diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms')
21 files changed, 2 insertions, 1564 deletions
diff --git a/pki/base/common/src/com/netscape/cms/evaluators/UserOrigReqAccessEvaluator.java b/pki/base/common/src/com/netscape/cms/evaluators/UserOrigReqAccessEvaluator.java index 88358aa5..b1b406c0 100644 --- a/pki/base/common/src/com/netscape/cms/evaluators/UserOrigReqAccessEvaluator.java +++ b/pki/base/common/src/com/netscape/cms/evaluators/UserOrigReqAccessEvaluator.java @@ -159,11 +159,5 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator { return false; } - private void log(int level, String msg) { - if (mLogger == null) - return; - mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS, - level, "UserOrigReqAccessEvaluator: " + msg); - } } diff --git a/pki/base/common/src/com/netscape/cms/listeners/CertificateRevokedListener.java b/pki/base/common/src/com/netscape/cms/listeners/CertificateRevokedListener.java index d1cc3d80..ca62af5f 100644 --- a/pki/base/common/src/com/netscape/cms/listeners/CertificateRevokedListener.java +++ b/pki/base/common/src/com/netscape/cms/listeners/CertificateRevokedListener.java @@ -300,83 +300,6 @@ public class CertificateRevokedListener implements IRequestListener { } } - private void revoked(IRequest r) { - // do we have an email to send? - String mEmail = null; - IEmailResolverKeys keys = CMS.getEmailResolverKeys(); - - try { - keys.set(IEmailResolverKeys.KEY_REQUEST, r); - } catch (EBaseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET_RESOLVER", e.toString())); - } - - IEmailResolver er = CMS.getReqCertSANameEmailResolver(); - - try { - mEmail = er.getEmail(keys); - } catch (ENotificationException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); - } catch (EBaseException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); - } catch (Exception e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); - } - - // now we can mail - if ((mEmail != null) && !mEmail.equals("")) { - IMailNotification mn = CMS.getMailNotification(); - - mn.setFrom(mSenderEmail); - mn.setTo(mEmail); - mn.setSubject(mSubject); - - /* - * get rejection file from disk - */ - IEmailTemplate template = CMS.getEmailTemplate(mRejectPath); - - if (template != null) { - if (!template.init()) { - return; - } - - if (template.isHTML()) { - mn.setContentType("text/html"); - } - - // build some token data - mContentParams.put(IEmailFormProcessor.TOKEN_ID, - mConfig.getName()); - mReqId = r.getRequestId(); - mContentParams.put(IEmailFormProcessor.TOKEN_REQUEST_ID, - (Object) mReqId.toString()); - IEmailFormProcessor et = CMS.getEmailFormProcessor(); - String c = et.getEmailContent(template.toString(), mContentParams); - - mn.setContent(c); - } else { - log(ILogger.LL_FAILURE, CMS.getLogMessage("LISTENERS_CERT_ISSUED_REJECTION")); - mn.setContent("Your Certificate Request has been revoked. Please contact your administrator for assistance"); - } - - try { - mn.sendNotification(); - } catch (ENotificationException e) { - // already logged, lets audit - log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); - - } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); - } - } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("LISTENERS_CERT_ISSUED_REJECTION_NOTIFICATION", mReqId.toString())); - - } - } - private void buildContentParams(RevokedCertImpl crlentries[], String mEmail) { mContentParams.put(IEmailFormProcessor.TOKEN_ID, mConfig.getName()); diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectDirectoryAttributesExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectDirectoryAttributesExt.java index f3ef687d..be858c9f 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectDirectoryAttributesExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectDirectoryAttributesExt.java @@ -22,7 +22,6 @@ import java.io.IOException; import java.security.cert.CertificateException; import java.util.Enumeration; import java.util.Locale; -import java.util.StringTokenizer; import java.util.Vector; import netscape.security.util.DerValue; @@ -192,18 +191,6 @@ public class SubjectDirectoryAttributesExt extends APolicyRule } } - private Vector formValues(String val) { - StringTokenizer tokenizer = new StringTokenizer(val, "+"); - Vector v = new Vector(); - - while (tokenizer.hasMoreElements()) { - String s = (String) tokenizer.nextElement(); - - v.addElement(s); - } - return v; - } - public Vector getInstanceParams() { return mParams; // inited in init() } diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java index 1cd3240f..0ae51ce4 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java @@ -1569,74 +1569,6 @@ public class CAAdminServlet extends AdminServlet { sendResponse(SUCCESS, null, null, resp); } - /** - * Retrieves configuration parameters of certificate - * authority. - */ - private synchronized void getConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { - // validate - super.getConfig(mCA.getConfigStore(), req, resp); - } - - /** - * Sets configuration parameters of certificate - * authority. - */ - private synchronized void setConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { - super.setConfig(mCA.getConfigStore(), req, resp); - // XXX - commit changes - } - - /** - * Lists configuration store parameters. - */ - private synchronized void listConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { - super.listConfig(mCA.getConfigStore(), req, resp); - } - - /** - * Locks a request so that no one can modify it except - * owner. - */ - private synchronized void lockRequest(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { - NameValuePairs params = new NameValuePairs(); - - // XXX - sendResponse(SUCCESS, null, params, resp); - } - - /** - * Locks certificate record so that no one can - * modify it except owner. - */ - private synchronized void lockCertRecord(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { - NameValuePairs params = new NameValuePairs(); - - sendResponse(SUCCESS, null, params, resp); - } - - /** - * Modifies a cert record. - */ - private synchronized void modifyCertRecord(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { - NameValuePairs params = new NameValuePairs(); - - // XXX - sendResponse(SUCCESS, null, params, resp); - } - private void log(int level, String msg) { if (mLogger == null) return; diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java index f57d12e2..84290ea6 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java @@ -28,7 +28,6 @@ import java.io.PrintStream; import java.io.PrintWriter; import java.io.StringWriter; import java.math.BigInteger; -import java.net.ServerSocket; import java.security.KeyPair; import java.util.Date; import java.util.Enumeration; @@ -857,196 +856,6 @@ public final class CMSAdminServlet extends AdminServlet { } /** - * Modifies network information. - */ - private void modifyNetworkConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { - - /* - HTTPSubsystem eeGateway = (HTTPSubsystem) - SubsystemRegistry.getInstance().get("eeGateway"); - RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance(); - AgentGateway agent = (AgentGateway)mReg.get(AgentGateway.ID); - - Enumeration enum1 = req.getParameterNames(); - - String eeHTTPportString = null; - String eeHTTPSportString = null; - String agentHTTPSportString = null; - String radminHTTPSportString = null; - - String gatewayBacklog = "15"; - - // eeHTTPEnabled corresponds to the checkbox which enables the - // HTTP EE port - String eeHTTPEnabled = Constants.FALSE; - - while (enum1.hasMoreElements()) { - String key = (String)enum1.nextElement(); - String value = (String)req.getParameter(key); - - if (key.equals(Constants.PR_AGENT_S_BACKLOG)) { - agent.setHTTPSBacklog(value); - } else if (key.equals(Constants.PR_GATEWAY_S_BACKLOG)) { - eeGateway.setHTTPSBacklog(value); - } else if (key.equals(Constants.PR_ADMIN_S_BACKLOG)) { - raAdmin.setHTTPSBacklog(value); - } else if (key.equals(Constants.PR_GATEWAY_BACKLOG)) { - gatewayBacklog = value; - } else if (key.equals(Constants.PR_GATEWAY_PORT_ENABLED)) { - eeHTTPEnabled = value; - } - } - - - eeHTTPportString = req.getParameter(Constants.PR_GATEWAY_PORT); - eeHTTPSportString = req.getParameter(Constants.PR_GATEWAY_S_PORT); - agentHTTPSportString= req.getParameter(Constants.PR_AGENT_S_PORT); - radminHTTPSportString= req.getParameter(Constants.PR_ADMIN_S_PORT); - - - int eeHTTPport=0; - int eeHTTPSport=0; - int agentHTTPSport=0; - int radminHTTPSport=0; - if (eeHTTPportString != null) eeHTTPport = Integer.parseInt(eeHTTPportString); - if (eeHTTPSportString != null) eeHTTPSport = Integer.parseInt(eeHTTPSportString); - if (agentHTTPSportString != null) agentHTTPSport = Integer.parseInt(agentHTTPSportString); - if (radminHTTPSportString != null) radminHTTPSport = Integer.parseInt(radminHTTPSportString); - - - String portName=""; - int portnum; - try { - - // EE HTTP is special, since it has it's own checkbox for enabling/disabling - if (eeHTTPEnabled.equals(Constants.TRUE) && - eeHTTPport != 0 && - eeHTTPport != eeGateway.getHTTPPort()) - { - portName = "End-entity"; - checkPortAvailable(eeHTTPport); - } - - if (eeHTTPSport != 0 && eeHTTPSport != eeGateway.getHTTPSPort()) { - portName = "SSL End-entity"; - checkPortAvailable(eeHTTPSport); - } - if (agentHTTPSport != 0 && agentHTTPSport != agent.getHTTPSPort()) { - portName = "Agent"; - checkPortAvailable(agentHTTPSport); - } - if (radminHTTPSport != 0 && radminHTTPSport != raAdmin.getHTTPSPort()) { - portName = "Remote Admin"; - checkPortAvailable(radminHTTPSport); - } - - // If any of the above ports are not available, an exception - // will be thrown and these methods below will not be called - - if (eeHTTPEnabled.equals(Constants.TRUE)) { - eeGateway.setHTTPPort(eeHTTPport); - } - eeGateway.setHTTPSPort(eeHTTPSport); - agent.setHTTPSPort(agentHTTPSport); - raAdmin.setHTTPSPort(radminHTTPSport); - - } catch (IOException e) { - // send 'port in use' error - sendResponse(ERROR, portName+" "+e.getMessage(), null, resp); - // we do not want to save the config in this case - return; - } - - eeGateway.setHTTPBacklog(gatewayBacklog); - eeGateway.setHTTPPortEnable(eeHTTPEnabled); - - mConfig.commit(true); - sendResponse(RESTART, null, null, resp); - */ - } - - /** - * Check if the port is available for binding. - * @throws IOException if not available - */ - - private void checkPortAvailable(int port) - throws IOException { - try { - // see if the port is being used by somebody else - ServerSocket ss = new ServerSocket(port); - - ss.close(); - } catch (Exception e) { - throw new IOException("port " + port + " is in use. Please select another port"); - } - } - - /** - * Reads network information. - */ - private void readNetworkConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { - - NameValuePairs params = new NameValuePairs(); - - getEENetworkConfig(params); - getAdminConfig(params); - getAgentConfig(params); - - sendResponse(SUCCESS, null, params, resp); - } - - private void getEENetworkConfig(NameValuePairs params) - throws EBaseException { - - /* - HTTPSubsystem eeGateway = - (HTTPSubsystem)mReg.get("eeGateway"); - if (eeGateway == null) { - // i.e. standalone DRM - params.add(Constants.PR_GATEWAY_S_PORT, "-1"); - params.add(Constants.PR_GATEWAY_PORT, "-1"); - params.add(Constants.PR_GATEWAY_S_BACKLOG, "-1"); - params.add(Constants.PR_GATEWAY_BACKLOG,"-1"); - params.add(Constants.PR_GATEWAY_PORT_ENABLED,"false"); - } else { - params.add(Constants.PR_GATEWAY_S_PORT, - ""+eeGateway.getHTTPSPort()); - params.add(Constants.PR_GATEWAY_PORT, - ""+eeGateway.getHTTPPort()); - params.add(Constants.PR_GATEWAY_S_BACKLOG, - ""+eeGateway.getHTTPBacklog()); - params.add(Constants.PR_GATEWAY_BACKLOG, - ""+eeGateway.getHTTPSBacklog()); - params.add(Constants.PR_GATEWAY_PORT_ENABLED, - eeGateway.getHTTPPortEnable()); - } - */ - } - - private void getAdminConfig(NameValuePairs params) throws EBaseException { - - /* - RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance(); - params.add(Constants.PR_ADMIN_S_PORT, ""+raAdmin.getHTTPSPort()); - params.add(Constants.PR_ADMIN_S_BACKLOG,""+raAdmin.getHTTPSBacklog()); - */ - } - - private void getAgentConfig(NameValuePairs params) throws EBaseException { - - /* - AgentGateway agent = (AgentGateway)mReg.get(AgentGateway.ID); - params.add(Constants.PR_AGENT_S_PORT, ""+agent.getHTTPSPort()); - params.add(Constants.PR_AGENT_S_BACKLOG,""+agent.getHTTPSBacklog()); - */ - } - - /** * Modifies database information. */ private void setDBConfig(HttpServletRequest req, @@ -2081,37 +1890,6 @@ private void createMasterKey(HttpServletRequest req, } } - private String getDefaultSigningAlg(String keyType, String messageDigest) { - if (keyType.equals("RSA")) { - if (messageDigest.equals("MD2")) { - return "MD2withRSA"; - } else if (messageDigest.equals("MD5")) { - return "MD5withRSA"; - } else if (messageDigest.equals("SHA1")) { - return "SHA1withRSA"; - } else if (messageDigest.equals("SHA256")) { - return "SHA256withRSA"; - } else if (messageDigest.equals("SHA512")) { - return "SHA512withRSA"; - } - } else if (keyType.equals("DSA")) { - if (messageDigest.equals("SHA1")) { - return "SHA1withDSA"; - } - } else /* EC */ { - if (messageDigest.equals("SHA1")) { - return "SHA1withEC"; - } else if (messageDigest.equals("SHA256")) { - return "SHA256withEC"; - } else if (messageDigest.equals("SHA384")) { - return "SHA384withEC"; - } else if (messageDigest.equals("SHA512")) { - return "SHA512withEC"; - } - } - return null; - } - private void updateCASignature(String nickname, KeyCertData properties, ICryptoSubsystem jssSubSystem) throws EBaseException { String alg = jssSubSystem.getSignatureAlgorithm(nickname); diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/KRAAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/KRAAdminServlet.java index 2c780bb2..e4138d74 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/KRAAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/KRAAdminServlet.java @@ -20,9 +20,6 @@ package com.netscape.cms.servlet.admin; import java.io.IOException; import java.util.Enumeration; -import java.util.Hashtable; -import java.util.StringTokenizer; -import