preop.SizePanel.done"); cs.putBoolean("preop.SizePanel.done", false); @@ -105,7 +108,8 @@ public class SizePanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } @@ -118,7 +122,7 @@ public class SizePanel extends WizardPanelBase { Context context) { CMS.debug("SizePanel: display()"); try { - initParams(request, context); + initParams(request, context); } catch (IOException e) { } @@ -134,12 +138,12 @@ public class SizePanel extends WizardPanelBase { } try { - default_ecc_curve_name = config.getString("keys.ecc.curve.default", "nistp256"); + default_ecc_curve_name = config.getString("keys.ecc.curve.default", "nistp256"); } catch (Exception e) { } try { - default_rsa_key_size = config.getString("keys.rsa.keysize.default", "2048"); + default_rsa_key_size = config.getString("keys.rsa.keysize.default", "2048"); } catch (Exception e) { } @@ -180,12 +184,13 @@ public class SizePanel extends WizardPanelBase { PCERT_PREFIX + certTag + ".signing.required", false); c.setSigningRequired(signingRequired); - if (signingRequired) mShowSigning = true; + if (signingRequired) + mShowSigning = true; String userfriendlyname = config.getString( PCERT_PREFIX + certTag + ".userfriendlyname"); c.setUserFriendlyName(userfriendlyname); - boolean enable = config.getBoolean(PCERT_PREFIX+certTag+".enable", true); + boolean enable = config.getBoolean(PCERT_PREFIX + certTag + ".enable", true); c.setEnable(enable); mCerts.addElement(c); }// while @@ -236,13 +241,13 @@ public class SizePanel extends WizardPanelBase { if (select1.equals("clone")) { // preset the sslserver dn for cloning case try { - String val = config.getString("preop.cert.sslserver.dn", ""); - config.putString("preop.cert.sslserver.dn", val+",o=clone"); + String val = config.getString("preop.cert.sslserver.dn", ""); + config.putString("preop.cert.sslserver.dn", val + ",o=clone"); } catch (Exception ee) { } } } - + String token = ""; try { token = config.getString(PRE_CONF_CA_TOKEN, ""); @@ -251,11 +256,13 @@ public class SizePanel extends WizardPanelBase { while (c.hasMoreElements()) { Cert cert = (Cert) c.nextElement(); String ct = cert.getCertTag(); - boolean enable = config.getBoolean(PCERT_PREFIX+ct+".enable", true); + boolean enable = config.getBoolean(PCERT_PREFIX + ct + ".enable", true); if (!enable) continue; - String keytype = HttpInput.getKeyType(request, ct + "_keytype"); // rsa or ecc + String keytype = HttpInput.getKeyType(request, ct + "_keytype"); // rsa + // or + // ecc String keyalgorithm = HttpInput.getString(request, ct + "_keyalgorithm"); if (keyalgorithm == null) { @@ -280,28 +287,28 @@ public class SizePanel extends WizardPanelBase { } CMS.debug( "SizePanel: update() keysize choice selected:" + select); - String oldkeysize = - config.getString(PCERT_PREFIX+ct+".keysize.size", ""); - String oldkeytype = - config.getString(PCERT_PREFIX + ct + ".keytype", ""); - String oldkeyalgorithm = - config.getString(PCERT_PREFIX + ct + ".keyalgorithm", ""); - String oldsigningalgorithm = - config.getString(PCERT_PREFIX + ct + ".signingalgorithm", ""); + String oldkeysize = + config.getString(PCERT_PREFIX + ct + ".keysize.size", ""); + String oldkeytype = + config.getString(PCERT_PREFIX + ct + ".keytype", ""); + String oldkeyalgorithm = + config.getString(PCERT_PREFIX + ct + ".keyalgorithm", ""); + String oldsigningalgorithm = + config.getString(PCERT_PREFIX + ct + ".signingalgorithm", ""); String oldcurvename = - config.getString(PCERT_PREFIX + ct + ".curvename.name", ""); + config.getString(PCERT_PREFIX + ct + ".curvename.name", ""); if (select.equals("default")) { // XXXrenaming these...keep for now just in case config.putString("preop.keysize.select", "default"); if (keytype != null && keytype.equals("ecc")) { - config.putString("preop.curvename.custom_name", - default_ecc_curve_name); - config.putString("preop.curvename.name", default_ecc_curve_name); + config.putString("preop.curvename.custom_name", + default_ecc_curve_name); + config.putString("preop.curvename.name", default_ecc_curve_name); } else { - config.putString("preop.keysize.custom_size", - default_rsa_key_size); - config.putString("preop.keysize.size", default_rsa_key_size); + config.putString("preop.keysize.custom_size", + default_rsa_key_size); + config.putString("preop.keysize.size", default_rsa_key_size); } config.putString(PCERT_PREFIX + ct + ".keytype", keytype); @@ -311,31 +318,31 @@ public class SizePanel extends WizardPanelBase { "default"); if (keytype != null && keytype.equals("ecc")) { - config.putString(PCERT_PREFIX + ct + - ".curvename.custom_name", - default_ecc_curve_name); - config.putString(PCERT_PREFIX + ct + ".curvename.name", - default_ecc_curve_name); + config.putString(PCERT_PREFIX + ct + + ".curvename.custom_name", + default_ecc_curve_name); + config.putString(PCERT_PREFIX + ct + ".curvename.name", + default_ecc_curve_name); } else { - config.putString(PCERT_PREFIX + ct + - ".keysize.custom_size", - default_rsa_key_size); - config.putString(PCERT_PREFIX + ct + ".keysize.size", - default_rsa_key_size); + config.putString(PCERT_PREFIX + ct + + ".keysize.custom_size", + default_rsa_key_size); + config.putString(PCERT_PREFIX + ct + ".keysize.size", + default_rsa_key_size); } } else if (select.equals("custom")) { // XXXrenaming these...keep for now just in case config.putString("preop.keysize.select", "custom"); if (keytype != null && keytype.equals("ecc")) { - config.putString("preop.curvename.name", - HttpInput.getString(request, ct + "_custom_curvename")); + config.putString("preop.curvename.name", + HttpInput.getString(request, ct + "_custom_curvename")); config.putString("preop.curvename.custom_name", - HttpInput.getString(request, ct + "_custom_curvename")); + HttpInput.getString(request, ct + "_custom_curvename")); } else { - config.putString("preop.keysize.size", - HttpInput.getKeySize(request, ct + "_custom_size", keytype)); + config.putString("preop.keysize.size", + HttpInput.getKeySize(request, ct + "_custom_size", keytype)); config.putString("preop.keysize.custom_size", - HttpInput.getKeySize(request, ct + "_custom_size", keytype)); + HttpInput.getKeySize(request, ct + "_custom_size", keytype)); } config.putString(PCERT_PREFIX + ct + ".keytype", keytype); @@ -346,42 +353,42 @@ public class SizePanel extends WizardPanelBase { if (keytype != null && keytype.equals("ecc")) { config.putString(PCERT_PREFIX + ct + ".curvename.custom_name", - HttpInput.getString(request, ct + "_custom_curvename")); + HttpInput.getString(request, ct + "_custom_curvename")); config.putString(PCERT_PREFIX + ct + ".curvename.name", - HttpInput.getString(request, ct + "_custom_curvename")); + HttpInput.getString(request, ct + "_custom_curvename")); } else { config.putString(PCERT_PREFIX + ct + ".keysize.custom_size", - HttpInput.getKeySize(request, ct + "_custom_size")); + HttpInput.getKeySize(request, ct + "_custom_size")); config.putString(PCERT_PREFIX + ct + ".keysize.size", - HttpInput.getKeySize(request, ct + "_custom_size")); + HttpInput.getKeySize(request, ct + "_custom_size")); } } else { CMS.debug("SizePanel: invalid choice " + select); throw new IOException("invalid choice " + select); } - String newkeysize = - config.getString(PCERT_PREFIX+ct+".keysize.size", ""); - String newkeytype = - config.getString(PCERT_PREFIX + ct + ".keytype", ""); - String newkeyalgorithm = - config.getString(PCERT_PREFIX + ct + ".keyalgorithm", ""); - String newsigningalgorithm = - config.getString(PCERT_PREFIX + ct + ".signingalgorithm", ""); - String newcurvename = - config.getString(PCERT_PREFIX+ct+".curvename.name", ""); - - if (!oldkeysize.equals(newkeysize) || - !oldkeytype.equals(newkeytype) || - !oldkeyalgorithm.equals(newkeyalgorithm) || - !oldsigningalgorithm.equals(newsigningalgorithm) || - !oldcurvename.equals(newcurvename)) + String newkeysize = + config.getString(PCERT_PREFIX + ct + ".keysize.size", ""); + String newkeytype = + config.getString(PCERT_PREFIX + ct + ".keytype", ""); + String newkeyalgorithm = + config.getString(PCERT_PREFIX + ct + ".keyalgorithm", ""); + String newsigningalgorithm = + config.getString(PCERT_PREFIX + ct + ".signingalgorithm", ""); + String newcurvename = + config.getString(PCERT_PREFIX + ct + ".curvename.name", ""); + + if (!oldkeysize.equals(newkeysize) || + !oldkeytype.equals(newkeytype) || + !oldkeyalgorithm.equals(newkeyalgorithm) || + !oldsigningalgorithm.equals(newsigningalgorithm) || + !oldcurvename.equals(newcurvename)) hasChanged = true; }// while try { config.commit(false); - } catch (EBaseException e) { + } catch (EBaseException e) { CMS.debug("SizePanel: update() Exception caught at config commit: " + e.toString()); } @@ -393,7 +400,7 @@ public class SizePanel extends WizardPanelBase { context.put("updateStatus", "success"); return; } - } catch (IOException e) { + } catch (IOException e) { CMS.debug("SizePanel: update() IOException caught: " + e.toString()); context.put("updateStatus", "failure"); throw e; @@ -401,11 +408,11 @@ public class SizePanel extends WizardPanelBase { CMS.debug("SizePanel: update() NumberFormatException caught: " + e.toString()); context.put("updateStatus", "failure"); throw e; - } catch (Exception e) { + } catch (Exception e) { CMS.debug("SizePanel: update() Exception caught: " + e.toString()); } - // generate key pair + // generate key pair Enumeration c = mCerts.elements(); while (c.hasMoreElements()) { @@ -414,7 +421,7 @@ public class SizePanel extends WizardPanelBase { String friendlyName = ct; boolean enable = true; try { - enable = config.getBoolean(PCERT_PREFIX+ct+".enable", true); + enable = config.getBoolean(PCERT_PREFIX + ct + ".enable", true); friendlyName = config.getString(PCERT_PREFIX + ct + ".userfriendlyname", ct); } catch (Exception e) { } @@ -425,15 +432,15 @@ public class SizePanel extends WizardPanelBase { try { String keytype = config.getString(PCERT_PREFIX + ct + ".keytype"); String keyalgorithm = config.getString(PCERT_PREFIX + ct + ".keyalgorithm"); - + if (keytype.equals("rsa")) { int keysize = config.getInteger( - PCERT_PREFIX + ct + ".keysize.size"); + PCERT_PREFIX + ct + ".keysize.size"); createRSAKeyPair(token, keysize, config, ct); } else { String curveName = config.getString( - PCERT_PREFIX + ct + ".curvename.name", default_ecc_curve_name); + PCERT_PREFIX + ct + ".curvename.name", default_ecc_curve_name); createECCKeyPair(token, curveName, config, ct); } config.commit(false); @@ -441,40 +448,39 @@ public class SizePanel extends WizardPanelBase { CMS.debug(e); CMS.debug("SizePanel: key generation failure: " + e.toString()); context.put("updateStatus", "failure"); - throw new IOException("key generation failure for the certificate: " + friendlyName + + throw new IOException("key generation failure for the certificate: " + friendlyName + ". See the logs for details."); } } // while if (hasErr == false) { - config.putBoolean("preop.SizePanel.done", true); - try { - config.commit(false); - } catch (EBaseException e) { - CMS.debug( - "SizePanel: update() Exception caught at config commit: " - + e.toString()); - } - } + config.putBoolean("preop.SizePanel.done", true); + try { + config.commit(false); + } catch (EBaseException e) { + CMS.debug( + "SizePanel: update() Exception caught at config commit: " + + e.toString()); + } + } CMS.debug("SizePanel: update() done"); context.put("updateStatus", "success"); } - public void createECCKeyPair(String token, String curveName, IConfigStore config, String ct) - throws NoSuchAlgorithmException, NoSuchTokenException, TokenException, CryptoManager.NotInitializedException - { - CMS.debug("Generating ECC key pair with curvename="+ curveName + - ", token="+token); + public void createECCKeyPair(String token, String curveName, IConfigStore config, String ct) + throws NoSuchAlgorithmException, NoSuchTokenException, TokenException, CryptoManager.NotInitializedException { + CMS.debug("Generating ECC key pair with curvename=" + curveName + + ", token=" + token); KeyPair pair = null; /* - * default ssl server cert to ECDHE unless stated otherwise - * note: IE only supports "ECDHE", but "ECDH" is more efficient - * + * default ssl server cert to ECDHE unless stated otherwise note: IE + * only supports "ECDHE", but "ECDH" is more efficient + * * for "ECDHE", server.xml should have the following for ciphers: * +TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, * -TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - * + * * for "ECDH", server.xml should have the following for ciphers: * -TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, * +TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA @@ -488,48 +494,48 @@ public class SizePanel extends WizardPanelBase { // ECDHE needs "SIGN" but no "DERIVE" org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage usages_mask[] = { - org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.DERIVE + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.DERIVE }; // ECDH needs "DERIVE" but no any kind of "SIGN" org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage ECDH_usages_mask[] = { - org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN, - org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN_RECOVER, + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN, + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN_RECOVER, }; do { - if (ct.equals("sslserver") && sslType.equalsIgnoreCase("ECDH")) { - CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDH. Make sure server.xml is set properly with -TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"); - pair = CryptoUtil.generateECCKeyPair(token, curveName, - null, - ECDH_usages_mask); - } else { - if (ct.equals("sslserver")) { - CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDHE. Make sure server.xml is set properly with +TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"); - } - pair = CryptoUtil.generateECCKeyPair(token, curveName, - null, - usages_mask); - } - - // XXX - store curve , w - byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()).getUniqueID(); - String kid = CryptoUtil.byte2string(id); - config.putString(PCERT_PREFIX + ct + ".privkey.id", kid); - - // try to locate the private key - org.mozilla.jss.crypto.PrivateKey privk = - CryptoUtil.findPrivateKeyFromID(CryptoUtil.string2byte(kid)); - if (privk == null) { - CMS.debug("Found bad ECC key id " + kid); - pair = null; + if (ct.equals("sslserver") && sslType.equalsIgnoreCase("ECDH")) { + CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDH. Make sure server.xml is set properly with -TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"); + pair = CryptoUtil.generateECCKeyPair(token, curveName, + null, + ECDH_usages_mask); + } else { + if (ct.equals("sslserver")) { + CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDHE. Make sure server.xml is set properly with +TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"); + } + pair = CryptoUtil.generateECCKeyPair(token, curveName, + null, + usages_mask); + } + + // XXX - store curve , w + byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()).getUniqueID(); + String kid = CryptoUtil.byte2string(id); + config.putString(PCERT_PREFIX + ct + ".privkey.id", kid); + + // try to locate the private key + org.mozilla.jss.crypto.PrivateKey privk = + CryptoUtil.findPrivateKeyFromID(CryptoUtil.string2byte(kid)); + if (privk == null) { + CMS.debug("Found bad ECC key id " + kid); + pair = null; } } while (pair == null); - CMS.debug("Public key class " + pair.getPublic().getClass().getName()); + CMS.debug("Public key class " + pair.getPublic().getClass().getName()); byte encoded[] = pair.getPublic().getEncoded(); config.putString(PCERT_PREFIX + ct + ".pubkey.encoded", - CryptoUtil.byte2string(encoded)); + CryptoUtil.byte2string(encoded)); String keyAlgo = ""; try { @@ -537,25 +543,24 @@ public class SizePanel extends WizardPanelBase { } catch (Exception e1) { } - setSigningAlgorithm(ct, keyAlgo, config); + setSigningAlgorithm(ct, keyAlgo, config); } - public void createRSAKeyPair(String token, int keysize, IConfigStore config, String ct) - throws NoSuchAlgorithmException, NoSuchTokenException, TokenException, CryptoManager.NotInitializedException - { + public void createRSAKeyPair(String token, int keysize, IConfigStore config, String ct) + throws NoSuchAlgorithmException, NoSuchTokenException, TokenException, CryptoManager.NotInitializedException { /* generate key pair */ KeyPair pair = null; do { - pair = CryptoUtil.generateRSAKeyPair(token, keysize); - byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()).getUniqueID(); - String kid = CryptoUtil.byte2string(id); - config.putString(PCERT_PREFIX + ct + ".privkey.id", kid); - // try to locate the private key - org.mozilla.jss.crypto.PrivateKey privk = - CryptoUtil.findPrivateKeyFromID(CryptoUtil.string2byte(kid)); - if (privk == null) { - CMS.debug("Found bad RSA key id " + kid); - pair = null; + pair = CryptoUtil.generateRSAKeyPair(token, keysize); + byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()).getUniqueID(); + String kid = CryptoUtil.byte2string(id); + config.putString(PCERT_PREFIX + ct + ".privkey.id", kid); + // try to locate the private key + org.mozilla.jss.crypto.PrivateKey privk = + CryptoUtil.findPrivateKeyFromID(CryptoUtil.string2byte(kid)); + if (privk == null) { + CMS.debug("Found bad RSA key id " + kid); + pair = null; } } while (pair == null); @@ -563,9 +568,9 @@ public class SizePanel extends WizardPanelBase { byte exponent[] = ((RSAPublicKey) pair.getPublic()).getPublicExponent().toByteArray(); config.putString(PCERT_PREFIX + ct + ".pubkey.modulus", - CryptoUtil.byte2string(modulus)); + CryptoUtil.byte2string(modulus)); config.putString(PCERT_PREFIX + ct + ".pubkey.exponent", - CryptoUtil.byte2string(exponent)); + CryptoUtil.byte2string(exponent)); String keyAlgo = ""; try { @@ -573,41 +578,40 @@ public class SizePanel extends WizardPanelBase { } catch (Exception e1) { } - setSigningAlgorithm(ct, keyAlgo, config); + setSigningAlgorithm(ct, keyAlgo, config); } public void setSigningAlgorithm(String ct, String keyAlgo, IConfigStore config) { String systemType = ""; try { - systemType = config.getString("preop.system.name"); + systemType = config.getString("preop.system.name"); } catch (Exception e1) { } if (systemType.equalsIgnoreCase("CA")) { - if (ct.equals("signing")) { - config.putString("ca.signing.defaultSigningAlgorithm", + if (ct.equals("signing")) { + config.putString("ca.signing.defaultSigningAlgorithm", keyAlgo); - config.putString("ca.crl.MasterCRL.signingAlgorithm", + config.putString("ca.crl.MasterCRL.signingAlgorithm", keyAlgo); - } else if (ct.equals("ocsp_signing")) { - config.putString("ca.ocsp_signing.defaultSigningAlgorithm", + } else if (ct.equals("ocsp_signing")) { + config.putString("ca.ocsp_signing.defaultSigningAlgorithm", keyAlgo); - } + } } else if (systemType.equalsIgnoreCase("OCSP")) { - if (ct.equals("signing")) { - config.putString("ocsp.signing.defaultSigningAlgorithm", + if (ct.equals("signing")) { + config.putString("ocsp.signing.defaultSigningAlgorithm", keyAlgo); - } + } } else if (systemType.equalsIgnoreCase("KRA") || - systemType.equalsIgnoreCase("DRM")) { - if (ct.equals("transport")) { + systemType.equalsIgnoreCase("DRM")) { + if (ct.equals("transport")) { config.putString("kra.transportUnit.signingAlgorithm", keyAlgo); - } + } } } public void initParams(HttpServletRequest request, Context context) - throws IOException - { + throws IOException { IConfigStore config = CMS.getConfigStore(); String s = ""; try { @@ -646,7 +650,7 @@ public class SizePanel extends WizardPanelBase { HttpServletResponse response, Context context) { try { - initParams(request, context); + initParams(request, context); } catch (IOException e) { } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java index cf59e07c..027ec305 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java @@ -51,6 +51,7 @@ public class TokenAuthenticate extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -58,13 +59,14 @@ public class TokenAuthenticate extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); - IConfigStore config = CMS.getConfigStore(); + IConfigStore config = CMS.getConfigStore(); String sessionId = httpReq.getParameter("sessionID"); CMS.debug("TokenAuthentication: sessionId=" + sessionId); @@ -85,9 +87,9 @@ public class TokenAuthenticate extends CMSServlet { CMS.debug("TokenAuthentication: found session"); if (checkIP) { String hostname = table.getIP(sessionId); - if (! hostname.equals(givenHost)) { - CMS.debug("TokenAuthentication: hostname=" + hostname + " and givenHost=" - + givenHost + " are different"); + if (!hostname.equals(givenHost)) { + CMS.debug("TokenAuthentication: hostname=" + hostname + " and givenHost=" + + givenHost + " are different"); CMS.debug("TokenAuthenticate authenticate failed, wrong hostname."); outputError(httpResp, "Error: Failed Authentication"); return; @@ -122,7 +124,15 @@ public class TokenAuthenticate extends CMSServlet { } } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java index cf699c61..f6bd23d1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -45,7 +44,6 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ICMSTemplateFiller; import com.netscape.cmsutil.xml.XMLObject; - public class UpdateConnector extends CMSServlet { /** @@ -62,6 +60,7 @@ public class UpdateConnector extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -71,7 +70,7 @@ public class UpdateConnector extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. */ protected void process(CMSRequest cmsReq) throws EBaseException { CMS.debug("UpdateConnector: processing..."); @@ -85,9 +84,9 @@ public class UpdateConnector extends CMSServlet { CMS.debug("UpdateConnector authentication successful."); } catch (Exception e) { CMS.debug("UpdateConnector: authentication failed."); - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", - e.toString())); + e.toString())); outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated"); return; } @@ -100,19 +99,19 @@ public class UpdateConnector extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "modify"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "modify"); CMS.debug("UpdateConnector authorization successful."); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, "Error: Not authorized"); return; } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, - "Error: Encountered problem during authorization."); + "Error: Encountered problem during authorization."); return; } @@ -125,7 +124,7 @@ public class UpdateConnector extends CMSServlet { Enumeration list = httpReq.getParameterNames(); while (list.hasMoreElements()) { - String name = (String)list.nextElement(); + String name = (String) list.nextElement(); String val = httpReq.getParameter(name); if (name != null && name.startsWith("ca.connector")) { CMS.debug("Adding connector update name=" + name + " val=" + val); @@ -134,24 +133,24 @@ public class UpdateConnector extends CMSServlet { CMS.debug("Skipping connector update name=" + name + " val=" + val); } } - - try { + + try { String nickname = cs.getString("ca.subsystem.nickname", ""); String tokenname = cs.getString("ca.subsystem.tokenname", ""); if (!tokenname.equals("Internal Key Storage Token")) - nickname = tokenname+":"+nickname; + nickname = tokenname + ":" + nickname; cs.putString("ca.connector.KRA.nickName", nickname); cs.commit(false); } catch (Exception e) { } // start the connector - try { + try { ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem("ca"); - ICAService caService = (ICAService)ca.getCAService(); + CMS.getSubsystem("ca"); + ICAService caService = (ICAService) ca.getCAService(); IConnector kraConnector = caService.getConnector( - cs.getSubStore("ca.connector.KRA")); + cs.getSubStore("ca.connector.KRA")); caService.setKRAConnector(kraConnector); kraConnector.start(); } catch (Exception e) { @@ -173,14 +172,23 @@ public class UpdateConnector extends CMSServlet { } } - protected void setDefaultTemplates(ServletConfig sc) {} + protected void setDefaultTemplates(ServletConfig sc) { + } protected void renderTemplate( CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) - throws IOException {// do nothing - } + throws IOException {// do nothing + } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java index c9fe27ef..4ca53eb5 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.IOException; @@ -55,7 +54,6 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ICMSTemplateFiller; import com.netscape.cmsutil.xml.XMLObject; - public class UpdateDomainXML extends CMSServlet { /** @@ -65,9 +63,9 @@ public class UpdateDomainXML extends CMSServlet { private final static String SUCCESS = "0"; private final static String FAILED = "1"; private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE = - "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1"; + "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1"; private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE = - "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; + "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; public UpdateDomainXML() { super(); @@ -75,6 +73,7 @@ public class UpdateDomainXML extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -101,20 +100,19 @@ public class UpdateDomainXML extends CMSServlet { status = FAILED; CMS.debug("Failed to delete entry" + e.toString()); } - } catch (Exception e) { - CMS.debug("Failed to delete entry" + e.toString()); - } finally { + } catch (Exception e) { + CMS.debug("Failed to delete entry" + e.toString()); + } finally { try { - if ((conn != null) && (connFactory!= null)) { + if ((conn != null) && (connFactory != null)) { CMS.debug("Releasing ldap connection"); connFactory.returnConn(conn); } - } - catch (Exception e) { + } catch (Exception e) { CMS.debug("Error releasing the ldap connection" + e.toString()); } - } - return status; + } + return status; } private String modify_ldap(String dn, LDAPModification mod) { @@ -135,23 +133,21 @@ public class UpdateDomainXML extends CMSServlet { status = FAILED; CMS.debug("Failed to modify entry" + e.toString()); } - } catch (Exception e) { + } catch (Exception e) { CMS.debug("Failed to modify entry" + e.toString()); - } finally { + } finally { try { - if ((conn != null) && (connFactory!= null)) { + if ((conn != null) && (connFactory != null)) { CMS.debug("Releasing ldap connection"); connFactory.returnConn(conn); } - } - catch (Exception e) { + } catch (Exception e) { CMS.debug("Error releasing the ldap connection" + e.toString()); } - } - return status; + } + return status; } - private String add_to_ldap(LDAPEntry entry, String dn) { CMS.debug("UpdateDomainXML: add_to_ldap: starting"); String status = SUCCESS; @@ -172,37 +168,36 @@ public class UpdateDomainXML extends CMSServlet { conn.delete(dn); conn.add(entry); } catch (LDAPException ee) { - CMS.debug("UpdateDomainXML: Error when replacing existing entry "+ee.toString()); + CMS.debug("UpdateDomainXML: Error when replacing existing entry " + ee.toString()); status = FAILED; } } else { - CMS.debug("UpdateDomainXML: Failed to update ldap domain info. Exception: "+e.toString()); + CMS.debug("UpdateDomainXML: Failed to update ldap domain info. Exception: " + e.toString()); status = FAILED; } } catch (Exception e) { CMS.debug("Failed to add entry" + e.toString()); } finally { try { - if ((conn != null) && (connFactory!= null)) { + if ((conn != null) && (connFactory != null)) { CMS.debug("Releasing ldap connection"); connFactory.returnConn(conn); } - } - catch (Exception e) { + } catch (Exception e) { CMS.debug("Error releasing the ldap connection" + e.toString()); } - } - return status; + } + return status; } - - /** - * Process the HTTP request. + * Process the HTTP request. * <ul> * <li>http.param op 'downloadBIN' - return the binary certificate chain - * <li>http.param op 'displayIND' - display pretty-print of certificate chain components + * <li>http.param op 'displayIND' - display pretty-print of certificate + * chain components * </ul> + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -219,7 +214,7 @@ public class UpdateDomainXML extends CMSServlet { authToken = authenticate(cmsReq); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated"); return; } @@ -233,19 +228,19 @@ public class UpdateDomainXML extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "modify"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "modify"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, AUTH_FAILURE, "Error: Not authorized"); return; } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, - AUTH_FAILURE, - "Error: Encountered problem during authorization."); + AUTH_FAILURE, + "Error: Encountered problem during authorization."); return; } if (authzToken == null) { @@ -272,7 +267,7 @@ public class UpdateDomainXML extends CMSServlet { String missing = ""; if ((host == null) || host.equals("")) { missing += " host "; - } + } if ((name == null) || name.equals("")) { missing += " name "; } @@ -286,20 +281,20 @@ public class UpdateDomainXML extends CMSServlet { clone = "false"; } - if (! missing.equals("")) { - CMS.debug("UpdateDomainXML process: required parameters:" + missing + + if (!missing.equals("")) { + CMS.debug("UpdateDomainXML process: required parameters:" + missing + "not provided in request"); - outputError(httpResp, "Error: required parameters: " + missing + + outputError(httpResp, "Error: required parameters: " + missing + "not provided in request"); return; } String auditMessage = null; String auditSubjectID = auditSubjectID(); - String auditParams = "host;;"+host+"+name;;"+name+"+sport;;"+sport+ - "+clone;;"+clone+"+type;;"+type; + String auditParams = "host;;" + host + "+name;;" + name + "+sport;;" + sport + + "+clone;;" + clone + "+type;;" + type; if (operation != null) { - auditParams += "+operation;;"+operation; + auditParams += "+operation;;" + operation; } else { auditParams += "+operation;;add"; } @@ -312,8 +307,7 @@ public class UpdateDomainXML extends CMSServlet { try { basedn = cs.getString("internaldb.basedn"); secstore = cs.getString("securitydomain.store"); - } - catch (Exception e) { + } catch (Exception e) { CMS.debug("Unable to determine security domain name or basedn. Please run the domaininfo migration script"); } @@ -326,7 +320,7 @@ public class UpdateDomainXML extends CMSServlet { String listName = type + "List"; String cn = host + ":"; - if ((adminsport!= null) && (adminsport != "")) { + if ((adminsport != null) && (adminsport != "")) { cn += adminsport; } else { cn += sport; @@ -361,64 +355,63 @@ public class UpdateDomainXML extends CMSServlet { attrs.add(new LDAPAttribute("clone", clone.toUpperCase())); attrs.add(new LDAPAttribute("SubsystemName", name)); entry = new LDAPEntry(dn, attrs); - - if ((operation != null) && (operation.equals("remove"))) { - status = remove_from_ldap(dn); - String adminUserDN; - if ((agentsport != null) && (!agentsport.equals(""))) { - adminUserDN = "uid=" + type + "-" + host + "-" + agentsport + ",ou=People," + basedn; - } else { - adminUserDN = "uid=" + type + "-" + host + "-" + sport + ",ou=People," + basedn; - } - String userAuditParams = "Scope;;users+Operation;;OP_DELETE+source;;UpdateDomainXML" + - "+resource;;"+adminUserDN; - if (status.equals(SUCCESS)) { - // remove the user for this subsystem's admin - status2 = remove_from_ldap(adminUserDN); - if (status2.equals(SUCCESS)) { - auditMessage = CMS.getLogMessage( + + if ((operation != null) && (operation.equals("remove"))) { + status = remove_from_ldap(dn); + String adminUserDN; + if ((agentsport != null) && (!agentsport.equals(""))) { + adminUserDN = "uid=" + type + "-" + host + "-" + agentsport + ",ou=People," + basedn; + } else { + adminUserDN = "uid=" + type + "-" + host + "-" + sport + ",ou=People," + basedn; + } + String userAuditParams = "Scope;;users+Operation;;OP_DELETE+source;;UpdateDomainXML" + + "+resource;;" + adminUserDN; + if (status.equals(SUCCESS)) { + // remove the user for this subsystem's admin + status2 = remove_from_ldap(adminUserDN); + if (status2.equals(SUCCESS)) { + auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, ILogger.SUCCESS, userAuditParams); - audit(auditMessage); + audit(auditMessage); - // remove this user from the subsystem group - userAuditParams = "Scope;;groups+Operation;;OP_DELETE_USER" + + // remove this user from the subsystem group + userAuditParams = "Scope;;groups+Operation;;OP_DELETE_USER" + "+source;;UpdateDomainXML" + - "+resource;;Subsystem Group+user;;"+adminUserDN; - dn = "cn=Subsystem Group, ou=groups," + basedn; - LDAPModification mod = new LDAPModification(LDAPModification.DELETE, + "+resource;;Subsystem Group+user;;" + adminUserDN; + dn = "cn=Subsystem Group, ou=groups," + basedn; + LDAPModification mod = new LDAPModification(LDAPModification.DELETE, new LDAPAttribute("uniqueMember", adminUserDN)); - status2 = modify_ldap(dn, mod); - if (status2.equals(SUCCESS)) { - auditMessage = CMS.getLogMessage( + status2 = modify_ldap(dn, mod); + if (status2.equals(SUCCESS)) { + auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, ILogger.SUCCESS, userAuditParams); - } else { - auditMessage = CMS.getLogMessage( + } else { + auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, ILogger.FAILURE, userAuditParams); - } - audit(auditMessage); - } else { // error deleting user - auditMessage = CMS.getLogMessage( + } + audit(auditMessage); + } else { // error deleting user + auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, ILogger.FAILURE, userAuditParams); - audit(auditMessage); - } + audit(auditMessage); } + } } else { - status = add_to_ldap(entry, dn); + status = add_to_ldap(entry, dn); } - } - else { + } else { // update the domain.xml file String path = CMS.getConfigStore().getString("instanceRoot", "") + "/conf/domain.xml"; @@ -430,7 +423,7 @@ public class UpdateDomainXML extends CMSServlet { CMS.debug("UpdateDomainXML: Inserting new domain info"); XMLObject parser = new XMLObject(new FileInputStream(path)); Node n = parser.getContainer(list); - int count =0; + int count = 0; if ((operation != null) && (operation.equals("remove"))) { // delete node @@ -444,11 +437,11 @@ public class UpdateDomainXML extends CMSServlet { Vector v_host = parser.getValuesFromContainer(nn, "Host"); Vector v_adminport = parser.getValuesFromContainer(nn, "SecureAdminPort"); if ((v_name.elementAt(0).equals(name)) && (v_host.elementAt(0).equals(host)) - && (v_adminport.elementAt(0).equals(adminsport))) { - Node parent = nn.getParentNode(); - Node remNode = parent.removeChild(nn); - count --; - break; + && (v_adminport.elementAt(0).equals(adminsport))) { + Node parent = nn.getParentNode(); + Node remNode = parent.removeChild(nn); + count--; + break; } } } else { @@ -463,33 +456,33 @@ public class UpdateDomainXML extends CMSServlet { parser.addItemToContainer(parent, "UnSecurePort", httpport); parser.addItemToContainer(parent, "DomainManager", domainmgr.toUpperCase()); parser.addItemToContainer(parent, "Clone", clone.toUpperCase()); - count ++; + count++; } - //update count + // update count String countS = ""; NodeList nlist = n.getChildNodes(); Node countnode = null; - for (int i=0; i<nlist.getLength(); i++) { - Element nn = (Element)nlist.item(i); + for (int i = 0; i < nlist.getLength(); i++) { + Element nn = (Element) nlist.item(i); String tagname = nn.getTagName(); if (tagname.equals("SubsystemCount")) { countnode = nn; NodeList nlist1 = nn.getChildNodes(); Node nn1 = nlist1.item(0); - countS = nn1.getNodeValue(); + countS = nn1.getNodeValue(); break; } } - CMS.debug("UpdateDomainXML process: SubsystemCount="+countS); + CMS.debug("UpdateDomainXML process: SubsystemCount=" + countS); try { - count += Integer.parseInt(countS); + count += Integer.parseInt(countS); } catch (Exception ee) { } Node nn2 = n.removeChild(countnode); - parser.addItemToContainer(n, "SubsystemCount", ""+count); + parser.addItemToContainer(n, "SubsystemCount", "" + count); // recreate domain.xml CMS.debug("UpdateDomainXML: Recreating domain.xml"); @@ -503,7 +496,7 @@ public class UpdateDomainXML extends CMSServlet { } } - + if (status.equals(SUCCESS)) { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, @@ -520,11 +513,11 @@ public class UpdateDomainXML extends CMSServlet { } audit(auditMessage); - if (status.equals(SUCCESS) && status2.equals(SUCCESS)) { - status = SUCCESS; - } else { - status = FAILED; - } + if (status.equals(SUCCESS) && status2.equals(SUCCESS)) { + status = SUCCESS; + } else { + status = FAILED; + } try { // send success status back to the requestor @@ -537,24 +530,34 @@ public class UpdateDomainXML extends CMSServlet { outputResult(httpResp, "application/xml", cb); } catch (Exception e) { - CMS.debug("UpdateDomainXML: Failed to send the XML output" + e.toString()); + CMS.debug("UpdateDomainXML: Failed to send the XML output" + e.toString()); } } protected String securityDomainXMLtoLDAP(String xmltag) { - if (xmltag.equals("Host")) return "host"; - else return xmltag; + if (xmltag.equals("Host")) + return "host"; + else + return xmltag; } - - protected void setDefaultTemplates(ServletConfig sc) {} + protected void setDefaultTemplates(ServletConfig sc) { + } protected void renderTemplate( CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) - throws IOException {// do nothing - } + throws IOException {// do nothing + } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java index 0a1787aa..c0d0db10 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.math.BigInteger; import java.util.Locale; @@ -45,7 +44,6 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ICMSTemplateFiller; import com.netscape.cmsutil.xml.XMLObject; - public class UpdateNumberRange extends CMSServlet { /** @@ -56,7 +54,7 @@ public class UpdateNumberRange extends CMSServlet { private final static String FAILED = "1"; private final static String AUTH_FAILURE = "2"; private final static String LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER = - "LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER_1"; + "LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER_1"; public UpdateNumberRange() { super(); @@ -64,6 +62,7 @@ public class UpdateNumberRange extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -73,11 +72,13 @@ public class UpdateNumberRange extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> * <li>http.param op 'downloadBIN' - return the binary certificate chain - * <li>http.param op 'displayIND' - display pretty-print of certificate chain components + * <li>http.param op 'displayIND' - display pretty-print of certificate + * chain components * </ul> + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -96,18 +97,18 @@ public class UpdateNumberRange extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "modify"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "modify"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, "Error: Not authorized"); return; } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, - "Error: Encountered problem during authorization."); + "Error: Encountered problem during authorization."); return; } if (authzToken == null) { @@ -131,13 +132,13 @@ public class UpdateNumberRange extends CMSServlet { BigInteger oneNum = new BigInteger("1"); String endNumConfig = null; String cloneNumConfig = null; - String nextEndConfig = null; + String nextEndConfig = null; int radix = 10; IRepository repo = null; if (cstype.equals("KRA")) { IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS.getSubsystem( - IKeyRecoveryAuthority.ID); + IKeyRecoveryAuthority.ID); if (type.equals("request")) { repo = kra.getRequestQueue().getRequestRepository(); } else if (type.equals("serialNo")) { @@ -147,7 +148,7 @@ public class UpdateNumberRange extends CMSServlet { } } else { // CA ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem( - ICertificateAuthority.ID); + ICertificateAuthority.ID); if (type.equals("request")) { repo = ca.getRequestQueue().getRequestRepository(); } else if (type.equals("serialNo")) { @@ -157,26 +158,28 @@ public class UpdateNumberRange extends CMSServlet { } } - // checkRanges for replicaID - we do this each time a replica is created. - // This needs to be done beforehand to ensure that we always have enough + // checkRanges for replicaID - we do this each time a replica is + // created. + // This needs to be done beforehand to ensure that we always have + // enough // replica numbers if (type.equals("replicaId")) { - CMS.debug("Checking replica number ranges"); - repo.checkRanges(); + CMS.debug("Checking replica number ranges"); + repo.checkRanges(); } - + if (type.equals("request")) { radix = 10; endNumConfig = "dbs.endRequestNumber"; cloneNumConfig = "dbs.requestCloneTransferNumber"; nextEndConfig = "dbs.nextEndRequestNumber"; } else if (type.equals("serialNo")) { - radix=16; + radix = 16; endNumConfig = "dbs.endSerialNumber"; cloneNumConfig = "dbs.serialCloneTransferNumber"; nextEndConfig = "dbs.nextEndSerialNumber"; } else if (type.equals("replicaId")) { - radix=10; + radix = 10; endNumConfig = "dbs.endReplicaNumber"; cloneNumConfig = "dbs.replicaCloneTransferNumber"; nextEndConfig = "dbs.nextEndReplicaNumber"; @@ -192,11 +195,11 @@ public class UpdateNumberRange extends CMSServlet { String nextEndNumStr = cs.getString(nextEndConfig, ""); BigInteger endNum2 = new BigInteger(nextEndNumStr, radix); CMS.debug("Transferring from the end of on-deck range"); - String newValStr = endNum2.subtract(decrement).toString(radix); - repo.setNextMaxSerial(newValStr); - cs.putString(nextEndConfig, newValStr); - beginNum = endNum2.subtract(decrement).add(oneNum); - endNum = endNum2; + String newValStr = endNum2.subtract(decrement).toString(radix); + repo.setNextMaxSerial(newValStr); + cs.putString(nextEndConfig, newValStr); + beginNum = endNum2.subtract(decrement).add(oneNum); + endNum = endNum2; } else { CMS.debug("Transferring from the end of the current range"); String newValStr = beginNum.subtract(oneNum).toString(radix); @@ -204,10 +207,9 @@ public class UpdateNumberRange extends CMSServlet { cs.putString(endNumConfig, newValStr); } - - if( beginNum == null ) { - CMS.debug( "UpdateNumberRange::process() - " + - "beginNum is null!" ); + if (beginNum == null) { + CMS.debug("UpdateNumberRange::process() - " + + "beginNum is null!"); auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER, auditSubjectID, @@ -219,7 +221,7 @@ public class UpdateNumberRange extends CMSServlet { // Enable serial number management in master for certs and requests if (type.equals("replicaId")) { - repo.setEnableSerialMgmt(true); + repo.setEnableSerialMgmt(true); } // insert info @@ -248,7 +250,7 @@ public class UpdateNumberRange extends CMSServlet { audit(auditMessage); } catch (Exception e) { - CMS.debug("UpdateNumberRange: Failed to update number range. Exception: "+e.toString()); + CMS.debug("UpdateNumberRange: Failed to update number range. Exception: " + e.toString()); auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER, @@ -261,14 +263,23 @@ public class UpdateNumberRange extends CMSServlet { } } - protected void setDefaultTemplates(ServletConfig sc) {} + protected void setDefaultTemplates(ServletConfig sc) { + } protected void renderTemplate( CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) - throws IOException {// do nothing - } + throws IOException {// do nothing + } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java index 2339c4c7..10161f1b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java @@ -40,7 +40,6 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ICMSTemplateFiller; import com.netscape.cmsutil.xml.XMLObject; - public class UpdateOCSPConfig extends CMSServlet { /** @@ -57,6 +56,7 @@ public class UpdateOCSPConfig extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -81,18 +81,18 @@ public class UpdateOCSPConfig extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "modify"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "modify"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, "Error: Not authorized"); return; } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, - "Error: Encountered problem during authorization."); + "Error: Encountered problem during authorization."); return; } if (authzToken == null) { @@ -108,31 +108,31 @@ public class UpdateOCSPConfig extends CMSServlet { nickname = cs.getString("ca.subsystem.nickname", ""); String tokenname = cs.getString("ca.subsystem.tokenname", ""); if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token")) - nickname = tokenname+":"+nickname; + nickname = tokenname + ":" + nickname; } catch (Exception e) { } - CMS.debug("UpdateOCSPConfig process: nickname="+nickname); + CMS.debug("UpdateOCSPConfig process: nickname=" + nickname); String ocsphost = httpReq.getParameter("ocsp_host"); String ocspport = httpReq.getParameter("ocsp_port"); try { cs.putString("ca.publish.enable", "true"); - cs.putString("ca.publish.publisher.instance.OCSPPublisher.host", - ocsphost); - cs.putString("ca.publish.publisher.instance.OCSPPublisher.port", - ocspport); - cs.putString("ca.publish.publisher.instance.OCSPPublisher.nickName", - nickname); + cs.putString("ca.publish.publisher.instance.OCSPPublisher.host", + ocsphost); + cs.putString("ca.publish.publisher.instance.OCSPPublisher.port", + ocspport); + cs.putString("ca.publish.publisher.instance.OCSPPublisher.nickName", + nickname); cs.putString("ca.publish.publisher.instance.OCSPPublisher.path", - "/ocsp/agent/ocsp/addCRL"); + "/ocsp/agent/ocsp/addCRL"); cs.putString("ca.publish.publisher.instance.OCSPPublisher.pluginName", "OCSPPublisher"); cs.putString("ca.publish.publisher.instance.OCSPPublisher.enableClientAuth", "true"); cs.putString("ca.publish.rule.instance.ocsprule.enable", "true"); cs.putString("ca.publish.rule.instance.ocsprule.mapper", "NoMap"); cs.putString("ca.publish.rule.instance.ocsprule.pluginName", "Rule"); - cs.putString("ca.publish.rule.instance.ocsprule.publisher", - "OCSPPublisher"); + cs.putString("ca.publish.rule.instance.ocsprule.publisher", + "OCSPPublisher"); cs.putString("ca.publish.rule.instance.ocsprule.type", "crl"); cs.commit(false); // insert info @@ -147,19 +147,28 @@ public class UpdateOCSPConfig extends CMSServlet { outputResult(httpResp, "application/xml", cb); } catch (Exception e) { - CMS.debug("UpdateOCSPConfig: Failed to update OCSP configuration. Exception: "+e.toString()); + CMS.debug("UpdateOCSPConfig: Failed to update OCSP configuration. Exception: " + e.toString()); outputError(httpResp, "Error: Failed to update OCSP configuration."); } } - protected void setDefaultTemplates(ServletConfig sc) {} + protected void setDefaultTemplates(ServletConfig sc) { + } protected void renderTemplate( CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) - throws IOException {// do nothing - } + throws IOException {// do nothing + } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomePanel.java index 7b1c9959..4224c4eb 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomePanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import javax.servlet.ServletConfig; @@ -35,13 +34,14 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class WelcomePanel extends WizardPanelBase { - public WelcomePanel() {} + public WelcomePanel() { + } /** * Initializes this panel. */ - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException { setPanelNo(panelno); setName("Welcome"); setId(id); @@ -52,19 +52,20 @@ public class WelcomePanel extends WizardPanelBase { cs.putBoolean("preop.welcome.done", false); } - public boolean isPanelDone() { + public boolean isPanelDone() { IConfigStore cs = CMS.getConfigStore(); try { return cs.getBoolean("preop.welcome.done"); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -80,7 +81,7 @@ public class WelcomePanel extends WizardPanelBase { try { context.put("cstype", cs.getString("cs.type")); context.put("wizardname", cs.getString("preop.wizard.name")); - context.put("panelname", + context.put("panelname", cs.getString("preop.system.fullname") + " Configuration Wizard"); context.put("systemname", cs.getString("preop.system.name")); @@ -90,7 +91,8 @@ public class WelcomePanel extends WizardPanelBase { cs.getString("preop.product.name")); context.put("productversion", cs.getString("preop.product.version")); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } context.put("panel", "admin/console/config/welcomepanel.vm"); } @@ -112,7 +114,8 @@ public class WelcomePanel extends WizardPanelBase { try { cs.putBoolean("preop.welcome.done", true); cs.commit(false); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } } /** @@ -120,5 +123,6 @@ public class WelcomePanel extends WizardPanelBase { */ public void displayError(HttpServletRequest request, HttpServletResponse response, - Context context) {/* This should never be called */} + Context context) {/* This should never be called */ + } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomeServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomeServlet.java index 06eb63ff..f5a96bc8 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomeServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomeServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -25,7 +24,6 @@ import org.apache.velocity.Template; import org.apache.velocity.app.Velocity; import org.apache.velocity.context.Context; - public class WelcomeServlet extends BaseServlet { /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java index a2a7d5df..70b427e5 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.ByteArrayInputStream; import java.io.IOException; import java.net.ConnectException; @@ -79,8 +78,8 @@ public class WizardPanelBase implements IWizardPanel { public static final String PRE_CONF_AGENT_GROUP = "preop.admin.group"; /** - * Definition for "preop" static variables in CS.cfg - * -- "preop" config parameters should not assumed to exist after configuation + * Definition for "preop" static variables in CS.cfg -- "preop" config + * parameters should not assumed to exist after configuation */ public static final String PRE_CONF_CA_TOKEN = "preop.module.token"; @@ -95,15 +94,13 @@ public class WizardPanelBase implements IWizardPanel { /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException - { + public void init(ServletConfig config, int panelno) + throws ServletException { mPanelNo = panelno; } - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException - { + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) + throws ServletException { mPanelNo = panelno; } @@ -142,7 +139,7 @@ public class WizardPanelBase implements IWizardPanel { return set; } - + /** * Should we skip this panel? */ @@ -187,7 +184,8 @@ public class WizardPanelBase implements IWizardPanel { */ public void display(HttpServletRequest request, HttpServletResponse response, - Context context) {} + Context context) { + } /** * Checks if the given parameters are valid. @@ -202,14 +200,16 @@ public class WizardPanelBase implements IWizardPanel { */ public void update(HttpServletRequest request, HttpServletResponse response, - Context context) throws IOException {} + Context context) throws IOException { + } /** * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, HttpServletResponse response, - Context context) {} + Context context) { + } /** * Retrieves locale based on the request. @@ -233,7 +233,8 @@ public class WizardPanelBase implements IWizardPanel { try { instanceID = config.getString("instanceId", ""); - } catch (Exception e) {} + } catch (Exception e) { + } String nickname = certTag + "Cert cert-" + instanceID; String preferredNickname = null; @@ -241,7 +242,8 @@ public class WizardPanelBase implements IWizardPanel { try { preferredNickname = config.getString( PCERT_PREFIX + certTag + ".nickname", null); - } catch (Exception e) {} + } catch (Exception e) { + } if (preferredNickname != null) { nickname = preferredNickname; @@ -250,7 +252,7 @@ public class WizardPanelBase implements IWizardPanel { } public void updateDomainXML(String hostname, int port, boolean https, - String servlet, String uri) throws IOException { + String servlet, String uri) throws IOException { CMS.debug("WizardPanelBase updateDomainXML start hostname=" + hostname + " port=" + port); IConfigStore cs = CMS.getConfigStore(); String nickname = ""; @@ -258,17 +260,18 @@ public class WizardPanelBase implements IWizardPanel { try { nickname = cs.getString("preop.cert.subsystem.nickname", ""); tokenname = cs.getString("preop.module.token", ""); - } catch (Exception e) {} + } catch (Exception e) { + } if (!tokenname.equals("") && - !tokenname.equals("Internal Key Storage Token") && - !tokenname.equals("internal")) { - nickname = tokenname+":"+nickname; + !tokenname.equals("Internal Key Storage Token") && + !tokenname.equals("internal")) { + nickname = tokenname + ":" + nickname; } CMS.debug("WizardPanelBase updateDomainXML nickname=" + nickname); CMS.debug("WizardPanelBase: start sending updateDomainXML request"); - String c = getHttpResponse(hostname, port, https, servlet, uri, nickname); + String c = getHttpResponse(hostname, port, https, servlet, uri, nickname); CMS.debug("WizardPanelBase: done sending updateDomainXML request"); if (c != null) { @@ -278,9 +281,9 @@ public class WizardPanelBase implements IWizardPanel { try { obj = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::updateDomainXML() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::updateDomainXML() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = obj.getValue("Status"); @@ -291,7 +294,7 @@ public class WizardPanelBase implements IWizardPanel { } else { String error = obj.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { CMS.debug("WizardPanelBase: updateDomainXML: " + e.toString()); throw e; @@ -302,8 +305,8 @@ public class WizardPanelBase implements IWizardPanel { } } - public int getSubsystemCount( String hostname, int https_admin_port, - boolean https, String type ) + public int getSubsystemCount(String hostname, int https_admin_port, + boolean https, String type) throws IOException { CMS.debug("WizardPanelBase getSubsystemCount start"); String c = getDomainXML(hostname, https_admin_port, true); @@ -311,12 +314,12 @@ public class WizardPanelBase implements IWizardPanel { try { ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); XMLObject obj = new XMLObject(bis); - String containerName = type+"List"; + String containerName = type + "List"; Node n = obj.getContainer(containerName); NodeList nlist = n.getChildNodes(); String countS = ""; - for (int i=0; i<nlist.getLength(); i++) { - Element nn = (Element)nlist.item(i); + for (int i = 0; i < nlist.getLength(); i++) { + Element nn = (Element) nlist.item(i); String tagname = nn.getTagName(); if (tagname.equals("SubsystemCount")) { NodeList nlist1 = nn.getChildNodes(); @@ -325,7 +328,7 @@ public class WizardPanelBase implements IWizardPanel { break; } } - CMS.debug("WizardPanelBase getSubsystemCount: SubsystemCount="+countS); + CMS.debug("WizardPanelBase getSubsystemCount: SubsystemCount=" + countS); int num = 0; if (countS != null && !countS.equals("")) { @@ -337,7 +340,7 @@ public class WizardPanelBase implements IWizardPanel { return num; } catch (Exception e) { - CMS.debug("WizardPanelBase: getSubsystemCount: "+e.toString()); + CMS.debug("WizardPanelBase: getSubsystemCount: " + e.toString()); throw new IOException(e.toString()); } } @@ -345,12 +348,12 @@ public class WizardPanelBase implements IWizardPanel { return -1; } - public String getDomainXML( String hostname, int https_admin_port, - boolean https ) + public String getDomainXML(String hostname, int https_admin_port, + boolean https) throws IOException { CMS.debug("WizardPanelBase getDomainXML start"); - String c = getHttpResponse( hostname, https_admin_port, https, - "/ca/admin/ca/getDomainXML", null, null ); + String c = getHttpResponse(hostname, https_admin_port, https, + "/ca/admin/ca/getDomainXML", null, null); if (c != null) { try { ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); @@ -359,9 +362,9 @@ public class WizardPanelBase implements IWizardPanel { try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::getDomainXML() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::getDomainXML() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); @@ -374,12 +377,12 @@ public class WizardPanelBase implements IWizardPanel { CMS.debug( "WizardPanelBase getDomainXML: domainInfo=" + domainInfo); - return domainInfo; + return domainInfo; } else { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { CMS.debug("WizardPanelBase: getDomainXML: " + e.toString()); throw e; @@ -392,29 +395,29 @@ public class WizardPanelBase implements IWizardPanel { return null; } - public String getSubsystemCert(String host, int port, boolean https) - throws IOException { + public String getSubsystemCert(String host, int port, boolean https) + throws IOException { CMS.debug("WizardPanelBase getSubsystemCert start"); - String c = getHttpResponse(host, port, https, - "/ca/admin/ca/getSubsystemCert", null, null); + String c = getHttpResponse(host, port, https, + "/ca/admin/ca/getSubsystemCert", null, null); if (c != null) { try { - ByteArrayInputStream bis = - new ByteArrayInputStream(c.getBytes()); + ByteArrayInputStream bis = + new ByteArrayInputStream(c.getBytes()); XMLObject parser = null; try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::getSubsystemCert() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::getSubsystemCert() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); if (status.equals(SUCCESS)) { String s = parser.getValue("Cert"); return s; } else - return null; + return null; } catch (Exception e) { } } @@ -423,10 +426,10 @@ public class WizardPanelBase implements IWizardPanel { } public void updateConnectorInfo(String host, int port, boolean https, - String content) throws IOException { + String content) throws IOException { CMS.debug("WizardPanelBase updateConnectorInfo start"); - String c = getHttpResponse(host, port, https, - "/ca/admin/ca/updateConnector", content, null); + String c = getHttpResponse(host, port, https, + "/ca/admin/ca/updateConnector", content, null); if (c != null) { try { ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); @@ -435,9 +438,9 @@ public class WizardPanelBase implements IWizardPanel { try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::updateConnectorInfo() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::updateConnectorInfo() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); @@ -447,7 +450,7 @@ public class WizardPanelBase implements IWizardPanel { if (!status.equals(SUCCESS)) { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { CMS.debug("WizardPanelBase: updateConnectorInfo: " + e.toString()); throw e; @@ -458,16 +461,16 @@ public class WizardPanelBase implements IWizardPanel { } } - public String getCertChainUsingSecureAdminPort( String hostname, + public String getCertChainUsingSecureAdminPort(String hostname, int https_admin_port, boolean https, ConfigCertApprovalCallback - certApprovalCallback ) + certApprovalCallback) throws IOException { CMS.debug("WizardPanelBase getCertChainUsingSecureAdminPort start"); - String c = getHttpResponse( hostname, https_admin_port, https, + String c = getHttpResponse(hostname, https_admin_port, https, "/ca/admin/ca/getCertChain", null, null, - certApprovalCallback ); + certApprovalCallback); if (c != null) { try { @@ -477,9 +480,9 @@ public class WizardPanelBase implements IWizardPanel { try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::getCertChainUsingSecureAdminPort() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::getCertChainUsingSecureAdminPort() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); @@ -493,12 +496,12 @@ public class WizardPanelBase implements IWizardPanel { CMS.debug( "WizardPanelBase getCertChainUsingSecureAdminPort: certchain=" + certchain); - return certchain; + return certchain; } else { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { CMS.debug("WizardPanelBase: getCertChainUsingSecureAdminPort: " + e.toString()); throw e; @@ -511,16 +514,16 @@ public class WizardPanelBase implements IWizardPanel { return null; } - public String getCertChainUsingSecureEEPort( String hostname, + public String getCertChainUsingSecureEEPort(String hostname, int https_ee_port, boolean https, ConfigCertApprovalCallback - certApprovalCallback ) + certApprovalCallback) throws IOException { CMS.debug("WizardPanelBase getCertChainUsingSecureEEPort start"); - String c = getHttpResponse( hostname, https_ee_port, https, + String c = getHttpResponse(hostname, https_ee_port, https, "/ca/ee/ca/getCertChain", null, null, - certApprovalCallback ); + certApprovalCallback); if (c != null) { try { @@ -530,9 +533,9 @@ public class WizardPanelBase implements IWizardPanel { try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::getCertChainUsingSecureEEPort() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::getCertChainUsingSecureEEPort() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); @@ -546,12 +549,12 @@ public class WizardPanelBase implements IWizardPanel { CMS.debug( "WizardPanelBase getCertChainUsingSecureEEPort: certchain=" + certchain); - return certchain; + return certchain; } else { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { CMS.debug("WizardPanelBase: getCertChainUsingSecureEEPort: " + e.toString()); throw e; @@ -565,8 +568,8 @@ public class WizardPanelBase implements IWizardPanel { } public boolean updateConfigEntries(String hostname, int port, boolean https, - String servlet, String uri, IConfigStore config, - HttpServletResponse response) throws IOException { + String servlet, String uri, IConfigStore config, + HttpServletResponse response) throws IOException { CMS.debug("WizardPanelBase updateConfigEntries start"); String c = getHttpResponse(hostname, port, https, servlet, uri, null); @@ -578,9 +581,9 @@ public class WizardPanelBase implements IWizardPanel { try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::updateConfigEntries() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::updateConfigEntries() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); @@ -594,11 +597,11 @@ public class WizardPanelBase implements IWizardPanel { } catch (Exception e) { CMS.debug("WizardPanelBase::updateConfigEntries() - unable to get cs.type: " + e.toString()); } - - Document doc = parser.getDocument(); + + Document doc = parser.getDocument(); NodeList list = doc.getElementsByTagName("name"); int len = list.getLength(); - for (int i=0; i<len; i++) { + for (int i = 0; i < len; i++) { Node n = list.item(i); NodeList nn = n.getChildNodes(); String name = nn.item(0).getNodeValue(); @@ -606,14 +609,14 @@ public class WizardPanelBase implements IWizardPanel { nn = parent.getChildNodes(); int len1 = nn.getLength(); String v = ""; - for (int j=0; j<len1; j++) { + for (int j = 0; j < len1; j++) { Node nv = nn.item(j); String val = nv.getNodeName(); if (val.equals("value")) { NodeList n2 = nv.getChildNodes(); if (n2.getLength() > 0) - v = n2.item(0).getNodeValue(); - break; + v = n2.item(0).getNodeValue(); + break; } } @@ -625,7 +628,7 @@ public class WizardPanelBase implements IWizardPanel { config.putString("preop.internaldb.master.binddn", v); } else if (name.equals("internaldb.basedn")) { config.putString(name, v); - config.putString("preop.internaldb.master.basedn", v); + config.putString("preop.internaldb.master.basedn", v); } else if (name.equals("internaldb.ldapauth.password")) { config.putString("preop.internaldb.master.bindpwd", v); } else if (name.equals("internaldb.replication.password")) { @@ -649,7 +652,7 @@ public class WizardPanelBase implements IWizardPanel { config.putString("preop.master.storage.nickname", v); config.putString("kra.storageUnit.nickName", v); config.putString("preop.cert.storage.nickname", v); - } else if (name.equals("cloning.audit_signing.nickname")) { + } else if (name.equals("cloning.audit_signing.nickname")) { config.putString("preop.master.audit_signing.nickname", v); config.putString("preop.cert.audit_signing.nickname", v); config.putString(name, v); @@ -686,7 +689,7 @@ public class WizardPanelBase implements IWizardPanel { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { CMS.debug("WizardPanelBase: updateConfigEntries: " + e.toString()); throw e; @@ -713,9 +716,9 @@ public class WizardPanelBase implements IWizardPanel { try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::authenticate() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::authenticate() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); @@ -729,7 +732,7 @@ public class WizardPanelBase implements IWizardPanel { } else { String error = parser.getValue("Error"); return false; - } + } } catch (Exception e) { CMS.debug("WizardPanelBase: authenticate: " + e.toString()); throw new IOException(e.toString()); @@ -739,12 +742,12 @@ public class WizardPanelBase implements IWizardPanel { return false; } - public void updateOCSPConfig(String hostname, int port, boolean https, - String content, HttpServletResponse response) - throws IOException { + public void updateOCSPConfig(String hostname, int port, boolean https, + String content, HttpServletResponse response) + throws IOException { CMS.debug("WizardPanelBase updateOCSPConfig start"); - String c = getHttpResponse(hostname, port, https, - "/ca/ee/ca/updateOCSPConfig", content, null); + String c = getHttpResponse(hostname, port, https, + "/ca/ee/ca/updateOCSPConfig", content, null); if (c == null || c.equals("")) { CMS.debug("WizardPanelBase updateOCSPConfig: content is null."); throw new IOException("The server you want to contact is not available"); @@ -756,9 +759,9 @@ public class WizardPanelBase implements IWizardPanel { try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::updateOCSPConfig() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::updateOCSPConfig() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); @@ -774,7 +777,7 @@ public class WizardPanelBase implements IWizardPanel { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { CMS.debug("WizardPanelBase updateOCSPConfig: " + e.toString()); throw e; @@ -785,10 +788,10 @@ public class WizardPanelBase implements IWizardPanel { } } - public void updateNumberRange(String hostname, int port, boolean https, - String content, String type, HttpServletResponse response) - throws IOException { - CMS.debug("WizardPanelBase updateNumberRange start host=" + hostname + + public void updateNumberRange(String hostname, int port, boolean https, + String content, String type, HttpServletResponse response) + throws IOException { + CMS.debug("WizardPanelBase updateNumberRange start host=" + hostname + " port=" + port); IConfigStore cs = CMS.getConfigStore(); String cstype = ""; @@ -798,13 +801,13 @@ public class WizardPanelBase implements IWizardPanel { } cstype = toLowerCaseSubsystemType(cstype); - String c = getHttpResponse(hostname, port, https, - "/"+cstype+"/ee/"+cstype+"/updateNumberRange", content, null); + String c = getHttpResponse(hostname, port, https, + "/" + cstype + "/ee/" + cstype + "/updateNumberRange", content, null); if (c == null || c.equals("")) { CMS.debug("WizardPanelBase updateNumberRange: content is null."); throw new IOException("The server you want to contact is not available"); } else { - CMS.debug("content="+c); + CMS.debug("content=" + c); try { ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); XMLObject parser = null; @@ -812,9 +815,9 @@ public class WizardPanelBase implements IWizardPanel { try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::updateNumberRange() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::updateNumberRange() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); @@ -843,7 +846,7 @@ public class WizardPanelBase implements IWizardPanel { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { CMS.debug("WizardPanelBase: updateNumberRange: " + e.toString()); CMS.debug(e); @@ -856,9 +859,9 @@ public class WizardPanelBase implements IWizardPanel { } } - public int getPort(String hostname, int port, boolean https, - String portServlet, boolean sport) - throws IOException { + public int getPort(String hostname, int port, boolean https, + String portServlet, boolean sport) + throws IOException { CMS.debug("WizardPanelBase getPort start"); String c = getHttpResponse(hostname, port, https, portServlet, "secure=" + sport, null); @@ -871,9 +874,9 @@ public class WizardPanelBase implements IWizardPanel { try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::getPort() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::getPort() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); @@ -889,7 +892,7 @@ public class WizardPanelBase implements IWizardPanel { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { CMS.debug("WizardPanelBase: getPort: " + e.toString()); throw e; @@ -903,14 +906,14 @@ public class WizardPanelBase implements IWizardPanel { } public String getHttpResponse(String hostname, int port, boolean secure, - String uri, String content, String clientnickname) throws IOException { + String uri, String content, String clientnickname) throws IOException { return getHttpResponse(hostname, port, secure, uri, content, clientnickname, null); } - public String getHttpResponse(String hostname, int port, boolean secure, - String uri, String content, String clientnickname, - SSLCertificateApprovalCallback certApprovalCallback) - throws IOException { + public String getHttpResponse(String hostname, int port, boolean secure, + String uri, String content, String clientnickname, + SSLCertificateApprovalCallback certApprovalCallback) + throws IOException { HttpClient httpclient = null; String c = null; @@ -960,8 +963,8 @@ public class WizardPanelBase implements IWizardPanel { return c; } - public boolean isSDHostDomainMaster (IConfigStore config) { - String dm="false"; + public boolean isSDHostDomainMaster(IConfigStore config) { + String dm = "false"; try { String hostname = config.getString("securitydomain.host"); int httpsadminport = config.getInteger("securitydomain.httpsadminport"); @@ -971,40 +974,40 @@ public class WizardPanelBase implements IWizardPanel { CMS.debug("Getting DomainMaster from security domain"); - ByteArrayInputStream bis = new ByteArrayInputStream( c.getBytes() ); - XMLObject parser = new XMLObject( bis ); + ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); + XMLObject parser = new XMLObject(bis); Document doc = parser.getDocument(); - NodeList nodeList = doc.getElementsByTagName( "CA" ); + NodeList nodeList = doc.getElementsByTagName("CA"); int len = nodeList.getLength(); - for( int i = 0; i < len; i++ ) { + for (int i = 0; i < len; i++) { Vector v_hostname = - parser.getValuesFromContainer( nodeList.item(i), - "Host" ); + parser.getValuesFromContainer(nodeList.item(i), + "Host"); Vector v_https_admin_port = - parser.getValuesFromContainer( nodeList.item(i), - "SecureAdminPort" ); + parser.getValuesFromContainer(nodeList.item(i), + "SecureAdminPort"); Vector v_domain_mgr = - parser.getValuesFromContainer( nodeList.item(i), - "DomainManager" ); + parser.getValuesFromContainer(nodeList.item(i), + "DomainManager"); - if( v_hostname.elementAt( 0 ).equals( hostname ) && - v_https_admin_port.elementAt( 0 ).equals( Integer.toString(httpsadminport) ) ) { - dm = v_domain_mgr.elementAt( 0 ).toString(); + if (v_hostname.elementAt(0).equals(hostname) && + v_https_admin_port.elementAt(0).equals(Integer.toString(httpsadminport))) { + dm = v_domain_mgr.elementAt(0).toString(); break; } } } catch (Exception e) { - CMS.debug( e.toString() ); + CMS.debug(e.toString()); } return dm.equalsIgnoreCase("true"); } - - public Vector getMasterUrlListFromSecurityDomain( IConfigStore config, + + public Vector getMasterUrlListFromSecurityDomain(IConfigStore config, String type, - String portType ) { + String portType) { Vector v = new Vector(); try { @@ -1026,13 +1029,13 @@ public class WizardPanelBase implements IWizardPanel { list = "TKSList"; } - CMS.debug( "Getting " + portType + " from Security Domain ..." ); - if( !portType.equals( "UnSecurePort" ) && - !portType.equals( "SecureAgentPort" ) && - !portType.equals( "SecurePort" ) && - !portType.equals( "SecureAdminPort" ) ) { - CMS.debug( "getPortFromSecurityDomain: " + - "unknown port type " + portType ); + CMS.debug("Getting " + portType + " from Security Domain ..."); + if (!portType.equals("UnSecurePort") && + !portType.equals("SecureAgentPort") && + !portType.equals("SecurePort") && + !portType.equals("SecureAdminPort")) { + CMS.debug("getPortFromSecurityDomain: " + + "unknown port type " + portType); return v; } @@ -1050,8 +1053,8 @@ public class WizardPanelBase implements IWizardPanel { CMS.debug("Len " + len); for (int i = 0; i < len; i++) { Vector v_clone = parser.getValuesFromContainer(nodeList.item(i), - "Clone"); - String clone = (String)v_clone.elementAt(0); + "Clone"); + String clone = (String) v_clone.elementAt(0); if (clone.equalsIgnoreCase("true")) continue; Vector v_name = parser.getValuesFromContainer(nodeList.item(i), @@ -1061,11 +1064,11 @@ public class WizardPanelBase implements IWizardPanel { Vector v_port = parser.getValuesFromContainer(nodeList.item(i), portType); - v.addElement( v_name.elementAt(0) + v.addElement(v_name.elementAt(0) + " - https://" + v_host.elementAt(0) + ":" - + v_port.elementAt(0) ); + + v_port.elementAt(0)); } } catch (Exception e) { CMS.debug(e.toString()); @@ -1074,9 +1077,9 @@ public class WizardPanelBase implements IWizardPanel { return v; } - public Vector getUrlListFromSecurityDomain( IConfigStore config, + public Vector getUrlListFromSecurityDomain(IConfigStore config, String type, - String portType ) { + String portType) { Vector v = new Vector(); try { @@ -1098,13 +1101,13 @@ public class WizardPanelBase implements IWizardPanel { list = "TKSList"; } - CMS.debug( "Getting " + portType + " from Security Domain ..." ); - if( !portType.equals( "UnSecurePort" ) && - !portType.equals( "SecureAgentPort" ) && - !portType.equals( "SecurePort" ) && - !portType.equals( "SecureAdminPort" ) ) { - CMS.debug( "getPortFromSecurityDomain: " + - "unknown port type " + portType ); + CMS.debug("Getting " + portType + " from Security Domain ..."); + if (!portType.equals("UnSecurePort") && + !portType.equals("SecureAgentPort") && + !portType.equals("SecurePort") && + !portType.equals("SecureAdminPort")) { + CMS.debug("getPortFromSecurityDomain: " + + "unknown port type " + portType); return v; } @@ -1132,17 +1135,17 @@ public class WizardPanelBase implements IWizardPanel { if (v_host.elementAt(0).equals(hostname) && v_admin_port.elementAt(0).equals(new Integer(httpsadminport).toString())) { // add security domain CA to the beginning of list - v.add( 0, v_name.elementAt(0) + v.add(0, v_name.elementAt(0) + " - https://" + v_host.elementAt(0) + ":" - + v_port.elementAt(0) ); + + v_port.elementAt(0)); } else { - v.addElement( v_name.elementAt(0) + v.addElement(v_name.elementAt(0) + " - https://" + v_host.elementAt(0) + ":" - + v_port.elementAt(0) ); + + v_port.elementAt(0)); } } } catch (Exception e) { @@ -1154,155 +1157,155 @@ public class WizardPanelBase implements IWizardPanel { // Given an HTTPS Hostname and EE port, // retrieve the associated HTTPS Admin port - public String getSecurityDomainAdminPort( IConfigStore config, + public String getSecurityDomainAdminPort(IConfigStore config, String hostname, String https_ee_port, - String cstype ) { + String cstype) { String https_admin_port = new String(); try { - String sd_hostname = config.getString( "securitydomain.host" ); + String sd_hostname = config.getString("securitydomain.host"); int sd_httpsadminport = - config.getInteger( "securitydomain.httpsadminport" ); + config.getInteger("securitydomain.httpsadminport"); - CMS.debug( "Getting domain.xml from CA ..." ); - String c = getDomainXML( sd_hostname, sd_httpsadminport, true ); + CMS.debug("Getting domain.xml from CA ..."); + String c = getDomainXML(sd_hostname, sd_httpsadminport, true); - CMS.debug( "Getting associated HTTPS Admin port from " + + CMS.debug("Getting associated HTTPS Admin port from " + "HTTPS Hostname '" + hostname + - "' and EE port '" + https_ee_port + "'" ); - ByteArrayInputStream bis = new ByteArrayInputStream( c.getBytes() ); - XMLObject parser = new XMLObject( bis ); + "' and EE port '" + https_ee_port + "'"); + ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); + XMLObject parser = new XMLObject(bis); Document doc = parser.getDocument(); - NodeList nodeList = doc.getElementsByTagName( cstype.toUpperCase() ); + NodeList nodeList = doc.getElementsByTagName(cstype.toUpperCase()); int len = nodeList.getLength(); - for( int i = 0; i < len; i++ ) { + for (int i = 0; i < len; i++) { Vector v_hostname = - parser.getValuesFromContainer( nodeList.item(i), - "Host" ); + parser.getValuesFromContainer(nodeList.item(i), + "Host"); Vector v_https_ee_port = - parser.getValuesFromContainer( nodeList.item(i), - "SecurePort" ); + parser.getValuesFromContainer(nodeList.item(i), + "SecurePort"); Vector v_https_admin_port = - parser.getValuesFromContainer( nodeList.item(i), - "SecureAdminPort" ); + parser.getValuesFromContainer(nodeList.item(i), + "SecureAdminPort"); - if( v_hostname.elementAt( 0 ).equals( hostname ) && - v_https_ee_port.elementAt( 0 ).equals( https_ee_port ) ) { + if (v_hostname.elementAt(0).equals(hostname) && + v_https_ee_port.elementAt(0).equals(https_ee_port)) { https_admin_port = - v_https_admin_port.elementAt( 0 ).toString(); + v_https_admin_port.elementAt(0).toString(); break; } } } catch (Exception e) { - CMS.debug( e.toString() ); + CMS.debug(e.toString()); } - return( https_admin_port ); + return (https_admin_port); } - public String getSecurityDomainPort( IConfigStore config, - String portType ) { + public String getSecurityDomainPort(IConfigStore config, + String portType) { String port = new String(); try { - String hostname = config.getString( "securitydomain.host" ); + String hostname = config.getString("securitydomain.host"); int httpsadminport = - config.getInteger( "securitydomain.httpsadminport" ); - - CMS.debug( "Getting domain.xml from CA ..." ); - String c = getDomainXML( hostname, httpsadminport, true ); - - CMS.debug( "Getting " + portType + " from Security Domain ..." ); - if( !portType.equals( "UnSecurePort" ) && - !portType.equals( "SecureAgentPort" ) && - !portType.equals( "SecurePort" ) && - !portType.equals( "SecureAdminPort" ) ) { - CMS.debug( "getPortFromSecurityDomain: " + - "unknown port type " + portType ); + config.getInteger("securitydomain.httpsadminport"); + + CMS.debug("Getting domain.xml from CA ..."); + String c = getDomainXML(hostname, httpsadminport, true); + + CMS.debug("Getting " + portType + " from Security Domain ..."); + if (!portType.equals("UnSecurePort") && + !portType.equals("SecureAgentPort") && + !portType.equals("SecurePort") && + !portType.equals("SecureAdminPort")) { + CMS.debug("getPortFromSecurityDomain: " + + "unknown port type " + portType); return ""; } - ByteArrayInputStream bis = new ByteArrayInputStream( c.getBytes() ); - XMLObject parser = new XMLObject( bis ); + ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); + XMLObject parser = new XMLObject(bis); Document doc = parser.getDocument(); - NodeList nodeList = doc.getElementsByTagName( "CA" ); + NodeList nodeList = doc.getElementsByTagName("CA"); int len = nodeList.getLength(); - for( int i = 0; i < len; i++ ) { + for (int i = 0; i < len; i++) { Vector v_admin_port = - parser.getValuesFromContainer( nodeList.item(i), - "SecureAdminPort" ); + parser.getValuesFromContainer(nodeList.item(i), + "SecureAdminPort"); Vector v_port = null; - if( portType.equals( "UnSecurePort" ) ) { - v_port = parser.getValuesFromContainer( nodeList.item(i), - "UnSecurePort" ); - } else if( portType.equals( "SecureAgentPort" ) ) { - v_port = parser.getValuesFromContainer( nodeList.item(i), - "SecureAgentPort" ); - } else if( portType.equals( "SecurePort" ) ) { - v_port = parser.getValuesFromContainer( nodeList.item(i), - "SecurePort" ); - } else if( portType.equals( "SecureAdminPort" ) ) { - v_port = parser.getValuesFromContainer( nodeList.item(i), - "SecureAdminPort" ); + if (portType.equals("UnSecurePort")) { + v_port = parser.getValuesFromContainer(nodeList.item(i), + "UnSecurePort"); + } else if (portType.equals("SecureAgentPort")) { + v_port = parser.getValuesFromContainer(nodeList.item(i), + "SecureAgentPort"); + } else if (portType.equals("SecurePort")) { + v_port = parser.getValuesFromContainer(nodeList.item(i), + "SecurePort"); + } else if (portType.equals("SecureAdminPort")) { + v_port = parser.getValuesFromContainer(nodeList.item(i), + "SecureAdminPort"); } - if( ( v_port != null ) && - ( v_admin_port.elementAt( 0 ).equals( - Integer.toString( httpsadminport ) ) ) ) { - port = v_port.elementAt( 0 ).toString(); + if ((v_port != null) && + (v_admin_port.elementAt(0).equals( + Integer.toString(httpsadminport)))) { + port = v_port.elementAt(0).toString(); break; } } } catch (Exception e) { - CMS.debug( e.toString() ); + CMS.debug(e.toString()); } - return( port ); + return (port); } - public String pingCS( String hostname, int port, boolean https, - SSLCertificateApprovalCallback certApprovalCallback ) - throws IOException { - CMS.debug( "WizardPanelBase pingCS: started" ); + public String pingCS(String hostname, int port, boolean https, + SSLCertificateApprovalCallback certApprovalCallback) + throws IOException { + CMS.debug("WizardPanelBase pingCS: started"); - String c = getHttpResponse( hostname, port, https, - "/ca/admin/ca/getStatus", - null, null, certApprovalCallback ); + String c = getHttpResponse(hostname, port, https, + "/ca/admin/ca/getStatus", + null, null, certApprovalCallback); - if( c != null ) { + if (c != null) { try { ByteArrayInputStream bis = new - ByteArrayInputStream( c.getBytes() ); + ByteArrayInputStream(c.getBytes()); XMLObject parser = null; String state = null; try { - parser = new XMLObject( bis ); - CMS.debug( "WizardPanelBase pingCS: got XML parsed" ); - state = parser.getValue( "State" ); + parser = new XMLObject(bis); + CMS.debug("WizardPanelBase pingCS: got XML parsed"); + state = parser.getValue("State"); - if( state != null ) { - CMS.debug( "WizardPanelBase pingCS: state=" + state ); + if (state != null) { + CMS.debug("WizardPanelBase pingCS: state=" + state); } } catch (Exception e) { - CMS.debug( "WizardPanelBase: pingCS: parser failed" - + e.toString() ); + CMS.debug("WizardPanelBase: pingCS: parser failed" + + e.toString()); } return state; - } catch( Exception e ) { - CMS.debug( "WizardPanelBase: pingCS: " + e.toString() ); - throw new IOException( e.toString() ); + } catch (Exception e) { + CMS.debug("WizardPanelBase: pingCS: " + e.toString()); + throw new IOException(e.toString()); } } - CMS.debug( "WizardPanelBase pingCS: stopped" ); + CMS.debug("WizardPanelBase pingCS: stopped"); return null; } @@ -1311,7 +1314,7 @@ public class WizardPanelBase implements IWizardPanel { if (s.equals("CA")) { x = "ca"; } else if (s.equals("KRA")) { - x = "kra"; + x = "kra"; } else if (s.equals("OCSP")) { x = "ocsp"; } else if (s.equals("TKS")) { @@ -1321,14 +1324,14 @@ public class WizardPanelBase implements IWizardPanel { return x; } - public void getTokenInfo(IConfigStore config, String type, String host, - int https_ee_port, boolean https, Context context, - ConfigCertApprovalCallback certApprovalCallback) throws IOException { + public void getTokenInfo(IConfigStore config, String type, String host, + int https_ee_port, boolean https, Context context, + ConfigCertApprovalCallback certApprovalCallback) throws IOException { CMS.debug("WizardPanelBase getTokenInfo start"); - String uri = "/"+type+"/ee/"+type+"/getTokenInfo"; - CMS.debug("WizardPanelBase getTokenInfo: uri="+uri); + String uri = "/" + type + "/ee/" + type + "/getTokenInfo"; + CMS.debug("WizardPanelBase getTokenInfo: uri=" + uri); String c = getHttpResponse(host, https_ee_port, https, uri, null, null, - certApprovalCallback); + certApprovalCallback); if (c != null) { try { ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); @@ -1337,9 +1340,9 @@ public class WizardPanelBase implements IWizardPanel { try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::getTokenInfo() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::getTokenInfo() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); @@ -1350,7 +1353,7 @@ public class WizardPanelBase implements IWizardPanel { Document doc = parser.getDocument(); NodeList list = doc.getElementsByTagName("name"); int len = list.getLength(); - for (int i=0; i<len; i++) { + for (int i = 0; i < len; i++) { Node n = list.item(i); NodeList nn = n.getChildNodes(); String name = nn.item(0).getNodeValue(); @@ -1358,17 +1361,17 @@ public class WizardPanelBase implements IWizardPanel { nn = parent.getChildNodes(); int len1 = nn.getLength(); String v = ""; - for (int j=0; j<len1; j++) { + for (int j = 0; j < len1; j++) { Node nv = nn.item(j); String val = nv.getNodeName(); if (val.equals("value")) { NodeList n2 = nv.getChildNodes(); if (n2.getLength() > 0) v = n2.item(0).getNodeValue(); - break; + break; } } - if (name.equals("cloning.signing.nickname")) { + if (name.equals("cloning.signing.nickname")) { config.putString("preop.master.signing.nickname", v); config.putString(type + ".cert.signing.nickname", v); config.putString(name, v); @@ -1406,19 +1409,20 @@ public class WizardPanelBase implements IWizardPanel { } // reset nicknames for system cert verification - String token = config.getString("preop.module.token", + String token = config.getString("preop.module.token", "Internal Key Storage Token"); - if (! token.equals("Internal Key Storage Token")) { + if (!token.equals("Internal Key Storage Token")) { String certlist = config.getString("preop.cert.list"); StringTokenizer t1 = new StringTokenizer(certlist, ","); while (t1.hasMoreTokens()) { String tag = t1.nextToken(); - if (tag.equals("sslserver")) continue; - config.putString(type + ".cert." + tag + ".nickname", - token + ":" + - config.getString(type + ".cert." + tag + ".nickname", "")); - } + if (tag.equals("sslserver")) + continue; + config.putString(type + ".cert." + tag + ".nickname", + token + ":" + + config.getString(type + ".cert." + tag + ".nickname", "")); + } } } else { String error = parser.getValue("Error"); @@ -1431,7 +1435,7 @@ public class WizardPanelBase implements IWizardPanel { CMS.debug("WizardPanelBase: getTokenInfo: " + e.toString()); throw new IOException(e.toString()); } - } + } } public void importCertChain(String id) throws IOException { @@ -1442,31 +1446,32 @@ public class WizardPanelBase implements IWizardPanel { try { pkcs7 = config.getString(configName, ""); - } catch (Exception e) {} + } catch (Exception e) { + } if (pkcs7.length() > 0) { try { CryptoUtil.importCertificateChain(pkcs7); } catch (Exception e) { - CMS.debug("DisplayCertChainPanel importCertChain: Exception: "+e.toString()); + CMS.debug("DisplayCertChainPanel importCertChain: Exception: " + e.toString()); } } } public void updateCertChain(IConfigStore config, String name, String host, - int https_admin_port, boolean https, Context context) throws IOException { - updateCertChain( config, name, host, https_admin_port, - https, context, null ); + int https_admin_port, boolean https, Context context) throws IOException { + updateCertChain(config, name, host, https_admin_port, + https, context, null); } public void updateCertChain(IConfigStore config, String name, String host, - int https_admin_port, boolean https, Context context, - ConfigCertApprovalCallback certApprovalCallback) throws IOException { - String certchain = getCertChainUsingSecureAdminPort( host, + int https_admin_port, boolean https, Context context, + ConfigCertApprovalCallback certApprovalCallback) throws IOException { + String certchain = getCertChainUsingSecureAdminPort(host, https_admin_port, https, - certApprovalCallback ); - config.putString("preop."+name+".pkcs7", certchain); + certApprovalCallback); + config.putString("preop." + name + ".pkcs7", certchain); byte[] decoded = CryptoUtil.base64Decode(certchain); java.security.cert.X509Certificate[] b_certchain = null; @@ -1475,7 +1480,7 @@ public class WizardPanelBase implements IWizardPanel { b_certchain = CryptoUtil.getX509CertificateFromPKCS7(decoded); } catch (Exception e) { context.put("errorString", - "Failed to get the certificate chain."); + "Failed to get the certificate chain."); return; } @@ -1483,7 +1488,7 @@ public class WizardPanelBase implements IWizardPanel { if (b_certchain != null) { size = b_certchain.length; } - config.putInteger("preop."+name+".certchain.size", size); + config.putInteger("preop." + name + ".certchain.size", size); for (int i = 0; i < size; i++) { byte[] bb = null; @@ -1491,11 +1496,11 @@ public class WizardPanelBase implements IWizardPanel { bb = b_certchain[i].getEncoded(); } catch (Exception e) { context.put("errorString", - "Failed to get the der-encoded certificate chain."); + "Failed to get the der-encoded certificate chain."); return; } - config.putString("preop."+name+".certchain." + i, - CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bb))); + config.putString("preop." + name + ".certchain." + i, + CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bb))); } try { @@ -1504,16 +1509,16 @@ public class WizardPanelBase implements IWizardPanel { } } - public void updateCertChainUsingSecureEEPort( IConfigStore config, + public void updateCertChainUsingSecureEEPort(IConfigStore config, String name, String host, int https_ee_port, boolean https, - Context context, - ConfigCertApprovalCallback certApprovalCallback ) throws IOException { - String certchain = getCertChainUsingSecureEEPort( host, https_ee_port, + Context context, + ConfigCertApprovalCallback certApprovalCallback) throws IOException { + String certchain = getCertChainUsingSecureEEPort(host, https_ee_port, https, certApprovalCallback); - config.putString("preop."+name+".pkcs7", certchain); + config.putString("preop." + name + ".pkcs7", certchain); byte[] decoded = CryptoUtil.base64Decode(certchain); java.security.cert.X509Certificate[] b_certchain = null; @@ -1522,7 +1527,7 @@ public class WizardPanelBase implements IWizardPanel { b_certchain = CryptoUtil.getX509CertificateFromPKCS7(decoded); } catch (Exception e) { context.put("errorString", - "Failed to get the certificate chain."); + "Failed to get the certificate chain."); return; } @@ -1530,7 +1535,7 @@ public class WizardPanelBase implements IWizardPanel { if (b_certchain != null) { size = b_certchain.length; } - config.putInteger("preop."+name+".certchain.size", size); + config.putInteger("preop." + name + ".certchain.size", size); for (int i = 0; i < size; i++) { byte[] bb = null; @@ -1538,11 +1543,11 @@ public class WizardPanelBase implements IWizardPanel { bb = b_certchain[i].getEncoded(); } catch (Exception e) { context.put("errorString", - "Failed to get the der-encoded certificate chain."); + "Failed to get the der-encoded certificate chain."); return; } - config.putString("preop."+name+".certchain." + i, - CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bb))); + config.putString("preop." + name + ".certchain." + i, + CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bb))); } try { @@ -1558,26 +1563,26 @@ public class WizardPanelBase implements IWizardPanel { CryptoStore store = tok.getCryptoStore(); String fullnickname = nickname; if (!tokenname.equals("") && - !tokenname.equals("Internal Key Storage Token") && - !tokenname.equals("internal")) - fullnickname = tokenname+":"+nickname; + !tokenname.equals("Internal Key Storage Token") && + !tokenname.equals("internal")) + fullnickname = tokenname + ":" + nickname; - CMS.debug("WizardPanelBase deleteCert: nickname="+fullnickname); + CMS.debug("WizardPanelBase deleteCert: nickname=" + fullnickname); org.mozilla.jss.crypto.X509Certificate cert = cm.findCertByNickname(fullnickname); if (store instanceof PK11Store) { CMS.debug("WizardPanelBase deleteCert: this is pk11store"); - PK11Store pk11store = (PK11Store)store; + PK11Store pk11store = (PK11Store) store; pk11store.deleteCertOnly(cert); CMS.debug("WizardPanelBase deleteCert: cert deleted successfully"); } } catch (Exception e) { - CMS.debug("WizardPanelBase deleteCert: Exception="+e.toString()); + CMS.debug("WizardPanelBase deleteCert: Exception=" + e.toString()); } } public void deleteEntries(LDAPSearchResults res, LDAPConnection conn, - String dn, String[] entries) { + String dn, String[] entries) { String[] attrs = null; LDAPSearchConstraints cons = null; String filter = "objectclass=*"; @@ -1595,23 +1600,23 @@ public class WizardPanelBase implements IWizardPanel { } } } catch (Exception ee) { - CMS.debug("WizardPanelBase deleteEntries: Exception="+ee.toString()); + CMS.debug("WizardPanelBase deleteEntries: Exception=" + ee.toString()); } } public void deleteEntry(LDAPConnection conn, String dn, String[] entries) { try { - for (int i=0; i<entries.length; i++) { + for (int i = 0; i < entries.length; i++) { if (LDAPDN.equals(dn, entries[i])) { - CMS.debug("WizardPanelBase deleteEntry: entry with this dn "+dn+" is not deleted."); + CMS.debug("WizardPanelBase deleteEntry: entry with this dn " + dn + " is not deleted."); return; } } - CMS.debug("WizardPanelBase deleteEntry: deleting dn="+dn); + CMS.debug("WizardPanelBase deleteEntry: deleting dn=" + dn); conn.delete(dn); } catch (Exception e) { - CMS.debug("WizardPanelBase deleteEntry: Exception="+e.toString()); + CMS.debug("WizardPanelBase deleteEntry: Exception=" + e.toString()); } } @@ -1624,12 +1629,12 @@ public class WizardPanelBase implements IWizardPanel { int cs_port = cs.getInteger("pkicreate.admin_secure_port", -1); int panel = getPanelNo(); String subsystem = cs.getString("cs.type", ""); - String urlVal = "https://"+cs_hostname+":"+cs_port+"/"+toLowerCaseSubsystemType(subsystem)+"/admin/console/config/wizard?p="+panel+"&subsystem="+subsystem; + String urlVal = "https://" + cs_hostname + ":" + cs_port + "/" + toLowerCaseSubsystemType(subsystem) + "/admin/console/config/wizard?p=" + panel + "&subsystem=" + subsystem; String encodedValue = URLEncoder.encode(urlVal, "UTF-8"); - String sdurl = "https://"+hostname+":"+port+"/ca/admin/ca/securityDomainLogin?url="+encodedValue; + String sdurl = "https://" + hostname + ":" + port + "/ca/admin/ca/securityDomainLogin?url=" + encodedValue; response.sendRedirect(sdurl); } catch (Exception e) { - CMS.debug("WizardPanelBase reloginSecurityDomain: Exception="+e.toString()); + CMS.debug("WizardPanelBase reloginSecurityDomain: Exception=" + e.toString()); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/filter/AdminRequestFilter.java b/pki/base/common/src/com/netscape/cms/servlet/filter/AdminRequestFilter.java index bbfa4b39..ca184988 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/filter/AdminRequestFilter.java +++ b/pki/base/common/src/com/netscape/cms/servlet/filter/AdminRequestFilter.java @@ -28,30 +28,28 @@ import javax.servlet.http.HttpServletResponse; import com.netscape.certsrv.apps.CMS; -public class AdminRequestFilter implements Filter -{ +public class AdminRequestFilter implements Filter { private static final String HTTPS_SCHEME = "https"; private static final String HTTPS_PORT = "https_port"; private static final String HTTPS_ROLE = "Admin"; private static final String PROXY_PORT = "proxy_port"; private FilterConfig config; - + /* Create a new AdminRequestFilter */ - public AdminRequestFilter() {} - - public void init( FilterConfig filterConfig ) - throws ServletException - { + public AdminRequestFilter() { + } + + public void init(FilterConfig filterConfig) + throws ServletException { this.config = filterConfig; } - - public void doFilter( ServletRequest request, + + public void doFilter(ServletRequest request, ServletResponse response, - FilterChain chain ) + FilterChain chain) throws java.io.IOException, - ServletException - { + ServletException { String filterName = getClass().getName(); String scheme = null; @@ -64,32 +62,32 @@ public class AdminRequestFilter implements Filter String param_active = null; // CMS.debug("Entering the admin filter"); - param_active = config.getInitParameter( "active"); + param_active = config.getInitParameter("active"); - if( request instanceof HttpServletRequest ) { - HttpServletResponse resp = ( HttpServletResponse ) response; + if (request instanceof HttpServletRequest) { + HttpServletResponse resp = (HttpServletResponse) response; - // RFC 1738: verify that scheme is "https" + // RFC 1738: verify that scheme is "https" scheme = request.getScheme(); - if( ! scheme.equals( HTTPS_SCHEME ) ) { + if (!scheme.equals(HTTPS_SCHEME)) { msg = "The scheme MUST be '" + HTTPS_SCHEME - + "', NOT '" + scheme + "'!"; - CMS.debug( filterName + ": " + msg ); - resp.sendError( HttpServletResponse.SC_UNAUTHORIZED, msg ); + + "', NOT '" + scheme + "'!"; + CMS.debug(filterName + ": " + msg); + resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, msg); return; } // Always obtain an "https" port from request port = request.getLocalPort(); - request_port = Integer.toString( port ); + request_port = Integer.toString(port); // Always obtain the "https" port passed in as a parameter - param_https_port = config.getInitParameter( HTTPS_PORT ); - if( param_https_port == null ) { + param_https_port = config.getInitParameter(HTTPS_PORT); + if (param_https_port == null) { msg = "The <param-name> '" + HTTPS_PORT - + "' </param-name> " + "MUST be specified in 'web.xml'!"; - CMS.debug( filterName + ": " + msg ); - resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg ); + + "' </param-name> " + "MUST be specified in 'web.xml'!"; + CMS.debug(filterName + ": " + msg); + resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg); return; } @@ -97,29 +95,29 @@ public class AdminRequestFilter implements Filter boolean bad_port = false; // Compare the request and param "https" ports - if( ! param_https_port.equals( request_port ) ) { + if (!param_https_port.equals(request_port)) { String uri = ((HttpServletRequest) request).getRequestURI(); - if (param_proxy_port != null) { + if (param_proxy_port != null) { if (!param_proxy_port.equals(request_port)) { msg = "Use HTTPS port '" + param_https_port - + "' or proxy port '" + param_proxy_port - + "' instead of '" + request_port - + "' when performing " + HTTPS_ROLE + " tasks!"; + + "' or proxy port '" + param_proxy_port + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; bad_port = true; } } else { msg = "Use HTTPS port '" + param_https_port - + "' instead of '" + request_port - + "' when performing " + HTTPS_ROLE + " tasks!"; + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; bad_port = true; } if (bad_port) { - CMS.debug( filterName + ": " + msg ); - CMS.debug( filterName + ": uri is " + uri); - if ((param_active != null) &&(param_active.equals("false"))) { + CMS.debug(filterName + ": " + msg); + CMS.debug(filterName + ": uri is " + uri); + if ((param_active != null) && (param_active.equals("false"))) { CMS.debug("Filter is disabled .. continuing"); } else { - resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg ); + resp.sendError(HttpServletResponse.SC_NOT_FOUND, msg); return; } } @@ -128,11 +126,9 @@ public class AdminRequestFilter implements Filter // CMS.debug("Exiting the admin filter"); - chain.doFilter( request, response ); + chain.doFilter(request, response); } - - public void destroy() - { + + public void destroy() { } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/filter/AgentRequestFilter.java b/pki/base/common/src/com/netscape/cms/servlet/filter/AgentRequestFilter.java index 1ae44a64..163e3a18 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/filter/AgentRequestFilter.java +++ b/pki/base/common/src/com/netscape/cms/servlet/filter/AgentRequestFilter.java @@ -28,30 +28,28 @@ import javax.servlet.http.HttpServletResponse; import com.netscape.certsrv.apps.CMS; -public class AgentRequestFilter implements Filter -{ +public class AgentRequestFilter implements Filter { private static final String HTTPS_SCHEME = "https"; private static final String HTTPS_PORT = "https_port"; private static final String HTTPS_ROLE = "Agent"; private static final String PROXY_PORT = "proxy_port"; private FilterConfig config; - + /* Create a new AgentRequestFilter */ - public AgentRequestFilter() {} - - public void init( FilterConfig filterConfig ) - throws ServletException - { + public AgentRequestFilter() { + } + + public void init(FilterConfig filterConfig) + throws ServletException { this.config = filterConfig; } - - public void doFilter( ServletRequest request, + + public void doFilter(ServletRequest request, ServletResponse response, - FilterChain chain ) + FilterChain chain) throws java.io.IOException, - ServletException - { + ServletException { String filterName = getClass().getName(); String scheme = null; @@ -65,32 +63,32 @@ public class AgentRequestFilter implements Filter String param_active = null; // CMS.debug("Entering the agent filter"); - param_active = config.getInitParameter( "active"); + param_active = config.getInitParameter("active"); - if( request instanceof HttpServletRequest ) { - HttpServletResponse resp = ( HttpServletResponse ) response; + if (request instanceof HttpServletRequest) { + HttpServletResponse resp = (HttpServletResponse) response; - // RFC 1738: verify that scheme is "https" + // RFC 1738: verify that scheme is "https" scheme = request.getScheme(); - if( ! scheme.equals( HTTPS_SCHEME ) ) { + if (!scheme.equals(HTTPS_SCHEME)) { msg = "The scheme MUST be '" + HTTPS_SCHEME - + "', NOT '" + scheme + "'!"; - CMS.debug( filterName + ": " + msg ); - resp.sendError( HttpServletResponse.SC_UNAUTHORIZED, msg ); + + "', NOT '" + scheme + "'!"; + CMS.debug(filterName + ": " + msg); + resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, msg); return; } // Always obtain an "https" port from request port = request.getLocalPort(); - request_port = Integer.toString( port ); + request_port = Integer.toString(port); // Always obtain the "https" port passed in as a parameter - param_https_port = config.getInitParameter( HTTPS_PORT ); - if( param_https_port == null ) { + param_https_port = config.getInitParameter(HTTPS_PORT); + if (param_https_port == null) { msg = "The <param-name> '" + HTTPS_PORT - + "' </param-name> " + "MUST be specified in 'web.xml'!"; - CMS.debug( filterName + ": " + msg ); - resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg ); + + "' </param-name> " + "MUST be specified in 'web.xml'!"; + CMS.debug(filterName + ": " + msg); + resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg); return; } @@ -98,29 +96,29 @@ public class AgentRequestFilter implements Filter boolean bad_port = false; // Compare the request and param "https" ports - if( ! param_https_port.equals( request_port ) ) { + if (!param_https_port.equals(request_port)) { String uri = ((HttpServletRequest) request).getRequestURI(); if (param_proxy_port != null) { if (!param_proxy_port.equals(request_port)) { msg = "Use HTTPS port '" + param_https_port - + "' or proxy port '" + param_proxy_port - + "' instead of '" + request_port - + "' when performing " + HTTPS_ROLE + " tasks!"; + + "' or proxy port '" + param_proxy_port + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; bad_port = true; } } else { msg = "Use HTTPS port '" + param_https_port - + "' instead of '" + request_port - + "' when performing " + HTTPS_ROLE + " tasks!"; + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; bad_port = true; } if (bad_port) { - CMS.debug( filterName + ": " + msg ); - CMS.debug( filterName + ": uri is " + uri); - if ((param_active != null) &&(param_active.equals("false"))) { + CMS.debug(filterName + ": " + msg); + CMS.debug(filterName + ": uri is " + uri); + if ((param_active != null) && (param_active.equals("false"))) { CMS.debug("Filter is disabled .. continuing"); } else { - resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg ); + resp.sendError(HttpServletResponse.SC_NOT_FOUND, msg); return; } } @@ -128,11 +126,9 @@ public class AgentRequestFilter implements Filter } // CMS.debug("Exiting the Agent filter"); - chain.doFilter( request, response ); + chain.doFilter(request, response); } - - public void destroy() - { + + public void destroy() { } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/filter/EEClientAuthRequestFilter.java b/pki/base/common/src/com/netscape/cms/servlet/filter/EEClientAuthRequestFilter.java index 8b53c6c6..e734458e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/filter/EEClientAuthRequestFilter.java +++ b/pki/base/common/src/com/netscape/cms/servlet/filter/EEClientAuthRequestFilter.java @@ -28,30 +28,28 @@ import javax.servlet.http.HttpServletResponse; import com.netscape.certsrv.apps.CMS; -public class EEClientAuthRequestFilter implements Filter -{ +public class EEClientAuthRequestFilter implements Filter { private static final String HTTPS_SCHEME = "https"; private static final String HTTPS_PORT = "https_port"; private static final String HTTPS_ROLE = "EE Client Auth"; private static final String PROXY_PORT = "proxy_port"; private FilterConfig config; - + /* Create a new EEClientAuthRequestFilter */ - public EEClientAuthRequestFilter() {} - - public void init( FilterConfig filterConfig ) - throws ServletException - { + public EEClientAuthRequestFilter() { + } + + public void init(FilterConfig filterConfig) + throws ServletException { this.config = filterConfig; } - - public void doFilter( ServletRequest request, + + public void doFilter(ServletRequest request, ServletResponse response, - FilterChain chain ) + FilterChain chain) throws java.io.IOException, - ServletException - { + ServletException { String filterName = getClass().getName(); String scheme = null; @@ -64,32 +62,32 @@ public class EEClientAuthRequestFilter implements Filter String param_proxy_port = null; // CMS.debug("Entering the EECA filter"); - param_active = config.getInitParameter( "active"); + param_active = config.getInitParameter("active"); - if( request instanceof HttpServletRequest ) { - HttpServletResponse resp = ( HttpServletResponse ) response; + if (request instanceof HttpServletRequest) { + HttpServletResponse resp = (HttpServletResponse) response; - // RFC 1738: verify that scheme is "https" + // RFC 1738: verify that scheme is "https" scheme = request.getScheme(); - if( ! scheme.equals( HTTPS_SCHEME ) ) { + if (!scheme.equals(HTTPS_SCHEME)) { msg = "The scheme MUST be '" + HTTPS_SCHEME - + "', NOT '" + scheme + "'!"; - CMS.debug( filterName + ": " + msg ); - resp.sendError( HttpServletResponse.SC_UNAUTHORIZED, msg ); + + "', NOT '" + scheme + "'!"; + CMS.debug(filterName + ": " + msg); + resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, msg); return; } // Always obtain an "https" port from request port = request.getLocalPort(); - request_port = Integer.toString( port ); + request_port = Integer.toString(port); // Always obtain the "https" port passed in as a parameter - param_https_port = config.getInitParameter( HTTPS_PORT ); - if( param_https_port == null ) { + param_https_port = config.getInitParameter(HTTPS_PORT); + if (param_https_port == null) { msg = "The <param-name> '" + HTTPS_PORT - + "' </param-name> " + "MUST be specified in 'web.xml'!"; - CMS.debug( filterName + ": " + msg ); - resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg ); + + "' </param-name> " + "MUST be specified in 'web.xml'!"; + CMS.debug(filterName + ": " + msg); + resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg); return; } @@ -97,41 +95,39 @@ public class EEClientAuthRequestFilter implements Filter boolean bad_port = false; // Compare the request and param "https" ports - if( ! param_https_port.equals( request_port ) ) { + if (!param_https_port.equals(request_port)) { String uri = ((HttpServletRequest) request).getRequestURI(); if (param_proxy_port != null) { if (!param_proxy_port.equals(request_port)) { msg = "Use HTTPS port '" + param_https_port - + "' or proxy port '" + param_proxy_port - + "' instead of '" + request_port - + "' when performing " + HTTPS_ROLE + " tasks!"; + + "' or proxy port '" + param_proxy_port + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; bad_port = true; } } else { msg = "Use HTTPS port '" + param_https_port - + "' instead of '" + request_port - + "' when performing " + HTTPS_ROLE + " tasks!"; + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; bad_port = true; } if (bad_port) { - CMS.debug( filterName + ": " + msg ); - CMS.debug( filterName + ": uri is " + uri); - if ((param_active != null) &&(param_active.equals("false"))) { + CMS.debug(filterName + ": " + msg); + CMS.debug(filterName + ": uri is " + uri); + if ((param_active != null) && (param_active.equals("false"))) { CMS.debug("Filter is disabled .. continuing"); } else { - resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg ); + resp.sendError(HttpServletResponse.SC_NOT_FOUND, msg); return; } } } } - // CMS.debug("exiting the EECA filter"); + // CMS.debug("exiting the EECA filter"); - chain.doFilter( request, response ); + chain.doFilter(request, response); } - - public void destroy() - { + + public void destroy() { } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/filter/EERequestFilter.java b/pki/base/common/src/com/netscape/cms/servlet/filter/EERequestFilter.java index f66cf087..4004702b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/filter/EERequestFilter.java +++ b/pki/base/common/src/com/netscape/cms/servlet/filter/EERequestFilter.java @@ -28,8 +28,7 @@ import javax.servlet.http.HttpServletResponse; import com.netscape.certsrv.apps.CMS; -public class EERequestFilter implements Filter -{ +public class EERequestFilter implements Filter { private static final String HTTP_SCHEME = "http"; private static final String HTTP_PORT = "http_port"; private static final String HTTP_ROLE = "EE"; @@ -40,22 +39,21 @@ public class EERequestFilter implements Filter private static final String PROXY_HTTP_PORT = "proxy_http_port"; private FilterConfig config; - + /* Create a new EERequestFilter */ - public EERequestFilter() {} - - public void init( FilterConfig filterConfig ) - throws ServletException - { + public EERequestFilter() { + } + + public void init(FilterConfig filterConfig) + throws ServletException { this.config = filterConfig; } - - public void doFilter( ServletRequest request, + + public void doFilter(ServletRequest request, ServletResponse response, - FilterChain chain ) + FilterChain chain) throws java.io.IOException, - ServletException - { + ServletException { String filterName = getClass().getName(); String scheme = null; @@ -70,45 +68,45 @@ public class EERequestFilter implements Filter String param_active = null; // CMS.debug("Entering the EE filter"); - param_active = config.getInitParameter( "active"); + param_active = config.getInitParameter("active"); - if( request instanceof HttpServletRequest ) { - HttpServletResponse resp = ( HttpServletResponse ) response; + if (request instanceof HttpServletRequest) { + HttpServletResponse resp = (HttpServletResponse) response; - // RFC 1738: verify that scheme is either "http" or "https" + // RFC 1738: verify that scheme is either "http" or "https" scheme = request.getScheme(); - if( ( ! scheme.equals( HTTP_SCHEME ) ) && - ( ! scheme.equals( HTTPS_SCHEME ) ) ) { + if ((!scheme.equals(HTTP_SCHEME)) && + (!scheme.equals(HTTPS_SCHEME))) { msg = "The scheme MUST be either '" + HTTP_SCHEME - + "' or '" + HTTPS_SCHEME - + "', NOT '" + scheme + "'!"; - CMS.debug( filterName + ": " + msg ); - resp.sendError( HttpServletResponse.SC_UNAUTHORIZED, msg ); - return; + + "' or '" + HTTPS_SCHEME + + "', NOT '" + scheme + "'!"; + CMS.debug(filterName + ": " + msg); + resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, msg); + return; } // Always obtain either an "http" or an "https" port from request port = request.getLocalPort(); - request_port = Integer.toString( port ); + request_port = Integer.toString(port); // Always obtain the "http" port passed in as a parameter - param_http_port = config.getInitParameter( HTTP_PORT ); - if( param_http_port == null ) { + param_http_port = config.getInitParameter(HTTP_PORT); + if (param_http_port == null) { msg = "The <param-name> '" + HTTP_PORT - + "' </param-name> " + "MUST be specified in 'web.xml'!"; - CMS.debug( filterName + ": " + msg ); - resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg ); - return; + + "' </param-name> " + "MUST be specified in 'web.xml'!"; + CMS.debug(filterName + ": " + msg); + resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg); + return; } // Always obtain the "https" port passed in as a parameter - param_https_port = config.getInitParameter( HTTPS_PORT ); - if( param_https_port == null ) { + param_https_port = config.getInitParameter(HTTPS_PORT); + if (param_https_port == null) { msg = "The <param-name> '" + HTTPS_PORT - + "' </param-name> " + "MUST be specified in 'web.xml'!"; - CMS.debug( filterName + ": " + msg ); - resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg ); - return; + + "' </param-name> " + "MUST be specified in 'web.xml'!"; + CMS.debug(filterName + ": " + msg); + resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg); + return; } param_proxy_http_port = config.getInitParameter(PROXY_HTTP_PORT); @@ -119,58 +117,58 @@ public class EERequestFilter implements Filter // the request and param "http" ports; // otherwise, if the scheme is "https", compare // the request and param "https" ports - if( scheme.equals( HTTP_SCHEME ) ) { - if( ! param_http_port.equals( request_port ) ) { + if (scheme.equals(HTTP_SCHEME)) { + if (!param_http_port.equals(request_port)) { String uri = ((HttpServletRequest) request).getRequestURI(); - if (param_proxy_http_port != null) { + if (param_proxy_http_port != null) { if (!param_proxy_http_port.equals(request_port)) { msg = "Use HTTP port '" + param_http_port - + "' or proxy port '" + param_proxy_http_port - + "' instead of '" + request_port - + "' when performing " + HTTP_ROLE + " tasks!"; + + "' or proxy port '" + param_proxy_http_port + + "' instead of '" + request_port + + "' when performing " + HTTP_ROLE + " tasks!"; bad_port = true; } } else { msg = "Use HTTP port '" + param_http_port - + "' instead of '" + request_port - + "' when performing " + HTTP_ROLE + " tasks!"; + + "' instead of '" + request_port + + "' when performing " + HTTP_ROLE + " tasks!"; bad_port = true; } if (bad_port) { - CMS.debug( filterName + ": " + msg ); - CMS.debug( filterName + ": uri is " + uri); - if ((param_active != null) &&(param_active.equals("false"))) { + CMS.debug(filterName + ": " + msg); + CMS.debug(filterName + ": uri is " + uri); + if ((param_active != null) && (param_active.equals("false"))) { CMS.debug("Filter is disabled .. continuing"); } else { - resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg ); + resp.sendError(HttpServletResponse.SC_NOT_FOUND, msg); return; } } } - } else if( scheme.equals( HTTPS_SCHEME ) ) { - if( ! param_https_port.equals( request_port ) ) { + } else if (scheme.equals(HTTPS_SCHEME)) { + if (!param_https_port.equals(request_port)) { String uri = ((HttpServletRequest) request).getRequestURI(); - if (param_proxy_port != null) { + if (param_proxy_port != null) { if (!param_proxy_port.equals(request_port)) { msg = "Use HTTPS port '" + param_https_port - + "' or proxy port '" + param_proxy_port - + "' instead of '" + request_port - + "' when performing " + HTTPS_ROLE + " tasks!"; + + "' or proxy port '" + param_proxy_port + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; bad_port = true; } } else { msg = "Use HTTPS port '" + param_https_port - + "' instead of '" + request_port - + "' when performing " + HTTPS_ROLE + " tasks!"; + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; bad_port = true; } if (bad_port) { - CMS.debug( filterName + ": " + msg ); - CMS.debug( filterName + ": uri is " + uri); - if ((param_active != null) &&(param_active.equals("false"))) { + CMS.debug(filterName + ": " + msg); + CMS.debug(filterName + ": uri is " + uri); + if ((param_active != null) && (param_active.equals("false"))) { CMS.debug("Filter is disabled .. continuing"); } else { - resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg ); + resp.sendError(HttpServletResponse.SC_NOT_FOUND, msg); return; } } @@ -180,11 +178,9 @@ public class EERequestFilter implements Filter } // CMS.debug("Exiting the EE filter"); - chain.doFilter( request, response ); + chain.doFilter(request, response); } - - public void destroy() - { + + public void destroy() { } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/ConfirmRecoverBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/key/ConfirmRecoverBySerial.java index 166036a9..a5c17e28 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/ConfirmRecoverBySerial.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/ConfirmRecoverBySerial.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; - import java.io.IOException; import java.math.BigInteger; import java.util.Locale; @@ -43,13 +42,11 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * A class representing a recoverKey servlet. This servlet - * shows key information and presents a list of text boxes - * so that recovery agents can type in their identifiers - * and passwords. - * + * A class representing a recoverKey servlet. This servlet shows key information + * and presents a list of text boxes so that recovery agents can type in their + * identifiers and passwords. + * * @version $Revision$, $Date$ */ public class ConfirmRecoverBySerial extends CMSServlet { @@ -59,8 +56,8 @@ public class ConfirmRecoverBySerial extends CMSServlet { */ private static final long serialVersionUID = 2221819191344494389L; private final static String INFO = "recoverBySerial"; - private final static String TPL_FILE = - "confirmRecoverBySerial.template"; + private final static String TPL_FILE = + "confirmRecoverBySerial.template"; private final static String IN_SERIALNO = "serialNumber"; private final static String OUT_SERIALNO = IN_SERIALNO; @@ -95,22 +92,20 @@ public class ConfirmRecoverBySerial extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** - * Serves HTTP request. The format of this request is - * as follows: - * confirmRecoverBySerial? - * [serialNumber=<serialno>] + * Serves HTTP request. The format of this request is as follows: + * confirmRecoverBySerial? [serialNumber=<serialno>] */ public void process(CMSRequest cmsReq) throws EBaseException { // Note that we should try to handle all the exceptions - // instead of passing it up back to the servlet + // instead of passing it up back to the servlet // framework. - + HttpServletRequest req = cmsReq.getHttpReq(); HttpServletResponse resp = cmsReq.getHttpResp(); @@ -123,9 +118,9 @@ public class ConfirmRecoverBySerial extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -147,8 +142,8 @@ public class ConfirmRecoverBySerial extends CMSServlet { process(argSet, header, seqNum, req, resp, locale[0]); } catch (NumberFormatException e) { - header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); + header.addStringValue(OUT_ERROR, + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); } try { @@ -157,10 +152,10 @@ public class ConfirmRecoverBySerial extends CMSServlet { resp.setContentType("text/html"); form.renderOutput(out, argSet); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); } @@ -169,17 +164,17 @@ public class ConfirmRecoverBySerial extends CMSServlet { * Requests for a list of agent passwords. */ private void process(CMSTemplateParams argSet, - IArgBlock header, int seq, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) { + IArgBlock header, int seq, + HttpServletRequest req, HttpServletResponse resp, + Locale locale) { try { header.addIntegerValue(OUT_SERIALNO, seq); header.addIntegerValue(OUT_M, - mRecoveryService.getNoOfRequiredAgents()); + mRecoveryService.getNoOfRequiredAgents()); header.addStringValue(OUT_OP, - req.getParameter(OUT_OP)); + req.getParameter(OUT_OP)); header.addStringValue(OUT_SERVICE_URL, - req.getRequestURI()); + req.getRequestURI()); IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new BigInteger( Integer.toString(seq))); diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerial.java index 510f1ac3..41d7b02c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerial.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerial.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; - import java.io.IOException; import java.math.BigInteger; import java.util.Locale; @@ -44,11 +43,10 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Display a specific Key Archival Request * <P> - * + * * @version $Revision$, $Date$ */ public class DisplayBySerial extends CMSServlet { @@ -78,7 +76,7 @@ public class DisplayBySerial extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "displayBySerial.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -94,8 +92,8 @@ public class DisplayBySerial extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** @@ -103,7 +101,7 @@ public class DisplayBySerial extends CMSServlet { * <ul> * <li>http.param serialNumber serial number of the key archival request * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -119,10 +117,10 @@ public class DisplayBySerial extends CMSServlet { mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -137,13 +135,13 @@ public class DisplayBySerial extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } // Note that we should try to handle all the exceptions - // instead of passing it up back to the servlet + // instead of passing it up back to the servlet // framework. IArgBlock header = CMS.createArgBlock(); @@ -159,7 +157,7 @@ public class DisplayBySerial extends CMSServlet { process(argSet, header, seqNum, req, resp, locale[0]); } catch (NumberFormatException e) { header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); } try { @@ -169,9 +167,9 @@ public class DisplayBySerial extends CMSServlet { form.renderOutput(out, argSet); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } @@ -179,15 +177,15 @@ public class DisplayBySerial extends CMSServlet { * Display information about a particular key. */ private void process(CMSTemplateParams argSet, - IArgBlock header, int seq, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) { + IArgBlock header, int seq, + HttpServletRequest req, HttpServletResponse resp, + Locale locale) { try { header.addStringValue(OUT_OP, - req.getParameter(OUT_OP)); + req.getParameter(OUT_OP)); header.addStringValue(OUT_SERVICE_URL, - req.getRequestURI()); - IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new + req.getRequestURI()); + IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new BigInteger(Integer.toString(seq))); KeyRecordParser.fillRecordIntoArg(rec, header); diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerialForRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerialForRecovery.java index 2ef78c64..82d75884 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerialForRecovery.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerialForRecovery.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; - import java.io.IOException; import java.math.BigInteger; import java.util.Locale; @@ -45,11 +44,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * Display a Specific Key Archival Request, and initiate - * key recovery process - * + * Display a Specific Key Archival Request, and initiate key recovery process + * * @version $Revision$, $Date$ */ public class DisplayBySerialForRecovery extends CMSServlet { @@ -80,7 +77,7 @@ public class DisplayBySerialForRecovery extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "displayBySerialForRecovery.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -95,17 +92,17 @@ public class DisplayBySerialForRecovery extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** * Process the HTTP request. * <ul> - * <li>http.param serialNumber request ID of key archival request - * <li>http.param publicKeyData + * <li>http.param serialNumber request ID of key archival request + * <li>http.param publicKeyData * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -121,10 +118,10 @@ public class DisplayBySerialForRecovery extends CMSServlet { mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -139,13 +136,13 @@ public class DisplayBySerialForRecovery extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } // Note that we should try to handle all the exceptions - // instead of passing it up back to the servlet + // instead of passing it up back to the servlet // framework. IArgBlock header = CMS.createArgBlock(); @@ -159,12 +156,12 @@ public class DisplayBySerialForRecovery extends CMSServlet { seqNum = Integer.parseInt( req.getParameter(IN_SERIALNO)); } - process(argSet, header, - req.getParameter("publicKeyData"), - seqNum, req, resp, locale[0]); + process(argSet, header, + req.getParameter("publicKeyData"), + seqNum, req, resp, locale[0]); } catch (NumberFormatException e) { header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); } catch (Exception e) { e.printStackTrace(); System.out.println(e.toString()); @@ -176,9 +173,9 @@ public class DisplayBySerialForRecovery extends CMSServlet { form.renderOutput(out, argSet); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); } @@ -187,23 +184,23 @@ public class DisplayBySerialForRecovery extends CMSServlet { * Display information about a particular key. */ private synchronized void process(CMSTemplateParams argSet, - IArgBlock header, String publicKeyData, int seq, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) { + IArgBlock header, String publicKeyData, int seq, + HttpServletRequest req, HttpServletResponse resp, + Locale locale) { try { header.addIntegerValue("noOfRequiredAgents", - mService.getNoOfRequiredAgents()); + mService.getNoOfRequiredAgents()); header.addStringValue(OUT_OP, - req.getParameter(OUT_OP)); + req.getParameter(OUT_OP)); header.addStringValue("keySplitting", - CMS.getConfigStore().getString("kra.keySplitting")); + CMS.getConfigStore().getString("kra.keySplitting")); header.addStringValue(OUT_SERVICE_URL, - req.getRequestURI()); + req.getRequestURI()); if (publicKeyData != null) { header.addStringValue("publicKeyData", - publicKeyData); + publicKeyData); } - IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new + IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new BigInteger(Integer.toString(seq))); KeyRecordParser.fillRecordIntoArg(rec, header); diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayTransport.java b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayTransport.java index d4baf181..2fd882b7 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayTransport.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayTransport.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; - import javax.servlet.ServletConfig; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; @@ -34,11 +33,9 @@ import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * Retrieve Transport Certificate used to - * wrap Private key Archival requests - * + * Retrieve Transport Certificate used to wrap Private key Archival requests + * * @version $Revision$, $Date$ */ public class DisplayTransport extends CMSServlet { @@ -67,13 +64,13 @@ public class DisplayTransport extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** * Process the HTTP request. - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -98,21 +95,21 @@ public class DisplayTransport extends CMSServlet { } try { - IKeyRecoveryAuthority kra = - (IKeyRecoveryAuthority) mAuthority; + IKeyRecoveryAuthority kra = + (IKeyRecoveryAuthority) mAuthority; ITransportKeyUnit tu = kra.getTransportKeyUnit(); org.mozilla.jss.crypto.X509Certificate transportCert = - tu.getCertificate(); + tu.getCertificate(); resp.setStatus(HttpServletResponse.SC_OK); resp.setContentType("text/html"); - String content = ""; + String content = ""; content += "<HTML><PRE>"; - String mime64 = - "-----BEGIN CERTIFICATE-----\n" + - CMS.BtoA(transportCert.getEncoded()) + - "-----END CERTIFICATE-----\n"; + String mime64 = + "-----BEGIN CERTIFICATE-----\n" + + CMS.BtoA(transportCert.getEncoded()) + + "-----END CERTIFICATE-----\n"; content += mime64; content += "</PRE></HTML>"; @@ -120,9 +117,9 @@ public class DisplayTransport extends CMSServlet { resp.getOutputStream().write(content.getBytes()); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/ExamineRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/ExamineRecovery.java index 9fbad7a6..9d569a0d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/ExamineRecovery.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/ExamineRecovery.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; - import java.io.IOException; import java.math.BigInteger; import java.util.Hashtable; @@ -46,10 +45,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * View the Key Recovery Request - * + * View the Key Recovery Request + * * @version $Revision$, $Date$ */ public class ExamineRecovery extends CMSServlet { @@ -100,8 +98,8 @@ public class ExamineRecovery extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** @@ -109,7 +107,7 @@ public class ExamineRecovery extends CMSServlet { * <ul> * <li>http.param recoveryID recovery request ID * </ul> - * + * * @param cmsReq the object holding the request and response information */ @@ -127,10 +125,10 @@ public class ExamineRecovery extends CMSServlet { mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -145,9 +143,9 @@ public class ExamineRecovery extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -158,9 +156,9 @@ public class ExamineRecovery extends CMSServlet { EBaseException error = null; try { - process(argSet, header, - req.getParameter("recoveryID"), - req, resp, locale[0]); + process(argSet, header, + req.getParameter("recoveryID"), + req, resp, locale[0]); } catch (EBaseException e) { error = e; } catch (Exception e) { @@ -168,28 +166,23 @@ public class ExamineRecovery extends CMSServlet { } /* - catch (NumberFormatException e) { - error = eBaseException( - - header.addStringValue(OUT_ERROR, - MessageFormatter.getLocalizedString( - locale[0], - BaseResources.class.getName(), - BaseResources.INTERNAL_ERROR_1, - e.toString())); - } + * catch (NumberFormatException e) { error = eBaseException( + * + * header.addStringValue(OUT_ERROR, MessageFormatter.getLocalizedString( + * locale[0], BaseResources.class.getName(), + * BaseResources.INTERNAL_ERROR_1, e.toString())); } */ try { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - ServletOutputStream out = resp.getOutputStream(); - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + ServletOutputStream out = resp.getOutputStream(); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); @@ -197,57 +190,55 @@ public class ExamineRecovery extends CMSServlet { } } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } /** - * Recovers a key. The p12 will be protected by the password - * provided by the administrator. + * Recovers a key. The p12 will be protected by the password provided by the + * administrator. */ private void process(CMSTemplateParams argSet, - IArgBlock header, String recoveryID, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) - throws EBaseException { + IArgBlock header, String recoveryID, + HttpServletRequest req, HttpServletResponse resp, + Locale locale) + throws EBaseException { try { header.addStringValue(OUT_OP, - req.getParameter(OUT_OP)); + req.getParameter(OUT_OP)); header.addStringValue(OUT_SERVICE_URL, - req.getRequestURI()); + req.getRequestURI()); header.addStringValue("keySplitting", - CMS.getConfigStore().getString("kra.keySplitting")); + CMS.getConfigStore().getString("kra.keySplitting")); Hashtable params = mService.getRecoveryParams( recoveryID); if (params == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID)); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID)); + CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID)); } - String keyID = (String)params.get("keyID"); - header.addStringValue("serialNumber", keyID); + String keyID = (String) params.get("keyID"); + header.addStringValue("serialNumber", keyID); header.addStringValue("recoveryID", recoveryID); - IKeyRepository mKeyDB = - ((IKeyRecoveryAuthority) mAuthority).getKeyRepository(); + IKeyRepository mKeyDB = + ((IKeyRecoveryAuthority) mAuthority).getKeyRepository(); IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new BigInteger(keyID)); KeyRecordParser.fillRecordIntoArg(rec, header); - } catch (EBaseException e) { log(ILogger.LL_FAILURE, "Error e " + e); throw e; - } + } /* - catch (Exception e) { - header.addStringValue(OUT_ERROR, e.toString()); - } + * catch (Exception e) { header.addStringValue(OUT_ERROR, e.toString()); + * } */ } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GetApprovalStatus.java b/pki/base/common/src/com/netscape/cms/servlet/key/GetApprovalStatus.java index 4bd4d45b..09a084b5 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/GetApprovalStatus.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/GetApprovalStatus.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; - import java.io.IOException; import java.util.Enumeration; import java.util.Hashtable; @@ -45,10 +44,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Check to see if a Key Recovery Request has been approved - * + * * @version $Revision$, $Date$ */ public class GetApprovalStatus extends CMSServlet { @@ -79,9 +77,9 @@ public class GetApprovalStatus extends CMSServlet { /** * initialize the servlet. This servlet uses the template files - * "getApprovalStatus.template" and "finishRecovery.template" - * to process the response. - * + * "getApprovalStatus.template" and "finishRecovery.template" to process the + * response. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -95,8 +93,8 @@ public class GetApprovalStatus extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** @@ -104,7 +102,7 @@ public class GetApprovalStatus extends CMSServlet { * <ul> * <li>http.param recoveryID request ID to check * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -148,12 +146,12 @@ public class GetApprovalStatus extends CMSServlet { if (params == null) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID)); + CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID)); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID)); + CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID)); } header.addStringValue("serialNumber", - (String) params.get("keyID")); + (String) params.get("keyID")); int requiredNumber = mService.getNoOfRequiredAgents(); @@ -174,27 +172,21 @@ public class GetApprovalStatus extends CMSServlet { if (pkcs12 != null) { rComplete = 1; - header.addStringValue(OUT_STATUS, "complete"); + header.addStringValue(OUT_STATUS, "complete"); /* - mService.destroyRecoveryParams(recoveryID); - try { - resp.setContentType("application/x-pkcs12"); - resp.getOutputStream().write(pkcs12); - return; - } catch (IOException e) { - header.addStringValue(OUT_ERROR, - MessageFormatter.getLocalizedString( - locale[0], - BaseResources.class.getName(), - BaseResources.INTERNAL_ERROR_1, - e.toString())); - } + * mService.destroyRecoveryParams(recoveryID); try { + * resp.setContentType("application/x-pkcs12"); + * resp.getOutputStream().write(pkcs12); return; } catch + * (IOException e) { header.addStringValue(OUT_ERROR, + * MessageFormatter.getLocalizedString( locale[0], + * BaseResources.class.getName(), + * BaseResources.INTERNAL_ERROR_1, e.toString())); } */ } else if (((IKeyRecoveryAuthority) mService).getError(recoveryID) != null) { - // error in recovery process - header.addStringValue(OUT_ERROR, - ((IKeyRecoveryAuthority) mService).getError(recoveryID)); + // error in recovery process + header.addStringValue(OUT_ERROR, + ((IKeyRecoveryAuthority) mService).getError(recoveryID)); rComplete = 1; } else { // pk12 hasn't been created yet. @@ -210,16 +202,16 @@ public class GetApprovalStatus extends CMSServlet { mFormPath = "/" + ((IAuthority) mService).getId() + "/" + TPL_FINISH; } else { mFormPath = "/" + ((IAuthority) mService).getId() + "/" + TPL_FILE; - } + } if (mOutputTemplatePath != null) mFormPath = mOutputTemplatePath; try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } ServletOutputStream out = resp.getOutputStream(); @@ -228,9 +220,9 @@ public class GetApprovalStatus extends CMSServlet { form.renderOutput(out, argSet); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java b/pki/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java index cea08af3..0a74cb26 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; - import java.io.IOException; import java.util.Locale; @@ -42,11 +41,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * Get the recovered key in PKCS#12 format - * - for asynchronous key recovery only - * + * Get the recovered key in PKCS#12 format - for asynchronous key recovery only + * */ public class GetAsyncPk12 extends CMSServlet { @@ -67,13 +64,11 @@ public class GetAsyncPk12 extends CMSServlet { private com.netscape.certsrv.kra.IKeyService mService = null; private final static String OUT_STATUS = "status"; - private final static String - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS = - "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS_4"; + private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS = + "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS_4"; - private final static String - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE = - "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE_4"; + private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE = + "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE_4"; private String mFormPath = null; @@ -87,7 +82,7 @@ public class GetAsyncPk12 extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "finishAsyncRecovery.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -103,8 +98,8 @@ public class GetAsyncPk12 extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** @@ -112,7 +107,7 @@ public class GetAsyncPk12 extends CMSServlet { * <ul> * <li>http.param reqID request id for recovery * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -132,10 +127,10 @@ public class GetAsyncPk12 extends CMSServlet { mAuthzResourceName, "download"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -150,9 +145,9 @@ public class GetAsyncPk12 extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); @@ -173,9 +168,9 @@ public class GetAsyncPk12 extends CMSServlet { agent = (String) sContext.get(SessionContext.USER_ID); } - if (agent == null ) { - CMS.debug( "GetAsyncPk12::process() - agent is null!" ); - throw new EBaseException( "agent is null" ); + if (agent == null) { + CMS.debug("GetAsyncPk12::process() - agent is null!"); + throw new EBaseException("agent is null"); } String initAgent = "undefined"; @@ -183,18 +178,18 @@ public class GetAsyncPk12 extends CMSServlet { if ((initAgent.equals("undefined")) || !agent.equals(initAgent)) { log(ILogger.LL_SECURITY, - CMS.getLogMessage("CMSGW_INVALID_AGENT_ASYNC_3", - reqID, initAgent)); + CMS.getLogMessage("CMSGW_INVALID_AGENT_ASYNC_3", + reqID, initAgent)); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_AGENT_ASYNC", - reqID, initAgent)); + CMS.getUserMessage("CMS_GW_INVALID_AGENT_ASYNC", + reqID, initAgent)); } // The async recovery request must be in "approved" state - // i.e. all required # of recovery agents approved + // i.e. all required # of recovery agents approved if (mService.isApprovedAsyncKeyRecovery(reqID) != true) { CMS.debug("GetAsyncPk12::process() - # required recovery agents not met"); - throw new EBaseException( "# required recovery agents not met" ); + throw new EBaseException("# required recovery agents not met"); } String password = req.getParameter(IN_PASSWORD); @@ -202,11 +197,11 @@ public class GetAsyncPk12 extends CMSServlet { if (password == null || password.equals("")) { header.addStringValue(OUT_ERROR, "PKCS12 password not found"); - throw new EBaseException( "PKCS12 password not found" ); + throw new EBaseException("PKCS12 password not found"); } if (passwordAgain == null || !passwordAgain.equals(password)) { header.addStringValue(OUT_ERROR, "PKCS12 password not matched"); - throw new EBaseException( "PKCS12 password not matched" ); + throw new EBaseException("PKCS12 password not matched"); } // got all approval, return pk12 @@ -219,23 +214,23 @@ public class GetAsyncPk12 extends CMSServlet { mRenderResult = false; auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS, - agent, - ILogger.SUCCESS, - reqID, - ""); + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS, + agent, + ILogger.SUCCESS, + reqID, + ""); - audit(auditMessage); + audit(auditMessage); return; } catch (IOException e) { header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); } } else if (((IKeyRecoveryAuthority) mService).getError(reqID) != null) { - // error in recovery process - header.addStringValue(OUT_ERROR, - ((IKeyRecoveryAuthority) mService).getError(reqID)); + // error in recovery process + header.addStringValue(OUT_ERROR, + ((IKeyRecoveryAuthority) mService).getError(reqID)); } else { // pk12 hasn't been created yet. Shouldn't get here } @@ -245,11 +240,11 @@ public class GetAsyncPk12 extends CMSServlet { if ((agent != null) && (reqID != null)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE, - agent, - ILogger.FAILURE, - reqID, - ""); + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE, + agent, + ILogger.FAILURE, + reqID, + ""); audit(auditMessage); } @@ -261,9 +256,9 @@ public class GetAsyncPk12 extends CMSServlet { form.renderOutput(out, argSet); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GetPk12.java b/pki/base/common/src/com/netscape/cms/servlet/key/GetPk12.java index b3651774..f27e966d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/GetPk12.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/GetPk12.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; - import java.io.IOException; import java.util.Hashtable; import java.util.Locale; @@ -43,10 +42,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Get the recovered key in PKCS#12 format - * + * * @version $Revision$, $Date$ */ public class GetPk12 extends CMSServlet { @@ -66,13 +64,11 @@ public class GetPk12 extends CMSServlet { private com.netscape.certsrv.kra.IKeyService mService = null; private final static String OUT_STATUS = "status"; - private final static String - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS = - "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS_4"; + private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS = + "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS_4"; - private final static String - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE = - "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE_4"; + private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE = + "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE_4"; private String mFormPath = null; @@ -86,7 +82,7 @@ public class GetPk12 extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "finishRecovery.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -102,8 +98,8 @@ public class GetPk12 extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** @@ -111,7 +107,7 @@ public class GetPk12 extends CMSServlet { * <ul> * <li>http.param recoveryID ID of request to recover * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -131,10 +127,10 @@ public class GetPk12 extends CMSServlet { mAuthzResourceName, "download"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -149,9 +145,9 @@ public class GetPk12 extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); @@ -170,9 +166,9 @@ public class GetPk12 extends CMSServlet { if (params == null) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID)); + CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID)); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID)); + CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID)); } // only the init DRM agent can get the pkcs12 @@ -181,26 +177,26 @@ public class GetPk12 extends CMSServlet { agent = (String) sContext.get(SessionContext.USER_ID); } - if (agent == null ) { - CMS.debug( "GetPk12::process() - agent is null!" ); - throw new EBaseException( "agent is null" ); + if (agent == null) { + CMS.debug("GetPk12::process() - agent is null!"); + throw new EBaseException("agent is null"); } - String initAgent = (String) params.get("agent"); + String initAgent = (String) params.get("agent"); if (!agent.equals(initAgent)) { log(ILogger.LL_SECURITY, - - CMS.getLogMessage("CMSGW_INVALID_AGENT_3", + + CMS.getLogMessage("CMSGW_INVALID_AGENT_3", recoveryID, initAgent)); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_AGENT", - agent, initAgent, recoveryID)); + CMS.getUserMessage("CMS_GW_INVALID_AGENT", + agent, initAgent, recoveryID)); } header.addStringValue("serialNumber", - (String) params.get("keyID")); + (String) params.get("keyID")); // got all approval, return pk12 byte pkcs12[] = ((IKeyRecoveryAuthority) mService).getPk12(recoveryID); @@ -213,23 +209,23 @@ public class GetPk12 extends CMSServlet { mRenderResult = false; auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS, - agent, - ILogger.SUCCESS, - recoveryID, - ""); + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS, + agent, + ILogger.SUCCESS, + recoveryID, + ""); audit(auditMessage); return; } catch (IOException e) { header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); } } else if (((IKeyRecoveryAuthority) mService).getError(recoveryID) != null) { // error in recovery process - header.addStringValue(OUT_ERROR, - ((IKeyRecoveryAuthority) mService).getError(recoveryID)); + header.addStringValue(OUT_ERROR, + ((IKeyRecoveryAuthority) mService).getError(recoveryID)); } else { // pk12 hasn't been created yet. Shouldn't get here } @@ -239,11 +235,11 @@ public class GetPk12 extends CMSServlet { if ((agent != null) && (recoveryID != null)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE, - agent, - ILogger.FAILURE, - recoveryID, - ""); + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE, + agent, + ILogger.FAILURE, + recoveryID, + ""); audit(auditMessage); } @@ -255,9 +251,9 @@ public class GetPk12 extends CMSServlet { form.renderOutput(out, argSet); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java index a868f47c..a6c26dc5 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java @@ -40,10 +40,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Approve an asynchronous key recovery request - * + * */ public class GrantAsyncRecovery extends CMSServlet { @@ -69,7 +68,7 @@ public class GrantAsyncRecovery extends CMSServlet { private String mFormPath = null; private final static String LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN = - "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN_4"; + "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN_4"; /** * Constructs EA servlet. @@ -81,7 +80,7 @@ public class GrantAsyncRecovery extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * 'grantAsyncRecovery.template' to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -98,8 +97,8 @@ public class GrantAsyncRecovery extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** @@ -107,9 +106,9 @@ public class GrantAsyncRecovery extends CMSServlet { * <ul> * <li>http.param reqID request ID of the request to approve * <li>http.param agentID User ID of the agent approving the request - + * * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -128,10 +127,10 @@ public class GrantAsyncRecovery extends CMSServlet { mAuthzResourceName, "recover"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -146,9 +145,9 @@ public class GrantAsyncRecovery extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -161,13 +160,13 @@ public class GrantAsyncRecovery extends CMSServlet { CMS.debug("GrantAsyncRecovery: process() agent uid=" + agentID); CMS.debug("GrantAsyncRecovery: process() request id=" + req.getParameter("reqID")); try { - process(argSet, header, - req.getParameter("reqID"), - agentID, - req, resp, locale[0]); + process(argSet, header, + req.getParameter("reqID"), + agentID, + req, resp, locale[0]); } catch (NumberFormatException e) { header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); } try { ServletOutputStream out = resp.getOutputStream(); @@ -176,9 +175,9 @@ public class GrantAsyncRecovery extends CMSServlet { form.renderOutput(out, argSet); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); } @@ -186,12 +185,13 @@ public class GrantAsyncRecovery extends CMSServlet { /** * Update agent approval list * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN used * whenever DRM agents login as recovery agents to approve key recovery * requests * </ul> + * * @param argSet CMS template parameters * @param header argument block * @param reqID string containing the recovery request ID @@ -201,10 +201,10 @@ public class GrantAsyncRecovery extends CMSServlet { * @param locale the system locale */ private void process(CMSTemplateParams argSet, - IArgBlock header, String reqID, - String agentID, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) { + IArgBlock header, String reqID, + String agentID, + HttpServletRequest req, HttpServletResponse resp, + Locale locale) { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRequestID = reqID; @@ -234,9 +234,9 @@ public class GrantAsyncRecovery extends CMSServlet { try { header.addStringValue(OUT_OP, - req.getParameter(OUT_OP)); + req.getParameter(OUT_OP)); header.addStringValue(OUT_SERVICE_URL, - req.getRequestURI()); + req.getRequestURI()); // update approving agent list mService.addAgentAsyncKeyRecovery(reqID, agentID); @@ -281,4 +281,3 @@ public class GrantAsyncRecovery extends CMSServlet { } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GrantRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/GrantRecovery.java index 9a7238be..a7356b3c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/GrantRecovery.