java.util.Vector; import javax.servlet.ServletConfig; import javax.servlet.ServletException; @@ -31,17 +28,12 @@ import javax.servlet.http.HttpServletResponse; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.common.Constants; import com.netscape.certsrv.common.NameValuePairs; import com.netscape.certsrv.common.OpDef; import com.netscape.certsrv.common.ScopeDef; -import com.netscape.certsrv.kra.EKRAException; import com.netscape.certsrv.kra.IKeyRecoveryAuthority; import com.netscape.certsrv.logging.ILogger; -import com.netscape.certsrv.password.IPasswordCheck; -import com.netscape.certsrv.security.Credential; -import com.netscape.certsrv.security.IStorageKeyUnit; /** @@ -240,659 +232,4 @@ public class KRAAdminServlet extends AdminServlet { else sendResponse(SUCCESS, null, null, resp); } - - /** - * Changes M-N scheme. - * <P> - * - * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_DRM used when configuring - * DRM (Key recovery scheme, change of any secret component) - * </ul> - * @param req HTTP servlet request - * @param resp HTTP servlet response - * @exception EBaseException an error has occurred - */ - private synchronized void changeMNScheme(HttpServletRequest req, - HttpServletResponse resp) throws EBaseException { - String auditMessage = null; - String auditSubjectID = auditSubjectID(); - - // ensure that any low-level exceptions are reported - // to the signed audit log and stored as failures - try { - try { - NameValuePairs params = new NameValuePairs(); - String recN = getParameter(req, - Constants.PR_RECOVERY_N); - String recM = getParameter(req, - Constants.PR_RECOVERY_M); - String oldAgents = getParameter(req, - Constants.PR_OLD_RECOVERY_AGENT); - String agents = getParameter(req, - Constants.PR_RECOVERY_AGENT); - - if (recN == null) { - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); - - audit(auditMessage); - - throw new EKRAException( - CMS.getLogMessage("KRA_INVALID_N")); - } - - if (recM == null) { - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); - - audit(auditMessage); - - throw new EKRAException( - CMS.getLogMessage("KRA_INVALID_M")); - } - - if (recN != null && recM != null && oldAgents != null - && agents != null) { - int nVal = Integer.parseInt(recN); - - int mVal = Integer.parseInt(recM); - - Credential oldcreds[] = - parseCredentialStr(oldAgents); - - if (oldcreds == null) { - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); - - audit(auditMessage); - - throw new EKRAException( - CMS.getLogMessage("KRA_INVALID_PASSWORD")); - } - - Credential creds[] = - parseCredentialStr(agents); - - if (creds == null) { - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); - - audit(auditMessage); - - throw new EKRAException( - CMS.getLogMessage("KRA_INVALID_PASSWORD")); - } else { - for (int i = 0; i < creds.length; i++) { - Credential credential = creds[i]; - String pass = credential.getPassword(); - IPasswordCheck checker = CMS.getPasswordChecker(); - - if (!checker.isGoodPassword(pass)) { - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); - - audit(auditMessage); - - throw new EBaseException(checker.getReason(pass)); - } - } - } - if (mKRA.getStorageKeyUnit().changeAgentMN( - nVal, mVal, oldcreds, creds)) { - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); - - audit(auditMessage); - - // successful operation - sendResponse(SUCCESS, null, params, - resp); - return; - } - } - } catch (IOException e) { - } - - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); - - audit(auditMessage); - - throw new EBaseException(CMS.getLogMessage("BASE_INVALID_OPERATION")); - } catch (EBaseException eAudit1) { - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); - - audit(auditMessage); - - // rethrow the specific exception to be handled later - throw eAudit1; - } - } - - /** - * Changes recovery agent password. - * <P> - * - * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_DRM used when configuring - * DRM (Key recovery scheme, change of any secret component) - * </ul> - * @param req HTTP servlet request - * @param resp HTTP servlet response - * @exception EBaseException an error has occurred - */ - private synchronized void changeAgentPwd(HttpServletRequest req, - HttpServletResponse resp) throws EBaseException { - String auditMessage = null; - String auditSubjectID = auditSubjectID(); - - // ensure that any low-level exceptions are reported - // to the signed audit log and stored as failures - try { - try { - String id = getParameter(req, Constants.RS_ID); - String oldpwd = getParameter(req, - Constants.PR_OLD_AGENT_PWD); - String newpwd = getParameter(req, - Constants.PR_AGENT_PWD); - IPasswordCheck checker = CMS.getPasswordChecker(); - - if (!checker.isGoodPassword(newpwd)) { - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); - - audit(auditMessage); - - throw new EBaseException(checker.getReason(newpwd)); - } - - if (mKRA.getStorageKeyUnit().changeAgentPassword(id, - oldpwd, newpwd)) { - NameValuePairs params = new NameValuePairs(); - - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); - - audit(auditMessage); - - sendResponse(SUCCESS, null, params, resp); - return; - } else { - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); - - audit(auditMessage); - - throw new EKRAException( - CMS.getLogMessage("KRA_INVALID_PASSWORD")); - } - } catch (IOException e) { - } - - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); - - audit(auditMessage); - - throw new EBaseException(CMS.getLogMessage("BASE_INVALID_OPERATION")); - } catch (EBaseException eAudit1) { - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); - - audit(auditMessage); - - // rethrow the specific exception to be handled later - throw eAudit1; - } - } - - /** - * Modifies auto recovery configuration. - * <P> - * - * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_DRM used when configuring - * DRM (Key recovery scheme, change of any secret component) - * </ul> - * @param req HTTP servlet request - * @param resp HTTP servlet response - * @exception EBaseException an error has occurred - */ - private synchronized void modifyAutoRecoveryConfig( - HttpServletRequest req, HttpServletResponse resp) - throws EBaseException { - String auditMessage = null; - String auditSubjectID = auditSubjectID(); - - // ensure that any low-level exceptions are reported - // to the signed audit log and stored as failures - try { - try { - NameValuePairs params = new NameValuePairs(); - String autoOn = getParameter(req, - Constants.PR_AUTO_RECOVERY_ON); - String agents = getParameter(req, - Constants.PR_RECOVERY_AGENT); - - if (autoOn.equals(Constants.TRUE)) { - Credential creds[] = parseCredentialStr( - agents); - - if (mKRA.setAutoRecoveryState(creds, true)) { - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); - - audit(auditMessage); - - sendResponse(SUCCESS, null, params, - resp); - return; - } - } else if (autoOn.equals(Constants.FALSE)) { - if (mKRA.setAutoRecoveryState(null, false)) { - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); - - audit(auditMessage); - - sendResponse(SUCCESS, null, params, - resp); - return; - } - } - } catch (IOException e) { - } - - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); - - audit(auditMessage); - - throw new EBaseException(CMS.getLogMessage("BASE_INVALID_OPERATION")); - } catch (EBaseException eAudit1) { - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); - - audit(auditMessage); - - // rethrow the specific exception to be handled later - throw eAudit1; - } - } - - /** - * Reads auto recovery status. - * - * @param req HTTP request - * @param resp HTTP response - */ - private synchronized void readAutoRecoveryConfig( - HttpServletRequest req, HttpServletResponse resp) - throws EBaseException { - try { - NameValuePairs params = new NameValuePairs(); - - params.add(Constants.PR_AUTO_RECOVERY_ON, - mKRA.getAutoRecoveryState() ? - Constants.TRUE : Constants.FALSE); - sendResponse(SUCCESS, null, params, resp); - } catch (IOException e) { - throw new EBaseException( - CMS.getLogMessage("BASE_INVALID_OPERATION")); - } - } - - /** - * Reads recovery configuration. - * - * @param req HTTP request - * @param resp HTTP response - */ - private synchronized void readRecoveryConfig( - HttpServletRequest req, HttpServletResponse resp) - throws EBaseException { - try { - IStorageKeyUnit sku = mKRA.getStorageKeyUnit(); - NameValuePairs params = new NameValuePairs(); - - params.add(Constants.PR_RECOVERY_N, - Integer.toString(sku.getNoOfAgents())); - params.add(Constants.PR_RECOVERY_M, - Integer.toString(sku.getNoOfRequiredAgents())); - Enumeration e = sku.getAgentIdentifiers(); - StringBuffer as = new StringBuffer(); - - while (e.hasMoreElements()) { - as.append((String)e.nextElement()); - if (e.hasMoreElements()) { - as.append(","); - } - } - params.add(Constants.PR_RECOVERY_AGENT, as.toString()); - sendResponse(SUCCESS, null, params, resp); - } catch (IOException e) { - throw new EBaseException( - CMS.getLogMessage("BASE_INVALID_OPERATION")); - } - } - - /** - * Reads information about auto recovery agents. - * - * @param req HTTP request - * @param resp HTTP response - */ - private synchronized void readAutoRecoveryAgents( - HttpServletRequest req, HttpServletResponse resp) - throws EBaseException { - try { - // send the entire list anyway - NameValuePairs params = new NameValuePairs(); - Enumeration e = mKRA.getAutoRecoveryIDs(); - StringBuffer users = new StringBuffer(); - - while (e.hasMoreElements()) { - users.append((String) e.nextElement()); - if (e.hasMoreElements()) { - users.append(","); - } - } - params.add(Constants.PR_GROUP_USER, users.toString()); - params.add(Constants.PR_GROUP_DESC, - "Auto Recovery Agents"); // XXX - localized - sendResponse(SUCCESS, null, params, resp); - } catch (IOException e) { - throw new EBaseException( - CMS.getLogMessage("BASE_INVALID_OPERATION")); - } - } - - /** - * Modifies information about auto recovery agents. - * - * @param req HTTP request - * @param resp HTTP response - */ - private synchronized void modifyAutoRecoveryAgents( - HttpServletRequest req, HttpServletResponse resp) - throws EBaseException { - Vector v = new Vector(); - String users = getParameter(req, - Constants.PR_GROUP_USER); - StringTokenizer st = new StringTokenizer(users, ","); - - while (st.hasMoreTokens()) { - v.addElement(st.nextToken()); - } - String desc = getParameter(req, - Constants.PR_GROUP_DESC); - String agents = getParameter(req, - Constants.PR_RECOVERY_AGENT); - Credential creds[] = parseCredentialStr( - agents); - // XXX - check if the given password matched - // put ids into hashtable so that we can - // figure out what should be saved and deleted - Enumeration e = mKRA.getAutoRecoveryIDs(); - Hashtable h = new Hashtable(); - - while (e.hasMoreElements()) { - h.put(e.nextElement(), ""); - } - - // go through each of the user in the new list - for (int i = 0; i < v.size(); i++) { - String key = (String) v.elementAt(i); - - if (h.containsKey(key)) { - h.remove(key); - } else { - mKRA.addAutoRecovery(key, creds); - } - } - - // delete all the unreferenced - Enumeration dels = h.keys(); - - while (dels.hasMoreElements()) { - mKRA.removeAutoRecovery((String) - dels.nextElement()); - } - } - - /** - * Parses uid0=pwd0,uid1=pwd1,... into AgentCredential. - * - * @param s credential string - * @return a list of credentials - */ - private Credential[] parseCredentialStr(String s) { - StringTokenizer st = new StringTokenizer(s, ","); - Vector v = new Vector(); - - while (st.hasMoreTokens()) { - String a = st.nextToken(); - StringTokenizer st0 = new StringTokenizer(a, "="); - - v.addElement(new Credential(st0.nextToken(), - st0.nextToken())); - } - Credential ac[] = new Credential[v.size()]; - - v.copyInto(ac); - return ac; - } - - /* - * handle getting request in queue notification config info - */ - private void getNotificationRIQConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { - - NameValuePairs params = new NameValuePairs(); - - IConfigStore config = mKRA.getConfigStore(); - IConfigStore nc = - config.getSubStore(mKRA.PROP_NOTIFY_SUBSTORE); - - IConfigStore riq = nc.getSubStore(mKRA.PROP_REQ_IN_Q_SUBSTORE); - - Enumeration e = req.getParameterNames(); - - while (e.hasMoreElements()) { - String name = (String) e.nextElement(); - - if (name.equals(Constants.OP_TYPE)) - continue; - if (name.equals(Constants.RS_ID)) - continue; - if (name.equals(Constants.OP_SCOPE)) - continue; - if (name.equals(Constants.PR_ENABLE)) - continue; - params.add(name, riq.getString(name, "")); - } - - params.add(Constants.PR_ENABLE, - riq.getString(PROP_ENABLED, Constants.FALSE)); - //System.out.println("Send: "+params.toString()); - sendResponse(SUCCESS, null, params, resp); - } - - /** - * Handle setting request in queue notification config info - * <P> - * - * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_DRM used when configuring - * DRM (Key recovery scheme, change of any secret component) - * </ul> - * @param req HTTP servlet request - * @param resp HTTP servlet response - * @exception ServletException a servlet error has occurred - * @exception IOException an input/output error has occurred - * @exception EBaseException an error has occurred - */ - private void setNotificationRIQConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { - String auditMessage = null; - String auditSubjectID = auditSubjectID(); - - // ensure that any low-level exceptions are reported - // to the signed audit log and stored as failures - try { - IConfigStore config = mKRA.getConfigStore(); - IConfigStore nc = - config.getSubStore(mKRA.PROP_NOTIFY_SUBSTORE); - - IConfigStore riq = nc.getSubStore(mKRA.PROP_REQ_IN_Q_SUBSTORE); - - //set rest of the parameters - Enumeration e = req.getParameterNames(); - - while (e.hasMoreElements()) { - String name = (String) e.nextElement(); - - if (name.equals(Constants.OP_TYPE)) - continue; - if (name.equals(Constants.RS_ID)) - continue; - if (name.equals(Constants.OP_SCOPE)) - continue; - if (name.equals(Constants.PR_ENABLE)) - continue; - String val = req.getParameter(name); - - riq.putString(name, val); - mKRA.getRequestInQListener().set(name, val); - } - - // set