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/GrantRecovery.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; - import java.io.IOException; import java.util.Hashtable; import java.util.Locale; @@ -42,10 +41,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Approve a key recovery request - * + * * @version $Revision$, $Date$ */ public class GrantRecovery extends CMSServlet { @@ -74,7 +72,7 @@ public class GrantRecovery extends CMSServlet { private String mFormPath = null; private final static String LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN = - "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN_4"; + "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN_4"; /** * Constructs EA servlet. @@ -86,7 +84,7 @@ public class GrantRecovery extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * 'grantRecovery.template' to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -103,19 +101,19 @@ public class GrantRecovery extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** * Process the HTTP request. * <ul> * <li>http.param recoveryID ID of the request to approve - * <li>http.param agentID User ID of the agent approving the request - * <li>http.param agentPWD Password of the agent approving the request - + * <li>http.param agentID User ID of the agent approving the request + * <li>http.param agentPWD Password of the agent approving the request + * * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -132,10 +130,10 @@ public class GrantRecovery extends CMSServlet { mAuthzResourceName, "recover"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -150,9 +148,9 @@ public class GrantRecovery extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -166,14 +164,14 @@ public class GrantRecovery extends CMSServlet { agentID = req.getParameter("agentID"); } try { - process(argSet, header, - req.getParameter("recoveryID"), - agentID, - req.getParameter("agentPWD"), - req, resp, locale[0]); + process(argSet, header, + req.getParameter("recoveryID"), + agentID, + req.getParameter("agentPWD"), + req, resp, locale[0]); } catch (NumberFormatException e) { header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); } try { ServletOutputStream out = resp.getOutputStream(); @@ -182,23 +180,24 @@ public class GrantRecovery extends CMSServlet { form.renderOutput(out, argSet); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); } /** - * Recovers a key. The p12 will be protected by the password - * provided by the administrator. + * Recovers a key. The p12 will be protected by the password provided by the + * administrator. * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN used * whenever DRM agents login as recovery agents to approve key recovery * requests * </ul> + * * @param argSet CMS template parameters * @param header argument block * @param recoveryID string containing the recovery ID @@ -209,10 +208,10 @@ public class GrantRecovery extends CMSServlet { * @param locale the system locale */ private void process(CMSTemplateParams argSet, - IArgBlock header, String recoveryID, - String agentID, String agentPWD, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) { + IArgBlock header, String recoveryID, + String agentID, String agentPWD, + HttpServletRequest req, HttpServletResponse resp, + Locale locale) { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRecoveryID = recoveryID; @@ -242,15 +241,15 @@ public class GrantRecovery extends CMSServlet { try { header.addStringValue(OUT_OP, - req.getParameter(OUT_OP)); + req.getParameter(OUT_OP)); header.addStringValue(OUT_SERVICE_URL, - req.getRequestURI()); + req.getRequestURI()); Hashtable h = mService.getRecoveryParams(recoveryID); if (h == null) { - header.addStringValue(OUT_ERROR, - "No such token found"); + header.addStringValue(OUT_ERROR, + "No such token found"); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -265,13 +264,13 @@ public class GrantRecovery extends CMSServlet { return; } header.addStringValue("serialNumber", - (String) h.get("keyID")); + (String) h.get("keyID")); mService.addDistributedCredential(recoveryID, agentID, agentPWD); header.addStringValue("agentID", - agentID); + agentID); header.addStringValue("recoveryID", - recoveryID); + recoveryID); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -310,4 +309,3 @@ public class GrantRecovery extends CMSServlet { } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/KeyRecordParser.java b/pki/base/common/src/com/netscape/cms/servlet/key/KeyRecordParser.java index 9ce8585f..fc6498f5 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/KeyRecordParser.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/KeyRecordParser.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; - import java.util.Date; import com.netscape.certsrv.apps.CMS; @@ -28,7 +27,7 @@ import com.netscape.certsrv.dbs.keydb.IKeyRecord; /** * Output a 'pretty print' of a Key Archival record - * + * * @version $Revision$, $Date$ */ public class KeyRecordParser { @@ -44,28 +43,27 @@ public class KeyRecordParser { public final static String OUT_RECOVERED_BY = "recoveredBy"; public final static String OUT_RECOVERED_ON = "recoveredOn"; - /** * Fills key record into argument block. */ - public static void fillRecordIntoArg(IKeyRecord rec, IArgBlock rarg) - throws EBaseException { + public static void fillRecordIntoArg(IKeyRecord rec, IArgBlock rarg) + throws EBaseException { if (rec == null) return; rarg.addStringValue(OUT_STATE, - rec.getState().toString()); + rec.getState().toString()); rarg.addStringValue(OUT_OWNER_NAME, - rec.getOwnerName()); + rec.getOwnerName()); rarg.addIntegerValue(OUT_SERIALNO, - rec.getSerialNumber().intValue()); + rec.getSerialNumber().intValue()); rarg.addStringValue(OUT_KEY_ALGORITHM, - rec.getAlgorithm()); - // Possible Enhancement: sun's BASE64Encode is not + rec.getAlgorithm()); + // Possible Enhancement: sun's BASE64Encode is not // fast. We may may to have our native implmenetation. IPrettyPrintFormat pp = CMS.getPrettyPrintFormat(":"); rarg.addStringValue(OUT_PUBLIC_KEY, - pp.toHexString(rec.getPublicKeyData(), 0, 20)); + pp.toHexString(rec.getPublicKeyData(), 0, 20)); Integer keySize = rec.getKeySize(); if (keySize == null) { @@ -74,16 +72,16 @@ public class KeyRecordParser { rarg.addIntegerValue(OUT_KEY_LEN, keySize.intValue()); } rarg.addStringValue(OUT_ARCHIVED_BY, - rec.getArchivedBy()); + rec.getArchivedBy()); rarg.addLongValue(OUT_ARCHIVED_ON, - rec.getCreateTime().getTime() / 1000); + rec.getCreateTime().getTime() / 1000); Date dateOfRevocation[] = rec.getDateOfRevocation(); if (dateOfRevocation != null) { - rarg.addStringValue(OUT_RECOVERED_BY, - "null"); - rarg.addStringValue(OUT_RECOVERED_ON, - "null"); + rarg.addStringValue(OUT_RECOVERED_BY, + "null"); + rarg.addStringValue(OUT_RECOVERED_ON, + "null"); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java index edcd2bdf..5a590a8e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; - import java.io.IOException; import java.math.BigInteger; import java.util.Hashtable; @@ -51,7 +50,7 @@ import com.netscape.cmsutil.util.Cert; /** * A class representing a recoverBySerial servlet. - * + * * @version $Revision$, $Date$ */ public class RecoverBySerial extends CMSServlet { @@ -108,22 +107,17 @@ public class RecoverBySerial extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** * Serves HTTP request. The format of this request is as follows: - * recoverBySerial? - * [serialNumber=<number>] - * [uid#=<uid>] - * [pwd#=<password>] - * [localAgents=yes|null] - * [recoveryID=recoveryID] - * [pkcs12Password=<password of pkcs12>] - * [pkcs12PasswordAgain=<password of pkcs12>] - * [pkcs12Delivery=<delivery mechanism for pkcs12>] - * [cert=<encryption certificate>] + * recoverBySerial? [serialNumber=<number>] [uid#=<uid>] [pwd#=<password>] + * [localAgents=yes|null] [recoveryID=recoveryID] [pkcs12Password=<password + * of pkcs12>] [pkcs12PasswordAgain=<password of pkcs12>] + * [pkcs12Delivery=<delivery mechanism for pkcs12>] [cert=<encryption + * certificate>] */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -138,10 +132,10 @@ public class RecoverBySerial extends CMSServlet { mAuthzResourceName, "recover"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -156,9 +150,9 @@ public class RecoverBySerial extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); @@ -189,54 +183,52 @@ public class RecoverBySerial extends CMSServlet { ctx = SessionContext.getContext(); /* - When Recovery is first initiated, if it is in asynch mode, - no pkcs#12 password is needed. - The initiating agent uid will be recorded in the recovery - request. - Later, as approving agents submit their approvals, they will - also be listed in the request. + * When Recovery is first initiated, if it is in asynch mode, no + * pkcs#12 password is needed. The initiating agent uid will be + * recorded in the recovery request. Later, as approving agents + * submit their approvals, they will also be listed in the request. */ if ((initAsyncRecovery != null) && - initAsyncRecovery.equalsIgnoreCase("ON")) { - process(form, argSet, header, - req.getParameter(IN_SERIALNO), - req.getParameter(IN_CERT), - req, resp, locale[0]); - - int requiredNumber = mService.getNoOfRequiredAgents(); - header.addIntegerValue("noOfRequiredAgents", requiredNumber); + initAsyncRecovery.equalsIgnoreCase("ON")) { + process(form, argSet, header, + req.getParameter(IN_SERIALNO), + req.getParameter(IN_CERT), + req, resp, locale[0]); + + int requiredNumber = mService.getNoOfRequiredAgents(); + header.addIntegerValue("noOfRequiredAgents", requiredNumber); } else { String recoveryID = req.getParameter("recoveryID"); if (recoveryID != null && !recoveryID.equals("")) { - ctx.put(SessionContext.RECOVERY_ID, - req.getParameter("recoveryID")); + ctx.put(SessionContext.RECOVERY_ID, + req.getParameter("recoveryID")); + } + byte pkcs12[] = process(form, argSet, header, + req.getParameter(IN_SERIALNO), + req.getParameter("localAgents"), + req.getParameter(IN_PASSWORD), + req.getParameter(IN_PASSWORD_AGAIN), + req.getParameter(IN_CERT), + req.getParameter(IN_DELIVERY), + req.getParameter(IN_NICKNAME), + req, resp, locale[0]); + + if (pkcs12 != null) { + // resp.setStatus(HttpServletResponse.SC_OK); + resp.setContentType("application/x-pkcs12"); + // resp.setContentLength(pkcs12.length); + resp.getOutputStream().write(pkcs12); + mRenderResult = false; + return; } - byte pkcs12[] = process(form, argSet, header, - req.getParameter(IN_SERIALNO), - req.getParameter("localAgents"), - req.getParameter(IN_PASSWORD), - req.getParameter(IN_PASSWORD_AGAIN), - req.getParameter(IN_CERT), - req.getParameter(IN_DELIVERY), - req.getParameter(IN_NICKNAME), - req, resp, locale[0]); - - if (pkcs12 != null) { - //resp.setStatus(HttpServletResponse.SC_OK); - resp.setContentType("application/x-pkcs12"); - //resp.setContentLength(pkcs12.length); - resp.getOutputStream().write(pkcs12); - mRenderResult = false; - return; - } } } catch (NumberFormatException e) { header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); } catch (IOException e) { header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); } finally { SessionContext.releaseContext(); } @@ -249,9 +241,9 @@ public class RecoverBySerial extends CMSServlet { form.renderOutput(out, argSet); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); @@ -260,10 +252,10 @@ public class RecoverBySerial extends CMSServlet { /** * Async Key Recovery - request initiation */ - private void process(CMSTemplate form, CMSTemplateParams argSet, - IArgBlock header, String seq, String cert, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) { + private void process(CMSTemplate form, CMSTemplateParams argSet, + IArgBlock header, String seq, String cert, + HttpServletRequest req, HttpServletResponse resp, + Locale locale) { // seq is the key id if (seq == null) { @@ -291,37 +283,37 @@ public class RecoverBySerial extends CMSServlet { try { String reqID = mService.initAsyncKeyRecovery( - new BigInteger(seq), x509cert, + new BigInteger(seq), x509cert, (String) sContext.get(SessionContext.USER_ID)); header.addStringValue(OUT_SERIALNO, req.getParameter(IN_SERIALNO)); header.addStringValue("requestID", reqID); } catch (EBaseException e) { String error = - "Failed to recover key for key id " + - seq + ".\nException: " + e.toString(); + "Failed to recover key for key id " + + seq + ".\nException: " + e.toString(); CMS.getLogger().log(ILogger.EV_SYSTEM, - ILogger.S_KRA, ILogger.LL_FAILURE, error); + ILogger.S_KRA, ILogger.LL_FAILURE, error); try { ((IKeyRecoveryAuthority) mService).createError(seq, error); } catch (EBaseException eb) { CMS.getLogger().log(ILogger.EV_SYSTEM, - ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString()); + ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString()); } } return; } /** - * Recovers a key. The p12 will be protected by the password - * provided by the administrator. + * Recovers a key. The p12 will be protected by the password provided by the + * administrator. */ private byte[] process(CMSTemplate form, CMSTemplateParams argSet, - IArgBlock header, String seq, String localAgents, - String password, String passwordAgain, - String cert, String delivery, String nickname, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) { + IArgBlock header, String seq, String localAgents, + String password, String passwordAgain, + String cert, String delivery, String nickname, + HttpServletRequest req, HttpServletResponse resp, + Locale locale) { if (seq == null) { header.addStringValue(OUT_ERROR, "sequence number not found"); return null; @@ -360,65 +352,65 @@ public class RecoverBySerial extends CMSServlet { if (sContext != null) { agent = (String) sContext.get(SessionContext.USER_ID); } - if (CMS.getConfigStore().getBoolean("kra.keySplitting")) { - if (localAgents == null) { - String recoveryID = req.getParameter("recoveryID"); + if (CMS.getConfigStore().getBoolean("kra.keySplitting")) { + if (localAgents == null) { + String recoveryID = req.getParameter("recoveryID"); - if (recoveryID == null || recoveryID.equals("")) { - header.addStringValue(OUT_ERROR, "No recovery ID specified"); - return null; - } - Hashtable params = mService.createRecoveryParams(recoveryID); + if (recoveryID == null || recoveryID.equals("")) { + header.addStringValue(OUT_ERROR, "No recovery ID specified"); + return null; + } + Hashtable params = mService.createRecoveryParams(recoveryID); - params.put("keyID", req.getParameter(IN_SERIALNO)); + params.put("keyID", req.getParameter(IN_SERIALNO)); - header.addStringValue("recoveryID", recoveryID); + header.addStringValue("recoveryID", recoveryID); - params.put("agent", agent); + params.put("agent", agent); - // new thread to wait for pk12 - Thread waitThread = new WaitApprovalThread(recoveryID, - seq, password, x509cert, delivery, nickname, - SessionContext.getContext()); + // new thread to wait for pk12 + Thread waitThread = new WaitApprovalThread(recoveryID, + seq, password, x509cert, delivery, nickname, + SessionContext.getContext()); - waitThread.start(); - return null; - } else { - Vector v = new Vector(); - - for (int i = 0; i < mService.getNoOfRequiredAgents(); i++) { - String uid = req.getParameter(IN_UID + i); - String pwd = req.getParameter(IN_PWD + i); - - if (uid != null && pwd != null && !uid.equals("") && - !pwd.equals("")) { - v.addElement(new Credential(uid, pwd)); - } else { + waitThread.start(); + return null; + } else { + Vector v = new Vector(); + + for (int i = 0; i < mService.getNoOfRequiredAgents(); i++) { + String uid = req.getParameter(IN_UID + i); + String pwd = req.getParameter(IN_PWD + i); + + if (uid != null && pwd != null && !uid.equals("") && + !pwd.equals("")) { + v.addElement(new Credential(uid, pwd)); + } else { + header.addStringValue(OUT_ERROR, "Uid(s) or password(s) are not provided"); + return null; + } + } + if (v.size() != mService.getNoOfRequiredAgents()) { header.addStringValue(OUT_ERROR, "Uid(s) or password(s) are not provided"); return null; } + creds = new Credential[v.size()]; + v.copyInto(creds); } - if (v.size() != mService.getNoOfRequiredAgents()) { - header.addStringValue(OUT_ERROR, "Uid(s) or password(s) are not provided"); - return null; - } - creds = new Credential[v.size()]; - v.copyInto(creds); - } - header.addStringValue(OUT_OP, - req.getParameter(OUT_OP)); - header.addIntegerValue(OUT_SERIALNO, - Integer.parseInt(seq)); - header.addStringValue(OUT_SERVICE_URL, - req.getRequestURI()); - byte pkcs12[] = mService.doKeyRecovery( - new BigInteger(seq), - creds, password, x509cert, - delivery, nickname, agent); - - return pkcs12; - } else { + header.addStringValue(OUT_OP, + req.getParameter(OUT_OP)); + header.addIntegerValue(OUT_SERIALNO, + Integer.parseInt(seq)); + header.addStringValue(OUT_SERVICE_URL, + req.getRequestURI()); + byte pkcs12[] = mService.doKeyRecovery( + new BigInteger(seq), + creds, password, x509cert, + delivery, nickname, agent); + + return pkcs12; + } else { String recoveryID = req.getParameter("recoveryID"); if (recoveryID == null || recoveryID.equals("")) { @@ -440,7 +432,7 @@ public class RecoverBySerial extends CMSServlet { waitThread.start(); return null; - } + } } catch (EBaseException e) { header.addStringValue(OUT_ERROR, e.toString(locale)); } catch (Exception e) { @@ -450,8 +442,8 @@ public class RecoverBySerial extends CMSServlet { } /** - * Wait approval thread. Wait for recovery agents' approval - * exit when required number of approval received + * Wait approval thread. Wait for recovery agents' approval exit when + * required number of approval received */ final class WaitApprovalThread extends Thread { String theRecoveryID = null; @@ -462,24 +454,24 @@ public class RecoverBySerial extends CMSServlet { String theNickname = null; SessionContext theSc = null; - /** + /** * Wait approval thread constructor including thread name */ public WaitApprovalThread(String recoveryID, String seq, - String password, X509CertImpl cert, - String delivery, String nickname, SessionContext sc) { + String password, X509CertImpl cert, + String delivery, String nickname, SessionContext sc) { super(); - super.setName("waitApproval." + recoveryID + "-" + - (Thread.activeCount() + 1)); + super.setName("waitApproval." + recoveryID + "-" + + (Thread.activeCount() + 1)); theRecoveryID = recoveryID; theSeq = seq; thePassword = password; theCert = cert; theDelivery = delivery; theNickname = nickname; - theSc = sc; + theSc = sc; } - + public void run() { SessionContext.setContext(theSc); Credential creds[] = null; @@ -487,17 +479,17 @@ public class RecoverBySerial extends CMSServlet { try { creds = mService.getDistributedCredentials(theRecoveryID); } catch (EBaseException e) { - String error = - "Failed to get required approvals for recovery id " + - theRecoveryID + ".\nException: " + e.toString(); + String error = + "Failed to get required approvals for recovery id " + + theRecoveryID + ".\nException: " + e.toString(); CMS.getLogger().log(ILogger.EV_SYSTEM, - ILogger.S_KRA, ILogger.LL_FAILURE, error); + ILogger.S_KRA, ILogger.LL_FAILURE, error); try { ((IKeyRecoveryAuthority) mService).createError(theRecoveryID, error); } catch (EBaseException eb) { CMS.getLogger().log(ILogger.EV_SYSTEM, - ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString()); + ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString()); } return; } @@ -514,16 +506,16 @@ public class RecoverBySerial extends CMSServlet { ((IKeyRecoveryAuthority) mService).createPk12(theRecoveryID, pkcs12); } catch (EBaseException e) { String error = - "Failed to recover key for recovery id " + - theRecoveryID + ".\nException: " + e.toString(); + "Failed to recover key for recovery id " + + theRecoveryID + ".\nException: " + e.toString(); CMS.getLogger().log(ILogger.EV_SYSTEM, - ILogger.S_KRA, ILogger.LL_FAILURE, error); + ILogger.S_KRA, ILogger.LL_FAILURE, error); try { ((IKeyRecoveryAuthority) mService).createError(theRecoveryID, error); } catch (EBaseException eb) { CMS.getLogger().log(ILogger.EV_SYSTEM, - ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString()); + ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString()); } } return; @@ -531,4 +523,3 @@ public class RecoverBySerial extends CMSServlet { } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/SrchKey.java b/pki/base/common/src/com/netscape/cms/servlet/key/SrchKey.java index c0fdd02e..80eaf9a8 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/SrchKey.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/SrchKey.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -48,7 +47,7 @@ import com.netscape.cms.servlet.common.ECMSGWException; /** * Retrieve archived keys matching search criteria - * + * * @version $Revision$, $Date$ */ public class SrchKey extends CMSServlet { @@ -74,7 +73,7 @@ public class SrchKey extends CMSServlet { private final static String OUT_ERROR = "errorDetails"; private final static String OUT_ARCHIVER = "archiverName"; private final static String OUT_SERVICE_URL = "serviceURL"; - private final static String OUT_TOTAL_COUNT = "totalRecordCount"; + private final static String OUT_TOTAL_COUNT = "totalRecordCount"; private final static String OUT_TEMPLATE = "templateName"; private IKeyRepository mKeyDB = null; @@ -93,20 +92,21 @@ public class SrchKey extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "srchKey.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { super.init(sc); mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; - /* maxReturns doesn't seem to do anything useful in this - servlet!!! */ + /* + * maxReturns doesn't seem to do anything useful in this servlet!!! + */ try { String tmp = - sc.getInitParameter(PROP_MAX_SEARCH_RETURNS); + sc.getInitParameter(PROP_MAX_SEARCH_RETURNS); - if (tmp == null) + if (tmp == null) mMaxReturns = 100; else mMaxReturns = Integer.parseInt(tmp); @@ -132,20 +132,20 @@ public class SrchKey extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** * Process the HTTP request. * <ul> - * <li>http.param maxCount maximum number of matches to show in result - * <li>http.param maxResults maximum number of matches to run in ldapsearch - * <li>http.param queryFilter ldap-style filter to search with + * <li>http.param maxCount maximum number of matches to show in result + * <li>http.param maxResults maximum number of matches to run in ldapsearch + * <li>http.param queryFilter ldap-style filter to search with * <li>http.param querySentinel ID of first request to show - * <li>http.param timeLimit number of seconds to limit ldap search to + * <li>http.param timeLimit number of seconds to limit ldap search to * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -162,10 +162,10 @@ public class SrchKey extends CMSServlet { mAuthzResourceName, "list"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -180,9 +180,9 @@ public class SrchKey extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } // process query if authentication is successful @@ -213,11 +213,11 @@ public class SrchKey extends CMSServlet { if (timeLimitStr != null && timeLimitStr.length() > 0) timeLimit = Integer.parseInt(timeLimitStr); process(argSet, header, ctx, maxCount, maxResults, - timeLimit, sentinel, - req.getParameter(IN_FILTER), req, resp, locale[0]); + timeLimit, sentinel, + req.getParameter(IN_FILTER), req, resp, locale[0]); } catch (NumberFormatException e) { header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); } try { @@ -227,9 +227,9 @@ public class SrchKey extends CMSServlet { form.renderOutput(out, argSet); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); } @@ -238,53 +238,53 @@ public class SrchKey extends CMSServlet { * Process the key search. */ private void process(CMSTemplateParams argSet, - IArgBlock header, IArgBlock ctx, - int maxCount, int maxResults, int timeLimit, int sentinel, String filter, - HttpServletRequest req, HttpServletResponse resp, Locale locale) { + IArgBlock header, IArgBlock ctx, + int maxCount, int maxResults, int timeLimit, int sentinel, String filter, + HttpServletRequest req, HttpServletResponse resp, Locale locale) { try { // Fill header - header.addStringValue(OUT_OP, - req.getParameter(OUT_OP)); + header.addStringValue(OUT_OP, + req.getParameter(OUT_OP)); header.addStringValue(OUT_ARCHIVER, - mAuthName.toString()); + mAuthName.toString()); // STRANGE: IE does not like the following: - // header.addStringValue(OUT_SERVICE_URL, - // req.getRequestURI()); + // header.addStringValue(OUT_SERVICE_URL, + // req.getRequestURI()); // XXX header.addStringValue(OUT_SERVICE_URL, - "/kra?"); + "/kra?"); header.addStringValue(OUT_TEMPLATE, - TPL_FILE); + TPL_FILE); header.addStringValue(OUT_FILTER, - filter); + filter); if (timeLimit == -1 || timeLimit > mTimeLimits) { CMS.debug("Resetting timelimit from " + timeLimit + " to " + mTimeLimits); timeLimit = mTimeLimits; } CMS.debug("Start searching ... timelimit=" + timeLimit); - Enumeration e = mKeyDB.searchKeys(filter, + Enumeration e = mKeyDB.searchKeys(filter, maxResults, timeLimit); int count = 0; if (e == null) { - header.addStringValue(OUT_SENTINEL, - null); + header.addStringValue(OUT_SENTINEL, + null); } else { while (e.hasMoreElements()) { IKeyRecord rec = (IKeyRecord) - e.nextElement(); + e.nextElement(); // rec is null when we specify maxResults // DS will return an err=4, which triggers // a LDAPException.SIZE_LIMIT_ExCEEDED // in DSSearchResults.java if (rec != null) { - IArgBlock rarg = CMS.createArgBlock(); + IArgBlock rarg = CMS.createArgBlock(); - KeyRecordParser.fillRecordIntoArg(rec, rarg); - argSet.addRepeatRecord(rarg); - count++; + KeyRecordParser.fillRecordIntoArg(rec, rarg); + argSet.addRepeatRecord(rarg); + count++; } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/SrchKeyForRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/SrchKeyForRecovery.java index 56a1817e..bd9e64aa 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/SrchKeyForRecovery.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/SrchKeyForRecovery.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -48,8 +47,8 @@ import com.netscape.cms.servlet.common.ECMSGWException; /** * Retrieve archived keys matching given public key material - * - * + * + * * @version $Revision$, $Date$ */ public class SrchKeyForRecovery extends CMSServlet { @@ -75,7 +74,7 @@ public class SrchKeyForRecovery extends CMSServlet { private final static String OUT_ERROR = "errorDetails"; private final static String OUT_ARCHIVER = "archiverName"; private final static String OUT_SERVICE_URL = "serviceURL"; - private final static String OUT_TOTAL_COUNT = "totalRecordCount"; + private final static String OUT_TOTAL_COUNT = "totalRecordCount"; private final static String OUT_TEMPLATE = "templateName"; private IKeyRepository mKeyDB = null; @@ -94,7 +93,7 @@ public class SrchKeyForRecovery extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "srchKeyForRecovery.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -103,9 +102,9 @@ public class SrchKeyForRecovery extends CMSServlet { try { String tmp = - sc.getInitParameter(PROP_MAX_SEARCH_RETURNS); + sc.getInitParameter(PROP_MAX_SEARCH_RETURNS); - if (tmp == null) + if (tmp == null) mMaxReturns = 100; else mMaxReturns = Integer.parseInt(tmp); @@ -131,20 +130,20 @@ public class SrchKeyForRecovery extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** * Process the HTTP request. * <ul> - * <li>http.param maxCount maximum number of matches to show in result - * <li>http.param maxResults maximum number of matches to run in ldapsearch + * <li>http.param maxCount maximum number of matches to show in result + * <li>http.param maxResults maximum number of matches to run in ldapsearch * <li>http.param publicKeyData public key data to search on * <li>http.param querySentinel ID of first request to show - * <li>http.param timeLimit number of seconds to limit ldap search to + * <li>http.param timeLimit number of seconds to limit ldap search to * </ul> - * + * * @param cmsReq the object holding the request and response information */ @@ -161,10 +160,10 @@ public class SrchKeyForRecovery extends CMSServlet { mAuthzResourceName, "list"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -179,11 +178,11 @@ public class SrchKeyForRecovery extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } - + // process query if authentication is successful IArgBlock header = CMS.createArgBlock(); IArgBlock ctx = CMS.createArgBlock(); @@ -213,29 +212,28 @@ public class SrchKeyForRecovery extends CMSServlet { if (timeLimitStr != null && timeLimitStr.length() > 0) timeLimit = Integer.parseInt(timeLimitStr); process(argSet, header, ctx, maxCount, maxResults, timeLimit, sentinel, - req.getParameter("publicKeyData"), req.getParameter(IN_FILTER), req, resp, locale[0]); + req.getParameter("publicKeyData"), req.getParameter(IN_FILTER), req, resp, locale[0]); } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT")); } /* - catch (Exception e) { - error = new EBaseException(BaseResources.INTERNAL_ERROR_1, e); - } + * catch (Exception e) { error = new + * EBaseException(BaseResources.INTERNAL_ERROR_1, e); } */ try { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - ServletOutputStream out = resp.getOutputStream(); - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + ServletOutputStream out = resp.getOutputStream(); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); @@ -243,9 +241,9 @@ public class SrchKeyForRecovery extends CMSServlet { } } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } @@ -253,31 +251,31 @@ public class SrchKeyForRecovery extends CMSServlet { * Process the key search. */ private void process(CMSTemplateParams argSet, - IArgBlock header, IArgBlock ctx, - int maxCount, int maxResults, int timeLimit, int sentinel, String publicKeyData, - String filter, - HttpServletRequest req, HttpServletResponse resp, Locale locale) - throws EBaseException { + IArgBlock header, IArgBlock ctx, + int maxCount, int maxResults, int timeLimit, int sentinel, String publicKeyData, + String filter, + HttpServletRequest req, HttpServletResponse resp, Locale locale) + throws EBaseException { try { // Fill header - header.addStringValue(OUT_OP, - req.getParameter(OUT_OP)); + header.addStringValue(OUT_OP, + req.getParameter(OUT_OP)); header.addStringValue(OUT_ARCHIVER, - mAuthName.toString()); + mAuthName.toString()); // STRANGE: IE does not like the following: - // header.addStringValue(OUT_SERVICE_URL, - // req.getRequestURI()); + // header.addStringValue(OUT_SERVICE_URL, + // req.getRequestURI()); // XXX header.addStringValue(OUT_SERVICE_URL, - "/kra?"); + "/kra?"); header.addStringValue(OUT_TEMPLATE, - TPL_FILE); + TPL_FILE); header.addStringValue(OUT_FILTER, - filter); + filter); if (publicKeyData != null) { header.addStringValue("publicKeyData", - publicKeyData); + publicKeyData); } if (timeLimit == -1 || timeLimit > mTimeLimits) { @@ -290,21 +288,21 @@ public class SrchKeyForRecovery extends CMSServlet { if (e == null) { header.addStringValue(OUT_SENTINEL, - null); + null); } else { while (e.hasMoreElements()) { IKeyRecord rec = (IKeyRecord) - e.nextElement(); + e.nextElement(); // rec is null when we specify maxResults // DS will return an err=4, which triggers - // a LDAPException.SIZE_LIMIT_ExCEEDED + // a LDAPException.SIZE_LIMIT_ExCEEDED // in DSSearchResults.java if (rec != null) { - IArgBlock rarg = CMS.createArgBlock(); + IArgBlock rarg = CMS.createArgBlock(); - KeyRecordParser.fillRecordIntoArg(rec, rarg); - argSet.addRepeatRecord(rarg); - count++; + KeyRecordParser.fillRecordIntoArg(rec, rarg); + argSet.addRepeatRecord(rarg); + count++; } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCAServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCAServlet.java index c365d0f8..59303f6e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCAServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCAServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.ocsp; - import java.io.IOException; import java.math.BigInteger; import java.security.cert.X509Certificate; @@ -46,22 +45,21 @@ import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; import com.netscape.cmsutil.util.Cert; - /** * Configure the CA to respond to OCSP requests for a CA - * + * * @version $Revision$ $Date$ */ public class AddCAServlet extends CMSServlet { - + /** * */ private static final long serialVersionUID = 1065151608542115340L; public static final String BEGIN_HEADER = - "-----BEGIN CERTIFICATE-----"; + "-----BEGIN CERTIFICATE-----"; public static final String END_HEADER = - "-----END CERTIFICATE-----"; + "-----END CERTIFICATE-----"; public static final BigInteger BIG_ZERO = new BigInteger("0"); public static final Long MINUS_ONE = Long.valueOf(-1); @@ -71,9 +69,9 @@ public class AddCAServlet extends CMSServlet { private IOCSPAuthority mOCSPAuthority = null; private final static String LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST = - "LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_3"; + "LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_3"; private final static String LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED = - "LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED_3"; + "LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED_3"; public AddCAServlet() { super(); @@ -82,7 +80,7 @@ public class AddCAServlet extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "addCA.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -100,19 +98,19 @@ public class AddCAServlet extends CMSServlet { /** * Process the HTTP request. * <ul> - * <li>http.param cert ca certificate. The format is base-64, DER - * encoded, wrapped with -----BEGIN CERTIFICATE-----, - * -----END CERTIFICATE----- strings - * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST used when - * a CA is attempted to be added to the OCSP responder - * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED - * used when an add CA request to the OCSP Responder is processed + * <li>http.param cert ca certificate. The format is base-64, DER encoded, + * wrapped with -----BEGIN CERTIFICATE-----, -----END CERTIFICATE----- + * strings + * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST used when a CA + * is attempted to be added to the OCSP responder + * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED used + * when an add CA request to the OCSP Responder is processed * </ul> - * + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { HttpServletRequest req = cmsReq.getHttpReq(); HttpServletResponse resp = cmsReq.getHttpResp(); String auditMessage = null; @@ -143,9 +141,9 @@ public class AddCAServlet extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -153,10 +151,10 @@ public class AddCAServlet extends CMSServlet { CMSTemplateParams argSet = new CMSTemplateParams(header, fixed); if (auditSubjectID.equals(ILogger.NONROLEUSER) || - auditSubjectID.equals(ILogger.UNIDENTIFIED)) { + auditSubjectID.equals(ILogger.UNIDENTIFIED)) { String uid = authToken.getInString(IAuthToken.USER_ID); if (uid != null) { - CMS.debug("AddCAServlet: auditSubjectID set to "+uid); + CMS.debug("AddCAServlet: auditSubjectID set to " + uid); auditSubjectID = uid; } } @@ -164,12 +162,12 @@ public class AddCAServlet extends CMSServlet { if (b64 == null) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST, - auditSubjectID, - ILogger.FAILURE, - ILogger.SIGNED_AUDIT_EMPTY_VALUE); + LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST, + auditSubjectID, + ILogger.FAILURE, + ILogger.SIGNED_AUDIT_EMPTY_VALUE); - audit( auditMessage ); + audit(auditMessage); throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CA_CERT")); } @@ -177,32 +175,32 @@ public class AddCAServlet extends CMSServlet { auditCA = Cert.normalizeCertStr(Cert.stripCertBrackets(b64.trim())); // record the fact that a request to add CA is made auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST, - auditSubjectID, - ILogger.SUCCESS, - auditCA); + LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST, + auditSubjectID, + ILogger.SUCCESS, + auditCA); - audit( auditMessage ); + audit(auditMessage); if (b64.indexOf(BEGIN_HEADER) == -1) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditCASubjectDN); + LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditCASubjectDN); - audit( auditMessage ); + audit(auditMessage); throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CERT_HEADER")); } if (b64.indexOf(END_HEADER) == -1) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditCASubjectDN); + LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditCASubjectDN); - audit( auditMessage ); + audit(auditMessage); throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CERT_FOOTER")); } @@ -215,17 +213,17 @@ public class AddCAServlet extends CMSServlet { try { X509Certificate cert = Cert.mapCert(b64); - if( cert == null ) { - CMS.debug( "AddCAServlet::process() - cert is null!" ); + if (cert == null) { + CMS.debug("AddCAServlet::process() - cert is null!"); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditCASubjectDN); + LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditCASubjectDN); - audit( auditMessage ); + audit(auditMessage); - throw new EBaseException( "cert is null" ); + throw new EBaseException("cert is null"); } else { certs = new X509Certificate[1]; } @@ -247,15 +245,15 @@ public class AddCAServlet extends CMSServlet { auditCASubjectDN = leafCert.getSubjectDN().getName(); } catch (Exception e) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditCASubjectDN); + LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditCASubjectDN); - audit( auditMessage ); + audit(auditMessage); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR")); + CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR")); } } if (certs != null && certs.length > 0) { @@ -264,32 +262,32 @@ public class AddCAServlet extends CMSServlet { // (2) store certificate (and certificate chain) into // database ICRLIssuingPointRecord rec = defStore.createCRLIssuingPointRecord( - leafCert.getSubjectDN().getName(), - BIG_ZERO, + leafCert.getSubjectDN().getName(), + BIG_ZERO, MINUS_ONE, null, null); try { rec.set(ICRLIssuingPointRecord.ATTR_CA_CERT, leafCert.getEncoded()); } catch (Exception e) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditCASubjectDN); + LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, + auditSubjectID, + ILogger.FAILURE, + auditCASubjectDN); - audit( auditMessage ); + audit(auditMessage); // error } defStore.addCRLIssuingPoint(leafCert.getSubjectDN().getName(), rec); log(ILogger.EV_AUDIT, AuditFormat.LEVEL, "Added CA certificate " + leafCert.getSubjectDN().getName()); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, - auditSubjectID, - ILogger.SUCCESS, - auditCASubjectDN); + LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, + auditSubjectID, + ILogger.SUCCESS, + auditCASubjectDN); - audit( auditMessage ); + audit(auditMessage); } try { @@ -297,18 +295,18 @@ public class AddCAServlet extends CMSServlet { String error = null; String xmlOutput = req.getParameter("xml"); - if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); - } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); - } + if (xmlOutput != null && xmlOutput.equals("true")) { + outputXML(resp, argSet); + } else { + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); + } } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java index 029d396b..6273c8e7 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.ocsp; - import java.io.IOException; import java.math.BigInteger; import java.security.cert.CRLException; @@ -55,10 +54,9 @@ import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; import com.netscape.cmsutil.util.Cert; - /** * Update the OCSP responder with a new CRL - * + * * @version $Revision$ $Date$ */ public class AddCRLServlet extends CMSServlet { @@ -68,18 +66,18 @@ public class AddCRLServlet extends CMSServlet { */ private static final long serialVersionUID = 1476080474638590902L; public static final String BEGIN_HEADER = - "-----BEGIN CERTIFICATE REVOCATION LIST-----"; + "-----BEGIN CERTIFICATE REVOCATION LIST-----"; public static final String END_HEADER = - "-----END CERTIFICATE REVOCATION LIST-----"; + "-----END CERTIFICATE REVOCATION LIST-----"; private final static String TPL_FILE = "addCRL.template"; private String mFormPath = null; private IOCSPAuthority mOCSPAuthority = null; private final static String LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL = - "LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL_3"; + "LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL_3"; private final static String LOGGING_SIGNED_AUDIT_CRL_VALIDATION = - "LOGGING_SIGNED_AUDIT_CRL_VALIDATION_2"; + "LOGGING_SIGNED_AUDIT_CRL_VALIDATION_2"; public AddCRLServlet() { super(); @@ -88,7 +86,7 @@ public class AddCRLServlet extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "addCRL.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -105,31 +103,32 @@ public class AddCRLServlet extends CMSServlet { /** * Process the HTTP request. * <P> - * + * * <ul> * <li>http.param crl certificate revocation list, base-64, DER encoded - * wrapped in -----BEGIN CERTIFICATE REVOCATION LIST-----, - * -----END CERTIFICATE REVOCATION LIST----- strings + * wrapped in -----BEGIN CERTIFICATE REVOCATION LIST-----, -----END + * CERTIFICATE REVOCATION LIST----- strings * <li>http.param noui if true, use minimal hardcoded text response * <li>signed.audit LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL used when CRLs are * retrieved by the OCSP Responder ("agent" or "EE") * <li>signed.audit LOGGING_SIGNED_AUDIT_CRL_VALIDATION used when CRL is * retrieved and validation process occurs ("agent" or "EE") * </ul> + * * @param cmsReq the object holding the request and response information * @exception EBaseException an error has occurred */ protected synchronized void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { boolean CRLFetched = false; boolean CRLValidated = false; String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditCRLNum = ILogger.SIGNED_AUDIT_EMPTY_VALUE; - IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats"); + IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats"); if (statsSub != null) { - statsSub.startTiming("add_crl", true /* main action */); + statsSub.startTiming("add_crl", true /* main action */); } try { @@ -152,42 +151,43 @@ public class AddCRLServlet extends CMSServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, - auditSubjectID, - ILogger.FAILURE, - auditCRLNum ); + LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, + auditSubjectID, + ILogger.FAILURE, + auditCRLNum); - audit( auditMessage ); + audit(auditMessage); return; } if (auditSubjectID.equals(ILogger.NONROLEUSER) || - auditSubjectID.equals(ILogger.UNIDENTIFIED)) { + auditSubjectID.equals(ILogger.UNIDENTIFIED)) { if (authToken != null) { String uid = authToken.getInString(IAuthToken.USER_ID); if (uid != null) { - CMS.debug("AddCAServlet: auditSubjectID set to "+uid); + CMS.debug("AddCAServlet: auditSubjectID set to " + uid); auditSubjectID = uid; } - } + } } log(ILogger.LL_INFO, "AddCRLServlet"); String b64 = cmsReq.getHttpReq().getParameter("crl"); - if (CMS.debugOn()) CMS.debug("AddCRLServlet: b64=" + b64); + if (CMS.debugOn()) + CMS.debug("AddCRLServlet: b64=" + b64); if (b64 == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, - auditSubjectID, - ILogger.FAILURE, - auditCRLNum ); + LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, + auditSubjectID, + ILogger.FAILURE, + auditCRLNum); - audit( auditMessage ); + audit(auditMessage); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_CRL")); + CMS.getUserMessage("CMS_GW_MISSING_CRL")); } String nouiParm = cmsReq.getHttpReq().getParameter("noui"); @@ -209,20 +209,20 @@ public class AddCRLServlet extends CMSServlet { } } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, - auditSubjectID, - ILogger.FAILURE, - auditCRLNum ); + LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, + auditSubjectID, + ILogger.FAILURE, + auditCRLNum); - audit( auditMessage ); + audit(auditMessage); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -231,32 +231,32 @@ public class AddCRLServlet extends CMSServlet { if (b64.indexOf(BEGIN_HEADER) == -1) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CRL_HEADER")); + CMS.getLogMessage("CMSGW_MISSING_CRL_HEADER")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, - auditSubjectID, - ILogger.FAILURE, - auditCRLNum ); + LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, + auditSubjectID, + ILogger.FAILURE, + auditCRLNum); - audit( auditMessage ); + audit(auditMessage); throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CRL_HEADER")); } if (b64.indexOf(END_HEADER) == -1) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CRL_FOOTER")); + CMS.getLogMessage("CMSGW_MISSING_CRL_FOOTER")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, - auditSubjectID, - ILogger.FAILURE, - auditCRLNum ); + LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, + auditSubjectID, + ILogger.FAILURE, + auditCRLNum); - audit( auditMessage ); + audit(auditMessage); throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CRL_FOOTER")); @@ -270,30 +270,30 @@ public class AddCRLServlet extends CMSServlet { long startTime = CMS.getCurrentDate().getTime(); CMS.debug("AddCRLServlet: mapCRL start startTime=" + startTime); if (statsSub != null) { - statsSub.startTiming("decode_crl"); + statsSub.startTiming("decode_crl"); } - crl = mapCRL1( b64 ); + crl = mapCRL1(b64); if (statsSub != null) { - statsSub.endTiming("decode_crl"); + statsSub.endTiming("decode_crl"); } long endTime = CMS.getCurrentDate().getTime(); - CMS.debug("AddCRLServlet: mapCRL done endTime=" + endTime + - " diff=" + (endTime - startTime)); + CMS.debug("AddCRLServlet: mapCRL done endTime=" + endTime + + " diff=" + (endTime - startTime)); // Retrieve the actual CRL number BigInteger crlNum = crl.getCRLNumber(); - if( crlNum != null ) { + if (crlNum != null) { auditCRLNum = crlNum.toString(); } // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, - auditSubjectID, - ILogger.SUCCESS, - auditCRLNum ); + LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, + auditSubjectID, + ILogger.SUCCESS, + auditCRLNum); - audit( auditMessage ); + audit(auditMessage); // acknowledge that the CRL has been retrieved CRLFetched = true; @@ -302,18 +302,18 @@ public class AddCRLServlet extends CMSServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, - auditSubjectID, - ILogger.FAILURE, - auditCRLNum ); + LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, + auditSubjectID, + ILogger.FAILURE, + auditCRLNum); - audit( auditMessage ); + audit(auditMessage); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR")); + CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR")); } - log(ILogger.LL_INFO, "AddCRLServlet: CRL Issuer DN " + - crl.getIssuerDN().getName()); + log(ILogger.LL_INFO, "AddCRLServlet: CRL Issuer DN " + + crl.getIssuerDN().getName()); ICRLIssuingPointRecord pt = null; @@ -322,101 +322,101 @@ public class AddCRLServlet extends CMSServlet { crl.getIssuerDN().getName()); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT_FOUND", - crl.getIssuerDN().getName())); + CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT_FOUND", + crl.getIssuerDN().getName())); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_VALIDATION, - auditSubjectID, - ILogger.FAILURE ); + LOGGING_SIGNED_AUDIT_CRL_VALIDATION, + auditSubjectID, + ILogger.FAILURE); - audit( auditMessage ); + audit(auditMessage); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR")); + CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR")); } log(ILogger.LL_INFO, "AddCRLServlet: IssuingPoint " + - pt.getThisUpdate()); + pt.getThisUpdate()); // verify CRL byte caCertData[] = pt.getCACert(); if (caCertData != null) { - try { - X509CertImpl caCert = new X509CertImpl(caCertData); - CMS.debug("AddCRLServlet: start verify"); - - CryptoManager cmanager = CryptoManager.getInstance(); - org.mozilla.jss.crypto.X509Certificate jssCert = null; try { - jssCert = cmanager.importCACertPackage( - caCert.getEncoded()); - } catch (Exception e2) { - CMS.debug("AddCRLServlet: importCACertPackage " + - e2.toString()); - throw new EBaseException( e2.toString() ); - } + X509CertImpl caCert = new X509CertImpl(caCertData); + CMS.debug("AddCRLServlet: start verify"); - if (statsSub != null) { - statsSub.startTiming("verify_crl"); - } - crl.verify(jssCert.getPublicKey(), "Mozilla-JSS"); - if (statsSub != null) { - statsSub.endTiming("verify_crl"); - } - CMS.debug("AddCRLServlet: done verify"); + CryptoManager cmanager = CryptoManager.getInstance(); + org.mozilla.jss.crypto.X509Certificate jssCert = null; + try { + jssCert = cmanager.importCACertPackage( + caCert.getEncoded()); + } catch (Exception e2) { + CMS.debug("AddCRLServlet: importCACertPackage " + + e2.toString()); + throw new EBaseException(e2.toString()); + } - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_VALIDATION, - auditSubjectID, - ILogger.SUCCESS ); + if (statsSub != null) { + statsSub.startTiming("verify_crl"); + } + crl.verify(jssCert.getPublicKey(), "Mozilla-JSS"); + if (statsSub != null) { + statsSub.endTiming("verify_crl"); + } + CMS.debug("AddCRLServlet: done verify"); - audit( auditMessage ); + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CRL_VALIDATION, + auditSubjectID, + ILogger.SUCCESS); - // acknowledge that the CRL has been validated - CRLValidated = true; - } catch (Exception e) { - CMS.debug("AddCRLServlet: failed to verify CRL " + e.toString()); - CMS.debug(e); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT_FOUND", - crl.getIssuerDN().getName())); + audit(auditMessage); - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_VALIDATION, - auditSubjectID, - ILogger.FAILURE ); + // acknowledge that the CRL has been validated + CRLValidated = true; + } catch (Exception e) { + CMS.debug("AddCRLServlet: failed to verify CRL " + e.toString()); + CMS.debug(e); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT_FOUND", + crl.getIssuerDN().getName())); - audit( auditMessage ); + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CRL_VALIDATION, + auditSubjectID, + ILogger.FAILURE); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR")); - } + audit(auditMessage); + + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR")); + } } - if ((pt.getThisUpdate() != null) && - (pt.getThisUpdate().getTime() >= - crl.getThisUpdate().getTime())) { + if ((pt.getThisUpdate() != null) && + (pt.getThisUpdate().getTime() >= + crl.getThisUpdate().getTime())) { // error, the uploaded CRL is older than the current CMS.debug("AddCRLServlet: no update, CRL is older"); log(ILogger.LL_INFO, - "AddCRLServlet: no update, received CRL is older " + - "than current CRL"); + "AddCRLServlet: no update, received CRL is older " + + "than current CRL"); if (noUI) { try { resp.setContentType("application/text"); - resp.getOutputStream().write("status=1\n".getBytes()); + resp.getOutputStream().write("status=1\n".getBytes()); resp.getOutputStream().write( - "error=Sent CRL is older than the current CRL\n".getBytes()); + "error=Sent CRL is older than the current CRL\n".getBytes()); resp.getOutputStream().flush(); cmsReq.setStatus(CMSRequest.SUCCESS); - // NOTE: The signed audit events - // LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL and - // LOGGING_SIGNED_AUDIT_CRL_VALIDATION have - // already been logged at this point! + // NOTE: The signed audit events + // LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL and + // LOGGING_SIGNED_AUDIT_CRL_VALIDATION have + // already been logged at this point! return; } catch (Exception e) { @@ -424,26 +424,26 @@ public class AddCRLServlet extends CMSServlet { } else { CMS.debug("AddCRLServlet: CRL is older"); - // NOTE: The signed audit events - // LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL and - // LOGGING_SIGNED_AUDIT_CRL_VALIDATION have - // already been logged at this point! + // NOTE: The signed audit events + // LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL and + // LOGGING_SIGNED_AUDIT_CRL_VALIDATION have + // already been logged at this point! throw new ECMSGWException(CMS.getUserMessage( - "CMS_GW_OLD_CRL_ERROR")); + "CMS_GW_OLD_CRL_ERROR")); } } if (crl.isDeltaCRL()) { CMS.debug("AddCRLServlet: no update, Delta CRLs are not supported."); - log(ILogger.LL_INFO, "AddCRLServlet: no update, "+ - CMS.getUserMessage("CMS_GW_DELTA_CRL_NOT_SUPPORTED")); + log(ILogger.LL_INFO, "AddCRLServlet: no update, " + + CMS.getUserMessage("CMS_GW_DELTA_CRL_NOT_SUPPORTED")); if (noUI) { try { resp.setContentType("application/text"); - resp.getOutputStream().write("status=1\n".getBytes()); + resp.getOutputStream().write("status=1\n".getBytes()); resp.getOutputStream().write( - "error=Delta CRLs are not supported.\n".getBytes()); + "error=Delta CRLs are not supported.\n".getBytes()); resp.getOutputStream().flush(); cmsReq.setStatus(CMSRequest.SUCCESS); @@ -465,26 +465,26 @@ public class AddCRLServlet extends CMSServlet { IRepositoryRecord repRec = defStore.createRepositoryRecord(); - repRec.set(IRepositoryRecord.ATTR_SERIALNO, - new BigInteger(Long.toString(crl.getThisUpdate().getTime()))); + repRec.set(IRepositoryRecord.ATTR_SERIALNO, + new BigInteger(Long.toString(crl.getThisUpdate().getTime()))); try { defStore.addRepository( - crl.getIssuerDN().getName(), - Long.toString(crl.getThisUpdate().getTime()), - repRec); + crl.getIssuerDN().getName(), + Long.toString(crl.getThisUpdate().getTime()), + repRec); log(ILogger.EV_AUDIT, AuditFormat.LEVEL, "Added CRL Updated " + - Long.toString(crl.getThisUpdate().getTime())); + Long.toString(crl.getThisUpdate().getTime())); } catch (Exception e) { - CMS.debug("AddCRLServlet: add repository e=" + e.toString()); + CMS.debug("AddCRLServlet: add repository e=" + e.toString()); } - log(ILogger.LL_INFO, "AddCRLServlet: Created CRL Repository " + - Long.toString(crl.getThisUpdate().getTime())); + log(ILogger.LL_INFO, "AddCRLServlet: Created CRL Repository " + + Long.toString(crl.getThisUpdate().getTime())); if (defStore.waitOnCRLUpdate()) { defStore.updateCRL(crl); } else { - // when the CRL large, the thread is terminiated by the - // servlet framework before it can finish its work + // when the CRL large, the thread is terminiated by the + // servlet framework before it can finish its work UpdateCRLThread uct = new UpdateCRLThread(defStore, crl); uct.start(); @@ -496,64 +496,64 @@ public class AddCRLServlet extends CMSServlet { if (noUI) { CMS.debug("AddCRLServlet: return result noUI=true"); resp.setContentType("application/text"); - resp.getOutputStream().write("status=0".getBytes()); + resp.getOutputStream().write("status=0".getBytes()); resp.getOutputStream().flush(); cmsReq.setStatus(CMSRequest.SUCCESS); } else { CMS.debug("AddCRLServlet: return result noUI=false"); String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } } catch (IOException e) { CMS.debug("AddCRLServlet: return result error=" + e.toString()); mOCSPAuthority.log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", - e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", + e.toString())); - // NOTE: The signed audit events - // LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL and - // LOGGING_SIGNED_AUDIT_CRL_VALIDATION have - // already been logged at this point! + // NOTE: The signed audit events + // LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL and + // LOGGING_SIGNED_AUDIT_CRL_VALIDATION have + // already been logged at this point! throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } - } catch( EBaseException eAudit1 ) { - if( !CRLFetched ) { + } catch (EBaseException eAudit1) { + if (!CRLFetched) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, - auditSubjectID, - ILogger.FAILURE, - auditCRLNum ); + LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, + auditSubjectID, + ILogger.FAILURE, + auditCRLNum); - audit( auditMessage ); + audit(auditMessage); } else { - if( !CRLValidated ) { + if (!CRLValidated) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_VALIDATION, - auditSubjectID, - ILogger.FAILURE ); + LOGGING_SIGNED_AUDIT_CRL_VALIDATION, + auditSubjectID, + ILogger.FAILURE); - audit( auditMessage ); + audit(auditMessage); } } throw eAudit1; } if (statsSub != null) { - statsSub.endTiming("add_crl"); + statsSub.endTiming("add_crl"); } } public X509CRLImpl mapCRL1(String mime64) - throws IOException { + throws IOException { mime64 = Cert.stripCRLBrackets(mime64.trim()); byte rawPub[] = CMS.AtoB(mime64); @@ -568,21 +568,20 @@ public class AddCRLServlet extends CMSServlet { } } - class UpdateCRLThread extends Thread { private IDefStore mDefStore = null; private X509CRL mCRL = null; public UpdateCRLThread( - IDefStore defStore, X509CRL crl) { + IDefStore defStore, X509CRL crl) { mDefStore = defStore; mCRL = crl; } public void run() { try { - if (!((X509CRLImpl)mCRL).areEntriesIncluded()) - mCRL = new X509CRLImpl(((X509CRLImpl)mCRL).getEncoded()); + if (!((X509CRLImpl) mCRL).areEntriesIncluded()) + mCRL = new X509CRLImpl(((X509CRLImpl) mCRL).getEncoded()); mDefStore.updateCRL(mCRL); } catch (CRLException e) { } catch (X509ExtensionException e) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/CheckCertServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/CheckCertServlet.java index 3e5d1f49..212ce6a1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/CheckCertServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/CheckCertServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.ocsp; - import java.io.IOException; import java.security.cert.X509CRLEntry; import java.security.cert.X509Certificate; @@ -48,10 +47,9 @@ import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; import com.netscape.cmsutil.util.Cert; - /** - * Check the status of a specific certificate - * + * Check the status of a specific certificate + * * @version $Revision$ $Date$ */ public class CheckCertServlet extends CMSServlet { @@ -61,9 +59,9 @@ public class CheckCertServlet extends CMSServlet { */ private static final long serialVersionUID = 7782198059640825050L; public static final String BEGIN_HEADER = - "-----BEGIN CERTIFICATE-----"; + "-----BEGIN CERTIFICATE-----"; public static final String END_HEADER = - "-----END CERTIFICATE-----"; + "-----END CERTIFICATE-----"; public static final String ATTR_STATUS = "status"; public static final String ATTR_ISSUERDN = "issuerDN"; @@ -85,7 +83,7 @@ public class CheckCertServlet extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "checkCert.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -102,14 +100,14 @@ public class CheckCertServlet extends CMSServlet { /** * Process the HTTP request. * <ul> - * <li>http.param cert certificate to check. Base64, DER encoded, wrapped - * in -----BEGIN CERTIFICATE-----, -----END CERTIFICATE----- strings + * <li>http.param cert certificate to check. Base64, DER encoded, wrapped in + * -----BEGIN CERTIFICATE-----, -----END CERTIFICATE----- strings * </ul> - * + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { HttpServletRequest req = cmsReq.getHttpReq(); HttpServletResponse resp = cmsReq.getHttpResp(); @@ -136,9 +134,9 @@ public class CheckCertServlet extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -177,9 +175,9 @@ public class CheckCertServlet extends CMSServlet { header.addStringValue(ATTR_SUBJECTDN, cert.getSubjectDN().getName()); header.addStringValue(ATTR_SERIALNO, "0x" + cert.getSerialNumber().toString(16)); try { - X509CRLImpl crl = null; + X509CRLImpl crl = null; - crl = new X509CRLImpl(pt.getCRL()); + crl = new X509CRLImpl(pt.getCRL()); X509CRLEntry crlentry = crl.getRevokedCertificate(cert.getSerialNumber()); if (crlentry == null) { @@ -201,18 +199,18 @@ public class CheckCertServlet extends CMSServlet { String error = null; String xmlOutput = req.getParameter("xml"); - if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); - } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); - } + if (xmlOutput != null && xmlOutput.equals("true")) { + outputXML(resp, argSet); + } else { + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); + } } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/GetOCSPInfo.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/GetOCSPInfo.java index 704c759c..825416e3 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/GetOCSPInfo.java +++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/GetOCSPInfo.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.ocsp; - import java.io.IOException; import java.util.Locale; @@ -41,11 +40,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * Retrieve information about the number of OCSP requests the OCSP - * has serviced - * + * Retrieve information about the number of OCSP requests the OCSP has serviced + * * @version $Revision$, $Date$ */ public class GetOCSPInfo extends CMSServlet { @@ -61,9 +58,9 @@ public class GetOCSPInfo extends CMSServlet { } /** - * initialize the servlet. This servlet uses the template - * file "getOCSPInfo.template" to render the result page. - * + * initialize the servlet. This servlet uses the template file + * "getOCSPInfo.template" to render the result page. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -79,14 +76,13 @@ public class GetOCSPInfo extends CMSServlet { } - /** - * Process the HTTP request. - * + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -98,10 +94,10 @@ public class GetOCSPInfo extends CMSServlet { mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -115,7 +111,7 @@ public class GetOCSPInfo extends CMSServlet { if (!(mAuthority instanceof IOCSPService)) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP")); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED"))); + CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -126,10 +122,10 @@ public class GetOCSPInfo extends CMSServlet { try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -147,8 +143,8 @@ public class GetOCSPInfo extends CMSServlet { header.addLongValue("totalData", ca.getOCSPTotalData()); long secs = 0; if (ca.getOCSPRequestTotalTime() != 0) { - secs = (ca.getNumOCSPRequest() * 1000) / ca.getOCSPRequestTotalTime(); - } + secs = (ca.getNumOCSPRequest() * 1000) / ca.getOCSPRequestTotalTime(); + } header.addLongValue("ReqSec", secs); try { ServletOutputStream out = httpResp.getOutputStream(); @@ -157,10 +153,10 @@ public class GetOCSPInfo extends CMSServlet { form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); } cmsReq.setStatus(CMSRequest.SUCCESS); diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/ListCAServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/ListCAServlet.java index 063d8513..6b9d2094 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/ListCAServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/ListCAServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.ocsp; - import java.io.IOException; import java.math.BigInteger; import java.util.Date; @@ -45,10 +44,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Show the list of CA's that the OCSP responder can service - * + * * @version $Revision$ $Date$ */ public class ListCAServlet extends CMSServlet { @@ -58,9 +56,9 @@ public class ListCAServlet extends CMSServlet { */ private static final long serialVersionUID = 3764395161795483452L; public static final String BEGIN_HEADER = - "-----BEGIN CERTIFICATE-----"; + "-----BEGIN CERTIFICATE-----"; public static final String END_HEADER = - "-----END CERTIFICATE-----"; + "-----END CERTIFICATE-----"; private final static String TPL_FILE = "listCAs.template"; private String mFormPath = null; @@ -73,7 +71,7 @@ public class ListCAServlet extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "listCAs.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -89,11 +87,11 @@ public class ListCAServlet extends CMSServlet { /** * Process the HTTP request. - * + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { HttpServletRequest req = cmsReq.getHttpReq(); HttpServletResponse resp = cmsReq.getHttpResp(); @@ -120,9 +118,9 @@ public class ListCAServlet extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -133,12 +131,12 @@ public class ListCAServlet extends CMSServlet { Enumeration recs = defStore.searchAllCRLIssuingPointRecord(100); // show the current CRL number if present - header.addStringValue("stateCount", - Integer.toString(defStore.getStateCount())); + header.addStringValue("stateCount", + Integer.toString(defStore.getStateCount())); while (recs.hasMoreElements()) { - ICRLIssuingPointRecord rec = - (ICRLIssuingPointRecord) recs.nextElement(); + ICRLIssuingPointRecord rec = + (ICRLIssuingPointRecord) recs.nextElement(); IArgBlock rarg = CMS.createArgBlock(); String thisId = rec.getId(); @@ -163,17 +161,17 @@ public class ListCAServlet extends CMSServlet { rarg.addLongValue("NumRevoked", 0); } else { if (rc.longValue() == -1) { - rarg.addStringValue("NumRevoked", "UNKNOWN"); - } else { - rarg.addLongValue("NumRevoked", rc.longValue()); + rarg.addStringValue("NumRevoked", "UNKNOWN"); + } else { + rarg.addLongValue("NumRevoked", rc.longValue()); } } BigInteger crlNumber = rec.getCRLNumber(); if (crlNumber == null || crlNumber.equals(new BigInteger("-1"))) { - rarg.addStringValue("CRLNumber", "UNKNOWN"); + rarg.addStringValue("CRLNumber", "UNKNOWN"); } else { - rarg.addStringValue("CRLNumber", crlNumber.toString()); + rarg.addStringValue("CRLNumber", crlNumber.toString()); } rarg.addLongValue("ReqCount", defStore.getReqCount(thisId)); @@ -185,18 +183,18 @@ public class ListCAServlet extends CMSServlet { String error = null; String xmlOutput = req.getParameter("xml"); - if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); - } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); - } + if (xmlOutput != null && xmlOutput.equals("true")) { + outputXML(resp, argSet); + } else { + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); + } } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/OCSPServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/OCSPServlet.java index cfc91975..a11a1739 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/OCSPServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/OCSPServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.ocsp; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.InputStream; @@ -47,11 +46,10 @@ import com.netscape.cmsutil.ocsp.ResponseData; import com.netscape.cmsutil.ocsp.SingleResponse; import com.netscape.cmsutil.ocsp.TBSRequest; - /** - * Process OCSP messages, According to RFC 2560 - * See http://www.ietf.org/rfc/rfc2560.txt - * + * Process OCSP messages, According to RFC 2560 See + * http://www.ietf.org/rfc/rfc2560.txt + * * @version $Revision$ $Date$ */ public class OCSPServlet extends CMSServlet { @@ -65,7 +63,7 @@ public class OCSPServlet extends CMSServlet { public final static String PROP_MAX_REQUEST_SIZE = "MaxRequestSize"; public final static String PROP_ID = "ID"; - private int m_maxRequestSize=5000; + private int m_maxRequestSize = 5000; public OCSPServlet() { super(); @@ -74,35 +72,35 @@ public class OCSPServlet extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "ImportCert.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { super.init(sc); String s = sc.getInitParameter(PROP_MAX_REQUEST_SIZE); if (s != null) { - try { - m_maxRequestSize = Integer.parseInt(s); - } catch (Exception e) {} - } + try { + m_maxRequestSize = Integer.parseInt(s); + } catch (Exception e) { + } + } } /** - * Process the HTTP request. - * This method is invoked when the OCSP service receives a OCSP - * request. Based on RFC 2560, the request should have the OCSP - * request in the HTTP body as binary blob. - * + * Process the HTTP request. This method is invoked when the OCSP service + * receives a OCSP request. Based on RFC 2560, the request should have the + * OCSP request in the HTTP body as binary blob. + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); - IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats"); + IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats"); if (statsSub != null) { - statsSub.startTiming("ocsp", true /* main action */); + statsSub.startTiming("ocsp", true /* main action */); } IAuthToken authToken = authenticate(cmsReq); @@ -119,12 +117,12 @@ public class OCSPServlet extends CMSServlet { cmsReq.setStatus(CMSRequest.UNAUTHORIZED); return; } - + CMS.debug("Servlet Path=" + httpReq.getServletPath()); CMS.debug("RequestURI=" + httpReq.getRequestURI()); - String pathInfo = httpReq.getPathInfo(); + String pathInfo = httpReq.getPathInfo(); if (pathInfo != null && pathInfo.indexOf('%') != -1) { - pathInfo = URLDecoder.decode(pathInfo); + pathInfo = URLDecoder.decode(pathInfo); } CMS.debug("PathInfo=" + pathInfo); @@ -136,46 +134,46 @@ public class OCSPServlet extends CMSServlet { String method = httpReq.getMethod(); CMS.debug("Method=" + method); if (method != null && method.equals("POST")) { - int reqlen = httpReq.getContentLength(); - - if (reqlen == -1) { - throw new Exception("OCSPServlet: Content-Length not supplied"); - } - if (reqlen == 0) { - throw new Exception("OCSPServlet: Invalid Content-Length"); - } - if (reqlen > m_maxRequestSize) { - throw new Exception("OCSPServlet: Client sending too much OCSP request data ("+reqlen+")"); - } - - // for debugging - reqbuf = new byte[reqlen]; - int bytesread = 0; - boolean partial = false; - - while (bytesread < reqlen) { - int r = is.read(reqbuf, bytesread, reqlen - bytesread); - if (r == -1) { - throw new Exception("OCSPServlet: Client did not supply enough OCSP data"); + int reqlen = httpReq.getContentLength(); + + if (reqlen == -1) { + throw new Exception("OCSPServlet: Content-Length not supplied"); + } + if (reqlen == 0) { + throw new Exception("OCSPServlet: Invalid Content-Length"); + } + if (reqlen > m_maxRequestSize) { + throw new Exception("OCSPServlet: Client sending too much OCSP request data (" + reqlen + ")"); } - bytesread += r; - if (partial == false) { - if (bytesread < reqlen) { - partial = true; + + // for debugging + reqbuf = new byte[reqlen]; + int bytesread = 0; + boolean partial = false; + + while (bytesread < reqlen) { + int r = is.read(reqbuf, bytesread, reqlen - bytesread); + if (r == -1) { + throw new Exception("OCSPServlet: Client did not supply enough OCSP data"); + } + bytesread += r; + if (partial == false) { + if (bytesread < reqlen) { + partial = true; + } } } - } - is = new ByteArrayInputStream(reqbuf); + is = new ByteArrayInputStream(reqbuf); } else { - // GET method - if ( (pathInfo == null) || - (pathInfo.equals( "" ) ) || - (pathInfo.substring(1) == null) || - (pathInfo.substring(1).equals( "" ) ) ) { - throw new Exception("OCSPServlet: OCSP request not provided in GET method"); - } - is = new ByteArrayInputStream( - com.netscape.osutil.OSUtil.AtoB(pathInfo.substring(1))); + // GET method + if ((pathInfo == null) || + (pathInfo.equals("")) || + (pathInfo.substring(1) == null) || + (pathInfo.substring(1).equals(""))) { + throw new Exception("OCSPServlet: OCSP request not provided in GET method"); + } + is = new ByteArrayInputStream( + com.netscape.osutil.OSUtil.AtoB(pathInfo.substring(1))); } // (1) retrieve OCSP request @@ -183,22 +181,23 @@ public class OCSPServlet extends CMSServlet { OCSPResponse response = null; try { - OCSPRequest.Template reqTemplate = - new OCSPRequest.Template(); + OCSPRequest.Template reqTemplate = + new OCSPRequest.Template(); - if ( (is == null) || - (is.toString().equals( "" ) ) ) { - throw new Exception( "OCSPServlet: OCSP request is " + if ((is == null) || + (is.toString().equals(""))) { + throw new Exception("OCSPServlet: OCSP request is " + "empty or malformed"); } ocspReq = (OCSPRequest) reqTemplate.decode(is); - if ( (ocspReq == null) || - (ocspReq.toString().equals( "" ) ) ) { - throw new Exception( "OCSPServlet: Decoded OCSP request " + if ((ocspReq == null) || + (ocspReq.toString().equals(""))) { + throw new Exception("OCSPServlet: Decoded OCSP request " + "is empty or malformed"); } response = ((IOCSPService) mAuthority).validate(ocspReq); - } catch (Exception e) {; + } catch (Exception e) { + ; CMS.debug("OCSPServlet: " + e.toString()); } @@ -219,8 +218,8 @@ public class OCSPServlet extends CMSServlet { CMS.debug("OCSPServlet: " + CMS.BtoA(ASN1Util.encode(ocspReq))); TBSRequest tbsReq = ocspReq.getTBSRequest(); for (int i = 0; i < tbsReq.getRequestCount(); i++) { - com.netscape.cmsutil.ocsp.Request req = tbsReq.getRequestAt(i); - CMS.debug("Serial Number: " + req.getCertID().getSerialNumber()); + com.netscape.cmsutil.ocsp.Request req = tbsReq.getRequestAt(i); + CMS.debug("Serial Number: " + req.getCertID().getSerialNumber()); } CMS.debug("OCSPServlet: OCSP Response Size:"); CMS.debug("OCSPServlet: " + Integer.toString(respbytes.length)); @@ -232,17 +231,17 @@ public class OCSPServlet extends CMSServlet { } else if (rbytes.getObjectIdentifier().equals( ResponseBytes.OCSP_BASIC)) { BasicOCSPResponse basicRes = (BasicOCSPResponse) - BasicOCSPResponse.getTemplate().decode( - new ByteArrayInputStream(rbytes.getResponse().toByteArray())); + BasicOCSPResponse.getTemplate().decode( + new ByteArrayInputStream(rbytes.getResponse().toByteArray())); if (basicRes == null) { CMS.debug("Basic Res is null"); } else { ResponseData data = basicRes.getResponseData(); for (int i = 0; i < data.getResponseCount(); i++) { SingleResponse res = data.getResponseAt(i); - CMS.debug("Serial Number: " + - res.getCertID().getSerialNumber() + - " Status: " + + CMS.debug("Serial Number: " + + res.getCertID().getSerialNumber() + + " Status: " + res.getCertStatus().getClass().getName()); } } @@ -250,14 +249,14 @@ public class OCSPServlet extends CMSServlet { } httpResp.setContentType("application/ocsp-response"); - + httpResp.setContentLength(respbytes.length); OutputStream ooss = httpResp.getOutputStream(); ooss.write(respbytes); ooss.flush(); if (statsSub != null) { - statsSub.endTiming("ocsp"); + statsSub.endTiming("ocsp"); } mRenderResult = false; diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/RemoveCAServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/RemoveCAServlet.java index 3ec72bb8..2ecbdf1e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/RemoveCAServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/RemoveCAServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.ocsp; - import java.io.IOException; import java.util.Locale; @@ -41,11 +40,11 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Configure the CA to no longer respond to OCSP requests for a CA - * - * @version $Revision: 1274 $ $Date: 2010-09-07 22:14:41 -0700 (Tue, 07 Sep 2010) $ + * + * @version $Revision: 1274 $ $Date: 2010-09-07 22:14:41 -0700 (Tue, 07 Sep + * 2010) $ */ public class RemoveCAServlet extends CMSServlet { @@ -58,12 +57,12 @@ public class RemoveCAServlet extends CMSServlet { private IOCSPAuthority mOCSPAuthority = null; private final static String LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST = - "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_3"; + "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_3"; private final static String LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS = - "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS_3"; + "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS_3"; private final static String LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE = - "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE_3"; + "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE_3"; public RemoveCAServlet() { super(); @@ -72,7 +71,7 @@ public class RemoveCAServlet extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "addCA.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -90,18 +89,20 @@ public class RemoveCAServlet extends CMSServlet { /** * Process the HTTP request. * <ul> - * <li>http.param ca id. The format is string. - * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST used when - * a CA is attempted to be removed from the OCSP responder - * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS - * and LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE are used when - * a remove CA request to the OCSP Responder is processed successfully or not. + * <li>http.param ca id. The format is string. + * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST used when a + * CA is attempted to be removed from the OCSP responder + * <li>signed.audit + * LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS and + * LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE are used + * when a remove CA request to the OCSP Responder is processed successfully + * or not. * </ul> - * + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { HttpServletRequest req = cmsReq.getHttpReq(); HttpServletResponse resp = cmsReq.getHttpResp(); String auditMessage = null; @@ -132,9 +133,9 @@ public class RemoveCAServlet extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -142,79 +143,78 @@ public class RemoveCAServlet extends CMSServlet { CMSTemplateParams argSet = new CMSTemplateParams(header, fixed); if (auditSubjectID.equals(ILogger.NONROLEUSER) || - auditSubjectID.equals(ILogger.UNIDENTIFIED)) { + auditSubjectID.equals(ILogger.UNIDENTIFIED)) { String uid = authToken.getInString(IAuthToken.USER_ID); if (uid != null) { - CMS.debug("RemoveCAServlet: auditSubjectID set to "+uid); + CMS.debug("RemoveCAServlet: auditSubjectID set to " + uid); auditSubjectID = uid; } } - String caID = cmsReq.getHttpReq().getParameter("caID"); - + String caID = cmsReq.getHttpReq().getParameter("caID"); - if (caID == null) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE, - auditSubjectID, - ILogger.FAILURE, - ILogger.SIGNED_AUDIT_EMPTY_VALUE); + if (caID == null) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE, + auditSubjectID, + ILogger.FAILURE, + ILogger.SIGNED_AUDIT_EMPTY_VALUE); - throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CA_ID")); - } + throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CA_ID")); + } - auditMessage = CMS.getLogMessage( + auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST, auditSubjectID, ILogger.SUCCESS, caID); - audit( auditMessage ); + audit(auditMessage); - IDefStore defStore = mOCSPAuthority.getDefaultStore(); + IDefStore defStore = mOCSPAuthority.getDefaultStore(); - try { - defStore.deleteCRLIssuingPointRecord(caID); + try { + defStore.deleteCRLIssuingPointRecord(caID); - } catch (EBaseException e) { + } catch (EBaseException e) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE, - auditSubjectID, - ILogger.FAILURE, - caID); - audit( auditMessage ); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE, + auditSubjectID, + ILogger.FAILURE, + caID); + audit(auditMessage); - CMS.debug("RemoveCAServlet::process: Error deleting CRL IssuingPoint: " + caID); - throw new EBaseException(e.toString()); + CMS.debug("RemoveCAServlet::process: Error deleting CRL IssuingPoint: " + caID); + throw new EBaseException(e.toString()); } CMS.debug("RemoveCAServlet::process: CRL IssuingPoint for CA successfully removed: " + caID); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS, - auditSubjectID, - ILogger.SUCCESS, - caID); - audit( auditMessage ); + LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS, + auditSubjectID, + ILogger.SUCCESS, + caID); + audit(auditMessage); try { ServletOutputStream out = resp.getOutputStream(); String error = null; String xmlOutput = req.getParameter("xml"); - if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); - } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); - } + if (xmlOutput != null && xmlOutput.equals("true")) { + outputXML(resp, argSet); + } else { + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); + } } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java index 1e44dad1..e7d63602 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java +++ b/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.processors; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -72,11 +71,10 @@ import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * Process CMC messages according to RFC 2797 - * See http://www.ietf.org/rfc/rfc2797.txt - * + * Process CMC messages according to RFC 2797 See + * http://www.ietf.org/rfc/rfc2797.txt + * * @version $Revision$, $Date$ */ public class CMCProcessor extends PKIProcessor { @@ -95,18 +93,18 @@ public class CMCProcessor extends PKIProcessor { } public void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { } public void fillCertInfo( - String protocolString, X509CertInfo certInfo, - IAuthToken authToken, IArgBlock httpParams) - throws EBaseException { + String protocolString, X509CertInfo certInfo, + IAuthToken authToken, IArgBlock httpParams) + throws EBaseException { } public X509CertInfo[] fillCertInfoArray( - String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req) - throws EBaseException { + String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req) + throws EBaseException { CMS.debug("CMCProcessor: In CMCProcessor.fillCertInfoArray!"); String cmc = protocolString; @@ -114,17 +112,16 @@ public class CMCProcessor extends PKIProcessor { try { byte[] cmcBlob = CMS.AtoB(cmc); ByteArrayInputStream cmcBlobIn = - new ByteArrayInputStream(cmcBlob); + new ByteArrayInputStream(cmcBlob); org.mozilla.jss.pkix.cms.ContentInfo cmcReq = (org.mozilla.jss.pkix.cms.ContentInfo) - org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn); + org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn); - if - (!cmcReq.getContentType().equals(org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA) || !cmcReq.hasContent()) + if (!cmcReq.getContentType().equals(org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA) || !cmcReq.hasContent()) throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_CMC_CONTENT")); SignedData cmcFullReq = (SignedData) - cmcReq.getInterpretedContent(); + cmcReq.getInterpretedContent(); EncapsulatedContentInfo ci = cmcFullReq.getContentInfo(); @@ -132,7 +129,7 @@ public class CMCProcessor extends PKIProcessor { if (!id.equals(OBJECT_IDENTIFIER.id_cct_PKIData) || !ci.hasContent()) { throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_NO_PKIDATA")); + CMS.getUserMessage("CMS_GW_NO_PKIDATA")); } OCTET_STRING content = ci.getContent(); @@ -144,7 +141,7 @@ public class CMCProcessor extends PKIProcessor { int numReqs = reqSequence.size(); X509CertInfo[] certInfoArray = new X509CertInfo[numReqs]; String[] reqIdArray = new String[numReqs]; - + for (int i = 0; i < numReqs; i++) { // decode message. TaggedRequest taggedRequest = (TaggedRequest) reqSequence.elementAt(i); @@ -158,7 +155,7 @@ public class CMCProcessor extends PKIProcessor { reqIdArray[i] = String.valueOf(p10Id); CertificationRequest p10 = - tcr.getCertificationRequest(); + tcr.getCertificationRequest(); // transfer to sun class ByteArrayOutputStream ostream = new ByteArrayOutputStream(); @@ -169,13 +166,13 @@ public class CMCProcessor extends PKIProcessor { try { PKCS10 pkcs10 = new PKCS10(ostream.toByteArray()); - //xxx do we need to do anything else? + // xxx do we need to do anything else? X509CertInfo certInfo = CMS.getDefaultX509CertInfo(); pkcs10Processor.fillCertInfo(pkcs10, certInfo, authToken, httpParams); - /* fillPKCS10(pkcs10,certInfo, - authToken, httpParams); + /* + * fillPKCS10(pkcs10,certInfo, authToken, httpParams); */ certInfoArray[i] = certInfo; @@ -195,7 +192,7 @@ public class CMCProcessor extends PKIProcessor { reqIdArray[i] = String.valueOf(srcId); - certInfoArray[i] = crmfProc.processIndividualRequest(crm, authToken, httpParams); + certInfoArray[i] = crmfProc.processIndividualRequest(crm, authToken, httpParams); } else { throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_CMC_CONTENT")); @@ -209,12 +206,12 @@ public class CMCProcessor extends PKIProcessor { for (int i = 0; i < numDig; i++) { AlgorithmIdentifier dai = - (AlgorithmIdentifier) dais.elementAt(i); + (AlgorithmIdentifier) dais.elementAt(i); String name = - DigestAlgorithm.fromOID(dai.getOID()).toString(); + DigestAlgorithm.fromOID(dai.getOID()).toString(); MessageDigest md = - MessageDigest.getInstance(name); + MessageDigest.getInstance(name); byte[] digest = md.digest(content.toByteArray()); @@ -226,8 +223,8 @@ public class CMCProcessor extends PKIProcessor { for (int i = 0; i < numSis; i++) { org.mozilla.jss.pkix.cms.SignerInfo si = - (org.mozilla.jss.pkix.cms.SignerInfo) - sis.elementAt(i); + (org.mozilla.jss.pkix.cms.SignerInfo) + sis.elementAt(i); String name = si.getDigestAlgorithm().toString(); byte[] digest = (byte[]) digs.get(name); @@ -243,8 +240,7 @@ public class CMCProcessor extends PKIProcessor { SignerIdentifier sid = si.getSignerIdentifier(); - if - (sid.getType().equals(SignerIdentifier.ISSUER_AND_SERIALNUMBER)) { + if (sid.getType().equals(SignerIdentifier.ISSUER_AND_SERIALNUMBER)) { IssuerAndSerialNumber issuerAndSerialNumber = sid.getIssuerAndSerialNumber(); // find from the certs in the signedData X509Certificate cert = null; @@ -255,20 +251,19 @@ public class CMCProcessor extends PKIProcessor { for (int j = 0; j < numCerts; j++) { Certificate certJss = - (Certificate) certs.elementAt(j); + (Certificate) certs.elementAt(j); CertificateInfo certI = - certJss.getInfo(); + certJss.getInfo(); Name issuer = certI.getIssuer(); byte[] issuerB = ASN1Util.encode(issuer); INTEGER sn = certI.getSerialNumber(); - if ( - new String(issuerB).equals(new + if (new String(issuerB).equals(new String(ASN1Util.encode(issuerAndSerialNumber.getIssuer()))) - && sn.toString().equals(issuerAndSerialNumber.getSerialNumber().toString())) { + && sn.toString().equals(issuerAndSerialNumber.getSerialNumber().toString())) { ByteArrayOutputStream os = new - ByteArrayOutputStream(); + ByteArrayOutputStream(); certJss.encode(os); cert = new X509CertImpl(os.toByteArray()); @@ -296,8 +291,8 @@ public class CMCProcessor extends PKIProcessor { } else { } PK11PubKey pubK = - PK11PubKey.fromRaw(keyType, - ((X509Key) signKey).getKey()); + PK11PubKey.fromRaw(keyType, + ((X509Key) signKey).getKey()); si.verify(digest, id, pubK); } @@ -321,8 +316,7 @@ public class CMCProcessor extends PKIProcessor { j++; } if (signKey == null) { - throw new - ECMSGWException(CMS.getUserMessage("CMS_GW_CMC_ERROR", + throw new ECMSGWException(CMS.getUserMessage("CMS_GW_CMC_ERROR", "SubjectKeyIdentifier in SignerInfo does not match any publicKey in the request.")); } else { PrivateKey.Type keyType = null; @@ -352,7 +346,7 @@ public class CMCProcessor extends PKIProcessor { for (int i = 0; i < numControls; i++) { TaggedAttribute control = - (TaggedAttribute) controls.elementAt(i); + (TaggedAttribute) controls.elementAt(i); OBJECT_IDENTIFIER type = control.getType(); SET values = control.getValues(); int numVals = values.size(); @@ -364,7 +358,7 @@ public class CMCProcessor extends PKIProcessor { vals = new String[numVals]; for (int j = 0; j < numVals; j++) { ANY val = (ANY) - values.elementAt(j); + values.elementAt(j); INTEGER transId = (INTEGER) ((ANY) val).decodeWith( INTEGER.getTemplate()); @@ -374,17 +368,16 @@ public class CMCProcessor extends PKIProcessor { } if (vals != null) req.setExtData(IRequest.CMC_TRANSID, vals); - } else if - (type.equals(OBJECT_IDENTIFIER.id_cmc_senderNonce)) { + } else if (type.equals(OBJECT_IDENTIFIER.id_cmc_senderNonce)) { String[] vals = null; if (numVals > 0) vals = new String[numVals]; for (int j = 0; j < numVals; j++) { ANY val = (ANY) - values.elementAt(j); + values.elementAt(j); OCTET_STRING nonce = (OCTET_STRING) - ((ANY) val).decodeWith(OCTET_STRING.getTemplate()); + ((ANY) val).decodeWith(OCTET_STRING.getTemplate()); if (nonce != null) { vals[j] = new String(nonce.toByteArray()); @@ -409,27 +402,27 @@ public class CMCProcessor extends PKIProcessor { return certInfoArray; } catch (CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); } catch (InvalidBERException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); } catch (InvalidKeyException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); - }catch (Exception e) { + CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); + } catch (Exception e) { throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CMC_ERROR", e.toString())); + CMS.getUserMessage("CMS_GW_CMC_ERROR", e.toString())); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java index 27648758..361bf594 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java +++ b/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.processors; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -56,11 +55,10 @@ import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * Process CRMF requests, according to RFC 2511 - * See http://www.ietf.org/rfc/rfc2511.txt - * + * Process CRMF requests, according to RFC 2511 See + * http://www.ietf.org/rfc/rfc2511.txt + * * @version $Revision$, $Date$ */ public class CRMFProcessor extends PKIProcessor { @@ -70,7 +68,7 @@ public class CRMFProcessor extends PKIProcessor { private boolean enforcePop = false; private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION = - "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2"; + "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2"; public CRMFProcessor() { super(); @@ -84,22 +82,23 @@ public class CRMFProcessor extends PKIProcessor { } public void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { } /** * Verify Proof of Possession (POP) * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION used when proof * of possession is checked during certificate enrollment * </ul> + * * @param certReqMsg the certificate request message * @exception EBaseException an error has occurred */ private void verifyPOP(CertReqMsg certReqMsg) - throws EBaseException { + throws EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -118,59 +117,59 @@ public class CRMFProcessor extends PKIProcessor { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, - auditSubjectID, - ILogger.SUCCESS ); + LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + auditSubjectID, + ILogger.SUCCESS); - audit( auditMessage ); + audit(auditMessage); } catch (Exception e) { CMS.debug("CRMFProcessor: Failed POP verify!"); log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_POP_VERIFY")); + CMS.getLogMessage("CMSGW_ERROR_POP_VERIFY")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, - auditSubjectID, - ILogger.FAILURE ); + LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + auditSubjectID, + ILogger.FAILURE); - audit( auditMessage ); + audit(auditMessage); throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_POP_VERIFY")); + CMS.getLogMessage("CMSGW_ERROR_POP_VERIFY")); } } } else { if (enforcePop == true) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_NO_POP")); + CMS.getLogMessage("CMSGW_ERROR_NO_POP")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, - auditSubjectID, - ILogger.FAILURE ); + LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + auditSubjectID, + ILogger.FAILURE); - audit( auditMessage ); + audit(auditMessage); throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_NO_POP")); + CMS.getLogMessage("CMSGW_ERROR_NO_POP")); } } - } catch( EBaseException eAudit1 ) { + } catch (EBaseException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, - auditSubjectID, - ILogger.FAILURE ); + LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + auditSubjectID, + ILogger.FAILURE); - audit( auditMessage ); + audit(auditMessage); } } - public X509CertInfo processIndividualRequest(CertReqMsg certReqMsg, IAuthToken authToken, IArgBlock httpParams) - throws EBaseException { + public X509CertInfo processIndividualRequest(CertReqMsg certReqMsg, IAuthToken authToken, IArgBlock httpParams) + throws EBaseException { CMS.debug("CRMFProcessor::processIndividualRequest!"); try { @@ -205,21 +204,21 @@ public class CRMFProcessor extends PKIProcessor { if (certTemplate.hasSubject()) { Name subjectdn = certTemplate.getSubject(); ByteArrayOutputStream subjectEncStream = - new ByteArrayOutputStream(); + new ByteArrayOutputStream(); subjectdn.encode(subjectEncStream); byte[] subjectEnc = subjectEncStream.toByteArray(); X500Name subject = new X500Name(subjectEnc); certInfo.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(subject)); + new CertificateSubjectName(subject)); } else if (authToken == null || - authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) { + authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) { // No subject name - error! log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); + CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); + CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); } // get extensions @@ -243,10 +242,10 @@ public class CRMFProcessor extends PKIProcessor { for (int j = 0; j < numexts; j++) { org.mozilla.jss.pkix.cert.Extension jssext = - certTemplate.extensionAt(j); + certTemplate.extensionAt(j); boolean isCritical = jssext.getCritical(); org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid = - jssext.getExtnId(); + jssext.getExtnId(); long[] numbers = jssoid.getNumbers(); int[] oidNumbers = new int[numbers.length]; @@ -254,23 +253,23 @@ public class CRMFProcessor extends PKIProcessor { oidNumbers[k] = (int) numbers[k]; } ObjectIdentifier oid = - new ObjectIdentifier(oidNumbers); + new ObjectIdentifier(oidNumbers); org.mozilla.jss.asn1.OCTET_STRING jssvalue = - jssext.getExtnValue(); + jssext.getExtnValue(); ByteArrayOutputStream jssvalueout = - new ByteArrayOutputStream(); + new ByteArrayOutputStream(); jssvalue.encode(jssvalueout); byte[] extValue = jssvalueout.toByteArray(); Extension ext = - new Extension(oid, isCritical, extValue); + new Extension(oid, isCritical, extValue); extensions.parseExtension(ext); } certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + new CertificateVersion(CertificateVersion.V3)); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } @@ -283,7 +282,7 @@ public class CRMFProcessor extends PKIProcessor { // formulation. // -- CRMFfillCert if (authToken != null && - authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null) { + authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null) { // if authenticated override subect name, validity and // extensions if any from authtoken. fillCertInfoFromAuthToken(certInfo, authToken); @@ -300,31 +299,31 @@ public class CRMFProcessor extends PKIProcessor { } catch (CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); - } /* catch (InvalidBERException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",e.toString())); - throw new ECMSGWException( - CMSGWResources.ERROR_CRMF_TO_CERTINFO); - } */ catch (InvalidKeyException e) { + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + } /* + * catch (InvalidBERException e) { log(ILogger.LL_FAILURE, + * CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",e.toString())); + * throw new ECMSGWException( CMSGWResources.ERROR_CRMF_TO_CERTINFO); + * } + */catch (InvalidKeyException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } } public X509CertInfo[] fillCertInfoArray( - String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req) - throws EBaseException { + String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req) + throws EBaseException { CMS.debug("CRMFProcessor.fillCertInfoArray!"); @@ -333,10 +332,10 @@ public class CRMFProcessor extends PKIProcessor { try { byte[] crmfBlob = CMS.AtoB(crmf); ByteArrayInputStream crmfBlobIn = - new ByteArrayInputStream(crmfBlob); + new ByteArrayInputStream(crmfBlob); SEQUENCE crmfMsgs = (SEQUENCE) - new SEQUENCE.OF_Template(new CertReqMsg.Template()).decode(crmfBlobIn); + new SEQUENCE.OF_Template(new CertReqMsg.Template()).decode(crmfBlobIn); int nummsgs = crmfMsgs.size(); X509CertInfo[] certInfoArray = new X509CertInfo[nummsgs]; @@ -344,7 +343,7 @@ public class CRMFProcessor extends PKIProcessor { for (int i = 0; i < nummsgs; i++) { // decode message. CertReqMsg certReqMsg = (CertReqMsg) crmfMsgs.elementAt(i); - + CertRequest certReq = certReqMsg.getCertReq(); INTEGER certReqId = certReq.getCertReqId(); int srcId = certReqId.intValue(); @@ -355,20 +354,19 @@ public class CRMFProcessor extends PKIProcessor { } - //do_testbed_hack(nummsgs, certInfoArray, httpParams); + // do_testbed_hack(nummsgs, certInfoArray, httpParams); return certInfoArray; } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } catch (InvalidBERException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/IPKIProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/IPKIProcessor.java index d021f653..9139f888 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/processors/IPKIProcessor.java +++ b/pki/base/common/src/com/netscape/cms/servlet/processors/IPKIProcessor.java @@ -17,19 +17,17 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.processors; - import com.netscape.certsrv.base.EBaseException; import com.netscape.cms.servlet.common.CMSRequest; - /** * This represents the request parser. - * + * * @version $Revision$, $Date$ */ public interface IPKIProcessor { public void process(CMSRequest cmsReq) - throws EBaseException; + throws EBaseException; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/KeyGenProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/KeyGenProcessor.java index cc035033..810c3ff2 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/processors/KeyGenProcessor.java +++ b/pki/base/common/src/com/netscape/cms/servlet/processors/KeyGenProcessor.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.processors; - import java.io.IOException; import java.security.cert.CertificateException; @@ -37,11 +36,10 @@ import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * KeyGenProcess parses Certificate request matching the - * KEYGEN tag format used by Netscape Communicator 4.x - * + * KeyGenProcess parses Certificate request matching the KEYGEN tag format used + * by Netscape Communicator 4.x + * * @version $Revision$, $Date$ */ public class KeyGenProcessor extends PKIProcessor { @@ -56,13 +54,13 @@ public class KeyGenProcessor extends PKIProcessor { } public void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { } public void fillCertInfo( - String protocolString, X509CertInfo certInfo, - IAuthToken authToken, IArgBlock httpParams) - throws EBaseException { + String protocolString, X509CertInfo certInfo, + IAuthToken authToken, IArgBlock httpParams) + throws EBaseException { CMS.debug("KeyGenProcessor: fillCertInfo"); @@ -72,7 +70,7 @@ public class KeyGenProcessor extends PKIProcessor { KeyGenInfo keyGenInfo = httpParams.getValueAsKeyGenInfo( PKIProcessor.SUBJECT_KEYGEN_INFO, null); - + // fill key X509Key key = null; @@ -80,20 +78,20 @@ public class KeyGenProcessor extends PKIProcessor { if (key == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_MISSING_KEY_IN_KEYGENINFO")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_KEY_IN_KEYGENINFO")); + CMS.getUserMessage("CMS_GW_MISSING_KEY_IN_KEYGENINFO")); } try { certInfo.set(X509CertInfo.KEY, new CertificateX509Key(key)); } catch (CertificateException e) { log(ILogger.LL_FAILURE, - "Could not set key into certInfo from keygen. Error " + e); + "Could not set key into certInfo from keygen. Error " + e); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_KEYGEN_FAILED", e.toString())); + CMS.getUserMessage("CMS_GW_SET_KEY_FROM_KEYGEN_FAILED", e.toString())); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_KEYGEN_1", e.toString())); + CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_KEYGEN_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_KEYGEN_FAILED", e.toString())); + CMS.getUserMessage("CMS_GW_SET_KEY_FROM_KEYGEN_FAILED", e.toString())); } String authMgr = mServlet.getAuthMgr(); @@ -106,12 +104,12 @@ public class KeyGenProcessor extends PKIProcessor { if (authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) { // allow special case for agent gateway in admin enroll // and bulk issuance. - if (!authMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID) && - !authMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID)) { + if (!authMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID) && + !authMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID)) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); + CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); + CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); } fillCertInfoFromForm(certInfo, httpParams); } else { diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java index 53d38455..5079969e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java +++ b/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.processors; - import java.io.IOException; import java.security.cert.CertificateException; @@ -46,12 +45,10 @@ import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * PKCS10Processor process Certificate Requests in - * PKCS10 format, as defined here: - * http://www.rsasecurity.com/rsalabs/pkcs/pkcs-10/index.html - * + * PKCS10Processor process Certificate Requests in PKCS10 format, as defined + * here: http://www.rsasecurity.com/rsalabs/pkcs/pkcs-10/index.html + * * @version $Revision$, $Date$ */ public class PKCS10Processor extends PKIProcessor { @@ -61,7 +58,7 @@ public class PKCS10Processor extends PKIProcessor { private final String USE_INTERNAL_PKCS10 = "internal"; public PKCS10Processor() { - + super(); } @@ -71,24 +68,24 @@ public class PKCS10Processor extends PKIProcessor { } public void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { } - public void fillCertInfo( - PKCS10 pkcs10, X509CertInfo certInfo, - IAuthToken authToken, IArgBlock httpParams) - throws EBaseException { + public void fillCertInfo( + PKCS10 pkcs10, X509CertInfo certInfo, + IAuthToken authToken, IArgBlock httpParams) + throws EBaseException { mPkcs10 = pkcs10; - - fillCertInfo(USE_INTERNAL_PKCS10, certInfo, authToken, httpParams); + + fillCertInfo(USE_INTERNAL_PKCS10, certInfo, authToken, httpParams); } public void fillCertInfo( - String protocolString, X509CertInfo certInfo, - IAuthToken authToken, IArgBlock httpParams) - throws EBaseException { + String protocolString, X509CertInfo certInfo, + IAuthToken authToken, IArgBlock httpParams) + throws EBaseException { PKCS10 p10 = null; @@ -99,8 +96,8 @@ public class PKCS10Processor extends PKIProcessor { } else if (protocolString.equals(USE_INTERNAL_PKCS10)) { p10 = mPkcs10; } else { - CMS.debug( "PKCS10Processor::fillCertInfo() - p10 is null!" ); - throw new EBaseException( "p10 is null" ); + CMS.debug("PKCS10Processor::fillCertInfo() - p10 is null!"); + throw new EBaseException("p10 is null"); } if (mServlet == null) { @@ -123,7 +120,7 @@ public class PKCS10Processor extends PKIProcessor { certInfo.set(X509CertInfo.KEY, certKey); } catch (CertificateException e) { EBaseException ex = new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString())); + CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString())); log(ILogger.LL_FAILURE, ex.toString()); throw ex; @@ -140,31 +137,31 @@ public class PKCS10Processor extends PKIProcessor { if (subject != null) { try { certInfo.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(subject)); + new CertificateSubjectName(subject)); log(ILogger.LL_INFO, - "Setting subject name " + subject + " from p10."); + "Setting subject name " + subject + " from p10."); } catch (CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString())); + CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString())); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString())); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString())); + CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString())); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString())); } catch (Exception e) { // if anything bad happens in X500 name parsing, // this will catch it. log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString())); + CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString())); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString())); } } else if (authToken == null || - authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) { + authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_SUBJECT_IN_P10")); + CMS.getLogMessage("CMSGW_MISSING_SUBJECT_IN_P10")); throw new ECMSGWException(CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_IN_P10")); } @@ -177,12 +174,12 @@ public class PKCS10Processor extends PKIProcessor { if (p10Attrs != null) { PKCS10Attribute p10Attr = (PKCS10Attribute) - (p10Attrs.getAttribute(CertificateExtensions.NAME)); + (p10Attrs.getAttribute(CertificateExtensions.NAME)); if (p10Attr != null && p10Attr.getAttributeId().equals( PKCS9Attribute.EXTENSION_REQUEST_OID)) { Extensions exts0 = (Extensions) - (p10Attr.getAttributeValue()); + (p10Attr.getAttributeValue()); DerOutputStream extOut = new DerOutputStream(); exts0.encode(extOut); @@ -196,23 +193,23 @@ public class PKCS10Processor extends PKIProcessor { } } CMS.debug( - "PKCS10Processor: Seted cert extensions from pkcs10. "); + "PKCS10Processor: Seted cert extensions from pkcs10. "); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString())); + CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString())); throw new ECMSGWException( CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString())); } catch (CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString())); + CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString())); throw new ECMSGWException( CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString())); } catch (Exception e) { // if anything bad happens in extensions parsing, // this will catch it. log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString())); + CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString())); throw new ECMSGWException( CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString())); } @@ -223,8 +220,8 @@ public class PKCS10Processor extends PKIProcessor { String authMgr = mServlet.getAuthMgr(); if (authToken != null && - authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null && - !(authMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID))) { + authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null && + !(authMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID))) { fillCertInfoFromAuthToken(certInfo, authToken); } @@ -233,12 +230,12 @@ public class PKCS10Processor extends PKIProcessor { // from the http parameters. if (mServletId.equals(PKIProcessor.ADMIN_ENROLL_SERVLET_ID)) { fillValidityFromForm(certInfo, httpParams); - } - + } + } private PKCS10 getPKCS10(IArgBlock httpParams) - throws EBaseException { + throws EBaseException { PKCS10 pkcs10 = null; @@ -252,7 +249,7 @@ public class PKCS10Processor extends PKIProcessor { } else { // some policies may rely on the fact that // CERT_TYPE is set. So for 3.5.1 or eariler - // we need to set CERT_TYPE but not here. + // we need to set CERT_TYPE but not here. } if (certType.equals("client")) { // coming from MSIE @@ -271,13 +268,13 @@ public class PKCS10Processor extends PKIProcessor { } } - //pkcs10 = httpParams.getValuePKCS10(PKCS10_REQUEST, null); + // pkcs10 = httpParams.getValuePKCS10(PKCS10_REQUEST, null); } else { try { // coming from server cut & paste blob. pkcs10 = httpParams.getValueAsPKCS10(PKIProcessor.PKCS10_REQUEST, false, null); - }catch (Exception ex) { + } catch (Exception ex) { ex.printStackTrace(); } } @@ -286,4 +283,4 @@ public class PKCS10Processor extends PKIProcessor { } -} +} diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java index 625808d7..d0861573 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java +++ b/pki/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.processors; - import java.io.IOException; import java.security.cert.CertificateException; import java.util.Date; @@ -42,10 +41,9 @@ import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Process Certificate Requests - * + * * @version $Revision$, $Date$ */ public class PKIProcessor implements IPKIProcessor { @@ -57,7 +55,7 @@ public class PKIProcessor implements IPKIProcessor { public static final String PKCS10_REQUEST = "pkcs10Request"; public static final String SUBJECT_KEYGEN_INFO = "subjectKeyGenInfo"; - protected CMSRequest mRequest = null; + protected CMSRequest mRequest = null; protected HttpServletRequest httpReq = null; protected String mServletId = null; @@ -84,30 +82,30 @@ public class PKIProcessor implements IPKIProcessor { } public void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { } protected void fillCertInfo( - String protocolString, X509CertInfo certInfo, - IAuthToken authToken, IArgBlock httpParams) - throws EBaseException { + String protocolString, X509CertInfo certInfo, + IAuthToken authToken, IArgBlock httpParams) + throws EBaseException { } protected X509CertInfo[] fillCertInfoArray( - String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req) - throws EBaseException { + String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req) + throws EBaseException { return null; } /** - * fill subject name, validity, extensions from authoken if any, - * overriding what was in pkcs10. - * fill subject name, extensions from http input if not authenticated. - * requests not authenticated will need to be approved by an agent. + * fill subject name, validity, extensions from authoken if any, overriding + * what was in pkcs10. fill subject name, extensions from http input if not + * authenticated. requests not authenticated will need to be approved by an + * agent. */ public static void fillCertInfoFromAuthToken( - X509CertInfo certInfo, IAuthToken authToken) - throws EBaseException { + X509CertInfo certInfo, IAuthToken authToken) + throws EBaseException { // override subject, validity and extensions from auth token // CA determines algorithm, version and issuer. // take key from keygen, cmc, pkcs10 or crmf. @@ -116,60 +114,60 @@ public class PKIProcessor implements IPKIProcessor { // subject name. try { String subjectname = - authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT); + authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT); if (subjectname != null) { CertificateSubjectName certSubject = (CertificateSubjectName) - new CertificateSubjectName(new X500Name(subjectname)); + new CertificateSubjectName(new X500Name(subjectname)); certInfo.set(X509CertInfo.SUBJECT, certSubject); log(ILogger.LL_INFO, - "cert subject set to " + certSubject + " from authtoken"); + "cert subject set to " + certSubject + " from authtoken"); } } catch (CertificateException e) { log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", - e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); } catch (IOException e) { log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME", - e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); } // validity try { CertificateValidity validity = null; Date notBefore = - authToken.getInDate(AuthToken.TOKEN_CERT_NOTBEFORE); + authToken.getInDate(AuthToken.TOKEN_CERT_NOTBEFORE); Date notAfter = - authToken.getInDate(AuthToken.TOKEN_CERT_NOTAFTER); + authToken.getInDate(AuthToken.TOKEN_CERT_NOTAFTER); if (notBefore != null && notAfter != null) { validity = new CertificateValidity(notBefore, notAfter); certInfo.set(X509CertInfo.VALIDITY, validity); log(ILogger.LL_INFO, - "cert validity set to " + validity + " from authtoken"); + "cert validity set to " + validity + " from authtoken"); } } catch (CertificateException e) { log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR")); + CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR")); } catch (IOException e) { log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR")); + CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR")); } // extensions try { CertificateExtensions extensions = - authToken.getInCertExts(X509CertInfo.EXTENSIONS); + authToken.getInCertExts(X509CertInfo.EXTENSIONS); if (extensions != null) { certInfo.set(X509CertInfo.EXTENSIONS, extensions); @@ -177,26 +175,25 @@ public class PKIProcessor implements IPKIProcessor { } } catch (CertificateException e) { log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR")); + CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR")); } catch (IOException e) { log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR")); + CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR")); } } /** - * fill subject name, extension from form. - * this is done for unauthenticated requests. - * unauthenticated requests must be approved by agents so these will - * all be seen by and agent. + * fill subject name, extension from form. this is done for unauthenticated + * requests. unauthenticated requests must be approved by agents so these + * will all be seen by and agent. */ public static void fillCertInfoFromForm( - X509CertInfo certInfo, IArgBlock httpParams) - throws EBaseException { + X509CertInfo certInfo, IArgBlock httpParams) + throws EBaseException { CMS.debug("PKIProcessor: fillCertInfoFromForm"); // subject name. @@ -205,41 +202,41 @@ public class PKIProcessor implements IPKIProcessor { if (subject == null) { throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_FROM_FORM")); + CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_FROM_FORM")); } X500Name x500name = new X500Name(subject); certInfo.set( - X509CertInfo.SUBJECT, new CertificateSubjectName(x500name)); + X509CertInfo.SUBJECT, new CertificateSubjectName(x500name)); fillValidityFromForm(certInfo, httpParams); } catch (CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); } catch (IllegalArgumentException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString())); log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_REQ_ILLEGAL_CHARACTERS")); + CMS.getLogMessage("CMSGW_REQ_ILLEGAL_CHARACTERS")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CONVERT_DN_TO_X500NAME_ERROR")); + CMS.getUserMessage("CMS_GW_CONVERT_DN_TO_X500NAME_ERROR")); } // requested extensions. // let polcies form extensions from http input. } - public static void fillValidityFromForm( - X509CertInfo certInfo, IArgBlock httpParams) - throws EBaseException { + public static void fillValidityFromForm( + X509CertInfo certInfo, IArgBlock httpParams) + throws EBaseException { CMS.debug("PKIProcessor: fillValidityFromForm!"); try { String notValidBeforeStr = httpParams.getValueAsString("notValidBefore", null); @@ -267,43 +264,43 @@ public class PKIProcessor implements IPKIProcessor { validity = new CertificateValidity(notBefore, notAfter); certInfo.set(X509CertInfo.VALIDITY, validity); log(ILogger.LL_INFO, - "cert validity set to " + validity + " from authtoken"); + "cert validity set to " + validity + " from authtoken"); } } } } catch (CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); } } /** * log according to authority category. */ - public static void log(int event, int level, String msg) { + public static void log(int event, int level, String msg) { CMS.getLogger().log(event, ILogger.S_OTHER, level, - "PKIProcessor " + ": " + msg); + "PKIProcessor " + ": " + msg); } public static void log(int level, String msg) { CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, - "PKIProcessor " + ": " + msg); + "PKIProcessor " + ": " + msg); } /** * Signed Audit Log - * - * This method is inherited by all extended "CMSServlet"s, - * and is called to store messages to the signed audit log. + * + * This method is inherited by all extended "CMSServlet"s, and is called to + * store messages to the signed audit log. * <P> - * + * * @param msg signed audit log message */ protected void audit(String msg) { @@ -315,20 +312,19 @@ public class PKIProcessor implements IPKIProcessor { } mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + null, + ILogger.S_SIGNED_AUDIT, + ILogger.LL_SECURITY, + msg); } /** * Signed Audit Log Subject ID - * - * This method is inherited by all extended "CMSServlet"s, - * and is called to obtain the "SubjectID" for - * a signed audit log message. + * + * This method is inherited by all extended "CMSServlet"s, and is called to + * obtain the "SubjectID" for a signed audit log message. * <P> - * + * * @return id string containing the signed audit log message SubjectID */ protected String auditSubjectID() { @@ -358,4 +354,3 @@ public class PKIProcessor implements IPKIProcessor { return subjectID; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java index da24d2c2..b5cec9da 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.profile; - import java.util.Enumeration; import java.util.Locale; @@ -46,10 +45,9 @@ import com.netscape.certsrv.template.ArgList; import com.netscape.certsrv.template.ArgSet; import com.netscape.cms.servlet.common.CMSRequest; - /** * Toggle the approval state of a profile - * + * * @version $Revision$, $Date$ */ public class ProfileApproveServlet extends ProfileServlet { @@ -59,10 +57,10 @@ public class ProfileApproveServlet extends ProfileServlet { */ private static final long serialVersionUID = 3956879326742839550L; private static final String PROP_AUTHORITY_ID = "authorityId"; - private String mAuthorityId = null; + private String mAuthorityId = null; private final static String LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL = - "LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL_4"; + "LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL_4"; private final static String OP_APPROVE = "approve"; private final static String OP_DISAPPROVE = "disapprove"; @@ -73,7 +71,7 @@ public class ProfileApproveServlet extends ProfileServlet { /** * initialize the servlet. This servlet uses the template file * "ImportCert.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -84,13 +82,14 @@ public class ProfileApproveServlet extends ProfileServlet { /** * Process the HTTP request. * <P> - * + * * <ul> * <li>http.param profileId the id of the profile to change * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL used when an * agent approves/disapproves a cert profile set by the administrator for * automatic approval * </ul> + * * @param cmsReq the object holding the request and response information * @exception EBaseException an error has occurred */ @@ -126,8 +125,8 @@ public class ProfileApproveServlet extends ProfileServlet { auditSubjectID = auditSubjectID(); CMS.debug(e.toString()); log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_AUTHENTICATION_ERROR")); @@ -153,12 +152,12 @@ public class ProfileApproveServlet extends ProfileServlet { mAuthzResourceName, "approve"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); } if (authzToken == null) { @@ -214,8 +213,8 @@ public class ProfileApproveServlet extends ProfileServlet { IAuthority authority = (IAuthority) CMS.getSubsystem(mAuthorityId); if (authority == null) { - CMS.debug("ProfileApproveServlet: Authority " + mAuthorityId + - " not found"); + CMS.debug("ProfileApproveServlet: Authority " + mAuthorityId + + " not found"); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); @@ -236,8 +235,8 @@ public class ProfileApproveServlet extends ProfileServlet { IRequestQueue queue = authority.getRequestQueue(); if (queue == null) { - CMS.debug("ProfileApproveServlet: Request Queue of " + - mAuthorityId + " not found"); + CMS.debug("ProfileApproveServlet: Request Queue of " + + mAuthorityId + " not found"); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); @@ -265,31 +264,31 @@ public class ProfileApproveServlet extends ProfileServlet { try { if (ps.isProfileEnable(profileId)) { - if (ps.checkOwner()) { - if (ps.getProfileEnableBy(profileId).equals(userid)) { - ps.disableProfile(profileId); - } else { - // only enableBy can disable profile - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_PROFILE_NOT_OWNER")); - outputTemplate(request, response, args); - - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( + if (ps.checkOwner()) { + if (ps.getProfileEnableBy(profileId).equals(userid)) { + ps.disableProfile(profileId); + } else { + // only enableBy can disable profile + args.set(ARG_ERROR_CODE, "1"); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_PROFILE_NOT_OWNER")); + outputTemplate(request, response, args); + + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, auditSubjectID, ILogger.FAILURE, auditProfileID, auditProfileOp); - audit(auditMessage); + audit(auditMessage); - return; + return; + } + } else { + ps.disableProfile(profileId); } - } else { - ps.disableProfile(profileId); - } } else { ps.enableProfile(profileId, userid); } @@ -305,8 +304,8 @@ public class ProfileApproveServlet extends ProfileServlet { audit(auditMessage); } catch (EProfileException e) { // profile not enabled - CMS.debug("ProfileApproveServlet: profile not error " + - e.toString()); + CMS.debug("ProfileApproveServlet: profile not error " + + e.toString()); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); @@ -338,26 +337,26 @@ public class ProfileApproveServlet extends ProfileServlet { // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, - // auditSubjectID, - // ILogger.FAILURE, - // auditProfileID, - // auditProfileOp ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, + // auditSubjectID, + // ILogger.FAILURE, + // auditProfileID, + // auditProfileOp ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } try { profile = ps.getProfile(profileId); } catch (EProfileException e) { // profile not found - CMS.debug("ProfileApproveServlet: profile not found " + - e.toString()); + CMS.debug("ProfileApproveServlet: profile not found " + + e.toString()); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, e.toString()); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, @@ -386,13 +385,13 @@ public class ProfileApproveServlet extends ProfileServlet { while (policyIds.hasMoreElements()) { String id = (String) policyIds.nextElement(); IProfilePolicy policy = (IProfilePolicy) - profile.getProfilePolicy(setId, id); + profile.getProfilePolicy(setId, id); // (3) query all the profile policies // (4) default plugins convert request parameters - // into string http parameters + // into string http parameters handlePolicy(list, response, locale, - id, policy); + id, policy); } ArgSet setArg = new ArgSet(); @@ -403,8 +402,8 @@ public class ProfileApproveServlet extends ProfileServlet { args.set(ARG_POLICY_SET_LIST, setlist); args.set(ARG_PROFILE_ID, profileId); - args.set(ARG_PROFILE_IS_ENABLED, - Boolean.toString(ps.isProfileEnable(profileId))); + args.set(ARG_PROFILE_IS_ENABLED, + Boolean.toString(ps.isProfileEnable(profileId))); args.set(ARG_PROFILE_ENABLED_BY, ps.getProfileEnableBy(profileId)); args.set(ARG_PROFILE_NAME, profile.getName(locale)); args.set(ARG_PROFILE_DESC, profile.getDescription(locale)); @@ -413,8 +412,8 @@ public class ProfileApproveServlet extends ProfileServlet { outputTemplate(request, response, args); } - private void handlePolicy(ArgList list, ServletResponse response, - Locale locale, String id, IProfilePolicy policy) { + private void handlePolicy(ArgList list, ServletResponse response, + Locale locale, String id, IProfilePolicy policy) { ArgSet set = new ArgSet(); set.set(ARG_POLICY_ID, id); @@ -434,19 +433,19 @@ public class ProfileApproveServlet extends ProfileServlet { String defName = (String) defNames.nextElement(); IDescriptor defDesc = def.getValueDescriptor(locale, defName); if (defDesc == null) { - CMS.debug("defName=" + defName); + CMS.debug("defName=" + defName); } else { - String defSyntax = defDesc.getSyntax(); - String defConstraint = defDesc.getConstraint(); - String defValueName = defDesc.getDescription(locale); - String defValue = null; - - defset.set(ARG_DEF_ID, defName); - defset.set(ARG_DEF_SYNTAX, defSyntax); - defset.set(ARG_DEF_CONSTRAINT, defConstraint); - defset.set(ARG_DEF_NAME, defValueName); - defset.set(ARG_DEF_VAL, defValue); - deflist.add(defset); + String defSyntax = defDesc.getSyntax(); + String defConstraint = defDesc.getConstraint(); + String defValueName = defDesc.getDescription(locale); + String defValue = null; + + defset.set(ARG_DEF_ID, defName); + defset.set(ARG_DEF_SYNTAX, defSyntax); + defset.set(ARG_DEF_CONSTRAINT, defConstraint); + defset.set(ARG_DEF_NAME, defValueName); + defset.set(ARG_DEF_VAL, defValue); + deflist.add(defset); } } } @@ -463,11 +462,11 @@ public class ProfileApproveServlet extends ProfileServlet { /** * Signed Audit Log Profile ID - * - * This method is called to obtain the "ProfileID" for - * a signed audit log message. + * + * This method is called to obtain the "ProfileID" for a signed audit log + * message. * <P> - * + * * @param req HTTP request * @return id string containing the signed audit log message ProfileID */ @@ -493,14 +492,14 @@ public class ProfileApproveServlet extends ProfileServlet { /** * Signed Audit Log Profile Operation - * - * This method is called to obtain the "Profile Operation" for - * a signed audit log message. + * + * This method is called to obtain the "Profile Operation" for a signed + * audit log message. * <P> - * + * * @param req HTTP request - * @return operation string containing either OP_APPROVE, OP_DISAPPROVE, - * or SIGNED_AUDIT_EMPTY_VALUE + * @return operation string containing either OP_APPROVE, OP_DISAPPROVE, or + * SIGNED_AUDIT_EMPTY_VALUE */ private String auditProfileOp(HttpServletRequest req) { // if no signed audit object exists, bail @@ -509,12 +508,12 @@ public class ProfileApproveServlet extends ProfileServlet { } if (mProfileSubId == null || - mProfileSubId.equals("")) { + mProfileSubId.equals("")) { mProfileSubId = IProfileSubsystem.ID; } IProfileSubsystem ps = (IProfileSubsystem) - CMS.getSubsystem(mProfileSubId); + CMS.getSubsystem(mProfileSubId); if (ps == null) { return ILogger.SIGNED_AUDIT_EMPTY_VALUE; @@ -533,4 +532,3 @@ public class ProfileApproveServlet extends ProfileServlet { } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileListServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileListServlet.java index 4da41f7a..8581b3ca 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileListServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileListServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.profile; - import java.util.Enumeration; import java.util.Locale; @@ -38,10 +37,9 @@ import com.netscape.certsrv.template.ArgList; import com.netscape.certsrv.template.ArgSet; import com.netscape.cms.servlet.common.CMSRequest; - /** * List all enabled profiles. - * + * * @version $Revision$, $Date$ */ public class ProfileListServlet extends ProfileServlet { @@ -53,7 +51,7 @@ public class ProfileListServlet extends ProfileServlet { private static final String PROP_AUTHORITY_ID = "authorityId"; - private String mAuthorityId = null; + private String mAuthorityId = null; public ProfileListServlet() { super(); @@ -62,7 +60,7 @@ public class ProfileListServlet extends ProfileServlet { /** * initialize the servlet. This servlet uses the template file * "ImportCert.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -72,7 +70,7 @@ public class ProfileListServlet extends ProfileServlet { /** * Process the HTTP request. - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -93,10 +91,10 @@ public class ProfileListServlet extends ProfileServlet { mAuthzResourceName, "list"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -115,17 +113,17 @@ public class ProfileListServlet extends ProfileServlet { } CMS.debug("ProfileListServlet: SubId=" + mProfileSubId); IProfileSubsystem ps = (IProfileSubsystem) - CMS.getSubsystem(mProfileSubId); + CMS.getSubsystem(mProfileSubId); if (ps == null) { - CMS.debug("ProfileListServlet: ProfileSubsystem " + - mProfileSubId + " not found"); + CMS.debug("ProfileListServlet: ProfileSubsystem " + + mProfileSubId + " not found"); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; - } + } ArgList list = new ArgList(); Enumeration e = ps.getProfileIds(); @@ -139,13 +137,13 @@ public class ProfileListServlet extends ProfileServlet { profile = ps.getProfile(id); } catch (EBaseException e1) { // skip bad profile - CMS.debug("ProfileListServlet: profile " + id + - " not found (skipped) " + e1.toString()); + CMS.debug("ProfileListServlet: profile " + id + + " not found (skipped) " + e1.toString()); continue; } if (profile == null) { - CMS.debug("ProfileListServlet: profile " + id + - " not found (skipped)"); + CMS.debug("ProfileListServlet: profile " + id + + " not found (skipped)"); continue; } @@ -155,16 +153,16 @@ public class ProfileListServlet extends ProfileServlet { ArgSet profileArgs = new ArgSet(); profileArgs.set(ARG_PROFILE_IS_ENABLED, - Boolean.toString(ps.isProfileEnable(id))); + Boolean.toString(ps.isProfileEnable(id))); profileArgs.set(ARG_PROFILE_ENABLED_BY, - ps.getProfileEnableBy(id)); + ps.getProfileEnableBy(id)); profileArgs.set(ARG_PROFILE_ID, id); - profileArgs.set(ARG_PROFILE_IS_VISIBLE, - Boolean.toString(profile.isVisible())); + profileArgs.set(ARG_PROFILE_IS_VISIBLE, + Boolean.toString(profile.isVisible())); profileArgs.set(ARG_PROFILE_NAME, name); profileArgs.set(ARG_PROFILE_DESC, desc); list.add(profileArgs); - + } } args.set(ARG_RECORD, list); diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java index 33233275..ebfc2e9f 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.profile; - import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; import java.util.Date; @@ -63,10 +62,9 @@ import com.netscape.certsrv.template.ArgSet; import com.netscape.certsrv.util.IStatsSubsystem; import com.netscape.cms.servlet.common.CMSRequest; - /** * This servlet approves profile-based request. - * + * * @version $Revision$, $Date$ */ public class ProfileProcessServlet extends ProfileServlet { @@ -79,9 +77,9 @@ public class ProfileProcessServlet extends ProfileServlet { private Nonces mNonces = null; private final static String SIGNED_AUDIT_CERT_REQUEST_REASON = - "requestNotes"; + "requestNotes"; private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = - "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; + "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; public ProfileProcessServlet() { } @@ -103,9 +101,9 @@ public class ProfileProcessServlet extends ProfileServlet { HttpServletRequest request = cmsReq.getHttpReq(); HttpServletResponse response = cmsReq.getHttpResp(); - IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats"); + IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats"); if (statsSub != null) { - statsSub.startTiming("approval", true /* main action */); + statsSub.startTiming("approval", true /* main action */); } IAuthToken authToken = null; @@ -119,13 +117,13 @@ public class ProfileProcessServlet extends ProfileServlet { } catch (EBaseException e) { CMS.debug("ProfileProcessServlet: " + e.toString()); log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + args.set(ARG_ERROR_CODE, "1"); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_AUTHENTICATION_ERROR")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -138,10 +136,10 @@ public class ProfileProcessServlet extends ProfileServlet { mAuthzResourceName, "approve"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -150,7 +148,7 @@ public class ProfileProcessServlet extends ProfileServlet { "CMS_AUTHORIZATION_ERROR")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -171,7 +169,7 @@ public class ProfileProcessServlet extends ProfileServlet { } else { CMS.debug("ProfileProcessServlet: Missing nonce"); } - CMS.debug("ProfileProcessServlet: nonceVerified="+nonceVerified); + CMS.debug("ProfileProcessServlet: nonceVerified=" + nonceVerified); if (!nonceVerified) { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, @@ -194,7 +192,7 @@ public class ProfileProcessServlet extends ProfileServlet { } CMS.debug("ProfileProcessServlet: SubId=" + mProfileSubId); IProfileSubsystem ps = (IProfileSubsystem) - CMS.getSubsystem(mProfileSubId); + CMS.getSubsystem(mProfileSubId); if (ps == null) { CMS.debug("ProfileProcessServlet: ProfileSubsystem not found"); @@ -203,7 +201,7 @@ public class ProfileProcessServlet extends ProfileServlet { "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -213,13 +211,13 @@ public class ProfileProcessServlet extends ProfileServlet { if (authority == null) { CMS.debug("ProfileProcessServlet: Authority " + mAuthorityId + - " not found"); + " not found"); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -227,13 +225,13 @@ public class ProfileProcessServlet extends ProfileServlet { if (queue == null) { CMS.debug("ProfileProcessServlet: Request Queue of " + - mAuthorityId + " not found"); + mAuthorityId + " not found"); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -247,7 +245,7 @@ public class ProfileProcessServlet extends ProfileServlet { "CMS_REQUEST_ID_NOT_FOUND")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -259,8 +257,8 @@ public class ProfileProcessServlet extends ProfileServlet { req = queue.findRequest(new RequestId(requestId)); } catch (EBaseException e) { // request not found - CMS.debug("ProfileProcessServlet: request not found requestId=" + - requestId + " " + e.toString()); + CMS.debug("ProfileProcessServlet: request not found requestId=" + + requestId + " " + e.toString()); } if (req == null) { args.set(ARG_ERROR_CODE, "1"); @@ -268,12 +266,12 @@ public class ProfileProcessServlet extends ProfileServlet { "CMS_REQUEST_NOT_FOUND", requestId)); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } - // check if the request is in one of the terminal states + // check if the request is in one of the terminal states if (!req.getRequestStatus().equals(RequestStatus.PENDING)) { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, @@ -281,7 +279,7 @@ public class ProfileProcessServlet extends ProfileServlet { args.set(ARG_REQUEST_ID, requestId); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -296,7 +294,7 @@ public class ProfileProcessServlet extends ProfileServlet { "CMS_PROFILE_ID_NOT_FOUND")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -309,20 +307,19 @@ public class ProfileProcessServlet extends ProfileServlet { "CMS_OP_NOT_FOUND")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } - IProfile profile = null; try { profile = ps.getProfile(profileId); } catch (EProfileException e) { // profile not found - CMS.debug("ProfileProcessServlet: profile not found " + - " " + " profileId=" + profileId + " " + e.toString()); + CMS.debug("ProfileProcessServlet: profile not found " + + " " + " profileId=" + profileId + " " + e.toString()); } if (profile == null) { args.set(ARG_ERROR_CODE, "1"); @@ -330,7 +327,7 @@ public class ProfileProcessServlet extends ProfileServlet { "CMS_PROFILE_NOT_FOUND", profileId)); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -348,12 +345,11 @@ public class ProfileProcessServlet extends ProfileServlet { "CMS_PROFILE_ID_NOT_ENABLED")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } - args.set(ARG_ERROR_CODE, "0"); args.set(ARG_ERROR_REASON, ""); @@ -361,7 +357,7 @@ public class ProfileProcessServlet extends ProfileServlet { if (op.equals("assign")) { String owner = req.getRequestOwner(); - // assigned owner + // assigned owner if (owner != null && owner.length() > 0) { if (!grantPermission(req, authToken)) { CMS.debug("ProfileProcessServlet: Permission not granted to assign request."); @@ -375,7 +371,7 @@ public class ProfileProcessServlet extends ProfileServlet { args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_PROFILE_DENY_OPERATION")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -414,14 +410,14 @@ public class ProfileProcessServlet extends ProfileServlet { args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_PROFILE_DENY_OPERATION")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } } // commit request to the storage - if (!op.equals("validate")) { + if (!op.equals("validate")) { try { if (op.equals("approve")) { queue.markAsServiced(req); @@ -429,40 +425,40 @@ public class ProfileProcessServlet extends ProfileServlet { queue.updateRequest(req); } } catch (EBaseException e) { - CMS.debug("ProfileProcessServlet: Request commit error " + - e.toString()); + CMS.debug("ProfileProcessServlet: Request commit error " + + e.toString()); // save request to disk args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } } } catch (ERejectException e) { - CMS.debug("ProfileProcessServlet: execution rejected " + - e.toString()); + CMS.debug("ProfileProcessServlet: execution rejected " + + e.toString()); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_PROFILE_REJECTED", e.toString())); } catch (EDeferException e) { - CMS.debug("ProfileProcessServlet: execution defered " + - e.toString()); + CMS.debug("ProfileProcessServlet: execution defered " + + e.toString()); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_PROFILE_DEFERRED", e.toString())); } catch (EPropertyException e) { - CMS.debug("ProfileProcessServlet: execution error " + - e.toString()); + CMS.debug("ProfileProcessServlet: execution error " + + e.toString()); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_PROFILE_PROPERTY_ERROR", e.toString())); } catch (EProfileException e) { - CMS.debug("ProfileProcessServlet: execution error " + - e.toString()); + CMS.debug("ProfileProcessServlet: execution error " + + e.toString()); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); @@ -475,15 +471,15 @@ public class ProfileProcessServlet extends ProfileServlet { args.set(ARG_PROFILE_ID, profileId); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } } - + public boolean grantPermission(IRequest req, IAuthToken token) { try { boolean enable = CMS.getConfigStore().getBoolean("request.assignee.enable", - false); + false); if (!enable) return true; String owner = req.getRequestOwner(); @@ -496,32 +492,32 @@ public class ProfileProcessServlet extends ProfileServlet { return true; } catch (Exception e) { } - + return false; } /** - * Check if the request creation time is older than the profile - * lastModified attribute. + * Check if the request creation time is older than the profile lastModified + * attribute. */ - protected void checkProfileVersion(IProfile profile, IRequest req, - Locale locale) throws EProfileException { + protected void checkProfileVersion(IProfile profile, IRequest req, + Locale locale) throws EProfileException { IConfigStore profileConfig = profile.getConfigStore(); if (profileConfig != null) { String lastModified = null; try { - lastModified = profileConfig.getString("lastModified",""); + lastModified = profileConfig.getString("lastModified", ""); } catch (EBaseException e) { - CMS.debug(e.toString()); - throw new EProfileException( e.toString() ); + CMS.debug(e.toString()); + throw new EProfileException(e.toString()); } if (!lastModified.equals("")) { Date profileModifiedAt = new Date(Long.parseLong(lastModified)); - CMS.debug("ProfileProcessServlet: Profile Last Modified=" + - profileModifiedAt); + CMS.debug("ProfileProcessServlet: Profile Last Modified=" + + profileModifiedAt); Date reqCreatedAt = req.getCreationTime(); - CMS.debug("ProfileProcessServlet: Request Created At=" + - reqCreatedAt); + CMS.debug("ProfileProcessServlet: Request Created At=" + + reqCreatedAt); if (profileModifiedAt.after(reqCreatedAt)) { CMS.debug("Profile Newer Than Request"); throw new ERejectException("Profile Newer Than Request"); @@ -531,18 +527,18 @@ public class ProfileProcessServlet extends ProfileServlet { } protected void assignRequest(ServletRequest request, ArgSet args, - IRequest req, - IRequestQueue queue, IProfile profile, Locale locale) - throws EProfileException { + IRequest req, + IRequestQueue queue, IProfile profile, Locale locale) + throws EProfileException { String id = auditSubjectID(); req.setRequestOwner(id); } protected void unassignRequest(ServletRequest request, ArgSet args, - IRequest req, - IRequestQueue queue, IProfile profile, Locale locale) - throws EProfileException { + IRequest req, + IRequestQueue queue, IProfile profile, Locale locale) + throws EProfileException { req.setRequestOwner(""); } @@ -552,13 +548,14 @@ public class ProfileProcessServlet extends ProfileServlet { * <P> * * (Certificate Request Processed - a manual "agent" profile based cert - * cancellation) + * cancellation) * <P> * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a * certificate request has just been through the approval process * </ul> + * * @param request the servlet request * @param args argument set * @param req the certificate request @@ -566,12 +563,12 @@ public class ProfileProcessServlet extends ProfileServlet { * @param profile this profile * @param locale the system locale * @exception EProfileException an error related to this profile has - * occurred + * occurred */ protected void cancelRequest(ServletRequest request, ArgSet args, - IRequest req, - IRequestQueue queue, IProfile profile, Locale locale) - throws EProfileException { + IRequest req, + IRequestQueue queue, IProfile profile, Locale locale) + throws EProfileException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRequesterID = auditRequesterID(req); @@ -591,16 +588,16 @@ public class ProfileProcessServlet extends ProfileServlet { audit(auditMessage); // } catch( EProfileException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - // auditSubjectID, - // ILogger.FAILURE, - // auditRequesterID, - // ILogger.SIGNED_AUDIT_CANCELLATION, - // auditInfoValue ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + // auditSubjectID, + // ILogger.FAILURE, + // auditRequesterID, + // ILogger.SIGNED_AUDIT_CANCELLATION, + // auditInfoValue ); // - // audit( auditMessage ); + // audit( auditMessage ); // } } @@ -609,13 +606,14 @@ public class ProfileProcessServlet extends ProfileServlet { * <P> * * (Certificate Request Processed - a manual "agent" profile based cert - * rejection) + * rejection) * <P> * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a * certificate request has just been through the approval process * </ul> + * * @param request the servlet request * @param args argument set * @param req the certificate request @@ -623,12 +621,12 @@ public class ProfileProcessServlet extends ProfileServlet { * @param profile this profile * @param locale the system locale * @exception EProfileException an error related to this profile has - * occurred + * occurred */ protected void rejectRequest(ServletRequest request, ArgSet args, - IRequest req, - IRequestQueue queue, IProfile profile, Locale locale) - throws EProfileException { + IRequest req, + IRequestQueue queue, IProfile profile, Locale locale) + throws EProfileException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRequesterID = auditRequesterID(req); @@ -648,16 +646,16 @@ public class ProfileProcessServlet extends ProfileServlet { audit(auditMessage); // } catch( EProfileException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - // auditSubjectID, - // ILogger.FAILURE, - // auditRequesterID, - // ILogger.SIGNED_AUDIT_REJECTION, - // auditInfoValue ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + // auditSubjectID, + // ILogger.FAILURE, + // auditRequesterID, + // ILogger.SIGNED_AUDIT_REJECTION, + // auditInfoValue ); // - // audit( auditMessage ); + // audit( auditMessage ); // } } @@ -666,13 +664,14 @@ public class ProfileProcessServlet extends ProfileServlet { * <P> * * (Certificate Request Processed - a manual "agent" profile based cert - * acceptance) + * acceptance) * <P> * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a * certificate request has just been through the approval process * </ul> + * * @param request the servlet request * @param args argument set * @param req the certificate request @@ -680,12 +679,12 @@ public class ProfileProcessServlet extends ProfileServlet { * @param profile this profile * @param locale the system locale * @exception EProfileException an error related to this profile has - * occurred + * occurred */ - protected void approveRequest(ServletRequest request, ArgSet args, - IRequest req, - IRequestQueue queue, IProfile profile, Locale locale) - throws EProfileException { + protected void approveRequest(ServletRequest request, ArgSet args, + IRequest req, + IRequestQueue queue, IProfile profile, Locale locale) + throws EProfileException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRequesterID = auditRequesterID(req); @@ -709,33 +708,33 @@ public class ProfileProcessServlet extends ProfileServlet { while (outputNames.hasMoreElements()) { ArgSet outputset = new ArgSet(); String outputName = - outputNames.nextElement(); + outputNames.nextElement(); IDescriptor outputDesc = - profileOutput.getValueDescriptor(locale, - outputName); + profileOutput.getValueDescriptor(locale, + outputName); if (outputDesc == null) continue; String outputSyntax = outputDesc.getSyntax(); String outputConstraint = - outputDesc.getConstraint(); + outputDesc.getConstraint(); String outputValueName = - outputDesc.getDescription(locale); + outputDesc.getDescription(locale); String outputValue = null; try { outputValue = profileOutput.getValue( - outputName, + outputName, locale, req); } catch (EProfileException e) { CMS.debug("ProfileSubmitServlet: " + - e.toString()); + e.toString()); } outputset.set(ARG_OUTPUT_ID, outputName); outputset.set(ARG_OUTPUT_SYNTAX, outputSyntax); outputset.set(ARG_OUTPUT_CONSTRAINT, - outputConstraint); + outputConstraint); outputset.set(ARG_OUTPUT_NAME, outputValueName); outputset.set(ARG_OUTPUT_VAL, outputValue); outputlist.add(outputset); @@ -775,13 +774,12 @@ public class ProfileProcessServlet extends ProfileServlet { CMS.debug("ProfileProcessServlet: about to throw EProfileException because of bad profile execute."); throw new EProfileException(eAudit1.toString()); - } } - protected void updateValues(ServletRequest request, IRequest req, - IRequestQueue queue, IProfile profile, Locale locale) - throws ERejectException, EDeferException, EPropertyException { + protected void updateValues(ServletRequest request, IRequest req, + IRequestQueue queue, IProfile profile, Locale locale) + throws ERejectException, EDeferException, EPropertyException { String profileSetId = req.getExtDataInString("profileSetId"); Enumeration policies = profile.getProfilePolicies(profileSetId); @@ -813,17 +811,17 @@ public class ProfileProcessServlet extends ProfileServlet { } } - protected void validate(Locale locale, int count, - IProfilePolicy policy, IRequest req, ServletRequest request) - throws ERejectException, EDeferException { + protected void validate(Locale locale, int count, + IProfilePolicy policy, IRequest req, ServletRequest request) + throws ERejectException, EDeferException { IPolicyConstraint con = policy.getConstraint(); con.validate(req); } - protected void setValue(Locale locale, int count, - IProfilePolicy policy, IRequest req, ServletRequest request) - throws EPropertyException { + protected void setValue(Locale locale, int count, + IProfilePolicy policy, IRequest req, ServletRequest request) + throws EPropertyException { // handle default policy IPolicyDefault def = policy.getDefault(); Enumeration defNames = def.getValueNames(); @@ -838,11 +836,11 @@ public class ProfileProcessServlet extends ProfileServlet { /** * Signed Audit Log Requester ID - * - * This method is called to obtain the "RequesterID" for - * a signed audit log message. + * + * This method is called to obtain the "RequesterID" for a signed audit log + * message. * <P> - * + * * @param request the actual request * @return id string containing the signed audit log message RequesterID */ @@ -868,11 +866,11 @@ public class ProfileProcessServlet extends ProfileServlet { /** * Signed Audit Log Info Value - * - * This method is called to obtain the "reason" for - * a signed audit log message. + * + * This method is called to obtain the "reason" for a signed audit log + * message. * <P> - * + * * @param request the actual request * @return reason string containing the signed audit log message reason */ @@ -887,7 +885,7 @@ public class ProfileProcessServlet extends ProfileServlet { if (request != null) { // overwrite "reason" if and only if "info" != null String info = - request.getExtDataInString(SIGNED_AUDIT_CERT_REQUEST_REASON); + request.getExtDataInString(SIGNED_AUDIT_CERT_REQUEST_REASON); if (info != null) { reason = info.trim(); @@ -904,11 +902,11 @@ public class ProfileProcessServlet extends ProfileServlet { /** * Signed Audit Log Info Certificate Value - * + * * This method is called to obtain the certificate from the passed in * "X509CertImpl" for a signed audit log message. * <P> - * + * * @param x509cert an X509CertImpl * @return cert string containing the certificate */ @@ -941,7 +939,7 @@ public class ProfileProcessServlet extends ProfileServlet { // extract all line separators from the "base64Data" StringBuffer sb = new StringBuffer(); for (int i = 0; i < base64Data.length(); i++) { - if (!Character.isWhitespace(base64Data.charAt(i))) { + if (!Character.isWhitespace(base64Data.charAt(i))) { sb.append(base64Data.charAt(i)); } } @@ -961,4 +959,3 @@ public class ProfileProcessServlet extends ProfileServlet { } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java index 00840dd8..7ec8596f 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.profile; - import java.util.Enumeration; import java.util.Locale; import java.util.Random; @@ -54,10 +53,9 @@ import com.netscape.certsrv.template.ArgList; import com.netscape.certsrv.template.ArgSet; import com.netscape.cms.servlet.common.CMSRequest; - /** * This servlet allows reviewing of profile-based request. - * + * * @version $Revision$, $Date$ */ public class ProfileReviewServlet extends ProfileServlet { @@ -69,7 +67,7 @@ public class ProfileReviewServlet extends ProfileServlet { private static final String PROP_AUTHORITY_ID = "authorityId"; - private String mAuthorityId = null; + private String mAuthorityId = null; private Random mRandom = null; private Nonces mNonces = null; @@ -79,7 +77,7 @@ public class ProfileReviewServlet extends ProfileServlet { /** * initialize the servlet. This servlet uses the template file * "ImportCert.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -101,7 +99,7 @@ public class ProfileReviewServlet extends ProfileServlet { * <ul> * <li>http.param requestId the ID of the profile to review * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -120,13 +118,13 @@ public class ProfileReviewServlet extends ProfileServlet { } catch (EBaseException e) { CMS.debug("ReviewReqServlet: " + e.toString()); log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + args.set(ARG_ERROR_CODE, "1"); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_AUTHENTICATION_ERROR")); outputTemplate(request, response, args); return; - } + } } AuthzToken authzToken = null; @@ -136,15 +134,15 @@ public class ProfileReviewServlet extends ProfileServlet { mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + args.set(ARG_ERROR_CODE, "1"); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_AUTHORIZATION_ERROR")); outputTemplate(request, response, args); return; @@ -158,7 +156,7 @@ public class ProfileReviewServlet extends ProfileServlet { } CMS.debug("ProfileReviewServlet: SubId=" + mProfileSubId); IProfileSubsystem ps = (IProfileSubsystem) - CMS.getSubsystem(mProfileSubId); + CMS.getSubsystem(mProfileSubId); if (ps == null) { CMS.debug("ProfileReviewServlet: ProfileSubsystem not found"); @@ -174,7 +172,7 @@ public class ProfileReviewServlet extends ProfileServlet { if (authority == null) { CMS.debug("ProfileReviewServlet: Authority " + mAuthorityId + - " not found"); + " not found"); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); @@ -185,7 +183,7 @@ public class ProfileReviewServlet extends ProfileServlet { if (queue == null) { CMS.debug("ProfileReviewServlet: Request Queue of " + - mAuthorityId + " not found"); + mAuthorityId + " not found"); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); @@ -201,8 +199,8 @@ public class ProfileReviewServlet extends ProfileServlet { req = queue.findRequest(new RequestId(requestId)); } catch (EBaseException e) { // request not found - CMS.debug("ProfileReviewServlet: request not found requestId=" + - requestId + " " + e.toString()); + CMS.debug("ProfileReviewServlet: request not found requestId=" + + requestId + " " + e.toString()); } if (req == null) { args.set(ARG_ERROR_CODE, "1"); @@ -214,16 +212,16 @@ public class ProfileReviewServlet extends ProfileServlet { String profileId = req.getExtDataInString("profileId"); - CMS.debug("ProfileReviewServlet: requestId=" + - requestId + " profileId=" + profileId); + CMS.debug("ProfileReviewServlet: requestId=" + + requestId + " profileId=" + profileId); IProfile profile = null; try { profile = ps.getProfile(profileId); } catch (EProfileException e) { // profile not found - CMS.debug("ProfileReviewServlet: profile not found requestId=" + - requestId + " profileId=" + profileId + " " + e.toString()); + CMS.debug("ProfileReviewServlet: profile not found requestId=" + + requestId + " profileId=" + profileId + " " + e.toString()); } if (profile == null) { args.set(ARG_ERROR_CODE, "1"); @@ -232,27 +230,27 @@ public class ProfileReviewServlet extends ProfileServlet { outputTemplate(request, response, args); return; } - + String profileSetId = req.getExtDataInString("profileSetId"); CMS.debug("ProfileReviewServlet: profileSetId=" + profileSetId); - Enumeration policyIds = (profileSetId != null && profileSetId.length() > 0)? - profile.getProfilePolicyIds(profileSetId): null; + Enumeration policyIds = (profileSetId != null && profileSetId.length() > 0) ? + profile.getProfilePolicyIds(profileSetId) : null; int count = 0; ArgList list = new ArgList(); if (policyIds != null) { - while (policyIds.hasMoreElements()) { + while (policyIds.hasMoreElements()) { String id = (String) policyIds.nextElement(); IProfilePolicy policy = (IProfilePolicy) - profile.getProfilePolicy(req.getExtDataInString("profileSetId"), - id); + profile.getProfilePolicy(req.getExtDataInString("profileSetId"), + id); // (3) query all the profile policies // (4) default plugins convert request parameters into string - // http parameters + // http parameters handlePolicy(list, response, locale, - id, policy, req); + id, policy, req); count++; } } @@ -269,34 +267,34 @@ public class ProfileReviewServlet extends ProfileServlet { args.set(ARG_REQUEST_TYPE, req.getRequestType()); args.set(ARG_REQUEST_STATUS, req.getRequestStatus().toString()); if (req.getRequestOwner() == null) { - args.set(ARG_REQUEST_OWNER, ""); + args.set(ARG_REQUEST_OWNER, ""); } else { - args.set(ARG_REQUEST_OWNER, req.getRequestOwner()); + args.set(ARG_REQUEST_OWNER, req.getRequestOwner()); } args.set(ARG_REQUEST_CREATION_TIME, req.getCreationTime().toString()); - args.set(ARG_REQUEST_MODIFICATION_TIME, - req.getModificationTime().toString()); + args.set(ARG_REQUEST_MODIFICATION_TIME, + req.getModificationTime().toString()); args.set(ARG_PROFILE_ID, profileId); - args.set(ARG_PROFILE_APPROVED_BY, - req.getExtDataInString("profileApprovedBy")); + args.set(ARG_PROFILE_APPROVED_BY, + req.getExtDataInString("profileApprovedBy")); args.set(ARG_PROFILE_SET_ID, req.getExtDataInString("profileSetId")); if (profile.isVisible()) { - args.set(ARG_PROFILE_IS_VISIBLE, "true"); + args.set(ARG_PROFILE_IS_VISIBLE, "true"); } else { - args.set(ARG_PROFILE_IS_VISIBLE, "false"); + args.set(ARG_PROFILE_IS_VISIBLE, "false"); } args.set(ARG_PROFILE_NAME, profile.getName(locale)); args.set(ARG_PROFILE_DESC, profile.getDescription(locale)); - args.set(ARG_PROFILE_REMOTE_HOST, - req.getExtDataInString("profileRemoteHost")); - args.set(ARG_PROFILE_REMOTE_ADDR, - req.getExtDataInString("profileRemoteAddr")); + args.set(ARG_PROFILE_REMOTE_HOST, + req.getExtDataInString("profileRemoteHost")); + args.set(ARG_PROFILE_REMOTE_ADDR, + req.getExtDataInString("profileRemoteAddr")); if (req.getExtDataInString("requestNotes") == null) { args.set(ARG_REQUEST_NOTES, ""); } else { - args.set(ARG_REQUEST_NOTES, - req.getExtDataInString("requestNotes")); + args.set(ARG_REQUEST_NOTES, + req.getExtDataInString("requestNotes")); } args.set(ARG_RECORD, list); @@ -358,7 +356,7 @@ public class ProfileReviewServlet extends ProfileServlet { while (outputIds.hasMoreElements()) { String outputId = (String) outputIds.nextElement(); IProfileOutput profileOutput = profile.getProfileOutput(outputId - ); + ); Enumeration outputNames = profileOutput.getValueNames(); @@ -366,9 +364,9 @@ public class ProfileReviewServlet extends ProfileServlet { while (outputNames.hasMoreElements()) { ArgSet outputset = new ArgSet(); String outputName = (String) outputNames.nextElement - (); + (); IDescriptor outputDesc = - profileOutput.getValueDescriptor(locale, outputName); + profileOutput.getValueDescriptor(locale, outputName); if (outputDesc == null) continue; @@ -382,7 +380,7 @@ public class ProfileReviewServlet extends ProfileServlet { locale, req); } catch (EProfileException e) { CMS.debug("ProfileSubmitServlet: " + e.toString( - )); + )); } outputset.set(ARG_OUTPUT_ID, outputName); @@ -401,9 +399,9 @@ public class ProfileReviewServlet extends ProfileServlet { outputTemplate(request, response, args); } - private void handlePolicy(ArgList list, ServletResponse response, - Locale locale, String id, IProfilePolicy policy, - IRequest req) { + private void handlePolicy(ArgList list, ServletResponse response, + Locale locale, String id, IProfilePolicy policy, + IRequest req) { ArgSet set = new ArgSet(); set.set(ARG_POLICY_ID, id); diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSelectServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSelectServlet.java index 813af8f6..d18336ae 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSelectServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSelectServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.profile; - import java.util.Enumeration; import java.util.Locale; @@ -48,10 +47,9 @@ import com.netscape.certsrv.template.ArgList; import com.netscape.certsrv.template.ArgSet; import com.netscape.cms.servlet.common.CMSRequest; - /** * Retrieve detailed information of a particular profile. - * + * * @version $Revision$, $Date$ */ public class ProfileSelectServlet extends ProfileServlet { @@ -61,7 +59,7 @@ public class ProfileSelectServlet extends ProfileServlet { */ private static final long serialVersionUID = -3765390650830903602L; private static final String PROP_AUTHORITY_ID = "authorityId"; - private String mAuthorityId = null; + private String mAuthorityId = null; public ProfileSelectServlet() { } @@ -76,7 +74,7 @@ public class ProfileSelectServlet extends ProfileServlet { * <ul> * <li>http.param profileId the id of the profile to select * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -96,7 +94,7 @@ public class ProfileSelectServlet extends ProfileServlet { } catch (EBaseException e) { CMS.debug("ProcessReqServlet: " + e.toString()); log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_AUTHENTICATION_ERROR")); @@ -112,10 +110,10 @@ public class ProfileSelectServlet extends ProfileServlet { mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -134,7 +132,7 @@ public class ProfileSelectServlet extends ProfileServlet { } CMS.debug("ProfileSelectServlet: SubId=" + mProfileSubId); IProfileSubsystem ps = (IProfileSubsystem) - CMS.getSubsystem(mProfileSubId); + CMS.getSubsystem(mProfileSubId); if (ps == null) { CMS.debug("ProfileSelectServlet: ProfileSubsystem not found"); @@ -150,7 +148,7 @@ public class ProfileSelectServlet extends ProfileServlet { if (authority == null) { CMS.debug("ProfileSelectServlet: Authority " + mAuthorityId + - " not found"); + " not found"); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); @@ -161,7 +159,7 @@ public class ProfileSelectServlet extends ProfileServlet { if (queue == null) { CMS.debug("ProfileSelectServlet: Request Queue of " + - mAuthorityId + " not found"); + mAuthorityId + " not found"); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); @@ -179,8 +177,8 @@ public class ProfileSelectServlet extends ProfileServlet { profile = ps.getProfile(profileId); } catch (EProfileException e) { // profile not found - CMS.debug("ProfileSelectServlet: profile not found profileId=" + - profileId + " " + e.toString()); + CMS.debug("ProfileSelectServlet: profile not found profileId=" + + profileId + " " + e.toString()); } if (profile == null) { args.set(ARG_ERROR_CODE, "1"); @@ -189,7 +187,7 @@ public class ProfileSelectServlet extends ProfileServlet { outputTemplate(request, response, args); return; } - + ArgList setlist = new ArgList(); Enumeration policySetIds = profile.getProfilePolicySetIds(); @@ -204,13 +202,14 @@ public class ProfileSelectServlet extends ProfileServlet { while (policyIds.hasMoreElements()) { String id = (String) policyIds.nextElement(); IProfilePolicy policy = (IProfilePolicy) - profile.getProfilePolicy(setId, id); + profile.getProfilePolicy(setId, id); // (3) query all the profile policies - // (4) default plugins convert request parameters into string - // http parameters + // (4) default plugins convert request parameters into + // string + // http parameters handlePolicy(list, response, locale, - id, policy); + id, policy); } } ArgSet setArg = new ArgSet(); @@ -224,29 +223,29 @@ public class ProfileSelectServlet extends ProfileServlet { args.set(ARG_PROFILE_ID, profileId); args.set(ARG_PROFILE_IS_ENABLED, - Boolean.toString(ps.isProfileEnable(profileId))); + Boolean.toString(ps.isProfileEnable(profileId))); args.set(ARG_PROFILE_ENABLED_BY, ps.getProfileEnableBy(profileId)); args.set(ARG_PROFILE_NAME, profile.getName(locale)); - args.set(ARG_PROFILE_DESC, profile.getDescription(locale)); - args.set(ARG_PROFILE_IS_VISIBLE, - Boolean.toString(profile.isVisible())); + args.set(ARG_PROFILE_DESC, profile.getDescription(locale)); + args.set(ARG_PROFILE_IS_VISIBLE, + Boolean.toString(profile.isVisible())); args.set(ARG_ERROR_CODE, "0"); args.set(ARG_ERROR_REASON, ""); try { - boolean keyArchivalEnabled = CMS.getConfigStore().getBoolean("ca.connector.KRA.enable", false); - if (keyArchivalEnabled == true) { - CMS.debug("ProfileSelectServlet: keyArchivalEnabled is true"); - - // output transport certificate if present - args.set("transportCert", - CMS.getConfigStore().getString("ca.connector.KRA.transportCert", "")); - } else { - CMS.debug("ProfileSelectServlet: keyArchivalEnabled is false"); - args.set("transportCert", ""); - } + boolean keyArchivalEnabled = CMS.getConfigStore().getBoolean("ca.connector.KRA.enable", false); + if (keyArchivalEnabled == true) { + CMS.debug("ProfileSelectServlet: keyArchivalEnabled is true"); + + // output transport certificate if present + args.set("transportCert", + CMS.getConfigStore().getString("ca.connector.KRA.transportCert", "")); + } else { + CMS.debug("ProfileSelectServlet: keyArchivalEnabled is false"); + args.set("transportCert", ""); + } } catch (EBaseException e) { - CMS.debug("ProfileSelectServlet: exception caught:"+e.toString()); + CMS.debug("ProfileSelectServlet: exception caught:" + e.toString()); } // build authentication @@ -259,7 +258,7 @@ public class ProfileSelectServlet extends ProfileServlet { // authenticator not installed correctly args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_AUTHENTICATION_MANAGER_NOT_FOUND", + "CMS_AUTHENTICATION_MANAGER_NOT_FOUND", profile.getAuthenticatorId())); outputTemplate(request, response, args); return; @@ -272,8 +271,8 @@ public class ProfileSelectServlet extends ProfileServlet { while (authNames.hasMoreElements()) { ArgSet authset = new ArgSet(); String authName = (String) authNames.nextElement(); - IDescriptor authDesc = - authenticator.getValueDescriptor(locale, authName); + IDescriptor authDesc = + authenticator.getValueDescriptor(locale, authName); if (authDesc == null) continue; @@ -291,8 +290,8 @@ public class ProfileSelectServlet extends ProfileServlet { args.set(ARG_AUTH_LIST, authlist); args.set(ARG_AUTH_NAME, authenticator.getName(locale)); args.set(ARG_AUTH_DESC, authenticator.getText(locale)); - args.set(ARG_AUTH_IS_SSL, - Boolean.toString(authenticator.isSSLClientRequired())); + args.set(ARG_AUTH_IS_SSL, + Boolean.toString(authenticator.isSSLClientRequired())); } // build input list @@ -309,10 +308,10 @@ public class ProfileSelectServlet extends ProfileServlet { ArgSet inputpluginset = new ArgSet(); inputpluginset.set(ARG_INPUT_PLUGIN_ID, inputId); - inputpluginset.set(ARG_INPUT_PLUGIN_NAME, - profileInput.getName(locale)); - inputpluginset.set(ARG_INPUT_PLUGIN_DESC, - profileInput.getText(locale)); + inputpluginset.set(ARG_INPUT_PLUGIN_NAME, + profileInput.getName(locale)); + inputpluginset.set(ARG_INPUT_PLUGIN_DESC, + profileInput.getText(locale)); inputPluginlist.add(inputpluginset); Enumeration inputNames = profileInput.getValueNames(); @@ -352,8 +351,8 @@ public class ProfileSelectServlet extends ProfileServlet { outputTemplate(request, response, args); } - private void handlePolicy(ArgList list, ServletResponse response, - Locale locale, String id, IProfilePolicy policy) { + private void handlePolicy(ArgList list, ServletResponse response, + Locale locale, String id, IProfilePolicy policy) { ArgSet set = new ArgSet(); set.set(ARG_POLICY_ID, id); diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java index 46f3797d..37f501b4 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.profile; - import java.io.BufferedReader; import java.io.ByteArrayOutputStream; import java.io.FileReader; @@ -46,10 +45,9 @@ import com.netscape.cms.servlet.base.UserInfo; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.Utils; - /** * This servlet is the base class of all profile servlets. - * + * * @version $Revision$, $Date$ */ public class ProfileServlet extends CMSServlet { @@ -67,12 +65,12 @@ public class ProfileServlet extends CMSServlet { public final static String ARG_REQUEST_ID = "requestId"; public final static String ARG_REQUEST_TYPE = "requestType"; public final static String ARG_REQUEST_STATUS = "requestStatus"; - public final static String ARG_REQUEST_OWNER = - "requestOwner"; - public final static String ARG_REQUEST_CREATION_TIME = - "requestCreationTime"; - public final static String ARG_REQUEST_MODIFICATION_TIME = - "requestModificationTime"; + public final static String ARG_REQUEST_OWNER = + "requestOwner"; + public final static String ARG_REQUEST_CREATION_TIME = + "requestCreationTime"; + public final static String ARG_REQUEST_MODIFICATION_TIME = + "requestModificationTime"; public final static String ARG_REQUEST_NONCE = "nonce"; public final static String ARG_AUTH_ID = "authId"; @@ -166,15 +164,15 @@ public class ProfileServlet extends CMSServlet { super(); } - /** - * initialize the servlet. Servlets implementing this method - * must specify the template to use as a parameter called - * "templatePath" in the servletConfig - * + /** + * initialize the servlet. Servlets implementing this method must specify + * the template to use as a parameter called "templatePath" in the + * servletConfig + * * @param sc servlet configuration, read from the web.xml file */ - public void init(ServletConfig sc) throws ServletException { + public void init(ServletConfig sc) throws ServletException { super.init(sc); mTemplate = sc.getServletContext().getRealPath( sc.getInitParameter(PROP_TEMPLATE)); @@ -193,47 +191,44 @@ public class ProfileServlet extends CMSServlet { } } - protected String escapeXML(String v) - { - if (v == null) { - return ""; - } - v = v.replaceAll("&", "&"); - return v; + protected String escapeXML(String v) { + if (v == null) { + return ""; + } + v = v.replaceAll("&", "&"); + return v; } - protected void outputArgValueAsXML(PrintStream ps, String name, IArgValue v) - { - ps.println("<" + name + ">"); - if (v != null) { - if (v instanceof ArgList) { - ArgList list = (ArgList)v; - ps.println("<list>"); - for (int i = 0; i < list.size(); i++) { - outputArgValueAsXML(ps, name, list.get(i)); - } - ps.println("</list>"); - } else if (v instanceof ArgString) { - ArgString str = (ArgString)v; - ps.println(escapeXML(str.getValue())); - } else if (v instanceof ArgSet) { - ArgSet set = (ArgSet)v; - ps.println("<set>"); - Enumeration names = set.getNames(); - while (names.hasMoreElements()) { - String n = (String)names.nextElement(); + protected void outputArgValueAsXML(PrintStream ps, String name, IArgValue v) { + ps.println("<" + name + ">"); + if (v != null) { + if (v instanceof ArgList) { + ArgList list = (ArgList) v; + ps.println("<list>"); + for (int i = 0; i < list.size(); i++) { + outputArgValueAsXML(ps, name, list.get(i)); + } + ps.println("</list>"); + } else if (v instanceof ArgString) { + ArgString str = (ArgString) v; + ps.println(escapeXML(str.getValue())); + } else if (v instanceof ArgSet) { + ArgSet set = (ArgSet) v; + ps.println("<set>"); + Enumeration names = set.getNames(); + while (names.hasMoreElements()) { + String n = (String) names.nextElement(); outputArgValueAsXML(ps, n, set.get(n)); - } - ps.println("</set>"); - } else { - ps.println(v); - } + } + ps.println("</set>"); + } else { + ps.println(v); } - ps.println("</" + name + ">"); + } + ps.println("</" + name + ">"); } - protected void outputThisAsXML(ByteArrayOutputStream bos, ArgSet args) - { + protected void outputThisAsXML(ByteArrayOutputStream bos, ArgSet args) { PrintStream ps = new PrintStream(bos); ps.println("<xml>"); outputArgValueAsXML(ps, "output", args); @@ -241,9 +236,9 @@ public class ProfileServlet extends CMSServlet { ps.flush(); } - public void outputTemplate(HttpServletRequest request, + public void outputTemplate(HttpServletRequest request, HttpServletResponse response, ArgSet args) - throws EBaseException { + throws EBaseException { String xmlOutput = request.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { @@ -251,32 +246,31 @@ public class ProfileServlet extends CMSServlet { ByteArrayOutputStream bos = new ByteArrayOutputStream(); outputThisAsXML(bos, args); try { - response.setContentLength(bos.size()); - bos.writeTo(response.getOutputStream()); + response.setContentLength(bos.size()); + bos.writeTo(response.getOutputStream()); } catch (Exception e) { CMS.debug("outputTemplate error " + e); } return; } - IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats"); + IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats"); if (statsSub != null) { - statsSub.startTiming("output_template"); + statsSub.startTiming("output_template"); } BufferedReader reader = null; try { reader = new BufferedReader( - new FileReader(mTemplate)); + new FileReader(mTemplate)); response.setContentType("text/html; charset=UTF-8"); PrintWriter writer = response.getWriter(); - // output template String line = null; do { - line = reader.readLine(); + line = reader.readLine(); if (line != null) { if (line.indexOf("<CMS_TEMPLATE>") == -1) { writer.println(line); @@ -287,21 +281,20 @@ public class ProfileServlet extends CMSServlet { writer.println("</script>"); } } - } - while (line != null); + } while (line != null); reader.close(); } catch (IOException e) { - CMS.debug(e); - throw new EBaseException(e.toString()); + CMS.debug(e); + throw new EBaseException(e.toString()); } finally { - if (statsSub != null) { - statsSub.endTiming("output_template"); - } + if (statsSub != null) { + statsSub.endTiming("output_template"); + } } } protected void outputArgList(PrintWriter writer, String name, ArgList list) - throws IOException { + throws IOException { String h_name = null; @@ -311,7 +304,7 @@ public class ProfileServlet extends CMSServlet { h_name = name.substring(name.indexOf('.') + 1); } writer.println(name + "Set = new Array;"); - // writer.println(h_name + "Count = 0;"); + // writer.println(h_name + "Count = 0;"); for (int i = 0; i < list.size(); i++) { writer.println(h_name + " = new Object;"); @@ -342,27 +335,27 @@ public class ProfileServlet extends CMSServlet { char c = in[i]; /* presumably this gives better performance */ - if ((c > 0x23) && (c!= 0x5c) && (c!= 0x3c) && (c!= 0x3e)) { + if ((c > 0x23) && (c != 0x5c) && (c != 0x3c) && (c != 0x3e)) { out[j++] = c; continue; } /* some inputs are coming in as '\' and 'n' */ /* see BZ 500736 for details */ - if ((c == 0x5c) && ((i+1)<l) && (in[i+1] == 'n' || - in[i+1] == 'r' || in[i+1] == 'f' || in[i+1] == 't' || - in[i+1] == '<' || in[i+1] == '>' || - in[i+1] == '\"' || in[i+1] == '\'' || in[i+1] == '\\')) { - if (in[i+1] == 'x' && ((i+3)<l) && in[i+2] == '3' && - (in[i+3] == 'c' || in[i+3] == 'e')) { + if ((c == 0x5c) && ((i + 1) < l) && (in[i + 1] == 'n' || + in[i + 1] == 'r' || in[i + 1] == 'f' || in[i + 1] == 't' || + in[i + 1] == '<' || in[i + 1] == '>' || + in[i + 1] == '\"' || in[i + 1] == '\'' || in[i + 1] == '\\')) { + if (in[i + 1] == 'x' && ((i + 3) < l) && in[i + 2] == '3' && + (in[i + 3] == 'c' || in[i + 3] == 'e')) { out[j++] = '\\'; - out[j++] = in[i+1]; - out[j++] = in[i+2]; - out[j++] = in[i+3]; + out[j++] = in[i + 1]; + out[j++] = in[i + 2]; + out[j++] = in[i + 3]; i += 3; - } else { + } else { out[j++] = '\\'; - out[j++] = in[i+1]; + out[j++] = in[i + 1]; i++; } continue; @@ -421,18 +414,18 @@ public class ProfileServlet extends CMSServlet { } protected void outputArgString(PrintWriter writer, String name, ArgString str) - throws IOException { + throws IOException { String s = str.getValue(); // sub \n with "\n" if (s != null) { - s = escapeJavaScriptString(s); + s = escapeJavaScriptString(s); } writer.println(name + "=\"" + s + "\";"); } protected void outputArgSet(PrintWriter writer, String name, ArgSet set) - throws IOException { + throws IOException { Enumeration e = set.getNames(); while (e.hasMoreElements()) { @@ -456,7 +449,7 @@ public class ProfileServlet extends CMSServlet { } protected void outputData(PrintWriter writer, ArgSet set) - throws IOException { + throws IOException { if (set == null) return; Enumeration e = set.getNames(); @@ -486,12 +479,12 @@ public class ProfileServlet extends CMSServlet { */ protected void log(int event, int level, String msg) { mLogger.log(event, mLogCategory, level, - "Servlet " + mId + ": " + msg); + "Servlet " + mId + ": " + msg); } protected void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, mLogCategory, level, - "Servlet " + mId + ": " + msg); + "Servlet " + mId + ": " + msg); } /** @@ -512,8 +505,7 @@ public class ProfileServlet extends CMSServlet { } protected void renderResult(CMSRequest cmsReq) - throws IOException { + throws IOException { // do nothing } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java index b00b13a9..d7dcb8ad 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.profile; - import java.io.InputStream; import java.io.OutputStream; import java.security.cert.CertificateEncodingException; @@ -65,10 +64,9 @@ import com.netscape.cms.servlet.common.AuthCredentials; import com.netscape.cms.servlet.common.CMCOutputTemplate; import com.netscape.cms.servlet.common.CMSRequest; - /** * This servlet submits end-user request into the profile framework. - * + * * @version $Revision$, $Date$ */ public class ProfileSubmitCMCServlet extends ProfileServlet { @@ -89,27 +87,26 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { private String requestBinary = null; private String requestB64 = null; - private final static String[] - SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] { - - /* 0 */ "automated profile cert request rejection: " + private final static String[] SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] { + + /* 0 */"automated profile cert request rejection: " + "indeterminate reason for inability to process " + "cert request due to an EBaseException" }; private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = - "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; + "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; public ProfileSubmitCMCServlet() { } /** - * initialize the servlet. And instance of this servlet can - * be set up to always issue certificates against a certain profile - * by setting the 'profileId' configuration in the servletConfig - * If not, the user must specify the profileID when submitting the request + * initialize the servlet. And instance of this servlet can be set up to + * always issue certificates against a certain profile by setting the + * 'profileId' configuration in the servletConfig If not, the user must + * specify the profileID when submitting the request * * "ImportCert.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -158,7 +155,7 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { } public IAuthToken authenticate(IProfileAuthenticator authenticator, - HttpServletRequest request) throws EBaseException { + HttpServletRequest request) throws EBaseException { AuthCredentials credentials = new AuthCredentials(); // build credential @@ -177,19 +174,19 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { IAuthToken authToken = authenticator.authenticate(credentials); SessionContext sc = SessionContext.getContext(); - if (sc != null) { - sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName()); - String userid = authToken.getInString(IAuthToken.USER_ID); - if (userid != null) { - sc.put(SessionContext.USER_ID, userid); - } + if (sc != null) { + sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName()); + String userid = authToken.getInString(IAuthToken.USER_ID); + if (userid != null) { + sc.put(SessionContext.USER_ID, userid); + } } return authToken; } private void setInputsIntoRequest(HttpServletRequest request, IProfile -profile, IRequest req) { + profile, IRequest req) { Enumeration inputIds = profile.getProfileInputIds(); if (inputIds != null) { @@ -216,7 +213,7 @@ profile, IRequest req) { * <P> * * (Certificate Request Processed - either an automated "EE" profile based - * cert acceptance, or an automated "EE" profile based cert rejection) + * cert acceptance, or an automated "EE" profile based cert rejection) * <P> * * <ul> @@ -224,6 +221,7 @@ profile, IRequest req) { * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a * certificate request has just been through the approval process * </ul> + * * @param cmsReq the object holding the request and response information * @exception EBaseException an error has occurred */ @@ -233,8 +231,8 @@ profile, IRequest req) { Locale locale = getLocale(request); ArgSet args = new ArgSet(); - String cert_request_type = - mServletConfig.getInitParameter("cert_request_type"); + String cert_request_type = + mServletConfig.getInitParameter("cert_request_type"); String outputFormat = mServletConfig.getInitParameter("outputFormat"); int reqlen = request.getContentLength(); @@ -268,29 +266,29 @@ profile, IRequest req) { while (paramNames.hasMoreElements()) { String paramName = (String) paramNames.nextElement(); // added this facility so that password can be hidden, - // all sensitive parameters should be prefixed with + // all sensitive parameters should be prefixed with // __ (double underscores); however, in the event that // a security parameter slips through, we perform multiple // additional checks to insure that it is NOT displayed - if( paramName.startsWith("__") || - paramName.endsWith("password") || - paramName.endsWith("passwd") || - paramName.endsWith("pwd") || - paramName.equalsIgnoreCase("admin_password_again") || - paramName.equalsIgnoreCase("directoryManagerPwd") || - paramName.equalsIgnoreCase("bindpassword") || - paramName.equalsIgnoreCase("bindpwd") || - paramName.equalsIgnoreCase("passwd") || - paramName.equalsIgnoreCase("password") || - paramName.equalsIgnoreCase("pin") || - paramName.equalsIgnoreCase("pwd") || - paramName.equalsIgnoreCase("pwdagain") || - paramName.equalsIgnoreCase("uPasswd") ) { + if (paramName.startsWith("__") || + paramName.endsWith("password") || + paramName.endsWith("passwd") || + paramName.endsWith("pwd") || + paramName.equalsIgnoreCase("admin_password_again") || + paramName.equalsIgnoreCase("directoryManagerPwd") || + paramName.equalsIgnoreCase("bindpassword") || + paramName.equalsIgnoreCase("bindpwd") || + paramName.equalsIgnoreCase("passwd") || + paramName.equalsIgnoreCase("password") || + paramName.equalsIgnoreCase("pin") || + paramName.equalsIgnoreCase("pwd") || + paramName.equalsIgnoreCase("pwdagain") || + paramName.equalsIgnoreCase("uPasswd")) { CMS.debug("ProfileSubmitCMCServlet Input Parameter " + paramName + "='(sensitive)'"); } else { CMS.debug("ProfileSubmitCMCServlet Input Parameter " + - paramName + "='" + + paramName + "='" + request.getParameter(paramName) + "'"); } } @@ -303,8 +301,8 @@ profile, IRequest req) { mProfileSubId = IProfileSubsystem.ID; } CMS.debug("ProfileSubmitCMCServlet: SubId=" + mProfileSubId); - IProfileSubsystem ps = (IProfileSubsystem) - CMS.getSubsystem(mProfileSubId); + IProfileSubsystem ps = (IProfileSubsystem) + CMS.getSubsystem(mProfileSubId); if (ps == null) { CMS.debug("ProfileSubmitCMCServlet: ProfileSubsystem not found"); @@ -317,7 +315,7 @@ profile, IRequest req) { } catch (Exception ee) { } template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.INTERNAL_CA_ERROR, s); + OtherInfo.INTERNAL_CA_ERROR, s); return; } @@ -331,14 +329,14 @@ profile, IRequest req) { profileId = mProfileId; } - IProfile profile = null; + IProfile profile = null; - try { + try { CMS.debug("ProfileSubmitCMCServlet: profileId " + profileId); - profile = ps.getProfile(profileId); - } catch (EProfileException e) { - CMS.debug("ProfileSubmitCMCServlet: profile not found profileId " + - profileId + " " + e.toString()); + profile = ps.getProfile(profileId); + } catch (EProfileException e) { + CMS.debug("ProfileSubmitCMCServlet: profile not found profileId " + + profileId + " " + e.toString()); } if (profile == null) { CMCOutputTemplate template = new CMCOutputTemplate(); @@ -350,13 +348,13 @@ profile, IRequest req) { } catch (Exception ee) { } template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.INTERNAL_CA_ERROR, s); + OtherInfo.INTERNAL_CA_ERROR, s); return; } if (!ps.isProfileEnable(profileId)) { - CMS.debug("ProfileSubmitCMCServlet: Profile " + profileId + - " not enabled"); + CMS.debug("ProfileSubmitCMCServlet: Profile " + profileId + + " not enabled"); CMCOutputTemplate template = new CMCOutputTemplate(); SEQUENCE seq = new SEQUENCE(); seq.addElement(new INTEGER(0)); @@ -366,7 +364,7 @@ profile, IRequest req) { } catch (Exception ee) { } template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.INTERNAL_CA_ERROR, s); + OtherInfo.INTERNAL_CA_ERROR, s); return; } @@ -386,8 +384,8 @@ profile, IRequest req) { if (authenticator == null) { CMS.debug("ProfileSubmitCMCServlet: authenticator not found"); } else { - CMS.debug("ProfileSubmitCMCServlet: authenticator " + - authenticator.getName() + " found"); + CMS.debug("ProfileSubmitCMCServlet: authenticator " + + authenticator.getName() + " found"); setCredentialsIntoContext(request, authenticator, ctx); } @@ -403,39 +401,39 @@ profile, IRequest req) { SessionContext context = SessionContext.getContext(); // insert profile context so that input parameter can be retrieved - context.put("profileContext", ctx); - context.put("sslClientCertProvider", - new SSLClientCertProvider(request)); + context.put("profileContext", ctx); + context.put("sslClientCertProvider", + new SSLClientCertProvider(request)); CMS.debug("ProfileSubmitCMCServlet: set sslClientCertProvider"); - if (authenticator != null) { + if (authenticator != null) { try { authToken = authenticate(authenticator, request); // authentication success } catch (EBaseException e) { CMCOutputTemplate template = new CMCOutputTemplate(); SEQUENCE seq = new SEQUENCE(); - seq.addElement(new INTEGER(0)); + seq.addElement(new INTEGER(0)); UTF8String s = null; try { - s = new UTF8String(e.toString()); + s = new UTF8String(e.toString()); } catch (Exception ee) { } - template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.BAD_REQUEST, s); - CMS.debug("ProfileSubmitCMCServlet: authentication error " + - e.toString()); + template.createFullResponseWithFailedStatus(response, seq, + OtherInfo.BAD_REQUEST, s); + CMS.debug("ProfileSubmitCMCServlet: authentication error " + + e.toString()); return; } - //authorization only makes sense when request is authenticated + // authorization only makes sense when request is authenticated AuthzToken authzToken = null; if (authToken != null) { CMS.debug("ProfileSubmitCMCServlet authToken not null"); try { authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "submit"); + mAuthzResourceName, "submit"); } catch (Exception e) { - CMS.debug("ProfileSubmitCMCServlet authorization failure: "+e.toString()); + CMS.debug("ProfileSubmitCMCServlet authorization failure: " + e.toString()); } } @@ -450,16 +448,16 @@ profile, IRequest req) { } catch (Exception ee) { } template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.BAD_REQUEST, s); + OtherInfo.BAD_REQUEST, s); return; } } IRequest reqs[] = null; - /////////////////////////////////////////////// + // ///////////////////////////////////////////// // create request - /////////////////////////////////////////////// + // ///////////////////////////////////////////// try { reqs = profile.createRequests(ctx, locale); } catch (EProfileException e) { @@ -473,7 +471,7 @@ profile, IRequest req) { } catch (Exception ee) { } template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.INTERNAL_CA_ERROR, s); + OtherInfo.INTERNAL_CA_ERROR, s); return; } catch (Throwable e) { CMS.debug("ProfileSubmitCMCServlet: createRequests " + e.toString()); @@ -486,17 +484,17 @@ profile, IRequest req) { } catch (Exception ee) { } template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.INTERNAL_CA_ERROR, s); + OtherInfo.INTERNAL_CA_ERROR, s); return; } TaggedAttribute attr = - (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_lraPOPWitness)); + (TaggedAttribute) (context.get(OBJECT_IDENTIFIER.id_cmc_lraPOPWitness)); if (attr != null) { boolean verifyAllow = true; try { verifyAllow = CMS.getConfigStore().getBoolean( - "cmc.lraPopWitness.verify.allow", true); + "cmc.lraPopWitness.verify.allow", true); } catch (EBaseException ee) { } @@ -505,18 +503,18 @@ profile, IRequest req) { SET vals = attr.getValues(); if (vals.size() > 0) { try { - lraPop = (LraPopWitness)(ASN1Util.decode(LraPopWitness.getTemplate(), - ASN1Util.encode(vals.elementAt(0)))); + lraPop = (LraPopWitness) (ASN1Util.decode(LraPopWitness.getTemplate(), + ASN1Util.encode(vals.elementAt(0)))); } catch (InvalidBERException e) { CMS.debug( - CMS.getUserMessage(locale, "CMS_PROFILE_ENCODING_ERROR")); + CMS.getUserMessage(locale, "CMS_PROFILE_ENCODING_ERROR")); } SEQUENCE bodyIds = lraPop.getBodyIds(); CMCOutputTemplate template = new CMCOutputTemplate(); template.createFullResponseWithFailedStatus(response, bodyIds, - OtherInfo.POP_FAILED, null); + OtherInfo.POP_FAILED, null); return; } } @@ -524,53 +522,53 @@ profile, IRequest req) { // for CMC, requests may be zero. Then check if controls exist. if (reqs == null) { - Integer nums = (Integer)(context.get("numOfControls")); + Integer nums = (Integer) (context.get("numOfControls")); CMCOutputTemplate template = new CMCOutputTemplate(); // if there is only one control GetCert, then simple response - // must be returned. + // must be returned. if (nums != null && nums.intValue() == 1) { - TaggedAttribute attr1 = (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_getCert)); + TaggedAttribute attr1 = (TaggedAttribute) (context.get(OBJECT_IDENTIFIER.id_cmc_getCert)); if (attr1 != null) { template.createSimpleResponse(response, reqs); } else - template.createFullResponse(response, reqs, - cert_request_type, null); + template.createFullResponse(response, reqs, + cert_request_type, null); } else - template.createFullResponse(response, reqs, - cert_request_type, null); + template.createFullResponse(response, reqs, + cert_request_type, null); return; } String errorCode = null; - String errorReason = null; + String errorReason = null; - /////////////////////////////////////////////// + // ///////////////////////////////////////////// // populate request - /////////////////////////////////////////////// + // ///////////////////////////////////////////// for (int k = 0; k < reqs.length; k++) { // adding parameters to request setInputsIntoRequest(request, profile, reqs[k]); // serial auth token into request if (authToken != null) { - Enumeration tokenNames = authToken.getElements(); - while (tokenNames.hasMoreElements()) { - String tokenName = (String)tokenNames.nextElement(); - String[] vals = authToken.getInStringArray(tokenName); - if (vals != null) { - for (int i = 0; i < vals.length; i++) { - reqs[k].setExtData(ARG_AUTH_TOKEN + "." + - tokenName + "[" + i + "]", vals[i]); - } - } else { - String val = authToken.getInString(tokenName); - if (val != null) { - reqs[k].setExtData(ARG_AUTH_TOKEN + "." + tokenName, - val); - } - } - } - } + Enumeration tokenNames = authToken.getElements(); + while (tokenNames.hasMoreElements()) { + String tokenName = (String) tokenNames.nextElement(); + String[] vals = authToken.getInStringArray(tokenName); + if (vals != null) { + for (int i = 0; i < vals.length; i++) { + reqs[k].setExtData(ARG_AUTH_TOKEN + "." + + tokenName + "[" + i + "]", vals[i]); + } + } else { + String val = authToken.getInString(tokenName); + if (val != null) { + reqs[k].setExtData(ARG_AUTH_TOKEN + "." + tokenName, + val); + } + } + } + } // put profile framework parameters into the request reqs[k].setExtData(ARG_PROFILE, "true"); @@ -589,7 +587,7 @@ profile, IRequest req) { } catch (Exception ee) { } template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.INTERNAL_CA_ERROR, s); + OtherInfo.INTERNAL_CA_ERROR, s); return; } @@ -598,13 +596,13 @@ profile, IRequest req) { reqs[k].setExtData(ARG_PROFILE_REMOTE_HOST, request.getRemoteHost()); reqs[k].setExtData(ARG_PROFILE_REMOTE_ADDR, request.getRemoteAddr()); - CMS.debug("ProfileSubmitCMCServlet: request " + - reqs[k].getRequestId().toString()); + CMS.debug("ProfileSubmitCMCServlet: request " + + reqs[k].getRequestId().toString()); try { CMS.debug("ProfileSubmitCMCServlet: populating request inputs"); // give authenticator a chance to populate the request - if (authenticator != null) { + if (authenticator != null) { authenticator.populate(authToken, reqs[k]); } profile.populateInput(ctx, reqs[k]); @@ -620,12 +618,12 @@ profile, IRequest req) { } catch (Exception ee) { } template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.BAD_REQUEST, s); + OtherInfo.BAD_REQUEST, s); return; } catch (Throwable e) { CMS.debug("ProfileSubmitCMCServlet: populate " + e.toString()); - // throw new IOException("Profile " + profileId + - // " cannot populate"); + // throw new IOException("Profile " + profileId + + // " cannot populate"); CMCOutputTemplate template = new CMCOutputTemplate(); SEQUENCE seq = new SEQUENCE(); seq.addElement(new INTEGER(0)); @@ -635,7 +633,7 @@ profile, IRequest req) { } catch (Exception ee) { } template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.INTERNAL_CA_ERROR, s); + OtherInfo.INTERNAL_CA_ERROR, s); return; } } @@ -647,28 +645,27 @@ profile, IRequest req) { int responseType = 0; try { - /////////////////////////////////////////////// + // ///////////////////////////////////////////// // submit request - /////////////////////////////////////////////// + // ///////////////////////////////////////////// int error_codes[] = null; if (reqs != null && reqs.length > 0) - error_codes = new int[reqs.length]; + error_codes = new int[reqs.length]; for (int k = 0; k < reqs.length; k++) { try { // reset the "auditRequesterID" auditRequesterID = auditRequesterID(reqs[k]); - // print request debug if (reqs[k] != null) { - Enumeration reqKeys = reqs[k].getExtDataKeys(); - while (reqKeys.hasMoreElements()) { - String reqKey = (String)reqKeys.nextElement(); - String reqVal = reqs[k].getExtDataInString(reqKey); - if (reqVal != null) { - CMS.debug("ProfileSubmitCMCServlet: key=$request." + reqKey + "$ value=" + reqVal); + Enumeration reqKeys = reqs[k].getExtDataKeys(); + while (reqKeys.hasMoreElements()) { + String reqKey = (String) reqKeys.nextElement(); + String reqVal = reqs[k].getExtDataInString(reqKey); + if (reqVal != null) { + CMS.debug("ProfileSubmitCMCServlet: key=$request." + reqKey + "$ value=" + reqVal); + } } - } } profile.submit(authToken, reqs[k]); @@ -698,16 +695,16 @@ profile, IRequest req) { // need to notify INotify notify = profile.getRequestQueue().getPendingNotify(); if (notify != null) { - notify.notify(reqs[k]); + notify.notify(reqs[k]); } - + CMS.debug("ProfileSubmitCMCServlet: submit " + e.toString()); errorCode = "2"; errorReason = CMS.getUserMessage(locale, "CMS_PROFILE_DEFERRED", e.toString()); } catch (ERejectException e) { - // return error to the user + // return error to the user reqs[k].setRequestStatus(RequestStatus.REJECTED); CMS.debug("ProfileSubmitCMCServlet: submit " + e.toString()); errorCode = "3"; @@ -722,7 +719,7 @@ profile, IRequest req) { "CMS_INTERNAL_ERROR"); } - try { + try { if (errorCode == null) { profile.getRequestQueue().markAsServiced(reqs[k]); } else { @@ -730,7 +727,7 @@ profile, IRequest req) { } } catch (EBaseException e) { CMS.debug("ProfileSubmitCMCServlet: updateRequest " + - e.toString()); + e.toString()); } if (errorCode != null) { @@ -774,40 +771,40 @@ profile, IRequest req) { return; } - /////////////////////////////////////////////// - // output output list - /////////////////////////////////////////////// - - CMS.debug("ProfileSubmitCMCServlet: done serving"); - CMCOutputTemplate template = new CMCOutputTemplate(); - if (cert_request_type.equals("pkcs10") || cert_request_type.equals("crmf")) { - - if (outputFormat != null &&outputFormat.equals("pkcs7")) { - byte[] pkcs7 = CMS.getPKCS7(locale, reqs[0]); - response.setContentType("application/pkcs7-mime"); - response.setContentLength(pkcs7.length); - try { - OutputStream os = response.getOutputStream(); - os.write(pkcs7); - os.flush(); - } catch (Exception ee) { - } - return; - } - template.createSimpleResponse(response, reqs); - } else if (cert_request_type.equals("cmc")) { - Integer nums = (Integer)(context.get("numOfControls")); - if (nums != null && nums.intValue() == 1) { - TaggedAttribute attr1 = - (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_getCert)); - if (attr1 != null) { - template.createSimpleResponse(response, reqs); - return; - } - } - template.createFullResponse(response, reqs, cert_request_type, - error_codes); - } + // ///////////////////////////////////////////// + // output output list + // ///////////////////////////////////////////// + + CMS.debug("ProfileSubmitCMCServlet: done serving"); + CMCOutputTemplate template = new CMCOutputTemplate(); + if (cert_request_type.equals("pkcs10") || cert_request_type.equals("crmf")) { + + if (outputFormat != null && outputFormat.equals("pkcs7")) { + byte[] pkcs7 = CMS.getPKCS7(locale, reqs[0]); + response.setContentType("application/pkcs7-mime"); + response.setContentLength(pkcs7.length); + try { + OutputStream os = response.getOutputStream(); + os.write(pkcs7); + os.flush(); + } catch (Exception ee) { + } + return; + } + template.createSimpleResponse(response, reqs); + } else if (cert_request_type.equals("cmc")) { + Integer nums = (Integer) (context.get("numOfControls")); + if (nums != null && nums.intValue() == 1) { + TaggedAttribute attr1 = + (TaggedAttribute) (context.get(OBJECT_IDENTIFIER.id_cmc_getCert)); + if (attr1 != null) { + template.createSimpleResponse(response, reqs); + return; + } + } + template.createFullResponse(response, reqs, cert_request_type, + error_codes); + } } finally { SessionContext.releaseContext(); } @@ -815,11 +812,11 @@ profile, IRequest req) { /** * Signed Audit Log Requester ID - * - * This method is called to obtain the "RequesterID" for - * a signed audit log message. + * + * This method is called to obtain the "RequesterID" for a signed audit log + * message. * <P> - * + * * @param request the actual request * @return id string containing the signed audit log message RequesterID */ @@ -845,11 +842,11 @@ profile, IRequest req) { /** * Signed Audit Log Info Certificate Value - * + * * This method is called to obtain the certificate from the passed in * "X509CertImpl" for a signed audit log message. * <P> - * + * * @param request request containing an X509CertImpl * @return cert string containing the certificate */ diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java index 3f663619..9a830dbf 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.profile; - import java.math.BigInteger; import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; @@ -72,10 +71,9 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cmsutil.util.Cert; import com.netscape.cmsutil.xml.XMLObject; - /** * This servlet submits end-user request into the profile framework. - * + * * @author Christina Fu (renewal support) * @version $Revision$, $Date$ */ @@ -97,34 +95,31 @@ public class ProfileSubmitServlet extends ProfileServlet { private String mReqType = null; private String mAuthorityId = null; - private final static String[] - SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] { - - /* 0 */ "automated profile cert request rejection: " + private final static String[] SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] { + + /* 0 */"automated profile cert request rejection: " + "indeterminate reason for inability to process " + "cert request due to an EBaseException" }; private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = - "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; - - - private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL = - "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4"; - private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS = - "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3"; + "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; + private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL = + "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4"; + private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS = + "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3"; public ProfileSubmitServlet() { } /** - * initialize the servlet. And instance of this servlet can - * be set up to always issue certificates against a certain profile - * by setting the 'profileId' configuration in the servletConfig - * If not, the user must specify the profileID when submitting the request + * initialize the servlet. And instance of this servlet can be set up to + * always issue certificates against a certain profile by setting the + * 'profileId' configuration in the servletConfig If not, the user must + * specify the profileID when submitting the request * * "ImportCert.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -146,7 +141,8 @@ public class ProfileSubmitServlet extends ProfileServlet { while (inputNames.hasMoreElements()) { String inputName = (String) inputNames.nextElement(); if (request.getParameter(inputName) != null) { - // all subject name parameters start with sn_, no other input parameters do + // all subject name parameters start with sn_, no other + // input parameters do if (inputName.matches("^sn_.*")) { ctx.set(inputName, escapeValueRfc1779(request.getParameter(inputName), false).toString()); } else { @@ -159,10 +155,9 @@ public class ProfileSubmitServlet extends ProfileServlet { } - /* - * fill input info from "request" to context. - * This is expected to be used by renewal where the request - * is retrieved from request record + /* + * fill input info from "request" to context. This is expected to be used by + * renewal where the request is retrieved from request record */ private void setInputsIntoContext(IRequest request, IProfile profile, IProfileContext ctx, Locale locale) { // passing inputs into context @@ -185,7 +180,7 @@ public class ProfileSubmitServlet extends ProfileServlet { } if (inputValue != null) { - CMS.debug("ProfileSubmitServlet: setInputsIntoContext() setting value in ctx:"+ inputValue); + CMS.debug("ProfileSubmitServlet: setInputsIntoContext() setting value in ctx:" + inputValue); ctx.set(inputName, inputValue); } else { CMS.debug("ProfileSubmitServlet: setInputsIntoContext() value null"); @@ -196,8 +191,6 @@ public class ProfileSubmitServlet extends ProfileServlet { } - - private void setCredentialsIntoContext(HttpServletRequest request, IProfileAuthenticator authenticator, IProfileContext ctx) { Enumeration<String> authIds = authenticator.getValueNames(); @@ -206,8 +199,8 @@ public class ProfileSubmitServlet extends ProfileServlet { while (authIds.hasMoreElements()) { String authName = (String) authIds.nextElement(); - CMS.debug("ProfileSubmitServlet:setCredentialsIntoContext() authName:"+ - authName); + CMS.debug("ProfileSubmitServlet:setCredentialsIntoContext() authName:" + + authName); if (request.getParameter(authName) != null) { CMS.debug("ProfileSubmitServlet:setCredentialsIntoContext() authName found in request"); ctx.set(authName, request.getParameter(authName)); @@ -232,7 +225,7 @@ public class ProfileSubmitServlet extends ProfileServlet { String n = t.substring(0, i); if (n.equalsIgnoreCase("uid")) { String v = t.substring(i + 1); - CMS.debug("ProfileSubmitServlet:: getUidFromDN(): uid found:"+v); + CMS.debug("ProfileSubmitServlet:: getUidFromDN(): uid found:" + v); return v; } else { continue; @@ -242,70 +235,70 @@ public class ProfileSubmitServlet extends ProfileServlet { } /* - * authenticate for renewal - more to add necessary params/values - * to the session context + * authenticate for renewal - more to add necessary params/values to the + * session context */ public IAuthToken authenticate(IProfileAuthenticator authenticator, - HttpServletRequest request, IRequest origReq, SessionContext context) - throws EBaseException { - IAuthToken authToken = authenticate(authenticator, request); - // For renewal, fill in necessary params - if (authToken!= null) { - String ouid = origReq.getExtDataInString("auth_token.uid"); - // if the orig cert was manually approved, then there was - // no auth token uid. Try to get the uid from the cert dn - // itself, if possible - if (ouid == null) { - String sdn = (String) context.get("origSubjectDN"); - if (sdn != null) { - ouid = getUidFromDN(sdn); - if (ouid != null) - CMS.debug("ProfileSubmitServlet: renewal: authToken original uid not found"); - } - } else { - CMS.debug("ProfileSubmitServlet: renewal: authToken original uid found in orig request auth_token"); - } - String auid = authToken.getInString("uid"); - if (auid != null) { // not through ssl client auth - CMS.debug("ProfileSubmitServlet: renewal: authToken uid found:"+auid); - // authenticated with uid - // put "orig_req.auth_token.uid" so that authz with - // UserOrigReqAccessEvaluator will work - if (ouid != null) { - context.put("orig_req.auth_token.uid", ouid); - CMS.debug("ProfileSubmitServlet: renewal: authToken original uid found:"+ouid); - } else { - CMS.debug("ProfileSubmitServlet: renewal: authToken original uid not found"); - } - } else { // through ssl client auth? - CMS.debug("ProfileSubmitServlet: renewal: authToken uid not found:"); - // put in orig_req's uid - if (ouid != null) { - CMS.debug("ProfileSubmitServlet: renewal: origReq uid not null:" +ouid+". Setting authtoken"); - authToken.set("uid", ouid); - context.put(SessionContext.USER_ID, ouid); - } else { - CMS.debug("ProfileSubmitServlet: renewal: origReq uid not found"); -// throw new EBaseException("origReq uid not found"); - } - } - - String userdn = origReq.getExtDataInString("auth_token.userdn"); - if (userdn != null) { - CMS.debug("ProfileSubmitServlet: renewal: origReq userdn not null:"+userdn+". Setting authtoken"); - authToken.set("userdn", userdn); - } else { - CMS.debug("ProfileSubmitServlet: renewal: origReq userdn not found"); -// throw new EBaseException("origReq userdn not found"); - } + HttpServletRequest request, IRequest origReq, SessionContext context) + throws EBaseException { + IAuthToken authToken = authenticate(authenticator, request); + // For renewal, fill in necessary params + if (authToken != null) { + String ouid = origReq.getExtDataInString("auth_token.uid"); + // if the orig cert was manually approved, then there was + // no auth token uid. Try to get the uid from the cert dn + // itself, if possible + if (ouid == null) { + String sdn = (String) context.get("origSubjectDN"); + if (sdn != null) { + ouid = getUidFromDN(sdn); + if (ouid != null) + CMS.debug("ProfileSubmitServlet: renewal: authToken original uid not found"); + } + } else { + CMS.debug("ProfileSubmitServlet: renewal: authToken original uid found in orig request auth_token"); + } + String auid = authToken.getInString("uid"); + if (auid != null) { // not through ssl client auth + CMS.debug("ProfileSubmitServlet: renewal: authToken uid found:" + auid); + // authenticated with uid + // put "orig_req.auth_token.uid" so that authz with + // UserOrigReqAccessEvaluator will work + if (ouid != null) { + context.put("orig_req.auth_token.uid", ouid); + CMS.debug("ProfileSubmitServlet: renewal: authToken original uid found:" + ouid); + } else { + CMS.debug("ProfileSubmitServlet: renewal: authToken original uid not found"); + } + } else { // through ssl client auth? + CMS.debug("ProfileSubmitServlet: renewal: authToken uid not found:"); + // put in orig_req's uid + if (ouid != null) { + CMS.debug("ProfileSubmitServlet: renewal: origReq uid not null:" + ouid + ". Setting authtoken"); + authToken.set("uid", ouid); + context.put(SessionContext.USER_ID, ouid); } else { - CMS.debug("ProfileSubmitServlet: renewal: authToken null"); + CMS.debug("ProfileSubmitServlet: renewal: origReq uid not found"); + // throw new EBaseException("origReq uid not found"); } - return authToken; + } + + String userdn = origReq.getExtDataInString("auth_token.userdn"); + if (userdn != null) { + CMS.debug("ProfileSubmitServlet: renewal: origReq userdn not null:" + userdn + ". Setting authtoken"); + authToken.set("userdn", userdn); + } else { + CMS.debug("ProfileSubmitServlet: renewal: origReq userdn not found"); + // throw new EBaseException("origReq userdn not found"); + } + } else { + CMS.debug("ProfileSubmitServlet: renewal: authToken null"); + } + return authToken; } public IAuthToken authenticate(IProfileAuthenticator authenticator, - HttpServletRequest request) throws EBaseException { + HttpServletRequest request) throws EBaseException { AuthCredentials credentials = new AuthCredentials(); // build credential @@ -323,12 +316,12 @@ public class ProfileSubmitServlet extends ProfileServlet { IAuthToken authToken = authenticator.authenticate(credentials); SessionContext sc = SessionContext.getContext(); - if (sc != null) { - sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName()); - String userid = authToken.getInString(IAuthToken.USER_ID); - if (userid != null) { - sc.put(SessionContext.USER_ID, userid); - } + if (sc != null) { + sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName()); + String userid = authToken.getInString(IAuthToken.USER_ID); + if (userid != null) { + sc.put(SessionContext.USER_ID, userid); + } } return authToken; @@ -348,7 +341,8 @@ public class ProfileSubmitServlet extends ProfileServlet { String inputName = (String) inputNames.nextElement(); if (request.getParameter(inputName) != null) { - // special characters in subject names parameters must be escaped + // special characters in subject names parameters + // must be escaped if (inputName.matches("^sn_.*")) { req.setExtData(inputName, escapeValueRfc1779(request.getParameter(inputName), false).toString()); } else { @@ -361,10 +355,9 @@ public class ProfileSubmitServlet extends ProfileServlet { } } - /* - * fill input info from orig request to the renew request. - * This is expected to be used by renewal where the request - * is retrieved from request record + /* + * fill input info from orig request to the renew request. This is expected + * to be used by renewal where the request is retrieved from request record */ private void setInputsIntoRequest(IRequest request, IProfile profile, IRequest req, Locale locale) { // passing inputs into request @@ -387,7 +380,7 @@ public class ProfileSubmitServlet extends ProfileServlet { } if (inputValue != null) { - CMS.debug("ProfileSubmitServlet: setInputsIntoRequest() setting value in ctx:"+ inputValue); + CMS.debug("ProfileSubmitServlet: setInputsIntoRequest() setting value in ctx:" + inputValue); req.setExtData(inputName, inputValue); } else { CMS.debug("ProfileSubmitServlet: setInputsIntoRequest() value null"); @@ -412,8 +405,8 @@ public class ProfileSubmitServlet extends ProfileServlet { while (outputNames.hasMoreElements()) { ArgSet outputset = new ArgSet(); String outputName = (String) outputNames.nextElement(); - IDescriptor outputDesc = - profileOutput.getValueDescriptor(locale, outputName); + IDescriptor outputDesc = + profileOutput.getValueDescriptor(locale, outputName); if (outputDesc == null) continue; @@ -423,7 +416,7 @@ public class ProfileSubmitServlet extends ProfileServlet { String outputValue = null; try { - outputValue = profileOutput.getValue(outputName, + outputValue = profileOutput.getValue(outputName, locale, req); } catch (EProfileException e) { CMS.debug("ProfileSubmitServlet: " + e.toString()); @@ -446,7 +439,7 @@ public class ProfileSubmitServlet extends ProfileServlet { * <P> * * (Certificate Request Processed - either an automated "EE" profile based - * cert acceptance, or an automated "EE" profile based cert rejection) + * cert acceptance, or an automated "EE" profile based cert rejection) * <P> * * <ul> @@ -454,6 +447,7 @@ public class ProfileSubmitServlet extends ProfileServlet { * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a * certificate request has just been through the approval process * </ul> + * * @param cmsReq the object holding the request and response information * @exception EBaseException an error has occurred */ @@ -476,9 +470,9 @@ public class ProfileSubmitServlet extends ProfileServlet { CMS.debug("xmlOutput false"); } - IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats"); + IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats"); if (statsSub != null) { - statsSub.startTiming("enrollment", true /* main action */); + statsSub.startTiming("enrollment", true /* main action */); } long startTime = CMS.getCurrentDate().getTime(); @@ -488,34 +482,34 @@ public class ProfileSubmitServlet extends ProfileServlet { if (CMS.debugOn()) { CMS.debug("Start of ProfileSubmitServlet Input Parameters"); @SuppressWarnings("unchecked") - Enumeration<String> paramNames = request.getParameterNames(); + Enumeration<String> paramNames = request.getParameterNames(); while (paramNames.hasMoreElements()) { String paramName = paramNames.nextElement(); // added this facility so that password can be hidden, - // all sensitive parameters should be prefixed with + // all sensitive parameters should be prefixed with // __ (double underscores); however, in the event that // a security parameter slips through, we perform multiple // additional checks to insure that it is NOT displayed - if( paramName.startsWith("__") || - paramName.endsWith("password") || - paramName.endsWith("passwd") || - paramName.endsWith("pwd") || - paramName.equalsIgnoreCase("admin_password_again") || - paramName.equalsIgnoreCase("directoryManagerPwd") || - paramName.equalsIgnoreCase("bindpassword") || - paramName.equalsIgnoreCase("bindpwd") || - paramName.equalsIgnoreCase("passwd") || - paramName.equalsIgnoreCase("password") || - paramName.equalsIgnoreCase("pin") || - paramName.equalsIgnoreCase("pwd") || - paramName.equalsIgnoreCase("pwdagain") || - paramName.equalsIgnoreCase("uPasswd") ) { + if (paramName.startsWith("__") || + paramName.endsWith("password") || + paramName.endsWith("passwd") || + paramName.endsWith("pwd") || + paramName.equalsIgnoreCase("admin_password_again") || + paramName.equalsIgnoreCase("directoryManagerPwd") || + paramName.equalsIgnoreCase("bindpassword") || + paramName.equalsIgnoreCase("bindpwd") || + paramName.equalsIgnoreCase("passwd") || + paramName.equalsIgnoreCase("password") || + paramName.equalsIgnoreCase("pin") || + paramName.equalsIgnoreCase("pwd") || + paramName.equalsIgnoreCase("pwdagain") || + paramName.equalsIgnoreCase("uPasswd")) { CMS.debug("ProfileSubmitServlet Input Parameter " + paramName + "='(sensitive)'"); } else { CMS.debug("ProfileSubmitServlet Input Parameter " + - paramName + "='" + + paramName + "='" + request.getParameter(paramName) + "'"); } } @@ -528,44 +522,42 @@ public class ProfileSubmitServlet extends ProfileServlet { mProfileSubId = IProfileSubsystem.ID; } CMS.debug("ProfileSubmitServlet: SubId=" + mProfileSubId); - IProfileSubsystem ps = (IProfileSubsystem) - CMS.getSubsystem(mProfileSubId); + IProfileSubsystem ps = (IProfileSubsystem) + CMS.getSubsystem(mProfileSubId); if (ps == null) { CMS.debug("ProfileSubmitServlet: ProfileSubsystem not found"); if (xmlOutput) { outputError(response, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + "CMS_INTERNAL_ERROR")); } else { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); } if (statsSub != null) { - statsSub.endTiming("enrollment"); + statsSub.endTiming("enrollment"); } return; } /* * Renewal - Renewal is retrofitted into the Profile Enrollment - * Framework. The authentication and authorization are taken from - * the renewal profile, while the input (with requests) and grace - * period constraint are taken from the original cert's request record. + * Framework. The authentication and authorization are taken from the + * renewal profile, while the input (with requests) and grace period + * constraint are taken from the original cert's request record. * - * Things to note: - * * the renew request will contain the original profile instead - * of the new - * * there is no request for system and admin certs generated at - * time of installation configuration. + * Things to note: * the renew request will contain the original profile + * instead of the new * there is no request for system and admin certs + * generated at time of installation configuration. */ String renewal = request.getParameter("renewal"); boolean isRenewal = false; - if ((renewal!= null) && (renewal.equalsIgnoreCase("true"))) { + if ((renewal != null) && (renewal.equalsIgnoreCase("true"))) { CMS.debug("ProfileSubmitServlet: isRenewal true"); isRenewal = true; - request.setAttribute("reqType", (Object)"renewal"); + request.setAttribute("reqType", (Object) "renewal"); } else { CMS.debug("ProfileSubmitServlet: isRenewal false"); } @@ -593,11 +585,11 @@ public class ProfileSubmitServlet extends ProfileServlet { if (isRenewal) { // dig up the original request to "clone" renewProfileId = profileId; - CMS.debug("ProfileSubmitServlet: renewProfileId ="+renewProfileId); + CMS.debug("ProfileSubmitServlet: renewProfileId =" + renewProfileId); IAuthority authority = (IAuthority) CMS.getSubsystem(mAuthorityId); if (authority == null) { CMS.debug("ProfileSubmitServlet: renewal: Authority " + mAuthorityId + - " not found"); + " not found"); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); @@ -608,7 +600,7 @@ public class ProfileSubmitServlet extends ProfileServlet { if (queue == null) { CMS.debug("ProfileSubmitServlet: renewal: Request Queue of " + - mAuthorityId + " not found"); + mAuthorityId + " not found"); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); @@ -619,7 +611,7 @@ public class ProfileSubmitServlet extends ProfileServlet { String serial = request.getParameter("serial_num"); BigInteger certSerial = null; // if serial number is sent with request, then the authentication - // method is not ssl client auth. In this case, an alternative + // method is not ssl client auth. In this case, an alternative // authentication method is used (default: ldap based) if (serial != null) { CMS.debug("ProfileSubmitServlet: renewal: found serial_num"); @@ -638,7 +630,7 @@ public class ProfileSubmitServlet extends ProfileServlet { CMS.debug("ProfileSubmitServlet: renewal: no ssl client cert chain"); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } else { // has ssl client cert @@ -646,45 +638,45 @@ public class ProfileSubmitServlet extends ProfileServlet { // shouldn't expect leaf cert to be always at the // same location X509Certificate clientCert = null; - for (int i = 0; i< certs.length; i++) { + for (int i = 0; i < certs.length; i++) { clientCert = certs[i]; - byte [] extBytes = clientCert.getExtensionValue("2.5.29.19"); + byte[] extBytes = clientCert.getExtensionValue("2.5.29.19"); // try to see if this is a leaf cert // look for BasicConstraint extension if (extBytes == null) { // found leaf cert - CMS.debug("ProfileSubmitServlet: renewal: found leaf cert"); + CMS.debug("ProfileSubmitServlet: renewal: found leaf cert"); break; } else { - CMS.debug("ProfileSubmitServlet: renewal: found cert having BasicConstraints ext"); - // it's got BasicConstraints extension - // so it's not likely to be a leaf cert, - // however, check the isCA field regardless - try { - BasicConstraintsExtension bce = - new BasicConstraintsExtension(true, extBytes); - if (bce != null) { - if (!(Boolean)bce.get("is_ca")) { - CMS.debug("ProfileSubmitServlet: renewal: found CA cert in chain"); - break; - } // else found a ca cert, continue - } - } catch (Exception e) { - CMS.debug("ProfileSubmitServlet: renewal: exception:"+ + CMS.debug("ProfileSubmitServlet: renewal: found cert having BasicConstraints ext"); + // it's got BasicConstraints extension + // so it's not likely to be a leaf cert, + // however, check the isCA field regardless + try { + BasicConstraintsExtension bce = + new BasicConstraintsExtension(true, extBytes); + if (bce != null) { + if (!(Boolean) bce.get("is_ca")) { + CMS.debug("ProfileSubmitServlet: renewal: found CA cert in chain"); + break; + } // else found a ca cert, continue + } + } catch (Exception e) { + CMS.debug("ProfileSubmitServlet: renewal: exception:" + e.toString()); - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); - outputTemplate(request, response, args); - return; - } + args.set(ARG_ERROR_CODE, "1"); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); + outputTemplate(request, response, args); + return; + } } } if (clientCert == null) { CMS.debug("ProfileSubmitServlet: renewal: no client cert in chain"); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } @@ -694,10 +686,10 @@ public class ProfileSubmitServlet extends ProfileServlet { clientCert = new X509CertImpl(certEncoded); } catch (Exception e) { - CMS.debug("ProfileSubmitServlet: renewal: exception:"+e.toString()); + CMS.debug("ProfileSubmitServlet: renewal: exception:" + e.toString()); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } @@ -706,7 +698,7 @@ public class ProfileSubmitServlet extends ProfileServlet { } } - CMS.debug("ProfileSubmitServlet: renewal: serial number of cert to renew:"+ certSerial.toString()); + CMS.debug("ProfileSubmitServlet: renewal: serial number of cert to renew:" + certSerial.toString()); try { ICertificateRepository certDB = null; @@ -716,28 +708,28 @@ public class ProfileSubmitServlet extends ProfileServlet { if (certDB == null) { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } ICertRecord rec = (ICertRecord) certDB.readCertificateRecord(certSerial); - if (rec == null) { - CMS.debug("ProfileSubmitServlet: renewal cert record not found for serial number "+ certSerial.toString()); + if (rec == null) { + CMS.debug("ProfileSubmitServlet: renewal cert record not found for serial number " + certSerial.toString()); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } else { - CMS.debug("ProfileSubmitServlet: renewal cert record found for serial number:"+ certSerial.toString()); + CMS.debug("ProfileSubmitServlet: renewal cert record found for serial number:" + certSerial.toString()); // check to see if the cert is revoked or revoked_expired if ((rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) || (rec.getStatus().equals(ICertRecord.STATUS_REVOKED_EXPIRED))) { - CMS.debug("ProfileSubmitServlet: renewal cert found to be revoked. Serial number = "+ certSerial.toString()); - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_CA_CANNOT_RENEW_REVOKED_CERT", certSerial.toString())); - outputTemplate(request, response, args); - return; + CMS.debug("ProfileSubmitServlet: renewal cert found to be revoked. Serial number = " + certSerial.toString()); + args.set(ARG_ERROR_CODE, "1"); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_CA_CANNOT_RENEW_REVOKED_CERT", certSerial.toString())); + outputTemplate(request, response, args); + return; } MetaInfo metaInfo = (MetaInfo) rec.get(ICertRecord.ATTR_META_INFO); // note: CA's internal certs don't have request ids @@ -748,54 +740,56 @@ public class ProfileSubmitServlet extends ProfileServlet { if (rid != null) { origReq = queue.findRequest(new RequestId(rid)); if (origReq != null) { - CMS.debug("ProfileSubmitServlet: renewal: found original enrollment request id:"+ rid); + CMS.debug("ProfileSubmitServlet: renewal: found original enrollment request id:" + rid); // debug: print the extData keys Enumeration<String> en = origReq.getExtDataKeys(); -/* - CMS.debug("ProfileSubmitServlet: renewal: origRequest extdata key print BEGINS"); - while (en.hasMoreElements()) { - String next = (String) en.nextElement(); - CMS.debug("ProfileSubmitServlet: renewal: origRequest extdata key:"+ next); - } - CMS.debug("ProfileSubmitServlet: renewal: origRequest extdata key print ENDS"); -*/ + /* + * CMS.debug( + * "ProfileSubmitServlet: renewal: origRequest extdata key print BEGINS" + * ); while (en.hasMoreElements()) { String next + * = (String) en.nextElement(); CMS.debug( + * "ProfileSubmitServlet: renewal: origRequest extdata key:" + * + next); } CMS.debug( + * "ProfileSubmitServlet: renewal: origRequest extdata key print ENDS" + * ); + */ String requestorE = origReq.getExtDataInString("requestor_email"); - CMS.debug("ProfileSubmitServlet: renewal original requestor email="+requestorE); + CMS.debug("ProfileSubmitServlet: renewal original requestor email=" + requestorE); profileId = origReq.getExtDataInString("profileId"); if (profileId != null) - CMS.debug("ProfileSubmitServlet: renewal original profileId="+profileId); + CMS.debug("ProfileSubmitServlet: renewal original profileId=" + profileId); else { - CMS.debug("ProfileSubmitServlet: renewal original profileId not found"); - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); - outputTemplate(request, response, args); - return; + CMS.debug("ProfileSubmitServlet: renewal original profileId not found"); + args.set(ARG_ERROR_CODE, "1"); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); + outputTemplate(request, response, args); + return; } origSeqNum = origReq.getExtDataInInteger(IEnrollProfile.REQUEST_SEQ_NUM); - - } else { //if origReq - CMS.debug("ProfileSubmitServlet: renewal original request not found for request id "+ rid); + + } else { // if origReq + CMS.debug("ProfileSubmitServlet: renewal original request not found for request id " + rid); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } } else { - CMS.debug("ProfileSubmitServlet: renewal: cert record locating request id in MetaInfo failed for serial number "+ certSerial.toString()); - CMS.debug("ProfileSubmitServlet: renewal: cert may be bootstrapped system cert during installation/configuration - no request record exists"); - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR"+": original request not found")); - outputTemplate(request, response, args); - return; + CMS.debug("ProfileSubmitServlet: renewal: cert record locating request id in MetaInfo failed for serial number " + certSerial.toString()); + CMS.debug("ProfileSubmitServlet: renewal: cert may be bootstrapped system cert during installation/configuration - no request record exists"); + args.set(ARG_ERROR_CODE, "1"); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR" + ": original request not found")); + outputTemplate(request, response, args); + return; } } else { - CMS.debug("ProfileSubmitServlet: renewal: cert record locating MetaInfo failed for serial number "+ certSerial.toString()); + CMS.debug("ProfileSubmitServlet: renewal: cert record locating MetaInfo failed for serial number " + certSerial.toString()); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } @@ -803,96 +797,96 @@ public class ProfileSubmitServlet extends ProfileServlet { CMS.debug("ProfileSubmitServlet: renewal: before getting origNotAfter"); X509CertImpl origCert = rec.getCertificate(); origNotAfter = origCert.getNotAfter(); - CMS.debug("ProfileSubmitServlet: renewal: origNotAfter ="+ - origNotAfter.toString()); + CMS.debug("ProfileSubmitServlet: renewal: origNotAfter =" + + origNotAfter.toString()); origSubjectDN = origCert.getSubjectDN().getName(); - CMS.debug("ProfileSubmitServlet: renewal: orig subj dn ="+ - origSubjectDN); + CMS.debug("ProfileSubmitServlet: renewal: orig subj dn =" + + origSubjectDN); } } catch (Exception e) { - CMS.debug("ProfileSubmitServlet: renewal: exception:"+e.toString()); + CMS.debug("ProfileSubmitServlet: renewal: exception:" + e.toString()); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } } // end isRenewal - IProfile profile = null; + IProfile profile = null; IProfile renewProfile = null; - try { - profile = ps.getProfile(profileId); + try { + profile = ps.getProfile(profileId); if (isRenewal) { // in case of renew, "profile" is the orig profile // while "renewProfile" is the current profile used for renewal - renewProfile = ps.getProfile(renewProfileId); + renewProfile = ps.getProfile(renewProfileId); } - } catch (EProfileException e) { - if(profile == null) { - CMS.debug("ProfileSubmitServlet: profile not found profileId " + - profileId + " " + e.toString()); + } catch (EProfileException e) { + if (profile == null) { + CMS.debug("ProfileSubmitServlet: profile not found profileId " + + profileId + " " + e.toString()); } if (renewProfile == null) { CMS.debug("ProfileSubmitServlet: profile not found renewProfileId " + - renewProfileId + " " + e.toString()); + renewProfileId + " " + e.toString()); } } if (profile == null) { if (xmlOutput) { - outputError(response, CMS.getUserMessage(locale,"CMS_PROFILE_NOT_FOUND", profileId)); + outputError(response, CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId)); } else { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_PROFILE_NOT_FOUND", profileId)); + "CMS_PROFILE_NOT_FOUND", profileId)); outputTemplate(request, response, args); } return; } if (isRenewal && (renewProfile == null)) { if (xmlOutput) { - outputError(response, CMS.getUserMessage(locale,"CMS_PROFILE_NOT_FOUND", renewProfileId)); + outputError(response, CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", renewProfileId)); } else { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_PROFILE_NOT_FOUND", renewProfileId)); + "CMS_PROFILE_NOT_FOUND", renewProfileId)); outputTemplate(request, response, args); } return; } if (!ps.isProfileEnable(profileId)) { - CMS.debug("ProfileSubmitServlet: Profile " + profileId + - " not enabled"); + CMS.debug("ProfileSubmitServlet: Profile " + profileId + + " not enabled"); if (xmlOutput) { outputError(response, CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId)); } else { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_PROFILE_NOT_FOUND", profileId)); + "CMS_PROFILE_NOT_FOUND", profileId)); outputTemplate(request, response, args); } if (statsSub != null) { - statsSub.endTiming("enrollment"); + statsSub.endTiming("enrollment"); } return; } if (isRenewal) { - if (!ps.isProfileEnable(renewProfileId)) { - CMS.debug("ProfileSubmitServlet: renewal Profile " + renewProfileId + - " not enabled"); - if (xmlOutput) { - outputError(response, CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", renewProfileId)); - } else { - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_PROFILE_NOT_FOUND", renewProfileId)); - outputTemplate(request, response, args); + if (!ps.isProfileEnable(renewProfileId)) { + CMS.debug("ProfileSubmitServlet: renewal Profile " + renewProfileId + + " not enabled"); + if (xmlOutput) { + outputError(response, CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", renewProfileId)); + } else { + args.set(ARG_ERROR_CODE, "1"); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_PROFILE_NOT_FOUND", renewProfileId)); + outputTemplate(request, response, args); + } + return; } - return; - } } IProfileContext ctx = profile.createContext(); @@ -909,40 +903,41 @@ public class ProfileSubmitServlet extends ProfileServlet { } } catch (EProfileException e) { // authenticator not installed correctly - CMS.debug("ProfileSubmitServlet: renewal: exception:"+e.toString()); + CMS.debug("ProfileSubmitServlet: renewal: exception:" + e.toString()); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } if (authenticator == null) { CMS.debug("ProfileSubmitServlet: authenticator not found"); } else { - CMS.debug("ProfileSubmitServlet: authenticator " + - authenticator.getName() + " found"); + CMS.debug("ProfileSubmitServlet: authenticator " + + authenticator.getName() + " found"); setCredentialsIntoContext(request, authenticator, ctx); } - // for renewal, this will override or add auth info to the profile context + // for renewal, this will override or add auth info to the profile + // context if (isRenewal) { - if (origAuthenticator!= null) { - CMS.debug("ProfileSubmitServlet: for renewal, original authenticator " + - origAuthenticator.getName() + " found"); - setCredentialsIntoContext(request, origAuthenticator, ctx); - } else { - CMS.debug("ProfileSubmitServlet: for renewal, original authenticator not found"); - } + if (origAuthenticator != null) { + CMS.debug("ProfileSubmitServlet: for renewal, original authenticator " + + origAuthenticator.getName() + " found"); + setCredentialsIntoContext(request, origAuthenticator, ctx); + } else { + CMS.debug("ProfileSubmitServlet: for renewal, original authenticator not found"); + } } CMS.debug("ProfileSubmistServlet: set Inputs into profile Context"); if (isRenewal) { - // for renewal, input needs to be retrieved from the orig req record + // for renewal, input needs to be retrieved from the orig req record CMS.debug("ProfileSubmitServlet: set original Inputs into profile Context"); setInputsIntoContext(origReq, profile, ctx, locale); ctx.set(IEnrollProfile.CTX_RENEWAL, "true"); ctx.set("renewProfileId", renewProfileId); - ctx.set(IEnrollProfile.CTX_RENEWAL_SEQ_NUM, origSeqNum.toString()); + ctx.set(IEnrollProfile.CTX_RENEWAL_SEQ_NUM, origSeqNum.toString()); } else { setInputsIntoContext(request, profile, ctx); } @@ -956,14 +951,14 @@ public class ProfileSubmitServlet extends ProfileServlet { SessionContext context = SessionContext.getContext(); // insert profile context so that input parameter can be retrieved - context.put("profileContext", ctx); - context.put("sslClientCertProvider", - new SSLClientCertProvider(request)); + context.put("profileContext", ctx); + context.put("sslClientCertProvider", + new SSLClientCertProvider(request)); CMS.debug("ProfileSubmitServlet: set sslClientCertProvider"); if ((isRenewal == true) && (origSubjectDN != null)) - context.put("origSubjectDN", origSubjectDN); + context.put("origSubjectDN", origSubjectDN); if (statsSub != null) { - statsSub.startTiming("profile_authentication"); + statsSub.startTiming("profile_authentication"); } if (authenticator != null) { @@ -972,23 +967,24 @@ public class ProfileSubmitServlet extends ProfileServlet { String uid_cred = "Unidentified"; String uid_attempted_cred = "Unidentified"; Enumeration<String> authIds = authenticator.getValueNames(); - //Attempt to possibly fetch attemped uid, may not always be available. + // Attempt to possibly fetch attemped uid, may not always be + // available. if (authIds != null) { while (authIds.hasMoreElements()) { - String authName = authIds.nextElement(); - String value = request.getParameter(authName); + String authName = authIds.nextElement(); + String value = request.getParameter(authName); if (value != null) { - if (authName.equals("uid")) { - uid_attempted_cred = value; - } + if (authName.equals("uid")) { + uid_attempted_cred = value; + } } } } - String authSubjectID = auditSubjectID(); + String authSubjectID = auditSubjectID(); - String authMgrID = authenticator.getName(); - String auditMessage = null; + String authMgrID = authenticator.getName(); + String auditMessage = null; try { if (isRenewal) { CMS.debug("ProfileSubmitServlet: renewal authenticate begins"); @@ -998,25 +994,25 @@ public class ProfileSubmitServlet extends ProfileServlet { authToken = authenticate(authenticator, request); } } catch (EBaseException e) { - CMS.debug("ProfileSubmitServlet: authentication error " + - e.toString()); + CMS.debug("ProfileSubmitServlet: authentication error " + + e.toString()); // authentication error if (xmlOutput) { outputError(response, CMS.getUserMessage(locale, "CMS_AUTHENTICATION_ERROR")); } else { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_AUTHENTICATION_ERROR")); + "CMS_AUTHENTICATION_ERROR")); outputTemplate(request, response, args); } if (statsSub != null) { - statsSub.endTiming("authentication"); + statsSub.endTiming("authentication"); } if (statsSub != null) { - statsSub.endTiming("enrollment"); + statsSub.endTiming("enrollment"); } - //audit log our authentication failure + // audit log our authentication failure authSubjectID += " : " + uid_cred; auditMessage = CMS.getLogMessage( @@ -1030,9 +1026,10 @@ public class ProfileSubmitServlet extends ProfileServlet { return; } - //Log successful authentication + // Log successful authentication - //Attempt to get uid from authToken, most tokens respond to the "uid" cred. + // Attempt to get uid from authToken, most tokens respond to the + // "uid" cred. uid_cred = authToken.getInString("uid"); if (uid_cred == null || uid_cred.length() == 0) { @@ -1040,7 +1037,7 @@ public class ProfileSubmitServlet extends ProfileServlet { } authSubjectID = authSubjectID + " : " + uid_cred; - + // store a message in the signed audit log file auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_AUTH_SUCCESS, @@ -1052,7 +1049,7 @@ public class ProfileSubmitServlet extends ProfileServlet { } if (statsSub != null) { - statsSub.endTiming("profile_authentication"); + statsSub.endTiming("profile_authentication"); } // authentication success @@ -1061,23 +1058,23 @@ public class ProfileSubmitServlet extends ProfileServlet { // do profile authorization String acl = null; if (isRenewal) - acl = renewProfile.getAuthzAcl(); + acl = renewProfile.getAuthzAcl(); else - acl = profile.getAuthzAcl(); - CMS.debug("ProfileSubmitServlet: authz using acl: "+acl); + acl = profile.getAuthzAcl(); + CMS.debug("ProfileSubmitServlet: authz using acl: " + acl); if (acl != null && acl.length() > 0) { try { String resource = profileId + ".authz.acl"; AuthzToken authzToken = authorize(mAclMethod, resource, authToken, acl); } catch (Exception e) { - CMS.debug("ProfileSubmitServlet authorize: "+e.toString()); + CMS.debug("ProfileSubmitServlet authorize: " + e.toString()); if (xmlOutput) { - outputError(response, CMS.getUserMessage(locale, - "CMS_AUTHORIZATION_ERROR")); + outputError(response, CMS.getUserMessage(locale, + "CMS_AUTHORIZATION_ERROR")); } else { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_AUTHORIZATION_ERROR")); + "CMS_AUTHORIZATION_ERROR")); outputTemplate(request, response, args); } @@ -1089,11 +1086,11 @@ public class ProfileSubmitServlet extends ProfileServlet { IRequest reqs[] = null; if (statsSub != null) { - statsSub.startTiming("request_population"); + statsSub.startTiming("request_population"); } - /////////////////////////////////////////////// + // ///////////////////////////////////////////// // create request - /////////////////////////////////////////////// + // ///////////////////////////////////////////// try { reqs = profile.createRequests(ctx, locale); } catch (EProfileException e) { @@ -1107,8 +1104,8 @@ public class ProfileSubmitServlet extends ProfileServlet { outputTemplate(request, response, args); } if (statsSub != null) { - statsSub.endTiming("request_population"); - statsSub.endTiming("enrollment"); + statsSub.endTiming("request_population"); + statsSub.endTiming("enrollment"); } return; } catch (Throwable e) { @@ -1119,44 +1116,44 @@ public class ProfileSubmitServlet extends ProfileServlet { } else { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); } if (statsSub != null) { - statsSub.endTiming("request_population"); - statsSub.endTiming("enrollment"); + statsSub.endTiming("request_population"); + statsSub.endTiming("enrollment"); } return; } String errorCode = null; - String errorReason = null; + String errorReason = null; - /////////////////////////////////////////////// + // ///////////////////////////////////////////// // populate request - /////////////////////////////////////////////// + // ///////////////////////////////////////////// for (int k = 0; k < reqs.length; k++) { boolean fromRA = false; String uid = ""; // adding parameters to request if (isRenewal) { - setInputsIntoRequest(origReq, profile, reqs[k], locale); - // set orig expiration date to be used in Validity constraint - reqs[k].setExtData("origNotAfter", - BigInteger.valueOf(origNotAfter.getTime())); - // set subjectDN to be used in subject name default - reqs[k].setExtData(IProfileAuthenticator.AUTHENTICATED_NAME, origSubjectDN); - // set request type - reqs[k].setRequestType("renewal"); + setInputsIntoRequest(origReq, profile, reqs[k], locale); + // set orig expiration date to be used in Validity constraint + reqs[k].setExtData("origNotAfter", + BigInteger.valueOf(origNotAfter.getTime())); + // set subjectDN to be used in subject name default + reqs[k].setExtData(IProfileAuthenticator.AUTHENTICATED_NAME, origSubjectDN); + // set request type + reqs[k].setRequestType("renewal"); } else - setInputsIntoRequest(request, profile, reqs[k]); + setInputsIntoRequest(request, profile, reqs[k]); // serial auth token into request if (authToken != null) { Enumeration<String> tokenNames = authToken.getElements(); while (tokenNames.hasMoreElements()) { - String tokenName = tokenNames.nextElement(); + String tokenName = tokenNames.nextElement(); String[] tokenVals = authToken.getInStringArray(tokenName); if (tokenVals != null) { for (int i = 0; i < tokenVals.length; i++) { @@ -1181,7 +1178,7 @@ public class ProfileSubmitServlet extends ProfileServlet { } if (fromRA) { - CMS.debug("ProfileSubmitServlet: request from RA: "+ uid); + CMS.debug("ProfileSubmitServlet: request from RA: " + uid); reqs[k].setExtData(ARG_REQUEST_OWNER, uid); } @@ -1200,13 +1197,13 @@ public class ProfileSubmitServlet extends ProfileServlet { outputError(response, FAILED, CMS.getUserMessage("CMS_PROFILE_NO_POLICY_SET_FOUND"), reqs[k].getRequestId().toString()); } else { args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage("CMS_PROFILE_NO_POLICY_SET_FOUND")); + args.set(ARG_ERROR_REASON, + CMS.getUserMessage("CMS_PROFILE_NO_POLICY_SET_FOUND")); outputTemplate(request, response, args); } if (statsSub != null) { - statsSub.endTiming("request_population"); - statsSub.endTiming("enrollment"); + statsSub.endTiming("request_population"); + statsSub.endTiming("enrollment"); } return; } @@ -1216,13 +1213,13 @@ public class ProfileSubmitServlet extends ProfileServlet { reqs[k].setExtData(ARG_PROFILE_REMOTE_HOST, request.getRemoteHost()); reqs[k].setExtData(ARG_PROFILE_REMOTE_ADDR, request.getRemoteAddr()); - CMS.debug("ProfileSubmitServlet: request " + - reqs[k].getRequestId().toString()); + CMS.debug("ProfileSubmitServlet: request " + + reqs[k].getRequestId().toString()); try { CMS.debug("ProfileSubmitServlet: populating request inputs"); // give authenticator a chance to populate the request - if (authenticator != null) { + if (authenticator != null) { authenticator.populate(authToken, reqs[k]); } profile.populateInput(ctx, reqs[k]); @@ -1237,31 +1234,31 @@ public class ProfileSubmitServlet extends ProfileServlet { outputTemplate(request, response, args); } if (statsSub != null) { - statsSub.endTiming("request_population"); - statsSub.endTiming("enrollment"); + statsSub.endTiming("request_population"); + statsSub.endTiming("enrollment"); } return; } catch (Throwable e) { CMS.debug("ProfileSubmitServlet: populate " + e.toString()); - // throw new IOException("Profile " + profileId + - // " cannot populate"); + // throw new IOException("Profile " + profileId + + // " cannot populate"); if (xmlOutput) { outputError(response, FAILED, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"), reqs[k].getRequestId().toString()); } else { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); } if (statsSub != null) { - statsSub.endTiming("request_population"); - statsSub.endTiming("enrollment"); + statsSub.endTiming("request_population"); + statsSub.endTiming("enrollment"); } return; } } if (statsSub != null) { - statsSub.endTiming("request_population"); + statsSub.endTiming("request_population"); } String auditMessage = null; @@ -1270,9 +1267,9 @@ public class ProfileSubmitServlet extends ProfileServlet { String auditInfoCertValue = ILogger.SIGNED_AUDIT_EMPTY_VALUE; try { - /////////////////////////////////////////////// + // ///////////////////////////////////////////// // submit request - /////////////////////////////////////////////// + // ///////////////////////////////////////////// String requestIds = ""; // deliminated with double space for (int k = 0; k < reqs.length; k++) { try { @@ -1281,15 +1278,15 @@ public class ProfileSubmitServlet extends ProfileServlet { // print request debug if (reqs[k] != null) { - requestIds += " "+reqs[k].getRequestId().toString(); - Enumeration<String> reqKeys = reqs[k].getExtDataKeys(); - while (reqKeys.hasMoreElements()) { - String reqKey = reqKeys.nextElement(); - String reqVal = reqs[k].getExtDataInString(reqKey); - if (reqVal != null) { - CMS.debug("ProfileSubmitServlet: key=$request." + reqKey + "$ value=" + reqVal); + requestIds += " " + reqs[k].getRequestId().toString(); + Enumeration<String> reqKeys = reqs[k].getExtDataKeys(); + while (reqKeys.hasMoreElements()) { + String reqKey = reqKeys.nextElement(); + String reqVal = reqs[k].getExtDataInString(reqKey); + if (reqVal != null) { + CMS.debug("ProfileSubmitServlet: key=$request." + reqKey + "$ value=" + reqVal); + } } - } } profile.submit(authToken, reqs[k]); @@ -1319,16 +1316,16 @@ public class ProfileSubmitServlet extends ProfileServlet { // need to notify INotify notify = profile.getRequestQueue().getPendingNotify(); if (notify != null) { - notify.notify(reqs[k]); + notify.notify(reqs[k]); } - + CMS.debug("ProfileSubmitServlet: submit " + e.toString()); errorCode = "2"; errorReason = CMS.getUserMessage(locale, "CMS_PROFILE_DEFERRED", e.toString()); } catch (ERejectException e) { - // return error to the user + // return error to the user reqs[k].setRequestStatus(RequestStatus.REJECTED); CMS.debug("ProfileSubmitServlet: submit " + e.toString()); errorCode = "3"; @@ -1343,7 +1340,7 @@ public class ProfileSubmitServlet extends ProfileServlet { "CMS_INTERNAL_ERROR"); } - try { + try { if (errorCode == null) { profile.getRequestQueue().markAsServiced(reqs[k]); } else { @@ -1351,7 +1348,7 @@ public class ProfileSubmitServlet extends ProfileServlet { } } catch (EBaseException e) { CMS.debug("ProfileSubmitServlet: updateRequest " + - e.toString()); + e.toString()); } if (errorCode != null) { @@ -1396,7 +1393,7 @@ public class ProfileSubmitServlet extends ProfileServlet { ArgSet requestset = new ArgSet(); requestset.set(ARG_REQUEST_ID, - reqs[k].getRequestId().toString()); + reqs[k].getRequestId().toString()); requestlist.add(requestset); } args.set(ARG_REQUEST_LIST, requestlist); @@ -1405,14 +1402,14 @@ public class ProfileSubmitServlet extends ProfileServlet { outputTemplate(request, response, args); } if (statsSub != null) { - statsSub.endTiming("enrollment"); + statsSub.endTiming("enrollment"); } return; } - /////////////////////////////////////////////// - // output output list - /////////////////////////////////////////////// + // ///////////////////////////////////////////// + // output output list + // ///////////////////////////////////////////// if (xmlOutput) { xmlOutput(response, profile, locale, reqs); } else { @@ -1431,7 +1428,7 @@ public class ProfileSubmitServlet extends ProfileServlet { ArgSet requestset = new ArgSet(); requestset.set(ARG_REQUEST_ID, - reqs[k].getRequestId().toString()); + reqs[k].getRequestId().toString()); requestlist.add(requestset); } args.set(ARG_REQUEST_LIST, requestlist); @@ -1454,14 +1451,14 @@ public class ProfileSubmitServlet extends ProfileServlet { audit(auditMessage); if (statsSub != null) { - statsSub.endTiming("enrollment"); + statsSub.endTiming("enrollment"); } throw eAudit1; } finally { SessionContext.releaseContext(); } if (statsSub != null) { - statsSub.endTiming("enrollment"); + statsSub.endTiming("enrollment"); } } @@ -1473,19 +1470,19 @@ public class ProfileSubmitServlet extends ProfileServlet { Node root = xmlObj.createRoot("XMLResponse"); xmlObj.addItemToContainer(root, "Status", SUCCESS); Node n = xmlObj.createContainer(root, "Requests"); - CMS.debug("ProfileSubmitServlet xmlOutput: req len = " +reqs.length); + CMS.debug("ProfileSubmitServlet xmlOutput: req len = " + reqs.length); - for (int i=0; i<reqs.length; i++) { + for (int i = 0; i < reqs.length; i++) { Node subnode = xmlObj.createContainer(n, "Request"); xmlObj.addItemToContainer(subnode, "Id", reqs[i].getRequestId().toString()); X509CertInfo certInfo = - reqs[i].getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); + reqs[i].getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); if (certInfo != null) { - String subject = ""; - subject = (String) certInfo.get(X509CertInfo.SUBJECT).toString(); - xmlObj.addItemToContainer(subnode, "SubjectDN", subject); + String subject = ""; + subject = (String) certInfo.get(X509CertInfo.SUBJECT).toString(); + xmlObj.addItemToContainer(subnode, "SubjectDN", subject); } else { - CMS.debug("ProfileSubmitServlet xmlOutput: no certInfo found in request"); + CMS.debug("ProfileSubmitServlet xmlOutput: no certInfo found in request"); } Enumeration<String> outputIds = profile.getProfileOutputIds(); if (outputIds != null) { @@ -1501,23 +1498,23 @@ public class ProfileSubmitServlet extends ProfileServlet { try { String outputValue = profileOutput.getValue(outputName, locale, reqs[i]); if (outputName.equals("b64_cert")) { - String ss = Cert.normalizeCertStrAndReq(outputValue); - outputValue = Cert.stripBrackets(ss); - byte[] bcode = CMS.AtoB(outputValue); - X509CertImpl impl = new X509CertImpl(bcode); - xmlObj.addItemToContainer(subnode, - "serialno", impl.getSerialNumber().toString(16)); - xmlObj.addItemToContainer(subnode, "b64", outputValue); + String ss = Cert.normalizeCertStrAndReq(outputValue); + outputValue = Cert.stripBrackets(ss); + byte[] bcode = CMS.AtoB(outputValue); + X509CertImpl impl = new X509CertImpl(bcode); + xmlObj.addItemToContainer(subnode, + "serialno", impl.getSerialNumber().toString(16)); + xmlObj.addItemToContainer(subnode, "b64", outputValue); }// if b64_cert else if (outputName.equals("pkcs7")) { - String ss = Cert.normalizeCertStrAndReq(outputValue); - xmlObj.addItemToContainer(subnode, "pkcs7", ss); + String ss = Cert.normalizeCertStrAndReq(outputValue); + xmlObj.addItemToContainer(subnode, "pkcs7", ss); } - + } catch (EProfileException e) { - CMS.debug("ProfileSubmitServlet xmlOutput: "+e.toString()); + CMS.debug("ProfileSubmitServlet xmlOutput: " + e.toString()); } catch (Exception e) { - CMS.debug("ProfileSubmitServlet xmlOutput: "+e.toString()); + CMS.debug("ProfileSubmitServlet xmlOutput: " + e.toString()); } } } @@ -1534,11 +1531,11 @@ public class ProfileSubmitServlet extends ProfileServlet { /** * Signed Audit Log Requester ID - * - * This method is called to obtain the "RequesterID" for - * a signed audit log message. + * + * This method is called to obtain the "RequesterID" for a signed audit log + * message. * <P> - * + * * @param request the actual request * @return id string containing the signed audit log message RequesterID */ @@ -1564,11 +1561,11 @@ public class ProfileSubmitServlet extends ProfileServlet { /** * Signed Audit Log Info Certificate Value - * + * * This method is called to obtain the certificate from the passed in * "X509CertImpl" for a signed audit log message. * <P> - * + * * @param request request containing an X509CertImpl * @return cert string containing the certificate */ diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/SSLClientCertProvider.java b/pki/base/common/src/com/netscape/cms/servlet/profile/SSLClientCertProvider.java index 989710e3..0114f632 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/SSLClientCertProvider.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/SSLClientCertProvider.java @@ -32,9 +32,8 @@ public class SSLClientCertProvider implements ISSLClientCertProvider { public X509Certificate[] getClientCertificateChain() { X509Certificate[] allCerts = (X509Certificate[]) - mRequest.getAttribute("javax.servlet.request.X509Certificate"); + mRequest.getAttribute("javax.servlet.request.X509Certificate"); return allCerts; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/CertReqParser.java b/pki/base/common/src/com/netscape/cms/servlet/request/CertReqParser.java index 6a9ccac5..2f14fe71 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/CertReqParser.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/CertReqParser.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.request; - import java.io.ByteArrayInputStream; import java.io.IOException; import java.lang.reflect.Array; @@ -61,18 +60,15 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.RawJS; - /** * Output a 'pretty print' of a certificate request - * + * * @version $Revision$, $Date$ */ public class CertReqParser extends ReqParser { - - public static final CertReqParser - DETAIL_PARSER = new CertReqParser(true); - public static final CertReqParser - NODETAIL_PARSER = new CertReqParser(false); + + public static final CertReqParser DETAIL_PARSER = new CertReqParser(true); + public static final CertReqParser NODETAIL_PARSER = new CertReqParser(false); private boolean mDetails = true; private IPrettyPrintFormat pp = null; @@ -86,7 +82,7 @@ public class CertReqParser extends ReqParser { /** * Constructs a certificate request parser. - * + * * @param details return detailed information (this can be time consuming) */ public CertReqParser(boolean details) { @@ -101,34 +97,30 @@ public class CertReqParser extends ReqParser { private static final String RB = "]"; private static final String EQ = " = "; - private static final String - HTTP_PARAMS_COUNTER = IRequest.HTTP_PARAMS + LB + "httpParamsCount++" + RB; - private static final String - HTTP_HEADERS_COUNTER = IRequest.HTTP_HEADERS + LB + "httpHeadersCount++" + RB; - private static final String - AUTH_TOKEN_COUNTER = IRequest.AUTH_TOKEN + LB + "authTokenCount++" + RB; - private static final String - SERVER_ATTRS_COUNTER = IRequest.SERVER_ATTRS + LB + "serverAttrsCount++" + RB; + private static final String HTTP_PARAMS_COUNTER = IRequest.HTTP_PARAMS + LB + "httpParamsCount++" + RB; + private static final String HTTP_HEADERS_COUNTER = IRequest.HTTP_HEADERS + LB + "httpHeadersCount++" + RB; + private static final String AUTH_TOKEN_COUNTER = IRequest.AUTH_TOKEN + LB + "authTokenCount++" + RB; + private static final String SERVER_ATTRS_COUNTER = IRequest.SERVER_ATTRS + LB + "serverAttrsCount++" + RB; /** * Fills in certificate specific request attributes. */ public void fillRequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg) - throws EBaseException { + throws EBaseException { if (req.getExtDataInCertInfoArray(IRequest.CERT_INFO) != null) { - fillX509RequestIntoArg(l, req, argSet, arg); + fillX509RequestIntoArg(l, req, argSet, arg); } else if (req.getExtDataInRevokedCertArray(IRequest.CERT_INFO) != null) { - fillRevokeRequestIntoArg(l, req, argSet, arg); + fillRevokeRequestIntoArg(l, req, argSet, arg); } else { - //o = req.get(IRequest.OLD_CERTS); - //if (o != null) - fillRevokeRequestIntoArg(l, req, argSet, arg); + // o = req.get(IRequest.OLD_CERTS); + // if (o != null) + fillRevokeRequestIntoArg(l, req, argSet, arg); } } - + private void fillX509RequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg) - throws EBaseException { - + throws EBaseException { + // fill in the standard attributes super.fillRequestIntoArg(l, req, argSet, arg); @@ -138,19 +130,19 @@ public class CertReqParser extends ReqParser { Enumeration<String> enum1 = req.getExtDataKeys(); // gross hack - String prefix = "record."; + String prefix = "record."; if (argSet.getHeader() == arg) prefix = "header."; while (enum1.hasMoreElements()) { - String name = enum1.nextElement(); + String name = enum1.nextElement(); if (mDetails) { // show all http parameters stored in request. if (name.equalsIgnoreCase(IRequest.HTTP_PARAMS)) { Hashtable<String, ?> http_params = req.getExtDataInHashtable(name); - // show certType specially + // show certType specially String certType = (String) http_params.get(IRequest.CERT_TYPE); if (certType != null) { @@ -166,16 +158,16 @@ public class CertReqParser extends ReqParser { Enumeration<String> elms = http_params.keys(); while (elms.hasMoreElements()) { - String parami = - IRequest.HTTP_PARAMS + LB + String.valueOf(counter++) + RB; + String parami = + IRequest.HTTP_PARAMS + LB + String.valueOf(counter++) + RB; // hack - String n = elms.nextElement(); + String n = elms.nextElement(); String rawJS = "new Object;\n\r" + - prefix + parami + ".name=\"" + - CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" + - prefix + parami + ".value=\"" + - CMSTemplate.escapeJavaScriptStringHTML( - http_params.get(n).toString()) + "\""; + prefix + parami + ".name=\"" + + CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" + + prefix + parami + ".value=\"" + + CMSTemplate.escapeJavaScriptStringHTML( + http_params.get(n).toString()) + "\""; arg.set(parami, new RawJS(rawJS)); } @@ -186,16 +178,16 @@ public class CertReqParser extends ReqParser { int counter = 0; while (elms.hasMoreElements()) { - String parami = - IRequest.HTTP_HEADERS + LB + String.valueOf(counter++) + RB; + String parami = + IRequest.HTTP_HEADERS + LB + String.valueOf(counter++) + RB; // hack - String n = elms.nextElement(); + String n = elms.nextElement(); String rawJS = "new Object;\n\r" + - prefix + parami + ".name=\"" + - CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" + - prefix + parami + ".value=\"" + - CMSTemplate.escapeJavaScriptStringHTML( - http_hdrs.get(n).toString()) + "\""; + prefix + parami + ".name=\"" + + CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" + + prefix + parami + ".value=\"" + + CMSTemplate.escapeJavaScriptStringHTML( + http_hdrs.get(n).toString()) + "\""; arg.set(parami, new RawJS(rawJS)); } @@ -206,23 +198,24 @@ public class CertReqParser extends ReqParser { int counter = 0; while (elms.hasMoreElements()) { - String parami = - IRequest.AUTH_TOKEN + LB + String.valueOf(counter++) + RB; + String parami = + IRequest.AUTH_TOKEN + LB + String.valueOf(counter++) + RB; // hack - String n = elms.nextElement(); + String n = elms.nextElement(); Object authTokenValue = auth_token.getInStringArray(n); if (authTokenValue == null) { authTokenValue = auth_token.getInString(n); } String v = expandValue(prefix + parami + ".value", - authTokenValue); + authTokenValue); String rawJS = "new Object;\n\r" + - prefix + parami + ".name=\"" + - CMSTemplate.escapeJavaScriptString(n) + "\";\n" + v; + prefix + parami + ".name=\"" + + CMSTemplate.escapeJavaScriptString(n) + "\";\n" + v; arg.set(parami, new RawJS(rawJS)); } - } // all others are request attrs from policy or internal modules. + } // all others are request attrs from policy or internal + // modules. else { Object val; if (req.isSimpleExtDataValue(name)) { @@ -235,41 +228,41 @@ public class CertReqParser extends ReqParser { } String valstr = ""; // hack - String parami = - IRequest.SERVER_ATTRS + LB + String.valueOf(saCounter++) + RB; + String parami = + IRequest.SERVER_ATTRS + LB + String.valueOf(saCounter++) + RB; if (name.equalsIgnoreCase(IRequest.ISSUED_CERTS) && mDetails && - (req.getRequestStatus().toString().equals(RequestStatus.COMPLETE_STRING) || + (req.getRequestStatus().toString().equals(RequestStatus.COMPLETE_STRING) || req.getRequestType().equals(IRequest.GETREVOCATIONINFO_REQUEST))) { X509CertImpl issuedCert[] = - req.getExtDataInCertArray(IRequest.ISSUED_CERTS); + req.getExtDataInCertArray(IRequest.ISSUED_CERTS); if (issuedCert != null && issuedCert[0] != null) { - val = "<pre>"+CMS.getCertPrettyPrint(issuedCert[0]).toString(l)+"</pre>"; + val = "<pre>" + CMS.getCertPrettyPrint(issuedCert[0]).toString(l) + "</pre>"; } } else if (name.equalsIgnoreCase(IRequest.CERT_INFO) && mDetails) { X509CertInfo[] certInfo = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); if (certInfo != null && certInfo[0] != null) { - val = "<pre>"+certInfo[0].toString()+"</pre>"; + val = "<pre>" + certInfo[0].toString() + "</pre>"; } } valstr = expandValue(prefix + parami + ".value", val); String rawJS = "new Object;\n\r" + - prefix + parami + ".name=\"" + - CMSTemplate.escapeJavaScriptString(name) + "\";\n" + - valstr; // java string already escaped in expandValue. + prefix + parami + ".name=\"" + + CMSTemplate.escapeJavaScriptString(name) + "\";\n" + + valstr; // java string already escaped in + // expandValue. arg.set(parami, new RawJS(rawJS)); } } if (name.equalsIgnoreCase(IRequest.REQUESTOR_PHONE) - || name.equalsIgnoreCase(IRequest.REQUESTOR_EMAIL) - || name.equalsIgnoreCase(IRequest.REQUESTOR_COMMENTS) - || name.equalsIgnoreCase(IRequest.RESULT) - || name.equalsIgnoreCase(IRequest.REQUEST_TRUSTEDMGR_PRIVILEGE) - ) { + || name.equalsIgnoreCase(IRequest.REQUESTOR_EMAIL) + || name.equalsIgnoreCase(IRequest.REQUESTOR_COMMENTS) + || name.equalsIgnoreCase(IRequest.RESULT) + || name.equalsIgnoreCase(IRequest.REQUEST_TRUSTEDMGR_PRIVILEGE)) { arg.addStringValue(name, req.getExtDataInString(name)); } @@ -299,12 +292,12 @@ public class CertReqParser extends ReqParser { } if (name.equalsIgnoreCase(IRequest.CERT_INFO)) { - // Get the certificate info from the request + // Get the certificate info from the request X509CertInfo[] certInfo = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); if (certInfo != null && certInfo[0] != null) { - // Get the subject name if any set. + // Get the subject name if any set. CertificateSubjectName subjectName = null; String signatureAlgorithm = null; String signatureAlgorithmName = null; @@ -332,9 +325,9 @@ public class CertReqParser extends ReqParser { if (mDetails) { try { CertificateAlgorithmId certAlgId = (CertificateAlgorithmId) - certInfo[0].get(X509CertInfo.ALGORITHM_ID); + certInfo[0].get(X509CertInfo.ALGORITHM_ID); AlgorithmId algId = (AlgorithmId) - certAlgId.get(CertificateAlgorithmId.ALGORITHM); + certAlgId.get(CertificateAlgorithmId.ALGORITHM); signatureAlgorithm = (algId.getOID()).toString(); signatureAlgorithmName = algId.getName(); @@ -362,36 +355,36 @@ public class CertReqParser extends ReqParser { // only know about ns cert type if (ext instanceof NSCertTypeExtension) { - NSCertTypeExtension nsExtensions = - (NSCertTypeExtension) ext; + NSCertTypeExtension nsExtensions = + (NSCertTypeExtension) ext; try { arg.addStringValue("ext_" + NSCertTypeExtension.SSL_SERVER, - nsExtensions.get(NSCertTypeExtension.SSL_SERVER).toString()); + nsExtensions.get(NSCertTypeExtension.SSL_SERVER).toString()); arg.addStringValue("ext_" + NSCertTypeExtension.SSL_CLIENT, - nsExtensions.get(NSCertTypeExtension.SSL_CLIENT).toString()); + nsExtensions.get(NSCertTypeExtension.SSL_CLIENT).toString()); arg.addStringValue("ext_" + NSCertTypeExtension.EMAIL, - nsExtensions.get(NSCertTypeExtension.EMAIL).toString()); + nsExtensions.get(NSCertTypeExtension.EMAIL).toString()); arg.addStringValue("ext_" + NSCertTypeExtension.OBJECT_SIGNING, - nsExtensions.get(NSCertTypeExtension.OBJECT_SIGNING).toString()); + nsExtensions.get(NSCertTypeExtension.OBJECT_SIGNING).toString()); arg.addStringValue("ext_" + NSCertTypeExtension.SSL_CA, - nsExtensions.get(NSCertTypeExtension.SSL_CA).toString()); + nsExtensions.get(NSCertTypeExtension.SSL_CA).toString()); arg.addStringValue("ext_" + NSCertTypeExtension.EMAIL_CA, - nsExtensions.get(NSCertTypeExtension.EMAIL_CA).toString()); + nsExtensions.get(NSCertTypeExtension.EMAIL_CA).toString()); arg.addStringValue("ext_" + NSCertTypeExtension.OBJECT_SIGNING_CA, - nsExtensions.get(NSCertTypeExtension.OBJECT_SIGNING_CA).toString()); + nsExtensions.get(NSCertTypeExtension.OBJECT_SIGNING_CA).toString()); } catch (Exception e) { } } else if (ext instanceof BasicConstraintsExtension) { - BasicConstraintsExtension bcExt = - (BasicConstraintsExtension) ext; + BasicConstraintsExtension bcExt = + (BasicConstraintsExtension) ext; Integer pathLength = null; Boolean isCA = null; @@ -410,8 +403,8 @@ public class CertReqParser extends ReqParser { IArgBlock rr = CMS.createArgBlock(); rr.addStringValue( - EXT_PRETTYPRINT, - CMS.getExtPrettyPrint(ext, 0).toString()); + EXT_PRETTYPRINT, + CMS.getExtPrettyPrint(ext, 0).toString()); argSet.addRepeatRecord(rr); } } @@ -419,7 +412,7 @@ public class CertReqParser extends ReqParser { } - // Get the public key + // Get the public key CertificateX509Key certKey = null; try { @@ -440,17 +433,17 @@ public class CertReqParser extends ReqParser { if (key != null) { arg.addStringValue("subjectPublicKeyInfo", - key.getAlgorithm() + " - " + key.getAlgorithmId().getOID().toString()); + key.getAlgorithm() + " - " + key.getAlgorithmId().getOID().toString()); arg.addStringValue("subjectPublicKey", - pp.toHexString(key.getKey(), 0, 16)); + pp.toHexString(key.getKey(), 0, 16)); } - // Get the validity period + // Get the validity period CertificateValidity validity = null; try { validity = - (CertificateValidity) + (CertificateValidity) certInfo[0].get(X509CertInfo.VALIDITY); if (validity != null) { long validityLength = (((Date) validity.get(CertificateValidity.NOT_AFTER)).getTime() - ((Date) validity.get(CertificateValidity.NOT_BEFORE)).getTime()) / 1000; @@ -475,7 +468,7 @@ public class CertReqParser extends ReqParser { IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - oldSerialNo[i], 16); + oldSerialNo[i], 16); argSet.addRepeatRecord(rarg); } } @@ -483,10 +476,10 @@ public class CertReqParser extends ReqParser { } if (name.equalsIgnoreCase(IRequest.ISSUED_CERTS) && mDetails && - (req.getRequestStatus().toString().equals(RequestStatus.COMPLETE_STRING) || + (req.getRequestStatus().toString().equals(RequestStatus.COMPLETE_STRING) || req.getRequestType().equals(IRequest.GETREVOCATIONINFO_REQUEST))) { X509CertImpl issuedCert[] = - req.getExtDataInCertArray(IRequest.ISSUED_CERTS); + req.getExtDataInCertArray(IRequest.ISSUED_CERTS); arg.addBigIntegerValue("serialNumber", issuedCert[0].getSerialNumber(), 16); // Set Serial No for 2nd certificate @@ -495,7 +488,7 @@ public class CertReqParser extends ReqParser { } if (name.equalsIgnoreCase(IRequest.OLD_CERTS) && mDetails) { X509CertImpl oldCert[] = - req.getExtDataInCertArray(IRequest.OLD_CERTS); + req.getExtDataInCertArray(IRequest.OLD_CERTS); if (oldCert != null && oldCert.length > 0) { arg.addBigIntegerValue("serialNumber", oldCert[0].getSerialNumber(), 16); @@ -505,7 +498,7 @@ public class CertReqParser extends ReqParser { IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - oldCert[i].getSerialNumber(), 16); + oldCert[i].getSerialNumber(), 16); argSet.addRepeatRecord(rarg); } } @@ -526,7 +519,7 @@ public class CertReqParser extends ReqParser { IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - cert[i].getSerialNumber(), 16); + cert[i].getSerialNumber(), 16); argSet.addRepeatRecord(rarg); } } catch (IOException e) { @@ -535,16 +528,16 @@ public class CertReqParser extends ReqParser { } } if (name.equalsIgnoreCase(IRequest.FINGERPRINTS) && mDetails) { - Hashtable<String, Object> fingerprints = - req.getExtDataInHashtable(IRequest.FINGERPRINTS); + Hashtable<String, Object> fingerprints = + req.getExtDataInHashtable(IRequest.FINGERPRINTS); if (fingerprints != null) { String namesAndHashes = null; Enumeration<String> enumFingerprints = fingerprints.keys(); - while (enumFingerprints.hasMoreElements()) { + while (enumFingerprints.hasMoreElements()) { String hashname = enumFingerprints.nextElement(); - String hashvalue = (String) fingerprints.get(hashname); + String hashvalue = (String) fingerprints.get(hashname); byte[] fingerprint = CMS.AtoB(hashvalue); String ppFingerprint = pp.toHexString(fingerprint, 0); @@ -578,7 +571,7 @@ public class CertReqParser extends ReqParser { StringBuffer sb = new StringBuffer(); for (@SuppressWarnings("unchecked") - Enumeration<String> n = ((Vector<String>)v).elements(); n.hasMoreElements(); j++) { + Enumeration<String> n = ((Vector<String>) v).elements(); n.hasMoreElements(); j++) { sb.append(";\n"); sb.append(valuename); sb.append(LB); @@ -588,8 +581,8 @@ public class CertReqParser extends ReqParser { sb.append("\""); sb.append( CMSTemplate.escapeJavaScriptStringHTML( - n.nextElement().toString())); - sb.append( "\";\n"); + n.nextElement().toString())); + sb.append("\";\n"); } sb.append("\n"); valstr = sb.toString(); @@ -599,7 +592,7 @@ public class CertReqParser extends ReqParser { // if an array. int len = -1; - try { + try { len = Array.getLength(v); } catch (IllegalArgumentException e) { } @@ -611,7 +604,7 @@ public class CertReqParser extends ReqParser { if (Array.get(v, i) != null) valstr += ";\n" + valuename + LB + i + RB + EQ + "\"" + CMSTemplate.escapeJavaScriptStringHTML( - Array.get(v, i).toString()) + "\";\n"; + Array.get(v, i).toString()) + "\";\n"; } return valstr; } @@ -620,16 +613,16 @@ public class CertReqParser extends ReqParser { // if string or unrecognized type, just call its toString method. return valuename + "=\"" + - CMSTemplate.escapeJavaScriptStringHTML(v.toString()) + "\""; + CMSTemplate.escapeJavaScriptStringHTML(v.toString()) + "\""; } public String getRequestorDN(IRequest request) { try { X509CertInfo info = (X509CertInfo) - request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); + request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); // retrieve the subject name CertificateSubjectName sn = (CertificateSubjectName) - info.get(X509CertInfo.SUBJECT); + info.get(X509CertInfo.SUBJECT); return sn.toString(); } catch (Exception e) { @@ -644,15 +637,15 @@ public class CertReqParser extends ReqParser { String cid = request.getExtDataInString(IRequest.NETKEY_ATTR_CUID); if (cid == null) { - cid = ""; + cid = ""; } String uid = request.getExtDataInString(IRequest.NETKEY_ATTR_USERID); if (uid == null) { - uid = ""; + uid = ""; } - kid = cid+":"+uid; + kid = cid + ":" + uid; if (kid.equals(":")) { - kid = ""; + kid = ""; } return kid; @@ -663,14 +656,14 @@ public class CertReqParser extends ReqParser { } private void fillRevokeRequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg) - throws EBaseException { + throws EBaseException { // fill in the standard attributes super.fillRequestIntoArg(l, req, argSet, arg); arg.addStringValue("certExtsEnabled", "yes"); String profile = req.getExtDataInString("profile"); - //CMS.debug("CertReqParser: profile=" + profile); + // CMS.debug("CertReqParser: profile=" + profile); if (profile != null) { arg.addStringValue("profile", profile); String requestorDN = getRequestorDN(req); @@ -691,7 +684,7 @@ public class CertReqParser extends ReqParser { Enumeration<String> enum1 = req.getExtDataKeys(); // gross hack - String prefix = "record."; + String prefix = "record."; if (argSet.getHeader() == arg) prefix = "header."; @@ -703,7 +696,7 @@ public class CertReqParser extends ReqParser { // show all http parameters stored in request. if (name.equalsIgnoreCase(IRequest.HTTP_PARAMS)) { Hashtable<String, Object> http_params = req.getExtDataInHashtable(name); - // show certType specially + // show certType specially String certType = (String) http_params.get(IRequest.CERT_TYPE); if (certType != null) { @@ -714,16 +707,16 @@ public class CertReqParser extends ReqParser { Enumeration<String> elms = http_params.keys(); while (elms.hasMoreElements()) { - String parami = - IRequest.HTTP_PARAMS + LB + String.valueOf(counter++) + RB; + String parami = + IRequest.HTTP_PARAMS + LB + String.valueOf(counter++) + RB; // hack String n = (String) elms.nextElement(); String rawJS = "new Object;\n\r" + - prefix + parami + ".name=\"" + - CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" + - prefix + parami + ".value=\"" + - CMSTemplate.escapeJavaScriptStringHTML( - http_params.get(n).toString()) + "\""; + prefix + parami + ".name=\"" + + CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" + + prefix + parami + ".value=\"" + + CMSTemplate.escapeJavaScriptStringHTML( + http_params.get(n).toString()) + "\""; arg.set(parami, new RawJS(rawJS)); } @@ -734,16 +727,16 @@ public class CertReqParser extends ReqParser { int counter = 0; while (elms.hasMoreElements()) { - String parami = - IRequest.HTTP_HEADERS + LB + String.valueOf(counter++) + RB; + String parami = + IRequest.HTTP_HEADERS + LB + String.valueOf(counter++) + RB; // hack String n = (String) elms.nextElement(); String rawJS = "new Object;\n\r" + - prefix + parami + ".name=\"" + - CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" + - prefix + parami + ".value=\"" + - CMSTemplate.escapeJavaScriptStringHTML( - http_hdrs.get(n).toString()) + "\""; + prefix + parami + ".name=\"" + + CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" + + prefix + parami + ".value=\"" + + CMSTemplate.escapeJavaScriptStringHTML( + http_hdrs.get(n).toString()) + "\""; arg.set(parami, new RawJS(rawJS)); } @@ -754,20 +747,21 @@ public class CertReqParser extends ReqParser { int counter = 0; while (elms.hasMoreElements()) { - String parami = - IRequest.AUTH_TOKEN + LB + String.valueOf(counter++) + RB; + String parami = + IRequest.AUTH_TOKEN + LB + String.valueOf(counter++) + RB; // hack String n = (String) elms.nextElement(); - String v = - expandValue(prefix + parami + ".value", - auth_token.getInString(n)); + String v = + expandValue(prefix + parami + ".value", + auth_token.getInString(n)); String rawJS = "new Object;\n\r" + - prefix + parami + ".name=\"" + - CMSTemplate.escapeJavaScriptString(n) + "\";\n" + v; + prefix + parami + ".name=\"" + + CMSTemplate.escapeJavaScriptString(n) + "\";\n" + v; arg.set(parami, new RawJS(rawJS)); } - } // all others are request attrs from policy or internal modules. + } // all others are request attrs from policy or internal + // modules. else { Object val; if (req.isSimpleExtDataValue(name)) { @@ -780,25 +774,25 @@ public class CertReqParser extends ReqParser { } String valstr = ""; // hack - String parami = - IRequest.SERVER_ATTRS + LB + String.valueOf(saCounter++) + RB; + String parami = + IRequest.SERVER_ATTRS + LB + String.valueOf(saCounter++) + RB; valstr = expandValue(prefix + parami + ".value", val); String rawJS = "new Object;\n\r" + - prefix + parami + ".name=\"" + - CMSTemplate.escapeJavaScriptString(name) + "\";\n" + - valstr; // java string already escaped in expandValue. + prefix + parami + ".name=\"" + + CMSTemplate.escapeJavaScriptString(name) + "\";\n" + + valstr; // java string already escaped in + // expandValue. arg.set(parami, new RawJS(rawJS)); } } if (name.equalsIgnoreCase(IRequest.REQUESTOR_PHONE) - || name.equalsIgnoreCase(IRequest.REQUESTOR_EMAIL) - || name.equalsIgnoreCase(IRequest.REQUESTOR_COMMENTS) - || name.equalsIgnoreCase(IRequest.RESULT) - || name.equalsIgnoreCase(IRequest.REQUEST_TRUSTEDMGR_PRIVILEGE) - ) { + || name.equalsIgnoreCase(IRequest.REQUESTOR_EMAIL) + || name.equalsIgnoreCase(IRequest.REQUESTOR_COMMENTS) + || name.equalsIgnoreCase(IRequest.RESULT) + || name.equalsIgnoreCase(IRequest.REQUEST_TRUSTEDMGR_PRIVILEGE)) { arg.addStringValue(name, req.getExtDataInString(name)); } @@ -828,7 +822,7 @@ public class CertReqParser extends ReqParser { } if (name.equalsIgnoreCase(IRequest.CERT_INFO)) { - // Get the certificate info from the request + // Get the certificate info from the request RevokedCertImpl revokedCert[] = req.getExtDataInRevokedCertArray(IRequest.CERT_INFO); if (mDetails && revokedCert != null) { @@ -837,7 +831,7 @@ public class CertReqParser extends ReqParser { IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - revokedCert[i].getSerialNumber(), 16); + revokedCert[i].getSerialNumber(), 16); CRLExtensions crlExtensions = revokedCert[i].getExtensions(); @@ -847,19 +841,19 @@ public class CertReqParser extends ReqParser { if (ext instanceof CRLReasonExtension) { rarg.addStringValue("reason", - ((CRLReasonExtension) ext).getReason().toString()); + ((CRLReasonExtension) ext).getReason().toString()); } } } else { rarg.addStringValue("reason", - RevocationReason.UNSPECIFIED.toString()); + RevocationReason.UNSPECIFIED.toString()); } argSet.addRepeatRecord(rarg); } } else { arg.addBigIntegerValue("serialNumber", - revokedCert[0].getSerialNumber(), 16); + revokedCert[0].getSerialNumber(), 16); } } } @@ -873,7 +867,7 @@ public class CertReqParser extends ReqParser { IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - oldSerialNo[i], 16); + oldSerialNo[i], 16); argSet.addRepeatRecord(rarg); } } @@ -881,11 +875,11 @@ public class CertReqParser extends ReqParser { } if (name.equalsIgnoreCase(IRequest.OLD_CERTS) && mDetails) { - //X509CertImpl oldCert[] = - // (X509CertImpl[])req.get(IRequest.OLD_CERTS); + // X509CertImpl oldCert[] = + // (X509CertImpl[])req.get(IRequest.OLD_CERTS); Certificate oldCert[] = - (Certificate[]) req.getExtDataInCertArray(IRequest.OLD_CERTS); - + (Certificate[]) req.getExtDataInCertArray(IRequest.OLD_CERTS); + if (oldCert != null && oldCert.length > 0) { if (oldCert[0] instanceof X509CertImpl) { X509CertImpl xcert = (X509CertImpl) oldCert[0]; @@ -898,7 +892,7 @@ public class CertReqParser extends ReqParser { xcert = (X509CertImpl) oldCert[i]; rarg.addBigIntegerValue("serialNumber", - xcert.getSerialNumber(), 16); + xcert.getSerialNumber(), 16); argSet.addRepeatRecord(rarg); } } @@ -907,9 +901,9 @@ public class CertReqParser extends ReqParser { } if (name.equalsIgnoreCase(IRequest.REVOKED_CERTS) && mDetails && - req.getRequestType().equals("getRevocationInfo")) { - RevokedCertImpl revokedCert[] = - req.getExtDataInRevokedCertArray(IRequest.REVOKED_CERTS); + req.getRequestType().equals("getRevocationInfo")) { + RevokedCertImpl revokedCert[] = + req.getExtDataInRevokedCertArray(IRequest.REVOKED_CERTS); if (revokedCert != null && revokedCert[0] != null) { boolean reasonFound = false; @@ -920,7 +914,7 @@ public class CertReqParser extends ReqParser { if (ext instanceof CRLReasonExtension) { arg.addStringValue("reason", - ((CRLReasonExtension) ext).getReason().toString()); + ((CRLReasonExtension) ext).getReason().toString()); reasonFound = true; } } @@ -931,5 +925,5 @@ public class CertReqParser extends ReqParser { } } } - + } diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java b/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java index 127f2ce8..ce05b408 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.request; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.File; @@ -81,10 +80,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Check the status of a certificate request - * + * * @version $Revision$, $Date$ */ public class CheckRequest extends CMSServlet { @@ -116,15 +114,15 @@ public class CheckRequest extends CMSServlet { /** * Constructs request query servlet. */ - public CheckRequest() - throws EBaseException { + public CheckRequest() + throws EBaseException { super(); } /** * initialize the servlet. This servlet uses the template file * "requestStatus.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -140,12 +138,12 @@ public class CheckRequest extends CMSServlet { * Process the HTTP request. * <ul> * <li>http.param requestId ID of the request to check - * <li>http.param format if 'id', then check the request based on - * the request ID parameter. If set to CMC, then use the - * 'queryPending' parameter. + * <li>http.param format if 'id', then check the request based on the + * request ID parameter. If set to CMC, then use the 'queryPending' + * parameter. * <li>http.param queryPending query formatted as a CMC request * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -166,10 +164,10 @@ public class CheckRequest extends CMSServlet { mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -187,9 +185,9 @@ public class CheckRequest extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -212,13 +210,13 @@ public class CheckRequest extends CMSServlet { isCMCReq = true; byte[] cmcBlob = CMS.AtoB(queryPending); ByteArrayInputStream cmcBlobIn = - new ByteArrayInputStream(cmcBlob); + new ByteArrayInputStream(cmcBlob); org.mozilla.jss.pkix.cms.ContentInfo cii = (org.mozilla.jss.pkix.cms.ContentInfo) - org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn); + org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn); SignedData cmcFullReq = (SignedData) - cii.getInterpretedContent(); - + cii.getInterpretedContent(); + EncapsulatedContentInfo ci = cmcFullReq.getContentInfo(); OBJECT_IDENTIFIER id = ci.getContentType(); @@ -235,7 +233,7 @@ public class CheckRequest extends CMSServlet { for (int i = 0; i < numControls; i++) { // decode message. - TaggedAttribute taggedAttr = (TaggedAttribute) controlSequence.elementAt(i); + TaggedAttribute taggedAttr = (TaggedAttribute) controlSequence.elementAt(i); OBJECT_IDENTIFIER type = taggedAttr.getType(); if (type.equals(OBJECT_IDENTIFIER.id_cmc_QueryPending)) { @@ -246,18 +244,16 @@ public class CheckRequest extends CMSServlet { // We only process one for now. if (numReq > 0) { OCTET_STRING reqId = (OCTET_STRING) - ASN1Util.decode(OCTET_STRING.getTemplate(), - ASN1Util.encode(requestIds.elementAt(0))); + ASN1Util.decode(OCTET_STRING.getTemplate(), + ASN1Util.encode(requestIds.elementAt(0))); requestId = new String(reqId.toByteArray()); } } else if (type.equals(OBJECT_IDENTIFIER.id_cmc_transactionId)) { transIds = taggedAttr.getValues(); - }else if - (type.equals(OBJECT_IDENTIFIER.id_cmc_recipientNonce)) { + } else if (type.equals(OBJECT_IDENTIFIER.id_cmc_recipientNonce)) { rNonces = taggedAttr.getValues(); - } else if - (type.equals(OBJECT_IDENTIFIER.id_cmc_senderNonce)) { + } else if (type.equals(OBJECT_IDENTIFIER.id_cmc_senderNonce)) { sNonces = taggedAttr.getValues(); } } @@ -276,7 +272,7 @@ public class CheckRequest extends CMSServlet { mCACerts = ((ICertAuthority) mAuthority).getCACertChain().getChain(); } catch (Exception e) { throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CA_CHAIN_NOT_AVAILABLE")); + CMS.getUserMessage("CMS_GW_CA_CHAIN_NOT_AVAILABLE")); } if (requestId == null || requestId.trim().equals("")) { @@ -289,34 +285,34 @@ public class CheckRequest extends CMSServlet { log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT_1", requestId)); throw new EBaseException( CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT_1", requestId)); - } + } IRequest r = mQueue.findRequest(new RequestId(requestId)); if (r == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REQUEST_ID_NOT_FOUND_1", requestId)); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_REQUEST_ID_NOT_FOUND", requestId)); + CMS.getUserMessage("CMS_GW_REQUEST_ID_NOT_FOUND", requestId)); } if (authToken != null) { - // if RA, requestOwner must match the group - String group = authToken.getInString("group"); - if ((group != null) && (group != "")) { - if (group.equals("Registration Manager Agents")) { - boolean groupMatched = false; - String requestOwner = r.getExtDataInString("requestOwner"); - if (requestOwner != null) { - if (requestOwner.equals(group)) - groupMatched = true; - } - if (groupMatched == false) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT_1", requestId.toString())); - throw new EBaseException( - CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT_1", requestId)); - } + // if RA, requestOwner must match the group + String group = authToken.getInString("group"); + if ((group != null) && (group != "")) { + if (group.equals("Registration Manager Agents")) { + boolean groupMatched = false; + String requestOwner = r.getExtDataInString("requestOwner"); + if (requestOwner != null) { + if (requestOwner.equals(group)) + groupMatched = true; + } + if (groupMatched == false) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT_1", requestId.toString())); + throw new EBaseException( + CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT_1", requestId)); + } + } } - } } RequestStatus status = r.getRequestStatus(); @@ -327,35 +323,35 @@ public class CheckRequest extends CMSServlet { header.addStringValue(STATUS, status.toString()); header.addLongValue(CREATE_ON, r.getCreationTime().getTime() / 1000); header.addLongValue(UPDATE_ON, r.getModificationTime().getTime() / 1000); - if (note != null && note.length() > 0) + if (note != null && note.length() > 0) header.addStringValue("requestNotes", note); String type = r.getRequestType(); Integer result = r.getExtDataInInteger(IRequest.RESULT); -/* if (type.equals(IRequest.ENROLLMENT_REQUEST) && (r.get("profile") != null) && status.equals(RequestStatus.COMPLETE)) { - X509CertImpl cert = (X509CertImpl) r.get(IEnrollProfile.REQUEST_ISSUED_CERT); - IArgBlock rarg = CMS.createArgBlock(); - - rarg.addBigIntegerValue("serialNumber", - cert.getSerialNumber(), 16); - argSet.addRepeatRecord(rarg); - } -*/ + /* + * if (type.equals(IRequest.ENROLLMENT_REQUEST) && (r.get("profile") != + * null) && status.equals(RequestStatus.COMPLETE)) { X509CertImpl cert = + * (X509CertImpl) r.get(IEnrollProfile.REQUEST_ISSUED_CERT); IArgBlock + * rarg = CMS.createArgBlock(); + * + * rarg.addBigIntegerValue("serialNumber", cert.getSerialNumber(), 16); + * argSet.addRepeatRecord(rarg); } + */ String profileId = r.getExtDataInString("profileId"); if (profileId != null) { - result = IRequest.RES_SUCCESS; + result = IRequest.RES_SUCCESS; } if ((type != null) && (type.equals(IRequest.ENROLLMENT_REQUEST) || - type.equals(IRequest.RENEWAL_REQUEST)) && (status != null) && - status.equals(RequestStatus.COMPLETE) && (result != null) && - result.equals(IRequest.RES_SUCCESS)) { + type.equals(IRequest.RENEWAL_REQUEST)) && (status != null) && + status.equals(RequestStatus.COMPLETE) && (result != null) && + result.equals(IRequest.RES_SUCCESS)) { Object o = r.getExtDataInCertArray(IRequest.ISSUED_CERTS); if (profileId != null) { - X509CertImpl impl[] = new X509CertImpl[1]; - impl[0] = r.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT); - o = impl; + X509CertImpl impl[] = new X509CertImpl[1]; + impl[0] = r.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT); + o = impl; } if (o != null && (o instanceof X509CertImpl[])) { X509CertImpl[] certs = (X509CertImpl[]) o; @@ -366,11 +362,12 @@ public class CheckRequest extends CMSServlet { IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - certs[i].getSerialNumber(), 16); + certs[i].getSerialNumber(), 16); // add pkcs7 cert for importing if (importCert || isCMCReq) { - //byte[] ba = certs[i].getEncoded(); - X509CertImpl[] certsInChain = new X509CertImpl[1];; + // byte[] ba = certs[i].getEncoded(); + X509CertImpl[] certsInChain = new X509CertImpl[1]; + ; if (mCACerts != null) { for (int ii = 0; ii < mCACerts.length; ii++) { if (certs[i].equals(mCACerts[ii])) { @@ -381,10 +378,10 @@ public class CheckRequest extends CMSServlet { certsInChain = new X509CertImpl[mCACerts.length + 1]; } } - + // Set the EE cert certsInChain[0] = certs[i]; - + // Set the Ca certificate chain if (mCACerts != null) { for (int ii = 0; ii < mCACerts.length; ii++) { @@ -396,7 +393,7 @@ public class CheckRequest extends CMSServlet { String p7Str; try { - PKCS7 p7 = new PKCS7(new AlgorithmId[0], + PKCS7 p7 = new PKCS7(new AlgorithmId[0], new netscape.security.pkcs.ContentInfo(new byte[0]), certsInChain, new netscape.security.pkcs.SignerInfo[0]); @@ -407,7 +404,7 @@ public class CheckRequest extends CMSServlet { p7Str = CMS.BtoA(p7Bytes); - StringTokenizer tokenizer = null; + StringTokenizer tokenizer = null; if (File.separator.equals("\\")) { char[] nl = new char[2]; @@ -438,14 +435,14 @@ public class CheckRequest extends CMSServlet { if (bodyPartId != null) bpids.addElement(bodyPartId); CMCStatusInfo cmcStatusInfo = new - CMCStatusInfo(CMCStatusInfo.SUCCESS, bpids); + CMCStatusInfo(CMCStatusInfo.SUCCESS, bpids); TaggedAttribute ta = new TaggedAttribute(new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(ta); - + // copy transactionID, senderNonce, // create recipientNonce if (transIds != null) { @@ -455,7 +452,7 @@ public class CheckRequest extends CMSServlet { transIds); controlSeq.addElement(ta); } - + if (sNonces != null) { ta = new TaggedAttribute(new INTEGER(bpid++), @@ -463,7 +460,7 @@ public class CheckRequest extends CMSServlet { sNonces); controlSeq.addElement(ta); } - + String salt = CMSServlet.generateSalt(); byte[] dig; @@ -475,42 +472,42 @@ public class CheckRequest extends CMSServlet { dig = salt.getBytes(); } String b64E = CMS.BtoA(dig); - String[] newNonce = {b64E}; + String[] newNonce = { b64E }; ta = new TaggedAttribute(new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_senderNonce, new OCTET_STRING(newNonce[0].getBytes())); controlSeq.addElement(ta); - + ResponseBody rb = new ResponseBody(controlSeq, new SEQUENCE(), new SEQUENCE()); EncapsulatedContentInfo ci = new - EncapsulatedContentInfo(OBJECT_IDENTIFIER.id_cct_PKIResponse, - rb); - + EncapsulatedContentInfo(OBJECT_IDENTIFIER.id_cct_PKIResponse, + rb); + org.mozilla.jss.crypto.X509Certificate x509cert = null; if (mAuthority instanceof ICertificateAuthority) { x509cert = ((ICertificateAuthority) mAuthority).getCaX509Cert(); - }else if (mAuthority instanceof IRegistrationAuthority) { + } else if (mAuthority instanceof IRegistrationAuthority) { x509cert = ((IRegistrationAuthority) mAuthority).getRACert(); } if (x509cert == null) - throw new - ECMSGWException(CMS.getUserMessage("CMS_GW_CMC_ERROR", "No signing cert found.")); + throw new ECMSGWException(CMS.getUserMessage("CMS_GW_CMC_ERROR", "No signing cert found.")); X509CertImpl cert = new X509CertImpl(x509cert.getEncoded()); ByteArrayInputStream issuer1 = new - ByteArrayInputStream(((X500Name) cert.getIssuerDN()).getEncoded()); + ByteArrayInputStream(((X500Name) cert.getIssuerDN()).getEncoded()); Name issuer = (Name) Name.getTemplate().decode(issuer1); IssuerAndSerialNumber ias = new - IssuerAndSerialNumber(issuer, new INTEGER(cert.getSerialNumber().toString())); + IssuerAndSerialNumber(issuer, new INTEGER(cert.getSerialNumber().toString())); SignerIdentifier si = new - SignerIdentifier(SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null); - - // SHA1 is the default digest Alg for now. + SignerIdentifier(SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null); + + // SHA1 is the default digest Alg for + // now. DigestAlgorithm digestAlg = null; SignatureAlgorithm signAlg = null; org.mozilla.jss.crypto.PrivateKey privKey = CryptoManager.getInstance().findPrivKeyByCert(x509cert); @@ -518,7 +515,7 @@ public class CheckRequest extends CMSServlet { if (keyType.equals(org.mozilla.jss.crypto.PrivateKey.RSA)) signAlg = SignatureAlgorithm.RSASignatureWithSHA1Digest; - else if (keyType.equals(org.mozilla.jss.crypto.PrivateKey.DSA)) + else if (keyType.equals(org.mozilla.jss.crypto.PrivateKey.DSA)) signAlg = SignatureAlgorithm.DSASignatureWithSHA1Digest; MessageDigest SHADigest = null; byte[] digest = null; @@ -531,46 +528,46 @@ public class CheckRequest extends CMSServlet { rb.encode((OutputStream) ostream); digest = SHADigest.digest(ostream.toByteArray()); } catch (NoSuchAlgorithmException ex) { - //log("digest fail"); + // log("digest fail"); } - + org.mozilla.jss.pkix.cms.SignerInfo signInfo = new - org.mozilla.jss.pkix.cms.SignerInfo(si, null, null, - OBJECT_IDENTIFIER.id_cct_PKIResponse, - digest, signAlg, - privKey); + org.mozilla.jss.pkix.cms.SignerInfo(si, null, null, + OBJECT_IDENTIFIER.id_cct_PKIResponse, + digest, signAlg, + privKey); SET signInfos = new SET(); signInfos.addElement(signInfo); - + SET digestAlgs = new SET(); if (digestAlg != null) { AlgorithmIdentifier ai = new - AlgorithmIdentifier(digestAlg.toOID(), - null); + AlgorithmIdentifier(digestAlg.toOID(), + null); digestAlgs.addElement(ai); } - + SET jsscerts = new SET(); for (int j = 0; j < certsInChain.length; j++) { ByteArrayInputStream is = new - ByteArrayInputStream(certsInChain[j].getEncoded()); + ByteArrayInputStream(certsInChain[j].getEncoded()); org.mozilla.jss.pkix.cert.Certificate certJss = (org.mozilla.jss.pkix.cert.Certificate) - org.mozilla.jss.pkix.cert.Certificate.getTemplate().decode(is); + org.mozilla.jss.pkix.cert.Certificate.getTemplate().decode(is); jsscerts.addElement(certJss); } - + SignedData fResponse = new - SignedData(digestAlgs, ci, - jsscerts, null, signInfos); + SignedData(digestAlgs, ci, + jsscerts, null, signInfos); org.mozilla.jss.pkix.cms.ContentInfo fullResponse = new - org.mozilla.jss.pkix.cms.ContentInfo(org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA, fResponse); + org.mozilla.jss.pkix.cms.ContentInfo(org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA, fResponse); ByteArrayOutputStream ostream = new - ByteArrayOutputStream(); + ByteArrayOutputStream(); fullResponse.encode((OutputStream) ostream); byte[] fr = ostream.toByteArray(); @@ -579,10 +576,10 @@ public class CheckRequest extends CMSServlet { } } catch (Exception e) { e.printStackTrace(); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_FORMING_PKCS7_1", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_FORMING_PKCS7_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_FORMING_PKCS7_ERROR")); + CMS.getUserMessage("CMS_GW_FORMING_PKCS7_ERROR")); } } argSet.addRepeatRecord(rarg); @@ -598,11 +595,11 @@ public class CheckRequest extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); @@ -610,10 +607,9 @@ public class CheckRequest extends CMSServlet { } } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/IReqParser.java b/pki/base/common/src/com/netscape/cms/servlet/request/IReqParser.java index 0e3974a1..99e7d14d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/IReqParser.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/IReqParser.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.request; - import java.util.Locale; import com.netscape.certsrv.base.EBaseException; @@ -25,13 +24,11 @@ import com.netscape.certsrv.base.IArgBlock; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.servlet.common.CMSTemplateParams; - /** - * An interface representing a request parser which - * converts Java request object into name value - * pairs and vice versa. + * An interface representing a request parser which converts Java request object + * into name value pairs and vice versa. * <P> - * + * * @version $Revision$, $Date$ */ public interface IReqParser { @@ -40,5 +37,5 @@ public interface IReqParser { * Maps request object into argument block. */ public void fillRequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg) - throws EBaseException; + throws EBaseException; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/KeyReqParser.java b/pki/base/common/src/com/netscape/cms/servlet/request/KeyReqParser.java index 459aca63..b7ddc16d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/KeyReqParser.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/KeyReqParser.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.request; - import java.math.BigInteger; import java.util.Locale; @@ -29,10 +28,9 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.key.KeyRecordParser; - /** * Output a 'pretty print' of a Key Archival request - * + * * @version $Revision$, $Date$ */ public class KeyReqParser extends ReqParser { @@ -50,7 +48,7 @@ public class KeyReqParser extends ReqParser { * Fills in certificate specific request attributes. */ public void fillRequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg) - throws EBaseException { + throws EBaseException { // fill in the standard attributes super.fillRequestIntoArg(l, req, argSet, arg); @@ -58,7 +56,7 @@ public class KeyReqParser extends ReqParser { if (type.equals(IRequest.ENROLLMENT_REQUEST)) { BigInteger recSerialNo = req.getExtDataInBigInteger("keyRecord"); - IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority)CMS.getSubsystem("kra"); + IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS.getSubsystem("kra"); if (kra != null) { KeyRecordParser.fillRecordIntoArg( kra.getKeyRepository().readKeyRecord(recSerialNo), diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java b/pki/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java index d19c7714..023e52f1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.request; - import java.io.IOException; import java.security.NoSuchAlgorithmException; import java.security.cert.Certificate; @@ -79,12 +78,10 @@ import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; import com.netscape.cms.servlet.common.ICMSTemplateFiller; - /** - * Agent operations on Certificate requests. This servlet is used - * by an Agent to approve, reject, reassign, or change a certificate - * request. - * + * Agent operations on Certificate requests. This servlet is used by an Agent to + * approve, reject, reassign, or change a certificate request. + * * @version $Revision$, $Date$ */ public class ProcessCertReq extends CMSServlet { @@ -105,101 +102,92 @@ public class ProcessCertReq extends CMSServlet { private boolean mExtraAgentParams = false; // for RA only since it does not have a database. - private final static String - REQ_COMPLETED_TEMPLATE = "ra/RequestCompleted.template"; - private final static String - PROP_REQ_COMPLETED_TEMPLATE = "requestCompletedTemplate"; - private final static String - PROP_EXTRA_AGENT_PARAMS = "extraAgentParams"; - private static ICMSTemplateFiller - REQ_COMPLETED_FILLER = new RAReqCompletedFiller(); + private final static String REQ_COMPLETED_TEMPLATE = "ra/RequestCompleted.template"; + private final static String PROP_REQ_COMPLETED_TEMPLATE = "requestCompletedTemplate"; + private final static String PROP_EXTRA_AGENT_PARAMS = "extraAgentParams"; + private static ICMSTemplateFiller REQ_COMPLETED_FILLER = new RAReqCompletedFiller(); private String mReqCompletedTemplate = null; - private final static String - CERT_TYPE = "certType"; + private final static String CERT_TYPE = "certType"; private String auditServiceID = ILogger.UNIDENTIFIED; private final static String AGENT_CA_CLONE_ENROLLMENT_SERVLET = - "caProcessCertReq"; + "caProcessCertReq"; private final static String AGENT_RA_CLONE_ENROLLMENT_SERVLET = - "raProcessCertReq"; + "raProcessCertReq"; private final static String SIGNED_AUDIT_ACCEPTANCE = "accept"; private final static String SIGNED_AUDIT_CANCELLATION = "cancel"; private final static String SIGNED_AUDIT_CLONING = "clone"; private final static String SIGNED_AUDIT_REJECTION = "reject"; private final static byte EOL[] = { Character.LINE_SEPARATOR }; - private final static String[] - SIGNED_AUDIT_MANUAL_CANCELLATION_REASON = new String[] { - - /* 0 */ "manual non-profile cert request cancellation: " + private final static String[] SIGNED_AUDIT_MANUAL_CANCELLATION_REASON = new String[] { + + /* 0 */"manual non-profile cert request cancellation: " + "request cannot be processed due to an " + "authorization failure", - - /* 1 */ "manual non-profile cert request cancellation: " + + /* 1 */"manual non-profile cert request cancellation: " + "no reason has been given for cancelling this " + "cert request", - - /* 2 */ "manual non-profile cert request cancellation: " + + /* 2 */"manual non-profile cert request cancellation: " + "indeterminate reason for inability to process " + "cert request due to an EBaseException", - - /* 3 */ "manual non-profile cert request cancellation: " + + /* 3 */"manual non-profile cert request cancellation: " + "indeterminate reason for inability to process " + "cert request due to an IOException", - - /* 4 */ "manual non-profile cert request cancellation: " + + /* 4 */"manual non-profile cert request cancellation: " + "indeterminate reason for inability to process " + "cert request due to a CertificateException", - - /* 5 */ "manual non-profile cert request cancellation: " + + /* 5 */"manual non-profile cert request cancellation: " + "indeterminate reason for inability to process " + "cert request due to a NoSuchAlgorithmException" }; - private final static String[] - SIGNED_AUDIT_MANUAL_REJECTION_REASON = new String[] { - - /* 0 */ "manual non-profile cert request rejection: " + private final static String[] SIGNED_AUDIT_MANUAL_REJECTION_REASON = new String[] { + + /* 0 */"manual non-profile cert request rejection: " + "request cannot be processed due to an " + "authorization failure", - - /* 1 */ "manual non-profile cert request rejection: " + + /* 1 */"manual non-profile cert request rejection: " + "no reason has been given for rejecting this " + "cert request", - - /* 2 */ "manual non-profile cert request rejection: " + + /* 2 */"manual non-profile cert request rejection: " + "indeterminate reason for inability to process " + "cert request due to an EBaseException", - - /* 3 */ "manual non-profile cert request rejection: " + + /* 3 */"manual non-profile cert request rejection: " + "indeterminate reason for inability to process " + "cert request due to an IOException", - - /* 4 */ "manual non-profile cert request rejection: " + + /* 4 */"manual non-profile cert request rejection: " + "indeterminate reason for inability to process " + "cert request due to a CertificateException", - - /* 5 */ "manual non-profile cert request rejection: " + + /* 5 */"manual non-profile cert request rejection: " + "indeterminate reason for inability to process " + "cert request due to a NoSuchAlgorithmException" }; - private final static String - LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST = - "LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST_5"; - private final static String - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = - "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; + private final static String LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST = + "LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST_5"; + private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = + "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; /** * Process request. */ public ProcessCertReq() - throws EBaseException { + throws EBaseException { super(); } /** * initialize the servlet. This servlet uses the template file * "processCertReq.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -212,8 +200,8 @@ public class ProcessCertReq extends CMSServlet { if (id != null) { if (!(auditServiceID.equals( AGENT_CA_CLONE_ENROLLMENT_SERVLET)) - && !(auditServiceID.equals( - AGENT_RA_CLONE_ENROLLMENT_SERVLET))) { + && !(auditServiceID.equals( + AGENT_RA_CLONE_ENROLLMENT_SERVLET))) { auditServiceID = ILogger.UNIDENTIFIED; } else { auditServiceID = id.trim(); @@ -228,7 +216,7 @@ public class ProcessCertReq extends CMSServlet { mParser = CertReqParser.DETAIL_PARSER; - // override success and error templates to null - + // override success and error templates to null - // handle templates locally. mTemplates.remove(CMSRequest.SUCCESS); @@ -252,25 +240,24 @@ public class ProcessCertReq extends CMSServlet { } } - /** * Process the HTTP request. * <ul> - * <li>http.param seqNum request id - * <li>http.param notValidBefore certificate validity - * - notBefore - in seconds since jan 1, 1970 - * <li>http.param notValidAfter certificate validity - * - notAfter - in seconds since jan 1, 1970 - * <li>http.param subject certificate subject name - * <li>http.param toDo requested action - * (can be one of: clone, reject, accept, cancel) + * <li>http.param seqNum request id + * <li>http.param notValidBefore certificate validity - notBefore - in + * seconds since jan 1, 1970 + * <li>http.param notValidAfter certificate validity - notAfter - in seconds + * since jan 1, 1970 + * <li>http.param subject certificate subject name + * <li>http.param toDo requested action (can be one of: clone, reject, + * accept, cancel) * <li>http.param signatureAlgorithm certificate signing algorithm - * <li>http.param addExts base-64, DER encoded Extension or - * SEQUENCE OF Extensions to add to certificate - * <li>http.param pathLenConstraint integer path length constraint to - * use in BasicConstraint extension if applicable + * <li>http.param addExts base-64, DER encoded Extension or SEQUENCE OF + * Extensions to add to certificate + * <li>http.param pathLenConstraint integer path length constraint to use in + * BasicConstraint extension if applicable * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -297,15 +284,15 @@ public class ProcessCertReq extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } try { if (req.getParameter(SEQNUM) != null) { CMS.debug( - "ProcessCertReq: parameter seqNum " + req.getParameter(SEQNUM)); + "ProcessCertReq: parameter seqNum " + req.getParameter(SEQNUM)); seqNum = Integer.parseInt(req.getParameter(SEQNUM)); } String notValidBeforeStr = req.getParameter("notValidBefore"); @@ -326,7 +313,6 @@ public class ProcessCertReq extends CMSServlet { subject = req.getParameter("subject"); signatureAlgorithm = req.getParameter("signatureAlgorithm"); - IRequest r = null; if (seqNum > -1) { @@ -334,23 +320,22 @@ public class ProcessCertReq extends CMSServlet { Integer.toString(seqNum))); } - if(seqNum > -1 && r != null) - { + if (seqNum > -1 && r != null) { processX509(cmsReq, argSet, header, seqNum, req, resp, - toDo, signatureAlgorithm, subject, - notValidBefore, notValidAfter, locale[0], startTime); + toDo, signatureAlgorithm, subject, + notValidBefore, notValidAfter, locale[0], startTime); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_REQUEST_ID_1", String.valueOf(seqNum))); error = new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_REQUEST_ID", - String.valueOf(seqNum))); + CMS.getUserMessage("CMS_GW_INVALID_REQUEST_ID", + String.valueOf(seqNum))); } } catch (EBaseException e) { error = e; } catch (NumberFormatException e) { log(ILogger.LL_FAILURE, "Error " + e); - error = new EBaseException(CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT")); - } + error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT")); + } try { ServletOutputStream out = resp.getOutputStream(); @@ -358,46 +343,47 @@ public class ProcessCertReq extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - String output = form.getOutput(argSet); - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + String output = form.getOutput(argSet); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } - + } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } return; } /** * Process X509 certificate enrollment request and send request information - * to the caller. + * to the caller. * <P> - * + * * (Certificate Request - an "agent" cert request for "cloning") * <P> - * - * (Certificate Request Processed - either a manual "agent" non-profile - * based cert acceptance, a manual "agent" non-profile based cert - * cancellation, or a manual "agent" non-profile based cert rejection) + * + * (Certificate Request Processed - either a manual "agent" non-profile + * based cert acceptance, a manual "agent" non-profile based cert + * cancellation, or a manual "agent" non-profile based cert rejection) * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST used when a - * non-profile cert request is made (before approval process) + * <li>signed.audit LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST used when + * a non-profile cert request is made (before approval process) * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a * certificate request has just been through the approval process * </ul> + * * @param cmsReq a certificate enrollment request * @param argSet CMS template parameters * @param header argument block @@ -405,26 +391,26 @@ public class ProcessCertReq extends CMSServlet { * @param req HTTP servlet request * @param resp HTTP servlet response * @param toDo string representing the requested action (can be one of: - * clone, reject, accept, cancel) + * clone, reject, accept, cancel) * @param signatureAlgorithm string containing the signature algorithm * @param subject string containing the subject name of the certificate - * @param notValidBefore certificate validity - notBefore - in seconds - * since Jan 1, 1970 + * @param notValidBefore certificate validity - notBefore - in seconds since + * Jan 1, 1970 * @param notValidAfter certificate validity - notAfter - in seconds since - * Jan 1, 1970 + * Jan 1, 1970 * @param locale the system locale * @param startTime the current date * @exception EBaseException an error has occurred */ private void processX509(CMSRequest cmsReq, - CMSTemplateParams argSet, IArgBlock header, - int seqNum, HttpServletRequest req, - HttpServletResponse resp, - String toDo, String signatureAlgorithm, - String subject, - long notValidBefore, long notValidAfter, - Locale locale, long startTime) - throws EBaseException { + CMSTemplateParams argSet, IArgBlock header, + int seqNum, HttpServletRequest req, + HttpServletResponse resp, + String toDo, String signatureAlgorithm, + String subject, + long notValidBefore, long notValidAfter, + Locale locale, long startTime) + throws EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRequesterID = ILogger.UNIDENTIFIED; @@ -434,10 +420,10 @@ public class ProcessCertReq extends CMSServlet { // "normalize" the "auditCertificateSubjectName" if (auditCertificateSubjectName != null) { - // NOTE: This is ok even if the cert subject name is "" (empty)! + // NOTE: This is ok even if the cert subject name is "" (empty)! auditCertificateSubjectName = auditCertificateSubjectName.trim(); } else { - // NOTE: Here, the cert subject name is MISSING, not "" (empty)! + // NOTE: Here, the cert subject name is MISSING, not "" (empty)! auditCertificateSubjectName = ILogger.SIGNED_AUDIT_EMPTY_VALUE; } @@ -453,7 +439,7 @@ public class ProcessCertReq extends CMSServlet { } } - if (mAuthority != null) + if (mAuthority != null) header.addStringValue("authorityid", mAuthority.getId()); if (toDo != null) { @@ -466,12 +452,12 @@ public class ProcessCertReq extends CMSServlet { mAuthzResourceName, "execute"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); } if (authzToken == null) { @@ -546,71 +532,72 @@ public class ProcessCertReq extends CMSServlet { int alterationCounter = 0; for (int i = 0; i < certInfo.length; i++) { - CertificateAlgorithmId certAlgId = - (CertificateAlgorithmId) - certInfo[i].get(X509CertInfo.ALGORITHM_ID); + CertificateAlgorithmId certAlgId = + (CertificateAlgorithmId) + certInfo[i].get(X509CertInfo.ALGORITHM_ID); AlgorithmId algId = (AlgorithmId) - certAlgId.get(CertificateAlgorithmId.ALGORITHM); + certAlgId.get(CertificateAlgorithmId.ALGORITHM); if (!(algId.getName().equals(signatureAlgorithm))) { alterationCounter++; AlgorithmId newAlgId = AlgorithmId.getAlgorithmId(signatureAlgorithm); certInfo[i].set(X509CertInfo.ALGORITHM_ID, - new CertificateAlgorithmId(newAlgId)); + new CertificateAlgorithmId(newAlgId)); } - CertificateSubjectName certSubject = - (CertificateSubjectName) - certInfo[i].get(X509CertInfo.SUBJECT); + CertificateSubjectName certSubject = + (CertificateSubjectName) + certInfo[i].get(X509CertInfo.SUBJECT); - if (subject != null && - !(certSubject.toString().equals(subject))) { + if (subject != null && + !(certSubject.toString().equals(subject))) { alterationCounter++; certInfo[i].set(X509CertInfo.SUBJECT, - new CertificateSubjectName( - (new X500Name(subject)))); + new CertificateSubjectName( + (new X500Name(subject)))); } - CertificateValidity certValidity = - (CertificateValidity) - certInfo[i].get(X509CertInfo.VALIDITY); + CertificateValidity certValidity = + (CertificateValidity) + certInfo[i].get(X509CertInfo.VALIDITY); Date currentTime = CMS.getCurrentDate(); boolean validityChanged = false; - // only override these values if agent specified them + // only override these values if agent specified + // them if (notValidBefore > 0) { Date notBefore = (Date) certValidity.get( CertificateValidity.NOT_BEFORE); if (notBefore.getTime() == 0 || - notBefore.getTime() != notValidBefore) { + notBefore.getTime() != notValidBefore) { Date validFrom = new Date(notValidBefore); notBefore = (notValidBefore == 0) ? currentTime : validFrom; certValidity.set(CertificateValidity.NOT_BEFORE, - notBefore); + notBefore); validityChanged = true; } } if (notValidAfter > 0) { Date validTo = new Date(notValidAfter); Date notAfter = (Date) - certValidity.get(CertificateValidity.NOT_AFTER); + certValidity.get(CertificateValidity.NOT_AFTER); if (notAfter.getTime() == 0 || - notAfter.getTime() != notValidAfter) { + notAfter.getTime() != notValidAfter) { notAfter = currentTime; notAfter = (notValidAfter == 0) ? currentTime : validTo; certValidity.set(CertificateValidity.NOT_AFTER, - notAfter); + notAfter); validityChanged = true; } } if (validityChanged) { - // this set() trigger this rebuild of internal + // this set() trigger this rebuild of internal // raw der encoding cache of X509CertInfo. // Otherwise, the above change wont have effect. certInfo[i].set(X509CertInfo.VALIDITY, certValidity); @@ -618,8 +605,8 @@ public class ProcessCertReq extends CMSServlet { if (certInfo[i].get(X509CertInfo.VERSION) == null) { certInfo[i].set(X509CertInfo.VERSION, - new CertificateVersion( - CertificateVersion.V3)); + new CertificateVersion( + CertificateVersion.V3)); } CertificateExtensions extensions = null; @@ -639,7 +626,8 @@ public class ProcessCertReq extends CMSServlet { byte[] b = (byte[]) (com.netscape.osutil.OSUtil.AtoB(addExts)); - // this b can be "Extension" Or "SEQUENCE OF Extension" + // this b can be "Extension" Or + // "SEQUENCE OF Extension" try { DerValue b_der = new DerValue(b); @@ -669,14 +657,14 @@ public class ProcessCertReq extends CMSServlet { if (extensions != null) { try { - NSCertTypeExtension nsExtensions = - (NSCertTypeExtension) - extensions.get( - NSCertTypeExtension.class.getSimpleName()); + NSCertTypeExtension nsExtensions = + (NSCertTypeExtension) + extensions.get( + NSCertTypeExtension.class.getSimpleName()); if (nsExtensions != null) { updateNSExtension(req, nsExtensions); - } + } } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_PROCESS_NETSCAPE_EXTENSION", e.toString())); } @@ -686,20 +674,20 @@ public class ProcessCertReq extends CMSServlet { if (pathLength != null) { try { int pathLen = Integer.parseInt(pathLength); - BasicConstraintsExtension bcExt = - (BasicConstraintsExtension) - extensions.get( - BasicConstraintsExtension.class.getSimpleName()); + BasicConstraintsExtension bcExt = + (BasicConstraintsExtension) + extensions.get( + BasicConstraintsExtension.class.getSimpleName()); if (bcExt != null) { Integer bcPathLen = (Integer) bcExt.get(BasicConstraintsExtension.PATH_LEN); Boolean isCA = (Boolean) bcExt.get(BasicConstraintsExtension.IS_CA); if (bcPathLen != null && - bcPathLen.intValue() != pathLen && - isCA != null) { + bcPathLen.intValue() != pathLen && + isCA != null) { BasicConstraintsExtension bcExt0 = - new BasicConstraintsExtension(isCA.booleanValue(), pathLen); + new BasicConstraintsExtension(isCA.booleanValue(), pathLen); extensions.delete(BasicConstraintsExtension.class.getSimpleName()); extensions.set(BasicConstraintsExtension.class.getSimpleName(), (Extension) bcExt0); @@ -775,7 +763,7 @@ public class ProcessCertReq extends CMSServlet { if (mExtraAgentParams) { @SuppressWarnings("unchecked") - Enumeration<String> extraparams = req.getParameterNames(); + Enumeration<String> extraparams = req.getParameterNames(); int l = IRequest.AGENT_PARAMS.length() + 1; int ap_counter = 0; Hashtable<String, String> agentparamsargblock = new Hashtable<String, String>(); @@ -802,7 +790,7 @@ public class ProcessCertReq extends CMSServlet { } } - // this set() trigger this rebuild of internal + // this set() trigger this rebuild of internal // raw der encoding cache of X509CertInfo. // Otherwise, the above change wont have effect. certInfo[i].set(X509CertInfo.EXTENSIONS, extensions); @@ -819,100 +807,100 @@ public class ProcessCertReq extends CMSServlet { if (r.getRequestStatus().equals(RequestStatus.PENDING)) { cmsReq.setResult(r); cmsReq.setStatus(CMSRequest.PENDING); - if (certInfo != null) { + if (certInfo != null) { for (int i = 0; i < certInfo.length; i++) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "pending", - certInfo[i].get(X509CertInfo.SUBJECT), - ""} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "pending", + certInfo[i].get(X509CertInfo.SUBJECT), + "" } + ); } } else { if (subject != null) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "pending", - subject, - ""} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "pending", + subject, + "" } + ); } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "pending"} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.NODNFORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "pending" } + ); } } } else if (r.getRequestStatus().equals( RequestStatus.APPROVED) || - r.getRequestStatus().equals( - RequestStatus.SVC_PENDING)) { + r.getRequestStatus().equals( + RequestStatus.SVC_PENDING)) { cmsReq.setResult(r); cmsReq.setStatus(CMSRequest.SVC_PENDING); if (certInfo != null) { for (int i = 0; i < certInfo.length; i++) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - r.getRequestStatus(), - certInfo[i].get(X509CertInfo.SUBJECT), - ""} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + r.getRequestStatus(), + certInfo[i].get(X509CertInfo.SUBJECT), + "" } + ); } } else { if (subject != null) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - r.getRequestStatus(), - subject, - ""} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + r.getRequestStatus(), + subject, + "" } + ); } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - r.getRequestStatus()} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.NODNFORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + r.getRequestStatus() } + ); } } } else if (r.getRequestStatus().equals( @@ -922,38 +910,38 @@ public class ProcessCertReq extends CMSServlet { // XXX make the repeat record. // Get the certificate(s) from the request X509CertImpl issuedCerts[] = - r.getExtDataInCertArray(IRequest.ISSUED_CERTS); + r.getExtDataInCertArray(IRequest.ISSUED_CERTS); - // return potentially more than one certificates. + // return potentially more than one certificates. if (issuedCerts != null) { long endTime = CMS.getCurrentDate().getTime(); StringBuffer sbuf = new StringBuffer(); - //header.addBigIntegerValue("serialNumber", - //issuedCerts[0].getSerialNumber(),16); + // header.addBigIntegerValue("serialNumber", + // issuedCerts[0].getSerialNumber(),16); for (int i = 0; i < issuedCerts.length; i++) { - if (i != 0) + if (i != 0) sbuf.append(", "); sbuf.append("0x" + - issuedCerts[i].getSerialNumber().toString(16)); - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "completed", - issuedCerts[i].getSubjectDN(), - "cert issued serial number: 0x" + - issuedCerts[i].getSerialNumber().toString(16) + " time: " + (endTime - startTime)} - ); + issuedCerts[i].getSerialNumber().toString(16)); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "completed", + issuedCerts[i].getSubjectDN(), + "cert issued serial number: 0x" + + issuedCerts[i].getSerialNumber().toString(16) + " time: " + (endTime - startTime) } + ); // store a message in the signed audit log file // (one for each manual "agent" - // cert request processed - "accepted") + // cert request processed - "accepted") auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, auditSubjectID, @@ -965,39 +953,39 @@ public class ProcessCertReq extends CMSServlet { audit(auditMessage); } header.addStringValue( - "serialNumber", sbuf.toString()); + "serialNumber", sbuf.toString()); } else { if (subject != null) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "completed", - subject, - ""} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "completed", + subject, + "" } + ); } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "completed"} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.NODNFORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "completed" } + ); } // store a message in the signed audit log file // (manual "agent" cert request processed - // - "accepted") + // - "accepted") auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, auditSubjectID, @@ -1009,10 +997,10 @@ public class ProcessCertReq extends CMSServlet { audit(auditMessage); } - // grant trusted manager or agent privileges + // grant trusted manager or agent privileges Object grantError = null; - try { + try { int res = grant_privileges( cmsReq, r, issuedCerts, header); @@ -1028,45 +1016,41 @@ public class ProcessCertReq extends CMSServlet { // if this is a RA, show the certificate right away // since ther is no cert database. /* - if (mAuthority instanceof RegistrationAuthority) { - Object[] results = - new Object[] { issuedCerts, grantError }; - cmsReq.setResult(results); - renderTemplate(cmsReq, - mReqCompletedTemplate, REQ_COMPLETED_FILLER); - - return; - } + * if (mAuthority instanceof RegistrationAuthority) { + * Object[] results = new Object[] { issuedCerts, + * grantError }; cmsReq.setResult(results); + * renderTemplate(cmsReq, mReqCompletedTemplate, + * REQ_COMPLETED_FILLER); + * + * return; } */ cmsReq.setResult(r); String scheme = req.getScheme(); - if (scheme.equals("http") && - connectionIsSSL(req)) scheme = "https"; + if (scheme.equals("http") && + connectionIsSSL(req)) + scheme = "https"; - /* - header.addStringValue( - "authorityid", mAuthority.getId()); - header.addStringValue("serviceURL", scheme +"://"+ - req.getServerName() + ":"+ - req.getServerPort() + - req.getRequestURI()); - */ + /* + * header.addStringValue( "authorityid", + * mAuthority.getId()); + * header.addStringValue("serviceURL", scheme +"://"+ + * req.getServerName() + ":"+ req.getServerPort() + + * req.getRequestURI()); + */ if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) { header.addStringValue("dirEnabled", "yes"); - Integer[] ldapPublishStatus = - r.getExtDataInIntegerArray("ldapPublishStatus"); + Integer[] ldapPublishStatus = + r.getExtDataInIntegerArray("ldapPublishStatus"); int certsUpdated = 0; if (ldapPublishStatus != null) { - for (int i = 0; - i < ldapPublishStatus.length; i++) { - if (ldapPublishStatus[i] == - IRequest.RES_SUCCESS) { + for (int i = 0; i < ldapPublishStatus.length; i++) { + if (ldapPublishStatus[i] == IRequest.RES_SUCCESS) { certsUpdated++; } } @@ -1082,47 +1066,47 @@ public class ProcessCertReq extends CMSServlet { mQueue.rejectRequest(r); if (certInfo != null) { for (int i = 0; i < certInfo.length; i++) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "rejected", - certInfo[i].get(X509CertInfo.SUBJECT), - ""} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "rejected", + certInfo[i].get(X509CertInfo.SUBJECT), + "" } + ); } } else { if (subject != null) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "rejected", - subject, - ""} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "rejected", + subject, + "" } + ); } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "rejected"} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.NODNFORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "rejected" } + ); } } @@ -1143,47 +1127,47 @@ public class ProcessCertReq extends CMSServlet { if (certInfo != null) { for (int i = 0; i < certInfo.length; i++) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "canceled", - certInfo[i].get(X509CertInfo.SUBJECT), - ""} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "canceled", + certInfo[i].get(X509CertInfo.SUBJECT), + "" } + ); } } else { if (subject != null) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "canceled", - subject, - ""} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "canceled", + subject, + "" } + ); } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "canceled"} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.NODNFORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "canceled" } + ); } } @@ -1204,54 +1188,54 @@ public class ProcessCertReq extends CMSServlet { IRequest clonedRequest = mQueue.cloneAndMarkPending(r); header.addStringValue("clonedRequestId", - clonedRequest.getRequestId().toString()); + clonedRequest.getRequestId().toString()); if (certInfo != null) { for (int i = 0; i < certInfo.length; i++) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "cloned to reqID: " + - clonedRequest.getRequestId().toString(), - certInfo[i].get(X509CertInfo.SUBJECT), - ""} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "cloned to reqID: " + + clonedRequest.getRequestId().toString(), + certInfo[i].get(X509CertInfo.SUBJECT), + "" } + ); } } else { if (subject != null) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "cloned to reqID: " + - clonedRequest.getRequestId().toString(), - subject, - ""} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "cloned to reqID: " + + clonedRequest.getRequestId().toString(), + subject, + "" } + ); } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "cloned to reqID: " + - clonedRequest.getRequestId().toString()} - ); + mLogger.log(ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.NODNFORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "cloned to reqID: " + + clonedRequest.getRequestId().toString() } + ); } } @@ -1269,12 +1253,12 @@ public class ProcessCertReq extends CMSServlet { } } - // add authority names to know what privileges can be requested. - if (CMS.getSubsystem("kra") != null) + // add authority names to know what privileges can be requested. + if (CMS.getSubsystem("kra") != null) header.addStringValue("localkra", "yes"); - if (CMS.getSubsystem("ca") != null) + if (CMS.getSubsystem("ca") != null) header.addStringValue("localca", "yes"); - if (CMS.getSubsystem("ra") != null) + if (CMS.getSubsystem("ra") != null) header.addStringValue("localra", "yes"); header.addIntegerValue("seqNum", seqNum); @@ -1389,7 +1373,7 @@ public class ProcessCertReq extends CMSServlet { } throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_ENCODING_ISSUED_CERT_ERROR")); + CMS.getUserMessage("CMS_GW_ENCODING_ISSUED_CERT_ERROR")); } catch (CertificateException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString())); @@ -1443,7 +1427,7 @@ public class ProcessCertReq extends CMSServlet { } throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_ENCODING_ISSUED_CERT_ERROR")); + CMS.getUserMessage("CMS_GW_ENCODING_ISSUED_CERT_ERROR")); } catch (NoSuchAlgorithmException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString())); @@ -1500,9 +1484,9 @@ public class ProcessCertReq extends CMSServlet { } return; } - - private void updateNSExtension(HttpServletRequest req, - NSCertTypeExtension ext) throws IOException { + + private void updateNSExtension(HttpServletRequest req, + NSCertTypeExtension ext) throws IOException { try { if (req.getParameter("certTypeSSLServer") == null) { @@ -1551,106 +1535,101 @@ public class ProcessCertReq extends CMSServlet { } /** - * This method sets extensions parameter into the request so - * that the NSCertTypeExtension policy creates new - * NSCertTypExtension with this setting. Note that this - * setting will not be used if the NSCertType Extension - * already exist in CertificateExtension. In that case, - * updateExtensions() will be called to set the extension - * parameter into the extension directly. + * This method sets extensions parameter into the request so that the + * NSCertTypeExtension policy creates new NSCertTypExtension with this + * setting. Note that this setting will not be used if the NSCertType + * Extension already exist in CertificateExtension. In that case, + * updateExtensions() will be called to set the extension parameter into the + * extension directly. */ private int updateExtensionsInRequest(HttpServletRequest req, IRequest r) { int nChanges = 0; - if (req.getParameter("certTypeSSLServer") != null) { - r.setExtData(NSCertTypeExtension.SSL_SERVER, "true"); - nChanges++; - } else { - r.deleteExtData(NSCertTypeExtension.SSL_SERVER); - nChanges++; - } + if (req.getParameter("certTypeSSLServer") != null) { + r.setExtData(NSCertTypeExtension.SSL_SERVER, "true"); + nChanges++; + } else { + r.deleteExtData(NSCertTypeExtension.SSL_SERVER); + nChanges++; + } - if (req.getParameter("certTypeSSLClient") != null) { - r.setExtData(NSCertTypeExtension.SSL_CLIENT, "true"); - nChanges++; - } else { - r.deleteExtData(NSCertTypeExtension.SSL_CLIENT); - nChanges++; - } + if (req.getParameter("certTypeSSLClient") != null) { + r.setExtData(NSCertTypeExtension.SSL_CLIENT, "true"); + nChanges++; + } else { + r.deleteExtData(NSCertTypeExtension.SSL_CLIENT); + nChanges++; + } - if (req.getParameter("certTypeEmail") != null) { - r.setExtData(NSCertTypeExtension.EMAIL, "true"); - nChanges++; - } else { - r.deleteExtData(NSCertTypeExtension.EMAIL); - nChanges++; - } + if (req.getParameter("certTypeEmail") != null) { + r.setExtData(NSCertTypeExtension.EMAIL, "true"); + nChanges++; + } else { + r.deleteExtData(NSCertTypeExtension.EMAIL); + nChanges++; + } - if (req.getParameter("certTypeObjSigning") != null) { - r.setExtData(NSCertTypeExtension.OBJECT_SIGNING, "true"); - nChanges++; - } else { - r.deleteExtData(NSCertTypeExtension.OBJECT_SIGNING); - nChanges++; - } + if (req.getParameter("certTypeObjSigning") != null) { + r.setExtData(NSCertTypeExtension.OBJECT_SIGNING, "true"); + nChanges++; + } else { + r.deleteExtData(NSCertTypeExtension.OBJECT_SIGNING); + nChanges++; + } - if (req.getParameter("certTypeEmailCA") != null) { - r.setExtData(NSCertTypeExtension.EMAIL_CA, "true"); - nChanges++; - } else { - r.deleteExtData(NSCertTypeExtension.EMAIL_CA); - nChanges++; - } + if (req.getParameter("certTypeEmailCA") != null) { + r.setExtData(NSCertTypeExtension.EMAIL_CA, "true"); + nChanges++; + } else { + r.deleteExtData(NSCertTypeExtension.EMAIL_CA); + nChanges++; + } - if (req.getParameter("certTypeSSLCA") != null) { - r.setExtData(NSCertTypeExtension.SSL_CA, "true"); - nChanges++; - } else { - r.deleteExtData(NSCertTypeExtension.SSL_CA); - nChanges++; - } + if (req.getParameter("certTypeSSLCA") != null) { + r.setExtData(NSCertTypeExtension.SSL_CA, "true"); + nChanges++; + } else { + r.deleteExtData(NSCertTypeExtension.SSL_CA); + nChanges++; + } - if (req.getParameter("certTypeObjSigningCA") != null) { - r.setExtData(NSCertTypeExtension.OBJECT_SIGNING_CA, "true"); - nChanges++; - } else { - r.deleteExtData(NSCertTypeExtension.OBJECT_SIGNING_CA); - nChanges++; - } + if (req.getParameter("certTypeObjSigningCA") != null) { + r.setExtData(NSCertTypeExtension.OBJECT_SIGNING_CA, "true"); + nChanges++; + } else { + r.deleteExtData(NSCertTypeExtension.OBJECT_SIGNING_CA); + nChanges++; + } return nChanges; } - + protected static final String GRANT_ERROR = "grantError"; - public static final String - GRANT_TRUSTEDMGR_PRIVILEGE = "grantTrustedManagerPrivilege"; - public static final String - GRANT_CMAGENT_PRIVILEGE = "grantCMAgentPrivilege"; - public static final String - GRANT_RMAGENT_PRIVILEGE = "grantRMAgentPrivilege"; - public static final String - GRANT_DRMAGENT_PRIVILEGE = "grantDRMAgentPrivilege"; + public static final String GRANT_TRUSTEDMGR_PRIVILEGE = "grantTrustedManagerPrivilege"; + public static final String GRANT_CMAGENT_PRIVILEGE = "grantCMAgentPrivilege"; + public static final String GRANT_RMAGENT_PRIVILEGE = "grantRMAgentPrivilege"; + public static final String GRANT_DRMAGENT_PRIVILEGE = "grantDRMAgentPrivilege"; public static final String GRANT_UID = "grantUID"; public static final String GRANT_PRIVILEGE = "grantPrivilege"; protected int grant_privileges( - CMSRequest cmsReq, IRequest req, Certificate[] certs, IArgBlock header) - throws EBaseException { + CMSRequest cmsReq, IRequest req, Certificate[] certs, IArgBlock header) + throws EBaseException { // get privileges to grant IArgBlock httpParams = cmsReq.getHttpParams(); - boolean grantTrustedMgr = - httpParams.getValueAsBoolean(GRANT_TRUSTEDMGR_PRIVILEGE, false); - boolean grantRMAgent = - httpParams.getValueAsBoolean(GRANT_RMAGENT_PRIVILEGE, false); - boolean grantCMAgent = - httpParams.getValueAsBoolean(GRANT_CMAGENT_PRIVILEGE, false); - boolean grantDRMAgent = - httpParams.getValueAsBoolean(GRANT_DRMAGENT_PRIVILEGE, false); - - if (!grantTrustedMgr && - !grantCMAgent && !grantRMAgent && !grantDRMAgent) { + boolean grantTrustedMgr = + httpParams.getValueAsBoolean(GRANT_TRUSTEDMGR_PRIVILEGE, false); + boolean grantRMAgent = + httpParams.getValueAsBoolean(GRANT_RMAGENT_PRIVILEGE, false); + boolean grantCMAgent = + httpParams.getValueAsBoolean(GRANT_CMAGENT_PRIVILEGE, false); + boolean grantDRMAgent = + httpParams.getValueAsBoolean(GRANT_DRMAGENT_PRIVILEGE, false); + + if (!grantTrustedMgr && + !grantCMAgent && !grantRMAgent && !grantDRMAgent) { return 0; } else { IAuthToken authToken = getAuthToken(req); @@ -1669,7 +1648,7 @@ public class ProcessCertReq extends CMSServlet { if (grantTrustedMgr) obj[0] = TRUSTED_RA_GROUP; - else if (grantRMAgent) + else if (grantRMAgent) obj[0] = RA_AGENT_GROUP; else if (grantCMAgent) obj[0] = CA_AGENT_GROUP; @@ -1696,22 +1675,22 @@ public class ProcessCertReq extends CMSServlet { groupname = TRUSTED_RA_GROUP; userType = Constants.PR_SUBSYSTEM_TYPE; } else { - if (grantCMAgent) + if (grantCMAgent) groupname = CA_AGENT_GROUP; - else if (grantRMAgent) + else if (grantRMAgent) groupname = RA_AGENT_GROUP; if (grantDRMAgent) { - if (groupname != null) + if (groupname != null) groupname1 = KRA_AGENT_GROUP; - else + else groupname = KRA_AGENT_GROUP; } userType = Constants.PR_AGENT_TYPE; } - String privilege = - (groupname1 == null) ? groupname : groupname + " and " + groupname1; + String privilege = + (groupname1 == null) ? groupname : groupname + " and " + groupname1; header.addStringValue(GRANT_PRIVILEGE, privilege); @@ -1727,23 +1706,23 @@ public class ProcessCertReq extends CMSServlet { IGroup group = ug.findGroup(groupname), group1 = null; if (group == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_FIND_GROUP_1", groupname)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_FIND_GROUP_1", groupname)); throw new ECMSGWException(CMS.getUserMessage("CMS_GW_FIND_GROUP_ERROR", groupname)); } if (groupname1 != null) { group1 = ug.findGroup(groupname1); if (group1 == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_FIND_GROUP_1", groupname)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_FIND_GROUP_1", groupname)); throw new ECMSGWException(CMS.getUserMessage("CMS_GW_FIND_GROUP_ERROR", groupname1)); } } try { ug.addUser(user); } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_ADDING_USER_1", uid)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_ADDING_USER_1", uid)); throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_USER_ERROR", uid)); } try { @@ -1752,11 +1731,11 @@ public class ProcessCertReq extends CMSServlet { user.setX509Certificates(tmp); } - + ug.addUserCert(user); } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_ADDING_CERT_1", uid)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_ADDING_CERT_1", uid)); throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_CERT_ERROR", uid)); } try { @@ -1765,44 +1744,44 @@ public class ProcessCertReq extends CMSServlet { // for audit log SessionContext sContext = SessionContext.getContext(); String adminId = (String) sContext.get(SessionContext.USER_ID); - + mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP, - AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT, - new Object[] {adminId, uid, groupname} - ); + AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT, + new Object[] { adminId, uid, groupname } + ); if (group1 != null) { group1.addMemberName(uid); ug.modifyGroup(group1); - + mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP, - AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT, - new Object[] {adminId, uid, groupname1} - ); + AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT, + new Object[] { adminId, uid, groupname1 } + ); } } catch (Exception e) { - String msg = - "Could not add user " + uid + " to group " + groupname; + String msg = + "Could not add user " + uid + " to group " + groupname; if (group1 != null) msg += " or group " + groupname1; log(ILogger.LL_FAILURE, msg); - if (group1 == null) - throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_MEMBER", uid, groupname)); - else - throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_MEMBER_1", uid, groupname, groupname1)); + if (group1 == null) + throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_MEMBER", uid, groupname)); + else + throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_MEMBER_1", uid, groupname, groupname1)); } return 1; } /** * Signed Audit Log Info Name - * - * This method is called to obtain the "InfoName" for - * a signed audit log message. + * + * This method is called to obtain the "InfoName" for a signed audit log + * message. * <P> - * + * * @param type signed audit log request processing type * @return id string containing the signed audit log message InfoName */ @@ -1833,11 +1812,11 @@ public class ProcessCertReq extends CMSServlet { /** * Signed Audit Log Info Certificate Value - * + * * This method is called to obtain the certificate from the passed in * "X509CertImpl" for a signed audit log message. * <P> - * + * * @param x509cert an X509CertImpl * @return cert string containing the certificate */ @@ -1891,38 +1870,38 @@ public class ProcessCertReq extends CMSServlet { } } - class RAReqCompletedFiller extends ImportCertsTemplateFiller { private static final String RA_AGENT_GROUP = "Registration Manager Agents"; private static final String KRA_AGENT_GROUP = "Data Recovery Manager Agents"; + public RAReqCompletedFiller() { super(); } public CMSTemplateParams getTemplateParams( - CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) - throws Exception { + CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) + throws Exception { Object[] results = (Object[]) cmsReq.getResult(); Object grantError = results[1]; - //X509CertImpl[] issuedCerts = (X509CertImpl[])results[0]; + // X509CertImpl[] issuedCerts = (X509CertImpl[])results[0]; Certificate[] issuedCerts = (Certificate[]) results[0]; - + cmsReq.setResult(issuedCerts); - CMSTemplateParams params = - super.getTemplateParams(cmsReq, authority, locale, e); + CMSTemplateParams params = + super.getTemplateParams(cmsReq, authority, locale, e); if (grantError != null) { IArgBlock header = params.getHeader(); if (grantError instanceof String) { header.addStringValue( - ProcessCertReq.GRANT_ERROR, (String) grantError); + ProcessCertReq.GRANT_ERROR, (String) grantError); } else { EBaseException ex = (EBaseException) grantError; header.addStringValue( - ProcessCertReq.GRANT_ERROR, ex.toString(locale)); + ProcessCertReq.GRANT_ERROR, ex.toString(locale)); } IArgBlock httpParams = cmsReq.getHttpParams(); String uid = httpParams.getValueAsString( @@ -1941,7 +1920,7 @@ class RAReqCompletedFiller extends ImportCertsTemplateFiller { if (grantDRMAgent) { if (privilege != null) privilege += " and " + KRA_AGENT_GROUP; - else + else privilege = KRA_AGENT_GROUP; } header.addStringValue(ProcessCertReq.GRANT_PRIVILEGE, privilege); @@ -1949,4 +1928,3 @@ class RAReqCompletedFiller extends ImportCertsTemplateFiller { return params; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/ProcessReq.java b/pki/base/common/src/com/netscape/cms/servlet/request/ProcessReq.java index 0ac27197..55eebfac 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/ProcessReq.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/ProcessReq.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.request; - import java.io.IOException; import java.util.Locale; @@ -50,10 +49,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Display Generic Request detail to the user. - * + * * @version $Revision$, $Date$ */ public class ProcessReq extends CMSServlet { @@ -74,8 +72,8 @@ public class ProcessReq extends CMSServlet { private IReqParser mParser = null; private String[] mSigningAlgorithms = null; - private static String[] DEF_SIGNING_ALGORITHMS = new String[] - {"SHA1withRSA", "SHA256withRSA", "SHA512withRSA", "SHA1withDSA", "MD5withRSA", "MD2withRSA"}; + private static String[] DEF_SIGNING_ALGORITHMS = new String[] + { "SHA1withRSA", "SHA256withRSA", "SHA512withRSA", "SHA1withDSA", "MD5withRSA", "MD2withRSA" }; /** * Process request. @@ -86,15 +84,15 @@ public class ProcessReq extends CMSServlet { /** * initialize the servlet. This servlet uses the template file - * "processReq.template" to process the response. - * The initialization parameter 'parser' is read from the - * servlet configration, and is used to set the type of request. - * The value of this parameter can be: - * <UL><LI><B>CertReqParser.NODETAIL_PARSER</B> - Show certificate Summary - * <LI><B>CertReqParser.DETAIL_PARSER</B> - Show certificate detail - * <LI><B>KeyReqParser.PARSER</B> - Show key archival detail - * </UL> - * + * "processReq.template" to process the response. The initialization + * parameter 'parser' is read from the servlet configration, and is used to + * set the type of request. The value of this parameter can be: + * <UL> + * <LI><B>CertReqParser.NODETAIL_PARSER</B> - Show certificate Summary + * <LI><B>CertReqParser.DETAIL_PARSER</B> - Show certificate detail + * <LI><B>KeyReqParser.PARSER</B> - Show key archival detail + * </UL> + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -111,13 +109,13 @@ public class ProcessReq extends CMSServlet { mParser = CertReqParser.DETAIL_PARSER; else if (tmp.trim().equals("KeyReqParser.PARSER")) mParser = KeyReqParser.PARSER; - } + } - // override success and error templates to null - + // override success and error templates to null - // handle templates locally. mTemplates.remove(CMSRequest.SUCCESS); mTemplates.remove(CMSRequest.ERROR); - if (mOutputTemplatePath != null) + if (mOutputTemplatePath != null) mFormPath = mOutputTemplatePath; } @@ -126,9 +124,9 @@ public class ProcessReq extends CMSServlet { * <ul> * <li>http.param seqNum * <li>http.param doAssign reassign request. Value can be reassignToMe - * reassignToNobody + * reassignToNobody * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -152,10 +150,10 @@ public class ProcessReq extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - "Error getting template " + mFormPath + " Error " + e); + log(ILogger.LL_FAILURE, + "Error getting template " + mFormPath + " Error " + e); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } try { @@ -172,8 +170,8 @@ public class ProcessReq extends CMSServlet { if (doAssign == null) { authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, "read"); - } else if (doAssign.equals("toMe") || - doAssign.equals("reassignToMe")) { + } else if (doAssign.equals("toMe") || + doAssign.equals("reassignToMe")) { authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, "assign"); } else if (doAssign.equals("reassignToNobody")) { @@ -182,10 +180,10 @@ public class ProcessReq extends CMSServlet { } } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -193,19 +191,19 @@ public class ProcessReq extends CMSServlet { return; } - process(argSet, header, seqNum, req, resp, - doAssign, locale[0]); + process(argSet, header, seqNum, req, resp, + doAssign, locale[0]); } else { log(ILogger.LL_FAILURE, "Invalid sequence number " + seqNum); error = new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_REQUEST_ID", - String.valueOf(seqNum))); + CMS.getUserMessage("CMS_GW_INVALID_REQUEST_ID", + String.valueOf(seqNum))); } } catch (EBaseException e) { error = e; } catch (NumberFormatException e) { error = new EBaseException(CMS.getUserMessage(locale[0], "CMS_BASE_INVALID_NUMBER_FORMAT")); - } + } try { ServletOutputStream out = resp.getOutputStream(); @@ -213,46 +211,46 @@ public class ProcessReq extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - String output = form.getOutput(argSet); - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + String output = form.getOutput(argSet); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setError(error); cmsReq.setStatus(CMSRequest.ERROR); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - "Error getting servlet output stream for rendering template. " + - "Error " + e); + log(ILogger.LL_FAILURE, + "Error getting servlet output stream for rendering template. " + + "Error " + e); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } return; } /** - * Sends request information to the calller. - * returns whether there was an error or not. + * Sends request information to the calller. returns whether there was an + * error or not. */ private void process(CMSTemplateParams argSet, IArgBlock header, - int seqNum, HttpServletRequest req, - HttpServletResponse resp, - String doAssign, Locale locale) - throws EBaseException { + int seqNum, HttpServletRequest req, + HttpServletResponse resp, + String doAssign, Locale locale) + throws EBaseException { header.addIntegerValue("seqNum", seqNum); - IRequest r = - mQueue.findRequest(new RequestId(Integer.toString(seqNum))); + IRequest r = + mQueue.findRequest(new RequestId(Integer.toString(seqNum))); if (r != null) { if (doAssign != null) { if ((doAssign.equals("toMe")) - || (doAssign.equals("reassignToMe"))) { + || (doAssign.equals("reassignToMe"))) { SessionContext ctx = SessionContext.getContext(); String id = (String) ctx.get(SessionContext.USER_ID); @@ -264,32 +262,33 @@ public class ProcessReq extends CMSServlet { } } - // add authority names to know what privileges can be requested. - if (CMS.getSubsystem("kra") != null) + // add authority names to know what privileges can be requested. + if (CMS.getSubsystem("kra") != null) header.addStringValue("localkra", "yes"); - if (CMS.getSubsystem("ca") != null) + if (CMS.getSubsystem("ca") != null) header.addStringValue("localca", "yes"); - if (CMS.getSubsystem("ra") != null) + if (CMS.getSubsystem("ra") != null) header.addStringValue("localra", "yes"); - // DONT NEED TO DO THIS FOR DRM + // DONT NEED TO DO THIS FOR DRM if (mAuthority instanceof ICertAuthority) { // Check/set signing algorithms dynamically. - // In RA mSigningAlgorithms could be null at startup if CA is not - // up and set later when CA comes back up. + // In RA mSigningAlgorithms could be null at startup if CA is + // not + // up and set later when CA comes back up. // Once it's set assumed that it won't change. String[] allAlgorithms = mSigningAlgorithms; if (allAlgorithms == null) { - allAlgorithms = mSigningAlgorithms = + allAlgorithms = mSigningAlgorithms = ((ICertAuthority) mAuthority).getCASigningAlgorithms(); if (allAlgorithms == null) { CMS.debug( - "ProcessReq: signing algorithms set to All algorithms"); + "ProcessReq: signing algorithms set to All algorithms"); allAlgorithms = AlgorithmId.ALL_SIGNING_ALGORITHMS; - } else + } else CMS.debug( - "ProcessReq: First signing algorithms is " + allAlgorithms[0]); + "ProcessReq: First signing algorithms is " + allAlgorithms[0]); } String validAlgorithms = null; StringBuffer sb = new StringBuffer(); @@ -310,10 +309,10 @@ public class ProcessReq extends CMSServlet { if (signingAlgorithm != null) header.addStringValue("caSigningAlgorithm", signingAlgorithm); header.addLongValue("defaultValidityLength", - ((ICertificateAuthority) mAuthority).getDefaultValidity() / 1000); + ((ICertificateAuthority) mAuthority).getDefaultValidity() / 1000); } else if (mAuthority instanceof IRegistrationAuthority) { header.addLongValue("defaultValidityLength", - ((IRegistrationAuthority) mAuthority).getDefaultValidity() / 1000); + ((IRegistrationAuthority) mAuthority).getDefaultValidity() / 1000); } X509CertImpl caCert = ((ICertAuthority) mAuthority).getCACert(); @@ -328,8 +327,8 @@ public class ProcessReq extends CMSServlet { } else { log(ILogger.LL_FAILURE, "Invalid sequence number " + seqNum); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_REQUEST_ID", - String.valueOf(seqNum))); + CMS.getUserMessage("CMS_GW_INVALID_REQUEST_ID", + String.valueOf(seqNum))); } return; diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/QueryReq.java b/pki/base/common/src/com/netscape/cms/servlet/request/QueryReq.java index 036bd5d0..10c608b6 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/QueryReq.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/QueryReq.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.request; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -45,10 +44,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Show paged list of requests matching search criteria - * + * * @version $Revision$, $Date$ */ public class QueryReq extends CMSServlet { @@ -61,7 +59,7 @@ public class QueryReq extends CMSServlet { private final static String IN_SHOW_ALL = "showAll"; private final static String IN_SHOW_WAITING = "showWaiting"; private final static String IN_SHOW_IN_SERVICE = "showInService"; - private final static String IN_SHOW_PENDING= "showPending"; + private final static String IN_SHOW_PENDING = "showPending"; private final static String IN_SHOW_CANCELLED = "showCancelled"; private final static String IN_SHOW_REJECTED = "showRejected"; private final static String IN_SHOW_COMPLETED = "showCompleted"; @@ -85,17 +83,17 @@ public class QueryReq extends CMSServlet { private final static String OUT_UPDATE_ON = "updatedOn"; private final static String OUT_UPDATE_BY = "updatedBy"; private final static String OUT_REQUESTING_USER = "requestingUser"; - //keeps track of where to begin if page down + // keeps track of where to begin if page down private final static String OUT_FIRST_ENTRY_ON_PAGE = "firstEntryOnPage"; - //keeps track of where to begin if page up + // keeps track of where to begin if page up private final static String OUT_LAST_ENTRY_ON_PAGE = "lastEntryOnPage"; private final static String OUT_SUBJECT = "subject"; private final static String OUT_REQUEST_TYPE = "requestType"; private final static String OUT_COMMENTS = "requestorComments"; private final static String OUT_SERIALNO = "serialNumber"; private final static String OUT_OWNER_NAME = "ownerName"; - private final static String OUT_PUBLIC_KEY_INFO = - "subjectPublicKeyInfo"; + private final static String OUT_PUBLIC_KEY_INFO = + "subjectPublicKeyInfo"; private final static String OUT_ERROR = "error"; private final static String OUT_AUTHORITY_ID = "authorityid"; @@ -119,7 +117,7 @@ public class QueryReq extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "queryReq.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -142,9 +140,9 @@ public class QueryReq extends CMSServlet { mParser = CertReqParser.DETAIL_PARSER; else if (tmp.trim().equals("KeyReqParser.PARSER")) mParser = KeyReqParser.PARSER; - } + } - // override success and error templates to null - + // override success and error templates to null - // handle templates locally. mTemplates.remove(CMSRequest.SUCCESS); mTemplates.remove(CMSRequest.ERROR); @@ -152,7 +150,7 @@ public class QueryReq extends CMSServlet { if (mOutputTemplatePath != null) mFormPath = mOutputTemplatePath; } - + private String getRequestType(String p) { String filter = "(requestType=*)"; @@ -212,348 +210,346 @@ public class QueryReq extends CMSServlet { /** * Process the HTTP request. * <ul> - * <li>http.param reqState request state - * (one of showAll, showWaiting, showInService, - * showCancelled, showRejected, showCompleted) + * <li>http.param reqState request state (one of showAll, showWaiting, + * showInService, showCancelled, showRejected, showCompleted) * <li>http.param reqType * <li>http.param seqNumFromDown request ID to start at (decimal, or hex if - * when paging down - * seqNumFromDown starts with 0x) + * when paging down seqNumFromDown starts with 0x) * <li>http.param seqNumFromUp request ID to start at (decimal, or hex if - * when paging up - * seqNumFromUp starts with 0x) + * when paging up seqNumFromUp starts with 0x) * <li>http.param maxCount maximum number of records to show * <li>http.param totalCount total number of records in set of pages * <li>http.param direction "up", "down", "begin", or "end" * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { - CMS.debug("in QueryReq servlet"); - - // Authentication / Authorization - - HttpServletRequest req = cmsReq.getHttpReq(); - IAuthToken authToken = authenticate(cmsReq); - AuthzToken authzToken = null; - - try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "list"); - } catch (EAuthzAccessDenied e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } - if (authzToken == null) { - cmsReq.setStatus(CMSRequest.UNAUTHORIZED); - return; - } - - - - - CMSTemplate form = null; - Locale[] locale = new Locale[1]; - - try { - // if get a EBaseException we just throw it. - form = getTemplate(mFormPath, req, locale); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - - /** - * WARNING: - * - * PLEASE DO NOT TOUCH THE FILTER HERE. ALL FILTERS ARE INDEXED. - * - **/ - String filter = null; - String reqState = req.getParameter("reqState"); - String reqType = req.getParameter("reqType"); - - if (reqState == null || reqType == null) { - filter = "(requeststate=*)"; - } else if (reqState.equals(IN_SHOW_ALL) && - reqType.equals(IN_SHOW_ALL)) { - filter = "(requeststate=*)"; - } else if (reqState.equals(IN_SHOW_ALL)) { - filter = getRequestType(reqType); - } else if (reqType.equals(IN_SHOW_ALL)) { - filter = getRequestState(reqState); - } else { - filter = "(&" + getRequestState(reqState) + - getRequestType(reqType) + ")"; - } - - String direction = "begin"; - if (req.getParameter("direction") != null) { - direction = req.getParameter("direction").trim(); - } - - - int top=0, bottom=0; - - try { - String top_s = req.getParameter(OUT_FIRST_ENTRY_ON_PAGE); - if (top_s == null) top_s = "0"; - - String bottom_s = req.getParameter(OUT_LAST_ENTRY_ON_PAGE); - if (bottom_s == null) bottom_s = "0"; - - if (top_s.trim().startsWith("0x")) { - top = Integer.parseInt(top_s.trim().substring(2), 16); - } else { - top = Integer.parseInt(top_s.trim()); - } - if (bottom_s.trim().startsWith("0x")) { - bottom = Integer.parseInt(bottom_s.trim().substring(2), 16); - } else { - bottom = Integer.parseInt(bottom_s.trim()); - } - - } catch (NumberFormatException e) { - - } - - // avoid NumberFormatException to the user interface - int maxCount = 10; - try { - maxCount = Integer.parseInt(req.getParameter(IN_MAXCOUNT)); - } catch (Exception e) { - } + CMS.debug("in QueryReq servlet"); + + // Authentication / Authorization + + HttpServletRequest req = cmsReq.getHttpReq(); + IAuthToken authToken = authenticate(cmsReq); + AuthzToken authzToken = null; + + try { + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "list"); + } catch (EAuthzAccessDenied e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + } catch (Exception e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + } + if (authzToken == null) { + cmsReq.setStatus(CMSRequest.UNAUTHORIZED); + return; + } + + CMSTemplate form = null; + Locale[] locale = new Locale[1]; + + try { + // if get a EBaseException we just throw it. + form = getTemplate(mFormPath, req, locale); + } catch (IOException e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + } + + /** + * WARNING: + * + * PLEASE DO NOT TOUCH THE FILTER HERE. ALL FILTERS ARE INDEXED. + * + **/ + String filter = null; + String reqState = req.getParameter("reqState"); + String reqType = req.getParameter("reqType"); + + if (reqState == null || reqType == null) { + filter = "(requeststate=*)"; + } else if (reqState.equals(IN_SHOW_ALL) && + reqType.equals(IN_SHOW_ALL)) { + filter = "(requeststate=*)"; + } else if (reqState.equals(IN_SHOW_ALL)) { + filter = getRequestType(reqType); + } else if (reqType.equals(IN_SHOW_ALL)) { + filter = getRequestState(reqState); + } else { + filter = "(&" + getRequestState(reqState) + + getRequestType(reqType) + ")"; + } + + String direction = "begin"; + if (req.getParameter("direction") != null) { + direction = req.getParameter("direction").trim(); + } + + int top = 0, bottom = 0; + + try { + String top_s = req.getParameter(OUT_FIRST_ENTRY_ON_PAGE); + if (top_s == null) + top_s = "0"; + + String bottom_s = req.getParameter(OUT_LAST_ENTRY_ON_PAGE); + if (bottom_s == null) + bottom_s = "0"; + + if (top_s.trim().startsWith("0x")) { + top = Integer.parseInt(top_s.trim().substring(2), 16); + } else { + top = Integer.parseInt(top_s.trim()); + } + if (bottom_s.trim().startsWith("0x")) { + bottom = Integer.parseInt(bottom_s.trim().substring(2), 16); + } else { + bottom = Integer.parseInt(bottom_s.trim()); + } + + } catch (NumberFormatException e) { + + } + + // avoid NumberFormatException to the user interface + int maxCount = 10; + try { + maxCount = Integer.parseInt(req.getParameter(IN_MAXCOUNT)); + } catch (Exception e) { + } if (maxCount > mMaxReturns) { CMS.debug("Resetting page size from " + maxCount + " to " + mMaxReturns); maxCount = mMaxReturns; } - HttpServletResponse resp = cmsReq.getHttpResp(); - CMSTemplateParams argset = doSearch(locale[0],filter, maxCount, direction, top, bottom ); - - - argset.getFixed().addStringValue("reqType",reqType); + HttpServletResponse resp = cmsReq.getHttpResp(); + CMSTemplateParams argset = doSearch(locale[0], filter, maxCount, direction, top, bottom); + + argset.getFixed().addStringValue("reqType", reqType); argset.getFixed().addStringValue("reqState", reqState); - argset.getFixed().addIntegerValue("maxCount",maxCount); - - - try { - form.getOutput(argset); - resp.setContentType("text/html"); - form.renderOutput(resp.getOutputStream(), argset); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - cmsReq.setStatus(CMSRequest.SUCCESS); - return; + argset.getFixed().addIntegerValue("maxCount", maxCount); + + try { + form.getOutput(argset); + resp.setContentType("text/html"); + form.renderOutput(resp.getOutputStream(), argset); + } catch (IOException e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + } + cmsReq.setStatus(CMSRequest.SUCCESS); + return; } /** * Perform search based on direction button pressed - * @param filter ldap filter indicating which VLV to search through. This can be - * 'all requests', 'pending', etc + * + * @param filter ldap filter indicating which VLV to search through. This + * can be 'all requests', 'pending', etc * @param count the number of requests to show per page - * @param direction either 'begin', 'end', 'previous' or 'next' (defaults to end) - * @param top the number of the request shown on at the top of the current page - * @param bottom the number of the request shown on at the bottom of the current page - * @return + * @param direction either 'begin', 'end', 'previous' or 'next' (defaults to + * end) + * @param top the number of the request shown on at the top of the current + * page + * @param bottom the number of the request shown on at the bottom of the + * current page + * @return */ - + private CMSTemplateParams doSearch(Locale l, String filter, - int count, String direction, int top, int bottom) - { - CMSTemplateParams ctp = null; - if (direction.equals("previous")) { - ctp = doSearch(l, filter, -count, top-1); - } else if (direction.equals("next")) { - ctp = doSearch(l,filter, count, bottom+1); - } else if (direction.equals("begin")) { - ctp = doSearch(l,filter, count, 0); - } else if (direction.equals("first")) { - ctp = doSearch(l,filter, count, bottom); - } else { // if 'direction is 'end', default here - ctp = doSearch(l,filter, -count, -1); - } - return ctp; + int count, String direction, int top, int bottom) { + CMSTemplateParams ctp = null; + if (direction.equals("previous")) { + ctp = doSearch(l, filter, -count, top - 1); + } else if (direction.equals("next")) { + ctp = doSearch(l, filter, count, bottom + 1); + } else if (direction.equals("begin")) { + ctp = doSearch(l, filter, count, 0); + } else if (direction.equals("first")) { + ctp = doSearch(l, filter, count, bottom); + } else { // if 'direction is 'end', default here + ctp = doSearch(l, filter, -count, -1); + } + return ctp; } - - - - /** - * - * @param locale - * @param filter the types of requests to return - this must match the VLV index - * @param count maximum number of records to return - * @param marker indication of the request ID where the page is anchored - * @return - */ + + /** + * + * @param locale + * @param filter the types of requests to return - this must match the VLV + * index + * @param count maximum number of records to return + * @param marker indication of the request ID where the page is anchored + * @return + */ private CMSTemplateParams doSearch( - Locale locale, - String filter, - int count, - int marker) { - - IArgBlock header = CMS.createArgBlock(); - IArgBlock context = CMS.createArgBlock(); - CMSTemplateParams argset = new CMSTemplateParams(header, context); - - try { - long startTime = CMS.getCurrentDate().getTime(); - // preserve the type of request that we are - // requesting. - - header.addStringValue(OUT_AUTHORITY_ID, mAuthority.getId()); - header.addStringValue(OUT_REQUESTING_USER, "admin"); - - - boolean jumptoend = false; - if (marker == -1) { - marker = 0; // I think this is inconsequential - jumptoend = true; // override to '99' during search - } - - RequestId id = new RequestId(Integer.toString(marker)); - IRequestVirtualList list = mQueue.getPagedRequestsByFilter( - id, - jumptoend, - filter, - count+1, - "requestId"); - - int totalCount = list.getSize() - list.getCurrentIndex(); - header.addIntegerValue(OUT_TOTALCOUNT, totalCount); - header.addIntegerValue(OUT_CURRENTCOUNT, list.getSize()); - - int numEntries = list.getSize() - list.getCurrentIndex(); - - Vector v = fetchRecords(list,Math.abs(count)); - v = normalizeOrder(v); - trim(v,id); - - - int currentCount = 0; - int curNum = 0; - int firstNum = -1; - Enumeration requests = v.elements(); - - while (requests.hasMoreElements()) { - IRequest request = null; - try { - request = (IRequest) requests.nextElement(); - } catch (Exception e) { - CMS.debug("Error displaying request:"+e.getMessage()); - // handled below - } - if (request == null) { - log(ILogger.LL_WARN, "Error display request on page"); - continue; - } - - curNum = Integer.parseInt( - request.getRequestId().toString()); - - if (firstNum == -1) { - firstNum = curNum; - } - - IArgBlock rec = CMS.createArgBlock(); - mParser.fillRequestIntoArg(locale, request, argset, rec); - mQueue.releaseRequest(request); - argset.addRepeatRecord(rec); - - currentCount++; - - }// while - long endTime = CMS.getCurrentDate().getTime(); - - header.addIntegerValue(OUT_CURRENTCOUNT, currentCount); - header.addStringValue("time", Long.toString(endTime - startTime)); - header.addIntegerValue(OUT_FIRST_ENTRY_ON_PAGE, firstNum); - header.addIntegerValue(OUT_LAST_ENTRY_ON_PAGE, curNum); - - } catch (EBaseException e) { - header.addStringValue(OUT_ERROR, e.toString(locale)); - } catch (Exception e) { - } - return argset; - + Locale locale, + String filter, + int count, + int marker) { + + IArgBlock header = CMS.createArgBlock(); + IArgBlock context = CMS.createArgBlock(); + CMSTemplateParams argset = new CMSTemplateParams(header, context); + + try { + long startTime = CMS.getCurrentDate().getTime(); + // preserve the type of request that we are + // requesting. + + header.addStringValue(OUT_AUTHORITY_ID, mAuthority.getId()); + header.addStringValue(OUT_REQUESTING_USER, "admin"); + + boolean jumptoend = false; + if (marker == -1) { + marker = 0; // I think this is inconsequential + jumptoend = true; // override to '99' during search + } + + RequestId id = new RequestId(Integer.toString(marker)); + IRequestVirtualList list = mQueue.getPagedRequestsByFilter( + id, + jumptoend, + filter, + count + 1, + "requestId"); + + int totalCount = list.getSize() - list.getCurrentIndex(); + header.addIntegerValue(OUT_TOTALCOUNT, totalCount); + header.addIntegerValue(OUT_CURRENTCOUNT, list.getSize()); + + int numEntries = list.getSize() - list.getCurrentIndex(); + + Vector v = fetchRecords(list, Math.abs(count)); + v = normalizeOrder(v); + trim(v, id); + + int currentCount = 0; + int curNum = 0; + int firstNum = -1; + Enumeration requests = v.elements(); + + while (requests.hasMoreElements()) { + IRequest request = null; + try { + request = (IRequest) requests.nextElement(); + } catch (Exception e) { + CMS.debug("Error displaying request:" + e.getMessage()); + // handled below + } + if (request == null) { + log(ILogger.LL_WARN, "Error display request on page"); + continue; + } + + curNum = Integer.parseInt( + request.getRequestId().toString()); + + if (firstNum == -1) { + firstNum = curNum; + } + + IArgBlock rec = CMS.createArgBlock(); + mParser.fillRequestIntoArg(locale, request, argset, rec); + mQueue.releaseRequest(request); + argset.addRepeatRecord(rec); + + currentCount++; + + }// while + long endTime = CMS.getCurrentDate().getTime(); + + header.addIntegerValue(OUT_CURRENTCOUNT, currentCount); + header.addStringValue("time", Long.toString(endTime - startTime)); + header.addIntegerValue(OUT_FIRST_ENTRY_ON_PAGE, firstNum); + header.addIntegerValue(OUT_LAST_ENTRY_ON_PAGE, curNum); + + } catch (EBaseException e) { + header.addStringValue(OUT_ERROR, e.toString(locale)); + } catch (Exception e) { + } + return argset; + } /** * If the vector contains the marker element at the end, remove it. - * @param v The vector to trim - * @param marker the marker to look for. + * + * @param v The vector to trim + * @param marker the marker to look for. + */ + private void trim(Vector v, RequestId marker) { + int i = v.size() - 1; + if (((IRequest) v.elementAt(i)).getRequestId().equals(marker)) { + v.remove(i); + } + + } + + /** + * Sometimes the list comes back from LDAP in reverse order. This function + * makes sure the results are in 'forward' order. + * + * @param list + * @return */ - private void trim(Vector v, RequestId marker) { - int i = v.size()-1; - if (((IRequest)v.elementAt(i)).getRequestId().equals(marker)) { - v.remove(i); - } - - } - - /** - * Sometimes the list comes back from LDAP in reverse order. This function makes - * sure the results are in 'forward' order. - * @param list - * @return - */ private Vector fetchRecords(IRequestVirtualList list, int maxCount) { - - Vector v = new Vector(); - int count = list.getSize(); - int c=0; - for (int i=0; i<count; i++) { - IRequest request = list.getElementAt(i); - if (request != null) { - v.add(request); - c++; - } - if (c >= maxCount) break; - } - - return v; + + Vector v = new Vector(); + int count = list.getSize(); + int c = 0; + for (int i = 0; i < count; i++) { + IRequest request = list.getElementAt(i); + if (request != null) { + v.add(request); + c++; + } + if (c >= maxCount) + break; + } + + return v; } /** * If the requests are in backwards order, reverse the list + * * @param list * @return */ private Vector normalizeOrder(Vector list) { - - int firstrequestnum = Integer.parseInt(((IRequest) list.elementAt(0)) - .getRequestId().toString()); - int lastrequestnum = Integer.parseInt(((IRequest) list.elementAt(list - .size() - 1)).getRequestId().toString()); - boolean reverse = false; - if (firstrequestnum > lastrequestnum) { - reverse = true; // if the order is backwards, place items at the beginning - } - Vector v = new Vector(); - int count = list.size(); - for (int i = 0; i < count; i++) { - Object request = list.elementAt(i); - if (request != null) { - if (reverse) - v.add(0, request); - else - v.add(request); - } - } - - return v; + + int firstrequestnum = Integer.parseInt(((IRequest) list.elementAt(0)) + .getRequestId().toString()); + int lastrequestnum = Integer.parseInt(((IRequest) list.elementAt(list + .size() - 1)).getRequestId().toString()); + boolean reverse = false; + if (firstrequestnum > lastrequestnum) { + reverse = true; // if the order is backwards, place items at the + // beginning + } + Vector v = new Vector(); + int count = list.size(); + for (int i = 0; i < count; i++) { + Object request = list.elementAt(i); + if (request != null) { + if (reverse) + v.add(0, request); + else + v.add(request); + } + } + + return v; } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/ReqParser.java b/pki/base/common/src/com/netscape/cms/servlet/request/ReqParser.java index 29414ca5..00f95ec2 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/ReqParser.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/ReqParser.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.request; - import java.util.Locale; import com.netscape.certsrv.base.EBaseException; @@ -26,11 +25,10 @@ import com.netscape.certsrv.base.SessionContext; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.servlet.common.CMSTemplateParams; - /** * A class representing a request parser. * <P> - * + * * @version $Revision$, $Date$ */ public class ReqParser implements IReqParser { @@ -51,29 +49,30 @@ public class ReqParser implements IReqParser { * Maps request object into argument block. */ public void fillRequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg) - throws EBaseException { + throws EBaseException { arg.addStringValue(TYPE, req.getRequestType()); - arg.addLongValue("seqNum", - Long.parseLong(req.getRequestId().toString())); - arg.addStringValue(STATUS, - req.getRequestStatus().toString()); - arg.addLongValue(CREATE_ON, - req.getCreationTime().getTime() / 1000); - arg.addLongValue(UPDATE_ON, - req.getModificationTime().getTime() / 1000); + arg.addLongValue("seqNum", + Long.parseLong(req.getRequestId().toString())); + arg.addStringValue(STATUS, + req.getRequestStatus().toString()); + arg.addLongValue(CREATE_ON, + req.getCreationTime().getTime() / 1000); + arg.addLongValue(UPDATE_ON, + req.getModificationTime().getTime() / 1000); String updatedBy = req.getExtDataInString(IRequest.UPDATED_BY); - if (updatedBy == null) updatedBy = ""; + if (updatedBy == null) + updatedBy = ""; arg.addStringValue(UPDATE_BY, updatedBy); SessionContext ctx = SessionContext.getContext(); - String id = (String) ctx.get(SessionContext.USER_ID); + String id = (String) ctx.get(SessionContext.USER_ID); arg.addStringValue("callerName", id); - + String owner = req.getRequestOwner(); - if (owner != null) + if (owner != null) arg.addStringValue("assignedTo", owner); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/SearchReqs.java b/pki/base/common/src/com/netscape/cms/servlet/request/SearchReqs.java index 04b21440..c660be24 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/SearchReqs.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/SearchReqs.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.request; - import java.io.IOException; import java.math.BigInteger; import java.util.Date; @@ -48,10 +47,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Search for certificates matching complex query filter - * + * * @version $Revision$, $Date$ */ public class SearchReqs extends CMSServlet { @@ -90,8 +88,9 @@ public class SearchReqs extends CMSServlet { } /** - * initialize the servlet. This servlet uses queryReq.template - * to render the response + * initialize the servlet. This servlet uses queryReq.template to render the + * response + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -154,10 +153,8 @@ public class SearchReqs extends CMSServlet { /** * Serves HTTP request. This format of this request is as follows: - * queryCert? - * [maxCount=<number>] - * [queryFilter=<filter>] - * [revokeAll=<filter>] + * queryCert? [maxCount=<number>] [queryFilter=<filter>] + * [revokeAll=<filter>] */ public void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest req = cmsReq.getHttpReq(); @@ -172,10 +169,10 @@ public class SearchReqs extends CMSServlet { mAuthzResourceName, "list"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -198,10 +195,10 @@ public class SearchReqs extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } try { @@ -215,10 +212,10 @@ public class SearchReqs extends CMSServlet { timeLimit = Integer.parseInt(timeLimitStr); process(argSet, header, req.getParameter("queryRequestFilter"), authToken, - maxResults, timeLimit, req, resp, locale[0]); + maxResults, timeLimit, req, resp, locale[0]); } catch (NumberFormatException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); - error = new EBaseException(CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT")); + error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT")); } catch (EBaseException e) { error = e; } @@ -229,33 +226,33 @@ public class SearchReqs extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - cmsReq.setStatus(CMSRequest.SUCCESS); - resp.setContentType("text/html"); - form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } /** * Process the key search. */ - private void process(CMSTemplateParams argSet, IArgBlock header, - String filter, IAuthToken token, - int maxResults, int timeLimit, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) - throws EBaseException { + private void process(CMSTemplateParams argSet, IArgBlock header, + String filter, IAuthToken token, + int maxResults, int timeLimit, + HttpServletRequest req, HttpServletResponse resp, + Locale locale) + throws EBaseException { try { long startTime = CMS.getCurrentDate().getTime(); @@ -272,12 +269,12 @@ public class SearchReqs extends CMSServlet { } else { if (owner.equals("self")) { String self_uid = token.getInString(IAuthToken.USER_ID); - requestowner_filter = "(requestowner="+self_uid+")"; + requestowner_filter = "(requestowner=" + self_uid + ")"; } else { String uid = req.getParameter("uid"); - requestowner_filter = "(requestowner="+uid+")"; + requestowner_filter = "(requestowner=" + uid + ")"; } - newfilter = "(&"+requestowner_filter+filter.substring(2); + newfilter = "(&" + requestowner_filter + filter.substring(2); } // xxx the filter includes serial number range??? if (maxResults == -1 || maxResults > mMaxReturns) { @@ -289,8 +286,8 @@ public class SearchReqs extends CMSServlet { timeLimit = mTimeLimits; } IRequestList list = (timeLimit > 0) ? - mQueue.listRequestsByFilter(newfilter, maxResults, timeLimit) : - mQueue.listRequestsByFilter(newfilter, maxResults); + mQueue.listRequestsByFilter(newfilter, maxResults, timeLimit) : + mQueue.listRequestsByFilter(newfilter, maxResults); int count = 0; @@ -323,7 +320,8 @@ public class SearchReqs extends CMSServlet { int i = filter.indexOf(CURRENT_TIME, k); while (i > -1) { - if (now == null) now = new Date(); + if (now == null) + now = new Date(); newFilter.append(filter.substring(k, i)); newFilter.append(now.getTime()); k = i + CURRENT_TIME.length(); diff --git a/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java b/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java index ca785565..d9919723 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java @@ -50,14 +50,11 @@ import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.symkey.SessionKey; - - /** - * A class representings an administration servlet for Token Key - * Service Authority. This servlet is responsible to serve - * tks administrative operation such as configuration - * parameter updates. - * + * A class representings an administration servlet for Token Key Service + * Authority. This servlet is responsible to serve tks administrative operation + * such as configuration parameter updates. + * * @version $Revision$, $Date$ */ public class TokenServlet extends CMSServlet { @@ -66,66 +63,53 @@ public class TokenServlet extends CMSServlet { */ private static final long serialVersionUID = 8687436109695172791L; protected static final String PROP_ENABLED = "enabled"; - protected static final String TRANSPORT_KEY_NAME ="sharedSecret"; + protected static final String TRANSPORT_KEY_NAME = "sharedSecret"; private final static String INFO = "TokenServlet"; public static int ERROR = 1; private ITKSAuthority mTKS = null; private String mSelectedToken = null; private String mNewSelectedToken = null; String mKeyNickName = null; - String mNewKeyNickName = null; + String mNewKeyNickName = null; private final static String LOGGING_SIGNED_AUDIT_CONFIG_DRM = - "LOGGING_SIGNED_AUDIT_CONFIG_DRM_3"; + "LOGGING_SIGNED_AUDIT_CONFIG_DRM_3"; IPrettyPrintFormat pp = CMS.getPrettyPrintFormat(":"); - private final static String - LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST = - "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_3"; - - private final static String - LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS = - "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS_8"; + private final static String LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST = + "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_3"; - private final static String - LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE = - "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE_9"; + private final static String LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS = + "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS_8"; - private final static String - LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST = - "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_5"; + private final static String LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE = + "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE_9"; - private final static String - LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS = - "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS_6"; + private final static String LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST = + "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_5"; - private final static String - LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE = - "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE_7"; + private final static String LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS = + "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS_6"; + private final static String LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE = + "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE_7"; - private final static String - LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST = - "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_4"; + private final static String LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST = + "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_4"; - private final static String - LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS = - "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS_7"; + private final static String LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS = + "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS_7"; - private final static String - LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE = - "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE_8"; + private final static String LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE = + "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE_8"; - private final static String - LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST = - "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_2"; + private final static String LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST = + "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_2"; - private final static String - LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS = - "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS_3"; + private final static String LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS = + "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS_3"; - private final static String - LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE = - "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE_4"; + private final static String LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE = + "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE_4"; /** * Constructs tks servlet. @@ -135,14 +119,13 @@ public class TokenServlet extends CMSServlet { } - public static String trim(String a) - { - StringBuffer newa = new StringBuffer(); + public static String trim(String a) { + StringBuffer newa = new StringBuffer(); StringTokenizer tokens = new StringTokenizer(a, "\n"); - while (tokens.hasMoreTokens()) { - newa.append(tokens.nextToken()); - } - return newa.toString(); + while (tokens.hasMoreTokens()) { + newa.append(tokens.nextToken()); + } + return newa.toString(); } public void init(ServletConfig config) throws ServletException { @@ -151,18 +134,19 @@ public class TokenServlet extends CMSServlet { /** * Returns serlvet information. - * + * * @return name of this servlet */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } - /** - * Process the HTTP request. - * + + /** + * Process the HTTP request. + * * @param s The URL to decode. */ - protected String URLdecode(String s) { + protected String URLdecode(String s) { if (s == null) return null; ByteArrayOutputStream out = new ByteArrayOutputStream(s.length()); @@ -182,62 +166,59 @@ public class TokenServlet extends CMSServlet { } } // end for return out.toString(); - } + } + + private void setDefaultSlotAndKeyName(HttpServletRequest req) { + try { - private void setDefaultSlotAndKeyName(HttpServletRequest req) - { - try { + String keySet = req.getParameter("keySet"); + if (keySet == null || keySet.equals("")) { + keySet = "defKeySet"; + } + CMS.debug("keySet selected: " + keySet); - String keySet = req.getParameter("keySet"); - if (keySet == null || keySet.equals("")) { - keySet = "defKeySet"; - } - CMS.debug("keySet selected: " + keySet); + mNewSelectedToken = null; - mNewSelectedToken = null; - - mSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot"); - String masterKeyPrefix = CMS.getConfigStore().getString("tks.master_key_prefix", null); - String temp = req.getParameter("KeyInfo"); //#xx#xx - String keyInfoMap = "tks." + keySet + ".mk_mappings." + temp; - String mappingValue = CMS.getConfigStore().getString(keyInfoMap, null); - if(mappingValue!=null) - { - StringTokenizer st = new StringTokenizer(mappingValue, ":"); - int tokenNumber=0; - while (st.hasMoreTokens()) { - - String currentToken= st.nextToken(); - if(tokenNumber==0) - mSelectedToken = currentToken; - else if(tokenNumber==1) - mKeyNickName = currentToken; - tokenNumber++; - - } + mSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot"); + String masterKeyPrefix = CMS.getConfigStore().getString("tks.master_key_prefix", null); + String temp = req.getParameter("KeyInfo"); // #xx#xx + String keyInfoMap = "tks." + keySet + ".mk_mappings." + temp; + String mappingValue = CMS.getConfigStore().getString(keyInfoMap, null); + if (mappingValue != null) { + StringTokenizer st = new StringTokenizer(mappingValue, ":"); + int tokenNumber = 0; + while (st.hasMoreTokens()) { + + String currentToken = st.nextToken(); + if (tokenNumber == 0) + mSelectedToken = currentToken; + else if (tokenNumber == 1) + mKeyNickName = currentToken; + tokenNumber++; + + } } - if(req.getParameter("newKeyInfo")!=null) // for diversification + if (req.getParameter("newKeyInfo") != null) // for diversification { - temp = req.getParameter("newKeyInfo"); //#xx#xx - String newKeyInfoMap = "tks." + keySet + ".mk_mappings." + temp; - String newMappingValue = CMS.getConfigStore().getString(newKeyInfoMap, null); - if(newMappingValue!=null) - { - StringTokenizer st = new StringTokenizer(newMappingValue, ":"); - int tokenNumber=0; - while (st.hasMoreTokens()) { - String currentToken= st.nextToken(); - if(tokenNumber==0) - mNewSelectedToken = currentToken; - else if(tokenNumber==1) - mNewKeyNickName = currentToken; - tokenNumber++; - - } + temp = req.getParameter("newKeyInfo"); // #xx#xx + String newKeyInfoMap = "tks." + keySet + ".mk_mappings." + temp; + String newMappingValue = CMS.getConfigStore().getString(newKeyInfoMap, null); + if (newMappingValue != null) { + StringTokenizer st = new StringTokenizer(newMappingValue, ":"); + int tokenNumber = 0; + while (st.hasMoreTokens()) { + String currentToken = st.nextToken(); + if (tokenNumber == 0) + mNewSelectedToken = currentToken; + else if (tokenNumber == 1) + mNewKeyNickName = currentToken; + tokenNumber++; + + } } - } + } - SessionKey.SetDefaultPrefix(masterKeyPrefix); + SessionKey.SetDefaultPrefix(masterKeyPrefix); } catch (Exception e) { e.printStackTrace(); @@ -247,9 +228,8 @@ public class TokenServlet extends CMSServlet { } private void processComputeSessionKey(HttpServletRequest req, - HttpServletResponse resp) throws EBaseException - { - byte[] card_challenge ,host_challenge,keyInfo, xCUID, CUID, session_key; + HttpServletResponse resp) throws EBaseException { + byte[] card_challenge, host_challenge, keyInfo, xCUID, CUID, session_key; byte[] card_crypto, host_cryptogram, input_card_crypto; byte[] xcard_challenge, xhost_challenge; byte[] enc_session_key, xkeyInfo; @@ -257,18 +237,18 @@ public class TokenServlet extends CMSServlet { String errorMsg = ""; String badParams = ""; String transportKeyName = ""; - - String rCUID = req.getParameter("CUID"); + + String rCUID = req.getParameter("CUID"); String keySet = req.getParameter("keySet"); if (keySet == null || keySet.equals("")) { - keySet = "defKeySet"; + keySet = "defKeySet"; } CMS.debug("keySet selected: " + keySet); boolean serversideKeygen = false; byte[] drm_trans_wrapped_desKey = null; - PK11SymKey desKey = null; - // PK11SymKey kek_session_key; + PK11SymKey desKey = null; + // PK11SymKey kek_session_key; PK11SymKey kek_key; IConfigStore sconfig = CMS.getConfigStore(); @@ -278,14 +258,14 @@ public class TokenServlet extends CMSServlet { card_crypto = null; host_cryptogram = null; enc_session_key = null; - // kek_session_key = null; + // kek_session_key = null; SessionContext sContext = SessionContext.getContext(); - String agentId=""; + String agentId = ""; if (sContext != null) { agentId = - (String) sContext.get(SessionContext.USER_ID); + (String) sContext.get(SessionContext.USER_ID); } auditMessage = CMS.getLogMessage( @@ -297,19 +277,19 @@ public class TokenServlet extends CMSServlet { audit(auditMessage); String kek_wrapped_desKeyString = null; - String keycheck_s = null; + String keycheck_s = null; CMS.debug("processComputeSessionKey:"); String useSoftToken_s = CMS.getConfigStore().getString("tks.useSoftToken", "true"); - if (!useSoftToken_s.equalsIgnoreCase("true")) - useSoftToken_s = "false"; + if (!useSoftToken_s.equalsIgnoreCase("true")) + useSoftToken_s = "false"; - String rServersideKeygen = (String) req.getParameter("serversideKeygen"); + String rServersideKeygen = (String) req.getParameter("serversideKeygen"); if (rServersideKeygen.equals("true")) { - CMS.debug("TokenServlet: serversideKeygen requested"); - serversideKeygen = true; + CMS.debug("TokenServlet: serversideKeygen requested"); + serversideKeygen = true; } else { - CMS.debug("TokenServlet: serversideKeygen not requested"); + CMS.debug("TokenServlet: serversideKeygen not requested"); } try { @@ -318,13 +298,12 @@ public class TokenServlet extends CMSServlet { } try { - transportKeyName = sconfig.getString("tks.tksSharedSymKeyName",TRANSPORT_KEY_NAME); + transportKeyName = sconfig.getString("tks.tksSharedSymKeyName", TRANSPORT_KEY_NAME); } catch (EBaseException e) { } CMS.debug("TokenServlet: ComputeSessionKey(): tksSharedSymKeyName: " + transportKeyName); - String rcard_challenge = req.getParameter("card_challenge"); String rhost_challenge = req.getParameter("host_challenge"); String rKeyInfo = req.getParameter("KeyInfo"); @@ -353,7 +332,6 @@ public class TokenServlet extends CMSServlet { missingParam = true; } - String selectedToken = null; String keyNickName = null; boolean sameCardCrypto = true; @@ -362,48 +340,48 @@ public class TokenServlet extends CMSServlet { xCUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID); if (xCUID == null || xCUID.length != 10) { - badParams += " CUID length,"; - CMS.debug("TokenServlet: Invalid CUID length"); - missingParam = true; + badParams += " CUID length,"; + CMS.debug("TokenServlet: Invalid CUID length"); + missingParam = true; } xkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo); if (xkeyInfo == null || xkeyInfo.length != 2) { - badParams += " KeyInfo length,"; - CMS.debug("TokenServlet: Invalid key info length."); - missingParam = true; + badParams += " KeyInfo length,"; + CMS.debug("TokenServlet: Invalid key info length."); + missingParam = true; } - xcard_challenge = - com.netscape.cmsutil.util.Utils.SpecialDecode(rcard_challenge); + xcard_challenge = + com.netscape.cmsutil.util.Utils.SpecialDecode(rcard_challenge); if (xcard_challenge == null || xcard_challenge.length != 8) { - badParams += " card_challenge length,"; - CMS.debug("TokenServlet: Invalid card challenge length."); - missingParam = true; + badParams += " card_challenge length,"; + CMS.debug("TokenServlet: Invalid card challenge length."); + missingParam = true; } - + xhost_challenge = com.netscape.cmsutil.util.Utils.SpecialDecode(rhost_challenge); if (xhost_challenge == null || xhost_challenge.length != 8) { - badParams += " host_challenge length,"; - CMS.debug("TokenServlet: Invalid host challenge length"); - missingParam = true; + badParams += " host_challenge length,"; + CMS.debug("TokenServlet: Invalid host challenge length"); + missingParam = true; } - + } CUID = null; if (!missingParam) { - card_challenge = - com.netscape.cmsutil.util.Utils.SpecialDecode(rcard_challenge); - + card_challenge = + com.netscape.cmsutil.util.Utils.SpecialDecode(rcard_challenge); + host_challenge = com.netscape.cmsutil.util.Utils.SpecialDecode(rhost_challenge); keyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo); - CUID =com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID); + CUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID); - String keyInfoMap = "tks." + keySet + ".mk_mappings." + rKeyInfo; //#xx#xx + String keyInfoMap = "tks." + keySet + ".mk_mappings." + rKeyInfo; // #xx#xx String mappingValue = CMS.getConfigStore().getString(keyInfoMap, null); if (mappingValue == null) { - selectedToken = - CMS.getConfigStore().getString("tks.defaultSlot", "internal"); + selectedToken = + CMS.getConfigStore().getString("tks.defaultSlot", "internal"); keyNickName = rKeyInfo; } else { StringTokenizer st = new StringTokenizer(mappingValue, ":"); @@ -419,133 +397,130 @@ public class TokenServlet extends CMSServlet { byte macKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".mac_key")); CMS.debug("TokenServlet about to try ComputeSessionKey selectedToken=" + selectedToken + " keyNickName=" + keyNickName); - session_key = SessionKey.ComputeSessionKey( - selectedToken,keyNickName,card_challenge, - host_challenge,keyInfo,CUID, macKeyArray, useSoftToken_s, keySet, transportKeyName ); + session_key = SessionKey.ComputeSessionKey( + selectedToken, keyNickName, card_challenge, + host_challenge, keyInfo, CUID, macKeyArray, useSoftToken_s, keySet, transportKeyName); - if(session_key == null) - { + if (session_key == null) { CMS.debug("TokenServlet:Tried ComputeSessionKey, got NULL "); - throw new Exception("Can't compute session key!"); + throw new Exception("Can't compute session key!"); - } + } byte encKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".auth_key")); enc_session_key = SessionKey.ComputeEncSessionKey( - selectedToken,keyNickName,card_challenge, - host_challenge,keyInfo,CUID, encKeyArray, useSoftToken_s, keySet); + selectedToken, keyNickName, card_challenge, + host_challenge, keyInfo, CUID, encKeyArray, useSoftToken_s, keySet); - if(enc_session_key == null) - { + if (enc_session_key == null) { CMS.debug("TokenServlet:Tried ComputeEncSessionKey, got NULL "); - throw new Exception("Can't compute enc session key!"); - + throw new Exception("Can't compute enc session key!"); + } if (serversideKeygen == true) { /** - * 0. generate des key - * 1. encrypt des key with kek key - * 2. encrypt des key with DRM transport key - * These two wrapped items are to be sent back to - * TPS. 2nd item is to DRM + * 0. generate des key 1. encrypt des key with kek key + * 2. encrypt des key with DRM transport key These two + * wrapped items are to be sent back to TPS. 2nd item is + * to DRM **/ CMS.debug("TokenServlet: calling ComputeKekKey"); - byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key")); - + byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key")); kek_key = SessionKey.ComputeKekKey( - selectedToken,keyNickName,card_challenge, - host_challenge,keyInfo,CUID, kekKeyArray, useSoftToken_s,keySet); - + selectedToken, keyNickName, card_challenge, + host_challenge, keyInfo, CUID, kekKeyArray, useSoftToken_s, keySet); CMS.debug("TokenServlet: called ComputeKekKey"); - if(kek_key == null) - { + if (kek_key == null) { CMS.debug("TokenServlet:Tried ComputeKekKey, got NULL "); - throw new Exception("Can't compute kek key!"); - + throw new Exception("Can't compute kek key!"); + } // now use kek key to wrap kek session key.. - CMS.debug("computeSessionKey:kek key len ="+ - kek_key.getLength()); - - // (1) generate DES key - /* applet does not support DES3 - org.mozilla.jss.crypto.KeyGenerator kg = - internalToken.getKeyGenerator(KeyGenAlgorithm.DES3); - desKey = kg.generate();*/ - - /* - * XXX GenerateSymkey firt generates a 16 byte DES2 key. - * It then pads it into a 24 byte key with last - * 8 bytes copied from the 1st 8 bytes. Effectively - * making it a 24 byte DES2 key. We need this for - * wrapping private keys on DRM. - */ - /*generate it on whichever token the master key is at*/ - if (useSoftToken_s.equals("true")) { - CMS.debug("TokenServlet: key encryption key generated on internal"); -//cfu audit here? sym key gen - desKey = SessionKey.GenerateSymkey("internal"); -//cfu audit here? sym key gen done + CMS.debug("computeSessionKey:kek key len =" + + kek_key.getLength()); + + // (1) generate DES key + /* + * applet does not support DES3 + * org.mozilla.jss.crypto.KeyGenerator kg = + * internalToken.getKeyGenerator(KeyGenAlgorithm.DES3); + * desKey = kg.generate(); + */ + + /* + * XXX GenerateSymkey firt generates a 16 byte DES2 key. + * It then pads it into a 24 byte key with last 8 bytes + * copied from the 1st 8 bytes. Effectively making it a + * 24 byte DES2 key. We need this for wrapping private + * keys on DRM. + */ + /* generate it on whichever token the master key is at */ + if (useSoftToken_s.equals("true")) { + CMS.debug("TokenServlet: key encryption key generated on internal"); + // cfu audit here? sym key gen + desKey = SessionKey.GenerateSymkey("internal"); + // cfu audit here? sym key gen done } else { - CMS.debug("TokenServlet: key encryption key generated on " + selectedToken); - desKey = SessionKey.GenerateSymkey(selectedToken); + CMS.debug("TokenServlet: key encryption key generated on " + selectedToken); + desKey = SessionKey.GenerateSymkey(selectedToken); + } + if (desKey != null) + CMS.debug("TokenServlet: key encryption key generated for " + rCUID); + else { + CMS.debug("TokenServlet: key encryption key generation failed for " + rCUID); + throw new Exception("can't generate key encryption key"); } - if (desKey != null) - CMS.debug("TokenServlet: key encryption key generated for "+rCUID); - else { - CMS.debug("TokenServlet: key encryption key generation failed for "+rCUID); - throw new Exception ("can't generate key encryption key"); - } - - /* - * XXX ECBencrypt actually takes the 24 byte DES2 key - * and discard the last 8 bytes before it encrypts. - * This is done so that the applet can digest it - */ - byte[] encDesKey = - SessionKey.ECBencrypt( kek_key, - desKey); - /* - CMS.debug("computeSessionKey:encrypted desKey size = "+encDesKey.length); - CMS.debug(encDesKey); - */ + + /* + * XXX ECBencrypt actually takes the 24 byte DES2 key + * and discard the last 8 bytes before it encrypts. This + * is done so that the applet can digest it + */ + byte[] encDesKey = + SessionKey.ECBencrypt(kek_key, + desKey); + /* + * CMS.debug("computeSessionKey:encrypted desKey size = " + * +encDesKey.length); CMS.debug(encDesKey); + */ kek_wrapped_desKeyString = - com.netscape.cmsutil.util.Utils.SpecialEncode(encDesKey); - - // get keycheck - byte[] keycheck = - SessionKey.ComputeKeyCheck(desKey); - /* - CMS.debug("computeSessionKey:keycheck size = "+keycheck.length); - CMS.debug(keycheck); - */ - keycheck_s = - com.netscape.cmsutil.util.Utils.SpecialEncode(keycheck); - - //XXX use DRM transport cert to wrap desKey - String drmTransNickname = CMS.getConfigStore().getString("tks.drm_transport_cert_nickname", ""); - - if ((drmTransNickname == null) || (drmTransNickname == "")) { - CMS.debug("TokenServlet:did not find DRM transport certificate nickname"); - throw new Exception("can't find DRM transport certificate nickname"); - } else { - CMS.debug("TokenServlet:drmtransport_cert_nickname="+drmTransNickname); - } + com.netscape.cmsutil.util.Utils.SpecialEncode(encDesKey); + + // get keycheck + byte[] keycheck = + SessionKey.ComputeKeyCheck(desKey); + /* + * CMS.debug("computeSessionKey:keycheck size = "+keycheck + * .length); CMS.debug(keycheck); + */ + keycheck_s = + com.netscape.cmsutil.util.Utils.SpecialEncode(keycheck); + + // XXX use DRM transport cert to wrap desKey + String drmTransNickname = CMS.getConfigStore().getString("tks.drm_transport_cert_nickname", ""); + + if ((drmTransNickname == null) || (drmTransNickname == "")) { + CMS.debug("TokenServlet:did not find DRM transport certificate nickname"); + throw new Exception("can't find DRM transport certificate nickname"); + } else { + CMS.debug("TokenServlet:drmtransport_cert_nickname=" + drmTransNickname); + } X509Certificate drmTransCert = null; drmTransCert = CryptoManager.getInstance().findCertByNickname(drmTransNickname); // wrap kek session key with DRM transport public key - CryptoToken token = null; - if (useSoftToken_s.equals("true")) { - //token = CryptoManager.getInstance().getTokenByName(selectedToken); - token = CryptoManager.getInstance().getInternalCryptoToken(); + CryptoToken token = null; + if (useSoftToken_s.equals("true")) { + // token = + // CryptoManager.getInstance().getTokenByName(selectedToken); + token = CryptoManager.getInstance().getInternalCryptoToken(); } else { token = CryptoManager.getInstance().getTokenByName(selectedToken); } @@ -553,7 +528,7 @@ public class TokenServlet extends CMSServlet { String pubKeyAlgo = pubKey.getAlgorithm(); CMS.debug("Transport Cert Key Algorithm: " + pubKeyAlgo); KeyWrapper keyWrapper = null; - //For wrapping symmetric keys don't need IV, use ECB + // For wrapping symmetric keys don't need IV, use ECB if (pubKeyAlgo.equals("EC")) { keyWrapper = token.getKeyWrapper(KeyWrapAlgorithm.AES_ECB); keyWrapper.initWrap(pubKey, null); @@ -561,31 +536,29 @@ public class TokenServlet extends CMSServlet { keyWrapper = token.getKeyWrapper(KeyWrapAlgorithm.RSA); keyWrapper.initWrap(pubKey, null); } - CMS.debug("desKey token " + desKey.getOwningToken().getName() + " token: " + token.getName() ); + CMS.debug("desKey token " + desKey.getOwningToken().getName() + " token: " + token.getName()); drm_trans_wrapped_desKey = keyWrapper.wrap(desKey); - CMS.debug("computeSessionKey:desKey wrapped with drm transportation key."); + CMS.debug("computeSessionKey:desKey wrapped with drm transportation key."); } // if (serversideKeygen == true) byte authKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".auth_key")); host_cryptogram = SessionKey.ComputeCryptogram( - selectedToken,keyNickName,card_challenge, - host_challenge,keyInfo,CUID,0, authKeyArray, useSoftToken_s, keySet); + selectedToken, keyNickName, card_challenge, + host_challenge, keyInfo, CUID, 0, authKeyArray, useSoftToken_s, keySet); - if(host_cryptogram == null) - { + if (host_cryptogram == null) { CMS.debug("TokenServlet:Tried ComputeCryptogram, got NULL "); - throw new Exception("Can't compute host cryptogram!"); + throw new Exception("Can't compute host cryptogram!"); } card_crypto = SessionKey.ComputeCryptogram( - selectedToken,keyNickName,card_challenge, - host_challenge,keyInfo,CUID,1, authKeyArray, useSoftToken_s, keySet); + selectedToken, keyNickName, card_challenge, + host_challenge, keyInfo, CUID, 1, authKeyArray, useSoftToken_s, keySet); - if(card_crypto == null) - { + if (card_crypto == null) { CMS.debug("TokenServlet:Tried ComputeCryptogram, got NULL "); - throw new Exception("Can't compute card cryptogram!"); + throw new Exception("Can't compute card cryptogram!"); } @@ -595,9 +568,9 @@ public class TokenServlet extends CMSServlet { throw new Exception("Missing card cryptogram"); } input_card_crypto = - com.netscape.cmsutil.util.Utils.SpecialDecode(rcard_cryptogram); + com.netscape.cmsutil.util.Utils.SpecialDecode(rcard_cryptogram); if (card_crypto.length == input_card_crypto.length) { - for (int i=0; i<card_crypto.length; i++) { + for (int i = 0; i < card_crypto.length; i++) { if (card_crypto[i] != input_card_crypto[i]) { sameCardCrypto = false; break; @@ -611,15 +584,15 @@ public class TokenServlet extends CMSServlet { CMS.getLogger().log(ILogger.EV_AUDIT, ILogger.S_TKS, - ILogger.LL_INFO,"processComputeSessionKey for CUID=" + - trim(pp.toHexString(CUID))); - } catch (Exception e) { + ILogger.LL_INFO, "processComputeSessionKey for CUID=" + + trim(pp.toHexString(CUID))); + } catch (Exception e) { CMS.debug(e); CMS.debug("TokenServlet Computing Session Key: " + e.toString()); if (isCryptoValidate) sameCardCrypto = false; } - } + } } // ! missingParam String value = ""; @@ -632,34 +605,32 @@ public class TokenServlet extends CMSServlet { String cryptogram = ""; String status = "0"; if (session_key != null && session_key.length > 0) { - outputString = - com.netscape.cmsutil.util.Utils.SpecialEncode(session_key); - } else { - + outputString = + com.netscape.cmsutil.util.Utils.SpecialEncode(session_key); + } else { + status = "1"; } if (enc_session_key != null && enc_session_key.length > 0) { - encSessionKeyString = - com.netscape.cmsutil.util.Utils.SpecialEncode(enc_session_key); - } else { + encSessionKeyString = + com.netscape.cmsutil.util.Utils.SpecialEncode(enc_session_key); + } else { status = "1"; } - if (serversideKeygen == true) { - if ( drm_trans_wrapped_desKey != null && drm_trans_wrapped_desKey.length > 0) - drm_trans_wrapped_desKeyString = - com.netscape.cmsutil.util.Utils.SpecialEncode(drm_trans_wrapped_desKey); - else { - status = "1"; + if (drm_trans_wrapped_desKey != null && drm_trans_wrapped_desKey.length > 0) + drm_trans_wrapped_desKeyString = + com.netscape.cmsutil.util.Utils.SpecialEncode(drm_trans_wrapped_desKey); + else { + status = "1"; } - } + } - if (host_cryptogram != null && host_cryptogram.length > 0) { - cryptogram = - com.netscape.cmsutil.util.Utils.SpecialEncode(host_cryptogram); + cryptogram = + com.netscape.cmsutil.util.Utils.SpecialEncode(host_cryptogram); } else { status = "2"; } @@ -675,32 +646,30 @@ public class TokenServlet extends CMSServlet { if (missingParam) { status = "3"; } - - if (!status.equals("0")) { - - - if(status.equals("1")) { - errorMsg = "Problem generating session key info."; - } - - if(status.equals("2")) { - errorMsg = "Problem creating host_cryptogram."; - } - - if(status.equals("4")) { - errorMsg = "Problem obtaining token information."; - } - - if(status.equals("3")) { - if(badParams.endsWith(",")) { - badParams = badParams.substring(0,badParams.length() -1); - } - errorMsg = "Missing input parameters :" + badParams; - } - - value = "status="+status; - } - else { + + if (!status.equals("0")) { + + if (status.equals("1")) { + errorMsg = "Problem generating session key info."; + } + + if (status.equals("2")) { + errorMsg = "Problem creating host_cryptogram."; + } + + if (status.equals("4")) { + errorMsg = "Problem obtaining token information."; + } + + if (status.equals("3")) { + if (badParams.endsWith(",")) { + badParams = badParams.substring(0, badParams.length() - 1); + } + errorMsg = "Missing input parameters :" + badParams; + } + + value = "status=" + status; + } else { if (serversideKeygen == true) { StringBuffer sb = new StringBuffer(); sb.append("status=0&"); @@ -709,10 +678,10 @@ public class TokenServlet extends CMSServlet { sb.append("&hostCryptogram="); sb.append(cryptogram); sb.append("&encSessionKey="); - sb.append(encSessionKeyString); + sb.append(encSessionKeyString); sb.append("&kek_wrapped_desKey="); sb.append(kek_wrapped_desKeyString); - sb.append("&keycheck="); + sb.append("&keycheck="); sb.append(keycheck_s); sb.append("&drm_trans_wrapped_desKey="); sb.append(drm_trans_wrapped_desKeyString); @@ -722,19 +691,19 @@ public class TokenServlet extends CMSServlet { sb.append("status=0&"); sb.append("sessionKey="); sb.append(outputString); - sb.append("&hostCryptogram="); - sb.append(cryptogram); + sb.append("&hostCryptogram="); + sb.append(cryptogram); sb.append("&encSessionKey="); sb.append(encSessionKeyString); value = sb.toString(); } } - CMS.debug("TokenServlet:outputString.encode " +value); + CMS.debug("TokenServlet:outputString.encode " + value); - try{ + try { resp.setContentLength(value.length()); - CMS.debug("TokenServlet:outputString.length " +value.length()); + CMS.debug("TokenServlet:outputString.length " + value.length()); OutputStream ooss = resp.getOutputStream(); ooss.write(value.getBytes()); ooss.flush(); @@ -742,65 +711,65 @@ public class TokenServlet extends CMSServlet { } catch (IOException e) { CMS.debug("TokenServlet: " + e.toString()); } - - if(status.equals("0")) { - auditMessage = CMS.getLogMessage( + if (status.equals("0")) { + + auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, rCUID, ILogger.SUCCESS, status, agentId, - isCryptoValidate? "true":"false", - serversideKeygen? "true":"false", + isCryptoValidate ? "true" : "false", + serversideKeygen ? "true" : "false", selectedToken, keyNickName); } else { - auditMessage = CMS.getLogMessage( + auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE, rCUID, ILogger.FAILURE, status, agentId, - isCryptoValidate? "true":"false", - serversideKeygen? "true":"false", + isCryptoValidate ? "true" : "false", + serversideKeygen ? "true" : "false", selectedToken, keyNickName, errorMsg); - } - + } + audit(auditMessage); } private void processDiversifyKey(HttpServletRequest req, - HttpServletResponse resp) throws EBaseException { - byte[] KeySetData,KeysValues,CUID,xCUID; - byte[] xkeyInfo,xnewkeyInfo; + HttpServletResponse resp) throws EBaseException { + byte[] KeySetData, KeysValues, CUID, xCUID; + byte[] xkeyInfo, xnewkeyInfo; boolean missingParam = false; String errorMsg = ""; String badParams = ""; IConfigStore sconfig = CMS.getConfigStore(); - String rnewKeyInfo = req.getParameter("newKeyInfo"); + String rnewKeyInfo = req.getParameter("newKeyInfo"); String newMasterKeyName = req.getParameter("newKeyInfo"); String oldMasterKeyName = req.getParameter("KeyInfo"); - String rCUID =req.getParameter("CUID"); - String auditMessage=""; + String rCUID = req.getParameter("CUID"); + String auditMessage = ""; String keySet = req.getParameter("keySet"); if (keySet == null || keySet.equals("")) { - keySet = "defKeySet"; + keySet = "defKeySet"; } CMS.debug("keySet selected: " + keySet); SessionContext sContext = SessionContext.getContext(); - String agentId=""; + String agentId = ""; if (sContext != null) { agentId = - (String) sContext.get(SessionContext.USER_ID); + (String) sContext.get(SessionContext.USER_ID); } auditMessage = CMS.getLogMessage( @@ -813,7 +782,6 @@ public class TokenServlet extends CMSServlet { audit(auditMessage); - if ((rCUID == null) || (rCUID.equals(""))) { badParams += " CUID,"; CMS.debug("TokenServlet: processDiversifyKey(): missing request parameter: CUID"); @@ -824,130 +792,130 @@ public class TokenServlet extends CMSServlet { CMS.debug("TokenServlet: processDiversifyKey(): missing request parameter: newKeyInfo"); missingParam = true; } - if ((oldMasterKeyName == null) || (oldMasterKeyName.equals(""))){ + if ((oldMasterKeyName == null) || (oldMasterKeyName.equals(""))) { badParams += " KeyInfo,"; CMS.debug("TokenServlet: processDiversifyKey(): missing request parameter: KeyInfo"); missingParam = true; } if (!missingParam) { - xkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(oldMasterKeyName); - if (xkeyInfo == null || xkeyInfo.length != 2) { - badParams += " KeyInfo length,"; - CMS.debug("TokenServlet: Invalid key info length"); - missingParam = true; - } - xnewkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(newMasterKeyName); - if (xnewkeyInfo == null || xnewkeyInfo.length != 2) { - badParams += " NewKeyInfo length,"; - CMS.debug("TokenServlet: Invalid new key info length"); - missingParam = true; - } - } + xkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(oldMasterKeyName); + if (xkeyInfo == null || xkeyInfo.length != 2) { + badParams += " KeyInfo length,"; + CMS.debug("TokenServlet: Invalid key info length"); + missingParam = true; + } + xnewkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(newMasterKeyName); + if (xnewkeyInfo == null || xnewkeyInfo.length != 2) { + badParams += " NewKeyInfo length,"; + CMS.debug("TokenServlet: Invalid new key info length"); + missingParam = true; + } + } String useSoftToken_s = CMS.getConfigStore().getString("tks.useSoftToken", "true"); - if (!useSoftToken_s.equalsIgnoreCase("true")) - useSoftToken_s = "false"; + if (!useSoftToken_s.equalsIgnoreCase("true")) + useSoftToken_s = "false"; KeySetData = null; String outputString = null; if (!missingParam) { - xCUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID); - if (xCUID == null || xCUID.length != 10) { - badParams += " CUID length,"; - CMS.debug("TokenServlet: Invalid CUID length"); - missingParam = true; - } - } + xCUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID); + if (xCUID == null || xCUID.length != 10) { + badParams += " CUID length,"; + CMS.debug("TokenServlet: Invalid CUID length"); + missingParam = true; + } + } if (!missingParam) { - CUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID); - - if (mKeyNickName!=null) - oldMasterKeyName = mKeyNickName; - if (mNewKeyNickName!=null) - newMasterKeyName = mNewKeyNickName; - - String oldKeyInfoMap = "tks." + keySet + ".mk_mappings." + req.getParameter("KeyInfo"); //#xx#xx - String oldMappingValue = CMS.getConfigStore().getString(oldKeyInfoMap, null); - String oldSelectedToken = null; - String oldKeyNickName = null; - if (oldMappingValue == null) { - oldSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot", "internal"); - oldKeyNickName = req.getParameter("KeyInfo"); - } else { - StringTokenizer st = new StringTokenizer(oldMappingValue, ":"); - oldSelectedToken = st.nextToken(); - oldKeyNickName = st.nextToken(); - } - - String newKeyInfoMap = "tks.mk_mappings." + rnewKeyInfo; //#xx#xx - String newMappingValue = CMS.getConfigStore().getString(newKeyInfoMap, null); - String newSelectedToken = null; - String newKeyNickName = null; - if (newMappingValue == null) { - newSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot", "internal"); - newKeyNickName = rnewKeyInfo; - } else { - StringTokenizer st = new StringTokenizer(newMappingValue, ":"); - newSelectedToken = st.nextToken(); - newKeyNickName = st.nextToken(); - } - - CMS.debug("process DiversifyKey for oldSelectedToke="+ - oldSelectedToken + " newSelectedToken=" + newSelectedToken + - " oldKeyNickName=" + oldKeyNickName + " newKeyNickName=" + - newKeyNickName); - - byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key")); - KeySetData = SessionKey.DiversifyKey(oldSelectedToken, + CUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID); + + if (mKeyNickName != null) + oldMasterKeyName = mKeyNickName; + if (mNewKeyNickName != null) + newMasterKeyName = mNewKeyNickName; + + String oldKeyInfoMap = "tks." + keySet + ".mk_mappings." + req.getParameter("KeyInfo"); // #xx#xx + String oldMappingValue = CMS.getConfigStore().getString(oldKeyInfoMap, null); + String oldSelectedToken = null; + String oldKeyNickName = null; + if (oldMappingValue == null) { + oldSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot", "internal"); + oldKeyNickName = req.getParameter("KeyInfo"); + } else { + StringTokenizer st = new StringTokenizer(oldMappingValue, ":"); + oldSelectedToken = st.nextToken(); + oldKeyNickName = st.nextToken(); + } + + String newKeyInfoMap = "tks.mk_mappings." + rnewKeyInfo; // #xx#xx + String newMappingValue = CMS.getConfigStore().getString(newKeyInfoMap, null); + String newSelectedToken = null; + String newKeyNickName = null; + if (newMappingValue == null) { + newSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot", "internal"); + newKeyNickName = rnewKeyInfo; + } else { + StringTokenizer st = new StringTokenizer(newMappingValue, ":"); + newSelectedToken = st.nextToken(); + newKeyNickName = st.nextToken(); + } + + CMS.debug("process DiversifyKey for oldSelectedToke=" + + oldSelectedToken + " newSelectedToken=" + newSelectedToken + + " oldKeyNickName=" + oldKeyNickName + " newKeyNickName=" + + newKeyNickName); + + byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key")); + KeySetData = SessionKey.DiversifyKey(oldSelectedToken, newSelectedToken, oldKeyNickName, - newKeyNickName,rnewKeyInfo,CUID, kekKeyArray, useSoftToken_s, keySet); - - if (KeySetData == null || KeySetData.length<=1) { - CMS.getLogger().log(ILogger.EV_AUDIT, - ILogger.S_TKS, - ILogger.LL_INFO,"process DiversifyKey: Missing MasterKey in Slot"); - } - - CMS.getLogger().log(ILogger.EV_AUDIT, - ILogger.S_TKS, - ILogger.LL_INFO,"process DiversifyKey for CUID ="+ trim(pp.toHexString(CUID)) - + ";from oldMasterKeyName="+oldSelectedToken + ":" + oldKeyNickName - +";to newMasterKeyName="+newSelectedToken + ":" + newKeyNickName); - - resp.setContentType("text/html"); - - if (KeySetData != null) { - outputString = new String(KeySetData); - } + newKeyNickName, rnewKeyInfo, CUID, kekKeyArray, useSoftToken_s, keySet); + + if (KeySetData == null || KeySetData.length <= 1) { + CMS.getLogger().log(ILogger.EV_AUDIT, + ILogger.S_TKS, + ILogger.LL_INFO, "process DiversifyKey: Missing MasterKey in Slot"); + } + + CMS.getLogger().log(ILogger.EV_AUDIT, + ILogger.S_TKS, + ILogger.LL_INFO, "process DiversifyKey for CUID =" + trim(pp.toHexString(CUID)) + + ";from oldMasterKeyName=" + oldSelectedToken + ":" + oldKeyNickName + + ";to newMasterKeyName=" + newSelectedToken + ":" + newKeyNickName); + + resp.setContentType("text/html"); + + if (KeySetData != null) { + outputString = new String(KeySetData); + } } // ! missingParam - //CMS.debug("TokenServlet:processDiversifyKey " +outputString); - //String value="keySetData=%00" if the KeySetData=byte[0]=0; + // CMS.debug("TokenServlet:processDiversifyKey " +outputString); + // String value="keySetData=%00" if the KeySetData=byte[0]=0; String value = ""; String status = "0"; if (KeySetData != null && KeySetData.length > 1) { - value = "status=0&"+"keySetData=" + + value = "status=0&" + "keySetData=" + com.netscape.cmsutil.util.Utils.SpecialEncode(KeySetData); - CMS.debug("TokenServlet:process DiversifyKey.encode " +value); + CMS.debug("TokenServlet:process DiversifyKey.encode " + value); } else if (missingParam) { status = "3"; - if(badParams.endsWith(",")) { - badParams = badParams.substring(0,badParams.length() -1); + if (badParams.endsWith(",")) { + badParams = badParams.substring(0, badParams.length() - 1); } errorMsg = "Missing input parameters: " + badParams; value = "status=" + status; - } else { + } else { errorMsg = "Problem diversifying key data."; status = "1"; value = "status=" + status; } resp.setContentLength(value.length()); - CMS.debug("TokenServlet:outputString.length " +value.length()); + CMS.debug("TokenServlet:outputString.length " + value.length()); - try{ + try { OutputStream ooss = resp.getOutputStream(); ooss.write(value.getBytes()); ooss.flush(); @@ -956,9 +924,9 @@ public class TokenServlet extends CMSServlet { CMS.debug("TokenServlet:process DiversifyKey: " + e.toString()); } - if(status.equals("0")) { + if (status.equals("0")) { - auditMessage = CMS.getLogMessage( + auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, rCUID, ILogger.SUCCESS, @@ -969,7 +937,7 @@ public class TokenServlet extends CMSServlet { } else { - auditMessage = CMS.getLogMessage( + auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE, rCUID, ILogger.FAILURE, @@ -978,13 +946,13 @@ public class TokenServlet extends CMSServlet { oldMasterKeyName, newMasterKeyName, errorMsg); - } + } - audit(auditMessage); + audit(auditMessage); } private void processEncryptData(HttpServletRequest req, - HttpServletResponse resp) throws EBaseException { + HttpServletResponse resp) throws EBaseException { byte[] keyInfo, CUID, xCUID, encryptedData, xkeyInfo; boolean missingParam = false; byte[] data = null; @@ -1004,10 +972,10 @@ public class TokenServlet extends CMSServlet { SessionContext sContext = SessionContext.getContext(); - String agentId=""; + String agentId = ""; if (sContext != null) { agentId = - (String) sContext.get(SessionContext.USER_ID); + (String) sContext.get(SessionContext.USER_ID); } CMS.debug("keySet selected: " + keySet); @@ -1032,20 +1000,20 @@ public class TokenServlet extends CMSServlet { if (isRandom) { if ((rdata == null) || (rdata.equals(""))) { - CMS.debug("TokenServlet: processEncryptData(): no data in request. Generating random number as data"); + CMS.debug("TokenServlet: processEncryptData(): no data in request. Generating random number as data"); } else { - CMS.debug("TokenServlet: processEncryptData(): contain data in request, however, random generation on TKS is required. Generating..."); + CMS.debug("TokenServlet: processEncryptData(): contain data in request, however, random generation on TKS is required. Generating..."); } try { - SecureRandom random = SecureRandom.getInstance("SHA1PRNG"); - data = new byte[16]; - random.nextBytes(data); + SecureRandom random = SecureRandom.getInstance("SHA1PRNG"); + data = new byte[16]; + random.nextBytes(data); } catch (Exception e) { - CMS.debug("TokenServlet: processEncryptData():"+ e.toString()); - badParams += " Random Number,"; - missingParam = true; + CMS.debug("TokenServlet: processEncryptData():" + e.toString()); + badParams += " Random Number,"; + missingParam = true; } - } else if ((!isRandom) && (((rdata == null) || (rdata.equals(""))))){ + } else if ((!isRandom) && (((rdata == null) || (rdata.equals(""))))) { CMS.debug("TokenServlet: processEncryptData(): missing request parameter: data."); badParams += " data,"; missingParam = true; @@ -1056,75 +1024,74 @@ public class TokenServlet extends CMSServlet { CMS.debug("TokenServlet: processEncryptData(): missing request parameter: CUID"); missingParam = true; } - + if ((rKeyInfo == null) || (rKeyInfo.equals(""))) { badParams += " KeyInfo,"; CMS.debug("TokenServlet: processEncryptData(): missing request parameter: key info"); missingParam = true; } - if (!missingParam) { - xCUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID); - if (xCUID == null || xCUID.length != 10) { - badParams += " CUID length,"; - CMS.debug("TokenServlet: Invalid CUID length"); - missingParam = true; - } - xkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo); - if (xkeyInfo == null || xkeyInfo.length != 2) { - badParams += " KeyInfo length,"; - CMS.debug("TokenServlet: Invalid key info length"); - missingParam = true; - } + xCUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID); + if (xCUID == null || xCUID.length != 10) { + badParams += " CUID length,"; + CMS.debug("TokenServlet: Invalid CUID length"); + missingParam = true; + } + xkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo); + if (xkeyInfo == null || xkeyInfo.length != 2) { + badParams += " KeyInfo length,"; + CMS.debug("TokenServlet: Invalid key info length"); + missingParam = true; + } } - String useSoftToken_s = CMS.getConfigStore().getString("tks.useSoftToken","true"); - if (!useSoftToken_s.equalsIgnoreCase("true")) - useSoftToken_s = "false"; + String useSoftToken_s = CMS.getConfigStore().getString("tks.useSoftToken", "true"); + if (!useSoftToken_s.equalsIgnoreCase("true")) + useSoftToken_s = "false"; String selectedToken = null; String keyNickName = null; if (!missingParam) { - if (!isRandom) - data = com.netscape.cmsutil.util.Utils.SpecialDecode(rdata); - keyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo); - CUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID); - - String keyInfoMap = "tks." + keySet + ".mk_mappings." + rKeyInfo; - String mappingValue = CMS.getConfigStore().getString(keyInfoMap, null); - if (mappingValue == null) { - selectedToken = CMS.getConfigStore().getString("tks.defaultSlot", "internal"); - keyNickName = rKeyInfo; - } else { - StringTokenizer st = new StringTokenizer(mappingValue, ":"); - selectedToken = st.nextToken(); - keyNickName = st.nextToken(); - } - - byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key")); - encryptedData = SessionKey.EncryptData( - selectedToken,keyNickName,data,keyInfo,CUID, kekKeyArray, useSoftToken_s, keySet); - - CMS.getLogger().log(ILogger.EV_AUDIT, + if (!isRandom) + data = com.netscape.cmsutil.util.Utils.SpecialDecode(rdata); + keyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo); + CUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID); + + String keyInfoMap = "tks." + keySet + ".mk_mappings." + rKeyInfo; + String mappingValue = CMS.getConfigStore().getString(keyInfoMap, null); + if (mappingValue == null) { + selectedToken = CMS.getConfigStore().getString("tks.defaultSlot", "internal"); + keyNickName = rKeyInfo; + } else { + StringTokenizer st = new StringTokenizer(mappingValue, ":"); + selectedToken = st.nextToken(); + keyNickName = st.nextToken(); + } + + byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key")); + encryptedData = SessionKey.EncryptData( + selectedToken, keyNickName, data, keyInfo, CUID, kekKeyArray, useSoftToken_s, keySet); + + CMS.getLogger().log(ILogger.EV_AUDIT, ILogger.S_TKS, - ILogger.LL_INFO,"process EncryptData for CUID ="+ trim(pp.toHexString(CUID))); + ILogger.LL_INFO, "process EncryptData for CUID =" + trim(pp.toHexString(CUID))); } // !missingParam resp.setContentType("text/html"); - + String value = ""; - String status = "0"; - if (encryptedData != null && encryptedData.length > 0) { - String outputString = new String(encryptedData); + String status = "0"; + if (encryptedData != null && encryptedData.length > 0) { + String outputString = new String(encryptedData); // sending both the pre-encrypted and encrypted data back - value = "status=0&"+"data="+ - com.netscape.cmsutil.util.Utils.SpecialEncode(data)+ - "&encryptedData=" + + value = "status=0&" + "data=" + + com.netscape.cmsutil.util.Utils.SpecialEncode(data) + + "&encryptedData=" + com.netscape.cmsutil.util.Utils.SpecialEncode(encryptedData); } else if (missingParam) { - if(badParams.endsWith(",")) { - badParams = badParams.substring(0,badParams.length() -1); + if (badParams.endsWith(",")) { + badParams = badParams.substring(0, badParams.length() - 1); } errorMsg = "Missing input parameters: " + badParams; status = "3"; @@ -1135,12 +1102,12 @@ public class TokenServlet extends CMSServlet { value = "status=" + status; } - CMS.debug("TokenServlet:process EncryptData.encode " +value); + CMS.debug("TokenServlet:process EncryptData.encode " + value); try { resp.setContentLength(value.length()); - CMS.debug("TokenServlet:outputString.lenght " +value.length()); - + CMS.debug("TokenServlet:outputString.lenght " + value.length()); + OutputStream ooss = resp.getOutputStream(); ooss.write(value.getBytes()); ooss.flush(); @@ -1149,9 +1116,9 @@ public class TokenServlet extends CMSServlet { CMS.debug("TokenServlet: " + e.toString()); } - if(status.equals("0")) { + if (status.equals("0")) { - auditMessage = CMS.getLogMessage( + auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS, rCUID, ILogger.SUCCESS, @@ -1163,7 +1130,7 @@ public class TokenServlet extends CMSServlet { } else { - auditMessage = CMS.getLogMessage( + auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE, rCUID, ILogger.FAILURE, @@ -1173,30 +1140,24 @@ public class TokenServlet extends CMSServlet { selectedToken, keyNickName, errorMsg); - } + } - audit(auditMessage); + audit(auditMessage); } - /* - * For EncryptData: - * data=value1 - * CUID=value2 // missing from RA - * versionID=value3 // missing from RA - * - * For ComputeSession: - * card_challenge=value1 - * host_challenge=value2 - - * For DiversifyKey: - * new_master_key_index - * master_key_index + /* + * For EncryptData: data=value1 CUID=value2 // missing from RA + * versionID=value3 // missing from RA + * + * For ComputeSession: card_challenge=value1 host_challenge=value2 + * + * For DiversifyKey: new_master_key_index master_key_index */ private void processComputeRandomData(HttpServletRequest req, - HttpServletResponse resp) throws EBaseException { - - byte[] randomData = null; + HttpServletResponse resp) throws EBaseException { + + byte[] randomData = null; String status = "0"; String errorMsg = ""; String badParams = ""; @@ -1207,26 +1168,23 @@ public class TokenServlet extends CMSServlet { SessionContext sContext = SessionContext.getContext(); - String agentId=""; + String agentId = ""; if (sContext != null) { agentId = - (String) sContext.get(SessionContext.USER_ID); + (String) sContext.get(SessionContext.USER_ID); } String sDataSize = req.getParameter("dataNumBytes"); - if(sDataSize == null || sDataSize.equals("")) { + if (sDataSize == null || sDataSize.equals("")) { CMS.debug("TokenServlet::processComputeRandomData missing param dataNumBytes"); badParams += " Random Data size, "; missingParam = true; status = "1"; } else { - try - { - dataSize = Integer.parseInt(sDataSize.trim()); - } - catch (NumberFormatException nfe) - { + try { + dataSize = Integer.parseInt(sDataSize.trim()); + } catch (NumberFormatException nfe) { CMS.debug("TokenServlet::processComputeRandomData invalid data size input!"); badParams += " Random Data size, "; missingParam = true; @@ -1244,33 +1202,33 @@ public class TokenServlet extends CMSServlet { audit(auditMessage); - if(!missingParam) { + if (!missingParam) { try { - SecureRandom random = SecureRandom.getInstance("SHA1PRNG"); - randomData = new byte[dataSize]; - random.nextBytes(randomData); - } catch (Exception e) { - CMS.debug("TokenServlet::processComputeRandomData:"+ e.toString()); - errorMsg = "Can't generate random data!"; - status = "2"; + SecureRandom random = SecureRandom.getInstance("SHA1PRNG"); + randomData = new byte[dataSize]; + random.nextBytes(randomData); + } catch (Exception e) { + CMS.debug("TokenServlet::processComputeRandomData:" + e.toString()); + errorMsg = "Can't generate random data!"; + status = "2"; } } String randomDataOut = ""; - if(status.equals("0")) { + if (status.equals("0")) { if (randomData != null && randomData.length == dataSize) { randomDataOut = - com.netscape.cmsutil.util.Utils.SpecialEncode(randomData); + com.netscape.cmsutil.util.Utils.SpecialEncode(randomData); } else { status = "2"; errorMsg = "Can't convert random data!"; } } - if(status.equals("1") && missingParam) { + if (status.equals("1") && missingParam) { - if(badParams.endsWith(",")) { - badParams = badParams.substring(0,badParams.length() -1); + if (badParams.endsWith(",")) { + badParams = badParams.substring(0, badParams.length() - 1); } errorMsg = "Missing input parameters :" + badParams; } @@ -1278,15 +1236,15 @@ public class TokenServlet extends CMSServlet { resp.setContentType("text/html"); String value = ""; - value = "status="+status; - if(status.equals("0")) { - value = value + "&DATA="+randomDataOut; + value = "status=" + status; + if (status.equals("0")) { + value = value + "&DATA=" + randomDataOut; } - + try { resp.setContentLength(value.length()); - CMS.debug("TokenServler::processComputeRandomData :outputString.length " +value.length()); - + CMS.debug("TokenServler::processComputeRandomData :outputString.length " + value.length()); + OutputStream ooss = resp.getOutputStream(); ooss.write(value.getBytes()); ooss.flush(); @@ -1295,22 +1253,22 @@ public class TokenServlet extends CMSServlet { CMS.debug("TokenServlet::processComputeRandomData " + e.toString()); } - if(status.equals("0")) { + if (status.equals("0")) { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS, ILogger.SUCCESS, status, agentId); - } else { - auditMessage = CMS.getLogMessage( + } else { + auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE, ILogger.FAILURE, status, agentId, errorMsg); - } + } - audit(auditMessage); + audit(auditMessage); } public void process(CMSRequest cmsReq) throws EBaseException { @@ -1328,7 +1286,7 @@ public class TokenServlet extends CMSServlet { if (authzToken == null) { - try{ + try { resp.setContentType("text/html"); String value = "unauthorized="; CMS.debug("TokenServlet: Unauthorized"); @@ -1338,37 +1296,36 @@ public class TokenServlet extends CMSServlet { ooss.write(value.getBytes()); ooss.flush(); mRenderResult = false; - }catch (Exception e) { + } catch (Exception e) { CMS.debug("TokenServlet: " + e.toString()); } - // cmsReq.setStatus(CMSRequest.UNAUTHORIZED); + // cmsReq.setStatus(CMSRequest.UNAUTHORIZED); return; } String temp = req.getParameter("card_challenge"); mSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot"); setDefaultSlotAndKeyName(req); - if(temp!=null) - { - processComputeSessionKey(req,resp); - }else if(req.getParameter("data")!=null){ - processEncryptData(req,resp); - }else if(req.getParameter("newKeyInfo")!=null){ - processDiversifyKey(req,resp); - }else if(req.getParameter("dataNumBytes") !=null){ - processComputeRandomData(req,resp); + if (temp != null) { + processComputeSessionKey(req, resp); + } else if (req.getParameter("data") != null) { + processEncryptData(req, resp); + } else if (req.getParameter("newKeyInfo") != null) { + processDiversifyKey(req, resp); + } else if (req.getParameter("dataNumBytes") != null) { + processComputeRandomData(req, resp); } } /** * Serves HTTP admin request. - * + * * @param req HTTP request * @param resp HTTP response */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { String scope = req.getParameter(Constants.OP_SCOPE); String op = req.getParameter(Constants.OP_TYPE); diff --git a/pki/base/common/src/com/netscape/cms/servlet/wizard/IWizardPanel.java b/pki/base/common/src/com/netscape/cms/servlet/wizard/IWizardPanel.java index 9d67065d..d9d3ddec 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/wizard/IWizardPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/wizard/IWizardPanel.java @@ -33,10 +33,10 @@ public interface IWizardPanel { /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) + public void init(ServletConfig config, int panelno) throws ServletException; - public void init(WizardServlet servlet, ServletConfig config, + public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) throws ServletException; public String getName(); @@ -44,7 +44,9 @@ public interface IWizardPanel { public int getPanelNo(); public void setId(String id); + public String getId(); + public PropertySet getUsage(); /** @@ -84,20 +86,22 @@ public interface IWizardPanel { */ public void display(HttpServletRequest request, HttpServletResponse response, - Context context ); + Context context); + /** * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, HttpServletResponse response, - Context context ) throws IOException; + Context context) throws IOException; /** * Commit parameter changes */ public void update(HttpServletRequest request, HttpServletResponse response, - Context context ) throws IOException; + Context context) throws IOException; + /** * If validiate() returns false, this method will be called. */ diff --git a/pki/base/common/src/com/netscape/cms/servlet/wizard/WizardServlet.java b/pki/base/common/src/com/netscape/cms/servlet/wizard/WizardServlet.java index 691d3e98..5c14fcf0 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/wizard/WizardServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/wizard/WizardServlet.java @@ -37,13 +37,10 @@ import com.netscape.cms.servlet.csadmin.Cert; import com.netscape.cmsutil.crypto.Module; /** - * wizard?p=[panel number]&op=usage <= usage in xml - * wizard?p=[panel number]&op=display - * wizard?p=[panel number]&op=next&...[additional parameters]... - * wizard?p=[panel number]&op=apply - * wizard?p=[panel number]&op=back - * wizard?op=menu - * return menu options + * wizard?p=[panel number]&op=usage <= usage in xml wizard?p=[panel + * number]&op=display wizard?p=[panel number]&op=next&...[additional + * parameters]... wizard?p=[panel number]&op=apply wizard?p=[panel + * number]&op=back wizard?op=menu return menu options */ public class WizardServlet extends VelocityServlet { @@ -54,8 +51,7 @@ public class WizardServlet extends VelocityServlet { private String name = null; private Vector mPanels = new Vector(); - public void init(ServletConfig config) throws ServletException - { + public void init(ServletConfig config) throws ServletException { super.init(config); /* load sequence map */ @@ -64,33 +60,32 @@ public class WizardServlet extends VelocityServlet { StringTokenizer st = new StringTokenizer(panels, ","); int pno = 0; while (st.hasMoreTokens()) { - String p = st.nextToken(); - StringTokenizer st1 = new StringTokenizer(p, "="); - String id = st1.nextToken(); - String pvalue = st1.nextToken(); - try { - IWizardPanel panel = (IWizardPanel)Class.forName(pvalue).newInstance(); - panel.init(this, config, pno, id); - CMS.debug("WizardServlet: panel name=" + panel.getName()); - mPanels.addElement(panel); - } catch (Exception e) { - CMS.debug("WizardServlet: " + e.toString()); - } - pno++; + String p = st.nextToken(); + StringTokenizer st1 = new StringTokenizer(p, "="); + String id = st1.nextToken(); + String pvalue = st1.nextToken(); + try { + IWizardPanel panel = (IWizardPanel) Class.forName(pvalue).newInstance(); + panel.init(this, config, pno, id); + CMS.debug("WizardServlet: panel name=" + panel.getName()); + mPanels.addElement(panel); + } catch (Exception e) { + CMS.debug("WizardServlet: " + e.toString()); + } + pno++; } CMS.debug("WizardServlet: done"); - + } public void exposePanels(HttpServletRequest request, HttpServletResponse response, - Context context ) - { + Context context) { Enumeration e = mPanels.elements(); Vector panels = new Vector(); while (e.hasMoreElements()) { - IWizardPanel p = (IWizardPanel)e.nextElement(); - panels.addElement(p); + IWizardPanel p = (IWizardPanel) e.nextElement(); + panels.addElement(p); } context.put("panels", panels); } @@ -98,84 +93,80 @@ public class WizardServlet extends VelocityServlet { /** * Cleans up panels from a particular panel. */ - public void cleanUpFromPanel(int pno) throws IOException - { - /* panel number starts from zero */ - int s = mPanels.size(); - for (int i = pno; i < s; i++) { - IWizardPanel panel = (IWizardPanel)mPanels.elementAt(i); - panel.cleanUp(); - } + public void cleanUpFromPanel(int pno) throws IOException { + /* panel number starts from zero */ + int s = mPanels.size(); + for (int i = pno; i < s; i++) { + IWizardPanel panel = (IWizardPanel) mPanels.elementAt(i); + panel.cleanUp(); + } } - public IWizardPanel getPanelByNo(int p) - { - IWizardPanel panel = (IWizardPanel)mPanels.elementAt(p); + public IWizardPanel getPanelByNo(int p) { + IWizardPanel panel = (IWizardPanel) mPanels.elementAt(p); if (panel.shouldSkip()) { - panel = getPanelByNo(p+1); + panel = getPanelByNo(p + 1); } return panel; } public Template displayPanel(HttpServletRequest request, HttpServletResponse response, - Context context ) - { + Context context) { CMS.debug("WizardServlet: in display"); int p = getPanelNo(request); if (p == 0) { - CMS.debug("WizardServlet: firstpanel"); - context.put("firstpanel", Boolean.TRUE); + CMS.debug("WizardServlet: firstpanel"); + context.put("firstpanel", Boolean.TRUE); } if (p == (mPanels.size() - 1)) { - CMS.debug("WizardServlet: lastpanel"); - context.put("lastpanel", Boolean.TRUE); + CMS.debug("WizardServlet: lastpanel"); + context.put("lastpanel", Boolean.TRUE); } IWizardPanel panel = getPanelByNo(p); CMS.debug("WizardServlet: panel=" + panel); if (panel.showApplyButton() == true) - context.put("showApplyButton", Boolean.TRUE); + context.put("showApplyButton", Boolean.TRUE); else - context.put("showApplyButton", Boolean.FALSE); + context.put("showApplyButton", Boolean.FALSE); panel.display(request, response, context); context.put("p", Integer.toString(panel.getPanelNo())); try { return Velocity.getTemplate("admin/console/config/wizard.vm"); - } catch (Exception e) { + } catch (Exception e) { } return null; } - public String xml_value_flatten(Object v) - { + public String xml_value_flatten(Object v) { String ret = ""; if (v instanceof String) { ret += v; } else if (v instanceof Integer) { - ret += ((Integer)v).toString(); + ret += ((Integer) v).toString(); } else if (v instanceof Vector) { ret += "<Vector>"; - Vector v1 = (Vector)v; + Vector v1 = (Vector) v; Enumeration e = v1.elements(); StringBuffer sb = new StringBuffer(); while (e.hasMoreElements()) { - sb.append(xml_value_flatten(e.nextElement())); + sb.append(xml_value_flatten(e.nextElement())); } ret += sb.toString(); ret += "</Vector>"; } else if (v instanceof Module) { // for hardware token - Module m = (Module)v; + Module m = (Module) v; ret += "<Module>"; ret += "<CommonName>" + m.getCommonName() + "</CommonName>"; ret += "<UserFriendlyName>" + m.getUserFriendlyName() + "</UserFriendlyName>"; ret += "<ImagePath>" + m.getImagePath() + "</ImagePath>"; ret += "</Module>"; } else if (v instanceof Cert) { - Cert m = (Cert)v; + Cert m = (Cert) v; ret += "<CertReqPair>"; ret += "<Nickname>" + m.getNickname() + "</Nickname>"; ret += "<Tokenname>" + m.getTokenname() + "</Tokenname>"; @@ -187,7 +178,7 @@ public class WizardServlet extends VelocityServlet { ret += "<KeyOption>" + m.getKeyOption() + "</KeyOption>"; ret += "</CertReqPair>"; } else if (v instanceof IWizardPanel) { - IWizardPanel m = (IWizardPanel)v; + IWizardPanel m = (IWizardPanel) v; ret += "<Panel>"; ret += "<Id>" + m.getId() + "</Id>"; ret += "<Name>" + m.getName() + "</Name>"; @@ -198,89 +189,84 @@ public class WizardServlet extends VelocityServlet { return ret; } - public String xml_flatten(Context context) - { + public String xml_flatten(Context context) { StringBuffer ret = new StringBuffer(); - Object o[] = context.getKeys(); - for (int i = 0; i < o.length; i ++) { - if (o[i] instanceof String) { - String key = (String)o[i]; - if (key.startsWith("__")) { - continue; - } - ret.append("<"); - ret.append(key); - ret.append(">"); - if (key.equals("bindpwd")) { - ret.append("(sensitive)"); - } else { - Object v = context.get(key); - ret.append(xml_value_flatten(v)); + Object o[] = context.getKeys(); + for (int i = 0; i < o.length; i++) { + if (o[i] instanceof String) { + String key = (String) o[i]; + if (key.startsWith("__")) { + continue; + } + ret.append("<"); + ret.append(key); + ret.append(">"); + if (key.equals("bindpwd")) { + ret.append("(sensitive)"); + } else { + Object v = context.get(key); + ret.append(xml_value_flatten(v)); + } + ret.append("</"); + ret.append(key); + ret.append(">"); } - ret.append("</"); - ret.append(key); - ret.append(">"); - } } return ret.toString(); } - public int getPanelNo(HttpServletRequest request) - { + public int getPanelNo(HttpServletRequest request) { int p = 0; - - // panel number can be identified by either - // panel no (p parameter) directly, or - // panel name (panelname parameter). + + // panel number can be identified by either + // panel no (p parameter) directly, or + // panel name (panelname parameter). if (request.getParameter("panelname") != null) { - String name = request.getParameter("panelname"); - for (int i = 0; i < mPanels.size(); i++) { - IWizardPanel panel = (IWizardPanel)mPanels.elementAt(i); - if (panel.getId().equals(name)) { - return i; + String name = request.getParameter("panelname"); + for (int i = 0; i < mPanels.size(); i++) { + IWizardPanel panel = (IWizardPanel) mPanels.elementAt(i); + if (panel.getId().equals(name)) { + return i; + } } - } } else if (request.getParameter("p") != null) { - p = Integer.parseInt(request.getParameter("p")); + p = Integer.parseInt(request.getParameter("p")); } return p; } - public String getNameFromPanelNo(int p) - { - IWizardPanel wp = (IWizardPanel)mPanels.elementAt(p); - return wp.getId(); + public String getNameFromPanelNo(int p) { + IWizardPanel wp = (IWizardPanel) mPanels.elementAt(p); + return wp.getId(); } - public IWizardPanel getPreviousPanel(int p) - { + public IWizardPanel getPreviousPanel(int p) { CMS.debug("getPreviousPanel input p=" + p); - IWizardPanel backpanel = (IWizardPanel)mPanels.elementAt(p-1); + IWizardPanel backpanel = (IWizardPanel) mPanels.elementAt(p - 1); if (backpanel.isSubPanel()) { - backpanel = (IWizardPanel)mPanels.elementAt(p-1-1); + backpanel = (IWizardPanel) mPanels.elementAt(p - 1 - 1); } while (backpanel.shouldSkip()) { - backpanel = (IWizardPanel) + backpanel = (IWizardPanel) mPanels.elementAt(backpanel.getPanelNo() - 1); } CMS.debug("getPreviousPanel output p=" + backpanel.getPanelNo()); return backpanel; } - public IWizardPanel getNextPanel(int p) - { + public IWizardPanel getNextPanel(int p) { CMS.debug("getNextPanel input p=" + p); - IWizardPanel panel = (IWizardPanel)mPanels.elementAt(p); + IWizardPanel panel = (IWizardPanel) mPanels.elementAt(p); if (p == (mPanels.size() - 1)) { p = p; - } else if(panel.isSubPanel()) { - if (panel.isLoopbackPanel()) { - p = p-1; // Login Panel is a loop back panel - } else { - p = p+1; - } - } else if (panel.hasSubPanel()) { - p = p + 2; + } else if (panel.isSubPanel()) { + if (panel.isLoopbackPanel()) { + p = p - 1; // Login Panel is a loop back panel + } else { + p = p + 1; + } + } else if (panel.hasSubPanel()) { + p = p + 2; } else { p = p + 1; } @@ -291,190 +277,183 @@ public class WizardServlet extends VelocityServlet { public Template goApply(HttpServletRequest request, HttpServletResponse response, - Context context) - { + Context context) { return goNextApply(request, response, context, true); } public Template goNext(HttpServletRequest request, HttpServletResponse response, - Context context ) - { + Context context) { return goNextApply(request, response, context, false); } /* - * The parameter "stay" is used to indicate "apply" without - * moving to the next panel + * The parameter "stay" is used to indicate "apply" without moving to the + * next panel */ public Template goNextApply(HttpServletRequest request, HttpServletResponse response, - Context context, boolean stay ) - { + Context context, boolean stay) { int p = getPanelNo(request); if (stay == true) CMS.debug("WizardServlet: in reply " + p); else CMS.debug("WizardServlet: in next " + p); - IWizardPanel panel = (IWizardPanel)mPanels.elementAt(p); + IWizardPanel panel = (IWizardPanel) mPanels.elementAt(p); try { - panel.validate(request, response, context); - try { - panel.update(request, response, context); - if (stay == true) { // "apply" - - if (panel.showApplyButton() == true) - context.put("showApplyButton", Boolean.TRUE); - else - context.put("showApplyButton", Boolean.FALSE); - panel.display(request, response, context); - } else { // "next" - IWizardPanel nextpanel = getNextPanel(p); - - if (nextpanel.showApplyButton() == true) - context.put("showApplyButton", Boolean.TRUE); - else - context.put("showApplyButton", Boolean.FALSE); - nextpanel.display(request, response, context); - panel = nextpanel; + panel.validate(request, response, context); + try { + panel.update(request, response, context); + if (stay == true) { // "apply" + + if (panel.showApplyButton() == true) + context.put("showApplyButton", Boolean.TRUE); + else + context.put("showApplyButton", Boolean.FALSE); + panel.display(request, response, context); + } else { // "next" + IWizardPanel nextpanel = getNextPanel(p); + + if (nextpanel.showApplyButton() == true) + context.put("showApplyButton", Boolean.TRUE); + else + context.put("showApplyButton", Boolean.FALSE); + nextpanel.display(request, response, context); + panel = nextpanel; + } + context.put("errorString", ""); + } catch (Exception e) { + context.put("errorString", e.getMessage()); + panel.displayError(request, response, context); } - context.put("errorString", ""); - } catch (Exception e) { - context.put("errorString", e.getMessage()); - panel.displayError(request, response, context); - } } catch (IOException eee) { - context.put("errorString", eee.getMessage()); - panel.displayError(request, response, context); + context.put("errorString", eee.getMessage()); + panel.displayError(request, response, context); } p = panel.getPanelNo(); CMS.debug("panel no=" + p); CMS.debug("panel name=" + getNameFromPanelNo(p)); - CMS.debug("total number of panels="+mPanels.size()); + CMS.debug("total number of panels=" + mPanels.size()); context.put("p", Integer.toString(p)); context.put("panelname", getNameFromPanelNo(p)); if (p == 0) { - CMS.debug("WizardServlet: firstpanel"); - context.put("firstpanel", Boolean.TRUE); + CMS.debug("WizardServlet: firstpanel"); + context.put("firstpanel", Boolean.TRUE); } if (p == (mPanels.size() - 1)) { - CMS.debug("WizardServlet: lastpanel"); - context.put("lastpanel", Boolean.TRUE); + CMS.debug("WizardServlet: lastpanel"); + context.put("lastpanel", Boolean.TRUE); } // this is where we handle the xml request String xml = request.getParameter("xml"); if (xml != null && xml.equals("true")) { - CMS.debug("WizardServlet: found xml"); - - response.setContentType("application/xml"); - String xmlstr = xml_flatten(context); - context.put("xml", xmlstr); - try { - return Velocity.getTemplate("admin/console/config/xml.vm"); - } catch (Exception e) { - CMS.debug("Failing to get template" + e ); - } + CMS.debug("WizardServlet: found xml"); + + response.setContentType("application/xml"); + String xmlstr = xml_flatten(context); + context.put("xml", xmlstr); + try { + return Velocity.getTemplate("admin/console/config/xml.vm"); + } catch (Exception e) { + CMS.debug("Failing to get template" + e); + } } else { - try { - return Velocity.getTemplate("admin/console/config/wizard.vm"); - } catch (Exception e) { - CMS.debug("Failing to get template" + e ); - } + try { + return Velocity.getTemplate("admin/console/config/wizard.vm"); + } catch (Exception e) { + CMS.debug("Failing to get template" + e); + } } return null; } public Template goBack(HttpServletRequest request, HttpServletResponse response, - Context context ) - { + Context context) { int p = getPanelNo(request); CMS.debug("WizardServlet: in back " + p); IWizardPanel backpanel = getPreviousPanel(p); if (backpanel.showApplyButton() == true) - context.put("showApplyButton", Boolean.TRUE); + context.put("showApplyButton", Boolean.TRUE); else - context.put("showApplyButton", Boolean.FALSE); + context.put("showApplyButton", Boolean.FALSE); backpanel.display(request, response, context); - context.put("p", Integer.toString(backpanel.getPanelNo())); + context.put("p", Integer.toString(backpanel.getPanelNo())); context.put("panelname", getNameFromPanelNo(backpanel.getPanelNo())); p = backpanel.getPanelNo(); if (p == 0) { - CMS.debug("WizardServlet: firstpanel"); - context.put("firstpanel", Boolean.TRUE); + CMS.debug("WizardServlet: firstpanel"); + context.put("firstpanel", Boolean.TRUE); } if (p == (mPanels.size() - 1)) { - CMS.debug("WizardServlet: lastpanel"); - context.put("lastpanel", Boolean.TRUE); + CMS.debug("WizardServlet: lastpanel"); + context.put("lastpanel", Boolean.TRUE); } try { return Velocity.getTemplate("admin/console/config/wizard.vm"); - } catch (Exception e) { + } catch (Exception e) { } return null; } public boolean authenticate(HttpServletRequest request, HttpServletResponse response, - Context context ) { - String pin = (String)request.getSession().getAttribute("pin"); - if (pin == null) { - try { - response.sendRedirect("login"); - } catch (IOException e) { + Context context) { + String pin = (String) request.getSession().getAttribute("pin"); + if (pin == null) { + try { + response.sendRedirect("login"); + } catch (IOException e) { + } + return false; } - return false; - } - return true; + return true; } - public void outputHttpParameters(HttpServletRequest httpReq) - { + public void outputHttpParameters(HttpServletRequest httpReq) { CMS.debug("WizardServlet:service() uri = " + httpReq.getRequestURI()); Enumeration paramNames = httpReq.getParameterNames(); while (paramNames.hasMoreElements()) { - String pn = (String)paramNames.nextElement(); + String pn = (String) paramNames.nextElement(); // added this facility so that password can be hidden, - // all sensitive parameters should be prefixed with + // all sensitive parameters should be prefixed with // __ (double underscores); however, in the event that // a security parameter slips through, we perform multiple // additional checks to insure that it is NOT displayed - if( pn.startsWith("__") || - pn.endsWith("password") || - pn.endsWith("passwd") || - pn.endsWith("pwd") || - pn.equalsIgnoreCase("admin_password_again") || - pn.equalsIgnoreCase("directoryManagerPwd") || - pn.equalsIgnoreCase("bindpassword") || - pn.equalsIgnoreCase("bindpwd") || - pn.equalsIgnoreCase("passwd") || - pn.equalsIgnoreCase("password") || - pn.equalsIgnoreCase("pin") || - pn.equalsIgnoreCase("pwd") || - pn.equalsIgnoreCase("pwdagain") || - pn.equalsIgnoreCase("uPasswd") ) { - CMS.debug("WizardServlet::service() param name='" + pn + - "' value='(sensitive)'" ); + if (pn.startsWith("__") || + pn.endsWith("password") || + pn.endsWith("passwd") || + pn.endsWith("pwd") || + pn.equalsIgnoreCase("admin_password_again") || + pn.equalsIgnoreCase("directoryManagerPwd") || + pn.equalsIgnoreCase("bindpassword") || + pn.equalsIgnoreCase("bindpwd") || + pn.equalsIgnoreCase("passwd") || + pn.equalsIgnoreCase("password") || + pn.equalsIgnoreCase("pin") || + pn.equalsIgnoreCase("pwd") || + pn.equalsIgnoreCase("pwdagain") || + pn.equalsIgnoreCase("uPasswd")) { + CMS.debug("WizardServlet::service() param name='" + pn + + "' value='(sensitive)'"); } else { - CMS.debug("WizardServlet::service() param name='" + pn + - "' value='" + httpReq.getParameter(pn) + "'" ); + CMS.debug("WizardServlet::service() param name='" + pn + + "' value='" + httpReq.getParameter(pn) + "'"); } } } - public Template handleRequest(HttpServletRequest request, HttpServletResponse response, - Context context ) - { + Context context) { CMS.debug("WizardServlet: process"); - if (CMS.debugOn()) { - outputHttpParameters(request); + if (CMS.debugOn()) { + outputHttpParameters(request); } if (!authenticate(request, response, context)) { @@ -484,7 +463,7 @@ public class WizardServlet extends VelocityServlet { String op = request.getParameter("op"); /* operation */ if (op == null) { - op = "display"; + op = "display"; } CMS.debug("WizardServlet: op=" + op); CMS.debug("WizardServlet: size=" + mPanels.size()); |