enable flag - String enabledString = req.getParameter(Constants.PR_ENABLE); - - riq.putString(PROP_ENABLED, enabledString); - mKRA.getRequestInQListener().set(PROP_ENABLED, enabledString); - - commit(true); - - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); - - audit(auditMessage); - - sendResponse(SUCCESS, null, null, resp); - } catch (EBaseException eAudit1) { - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); - - audit(auditMessage); - - // rethrow the specific exception to be handled later - throw eAudit1; - } catch (IOException eAudit2) { - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); - - audit(auditMessage); - - // rethrow the specific exception to be handled later - throw eAudit2; - // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_DRM, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); - // - // audit( auditMessage ); - // - // // rethrow the specific exception to be handled later - // throw eAudit3; - } - } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java index 58e4dbdf..35855307 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java @@ -1410,81 +1410,6 @@ public class LogAdminServlet extends AdminServlet { } } - private synchronized void getLogConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { - - String implname = req.getParameter(Constants.RS_ID); - - if (implname == null) { - //System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); - return; - } - - Vector configParams = mSys.getLogDefaultParams(implname); - NameValuePairs params = new NameValuePairs(); - - // implName is always required so always send it. - params.add(Constants.PR_LOG_IMPL_NAME, ""); - if (configParams != null) { - for (int i = 0; i < configParams.size(); i++) { - String kv = (String) configParams.elementAt(i); - int index = kv.indexOf('='); - - params.add(kv.substring(0, index), - kv.substring(index + 1)); - } - } - sendResponse(0, null, params, resp); - return; - } - - private synchronized void getLogInstConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { - String id = req.getParameter(Constants.RS_ID); - - if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); - return; - } - - // does log instance exist? - if (mSys.getLogInsts().containsKey(id) == false) { - sendResponse(ERROR, - new ELogNotFound(CMS.getUserMessage(getLocale(req),"CMS_LOG_INSTANCE_NOT_FOUND",id)).toString(), - null, resp); - return; - } - - ILogEventListener logInst = (ILogEventListener) - mSys.getLogInstance(id); - Vector configParams = logInst.getInstanceParams(); - NameValuePairs params = new NameValuePairs(); - - params.add(Constants.PR_LOG_IMPL_NAME, - getLogPluginName(logInst)); - // implName is always required so always send it. - if (configParams != null) { - for (int i = 0; i < configParams.size(); i++) { - String kv = (String) configParams.elementAt(i); - int index = kv.indexOf('='); - - params.add(kv.substring(0, index), - kv.substring(index + 1)); - } - } - - sendResponse(SUCCESS, null, params, resp); - return; - } - /** * Modify log instance * <P> @@ -2384,29 +2309,6 @@ public class LogAdminServlet extends AdminServlet { return logPath; } - /** - * Signed Audit Check Log Expiration Time - * - * This method is called to extract the log expiration time. - * <P> - * - * @param req http servlet request - * @return a string containing the log expiration time - */ - private String auditCheckLogExpirationTime(HttpServletRequest req) { - // check to see if the log expiration time parameter was changed - String expirationTime = req.getParameter( - Constants.PR_LOG_EXPIRED_TIME); - - if (expirationTime == null) { - expirationTime = ""; - } - - expirationTime = expirationTime.trim(); - - return expirationTime; - } - private void getGeneralConfig(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException, EBaseException { diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/OCSPAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/OCSPAdminServlet.java index 9464f48f..152b364f 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/OCSPAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/OCSPAdminServlet.java @@ -538,25 +538,7 @@ public class OCSPAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; - // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); - // - // audit( auditMessage ); - // - // // rethrow the specific exception to be handled later - // throw eAudit3; + } } - - private void log(int level, String msg) { - if (mLogger == null) - return; - mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER, - level, "CAAdminServlet: " + msg); - } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java index 1cfab0b6..6f64d81a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java @@ -38,7 +38,6 @@ import com.netscape.certsrv.common.NameValuePairs; import com.netscape.certsrv.common.OpDef; import com.netscape.certsrv.common.ScopeDef; import com.netscape.certsrv.logging.ILogger; -import com.netscape.certsrv.policy.IPolicyRule; import com.netscape.certsrv.profile.EProfileException; import com.netscape.certsrv.profile.IPolicyConstraint; import com.netscape.certsrv.profile.IPolicyDefault; @@ -126,20 +125,6 @@ public class ProfileAdminServlet extends AdminServlet { return INFO; } - private void addDefaultParams(Object ext_info, NameValuePairs nvps) { - - /* make sure policy rules have 'enable' and 'predicate' */ - - if (ext_info instanceof IPolicyRule) { - if (nvps.getPair(IPolicyRule.PROP_ENABLE) == null) { - nvps.add(IPolicyRule.PROP_ENABLE, "boolean;Enable this policy rule"); - } - if (nvps.getPair(PROP_PREDICATE) == null) { - nvps.add(PROP_PREDICATE, "string;Rules describing when this policy should run."); - } - } - } - /** * Serves HTTP admin request. */ diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java index bd96bbec..fe8d1826 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java @@ -337,35 +337,6 @@ public class UsrGrpAdminServlet extends AdminServlet { } /** - * Retrieves configuration parameters of - * authentication manager. - */ - private synchronized void getConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { - super.getConfig(mMgr.getConfigStore(), req, resp); - } - - /** - * Sets configuration parameters of - * User/Group manager. - */ - private synchronized void setConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { - super.setConfig(mMgr.getConfigStore(), req, resp); - } - - /** - * Lists configuration parameters. - */ - private synchronized void listConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { - super.listConfig(mMgr.getConfigStore(), req, resp); - } - - /** * Searches for users in LDAP directory. List uids only * * Request/Response Syntax: diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java index 47b3c9f1..5431d2cf 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java @@ -21,7 +21,6 @@ package com.netscape.cms.servlet.cert; import java.io.IOException; import java.math.BigInteger; import java.security.cert.CertificateException; -import java.security.cert.X509Certificate; import java.util.Date; import java.util.Enumeration; import java.util.Locale; @@ -316,93 +315,6 @@ CMS.debug("**** mFormPath = "+mFormPath); } /** - * get cert to revoke from agent. - */ - private BigInteger getCertFromAgent( - IArgBlock httpParams, X509Certificate[] certContainer) - throws EBaseException { - BigInteger serialno = null; - X509Certificate cert = null; - - // get serial no - serialno = httpParams.getValueAsBigInteger(SERIAL_NO, null); - if (serialno == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_REVOKE")); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_SERIALNO_FOR_REVOKE")); - } - - // get cert from db if we're cert authority. - if (mAuthority instanceof ICertificateAuthority) { - cert = getX509Certificate(serialno); - if (cert == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_CERT_FOR_REVOCATION")); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION")); - } - } - certContainer[0] = cert; - return serialno; - } - - /** - * Revoke the specified certificate - */ - private BigInteger getCertFromAuthMgr( - AuthToken authToken, X509Certificate[] certContainer) - throws EBaseException { - X509CertImpl cert = - authToken.getInCert(AuthToken.TOKEN_CERT); - - if (cert == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CERTS_REVOKE_FROM_AUTHMGR")); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_CERTS_REVOKE_FROM_AUTHMGR")); - } - if (mAuthority instanceof ICertificateAuthority && - !isCertFromCA(cert)) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_CERT_FOR_REVOCATION")); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION")); - } - certContainer[0] = cert; - BigInteger serialno = ((X509Certificate) cert).getSerialNumber(); - - return serialno; - } - - /** - * get cert to revoke from ssl - */ - private BigInteger getCertFromSSL( - HttpServletRequest req, X509CertImpl[] certContainer) - throws EBaseException { - X509Certificate cert = getSSLClientCertificate(req); - - if (cert == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CERTS_REVOKE_FROM_SSL")); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_CERTS_REVOKE_FROM_SSL")); - } - if (mAuthority instanceof ICertificateAuthority && - !isCertFromCA(cert)) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_CERT_FOR_REVOCATION", "")); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION")); - } - BigInteger serialno = ((X509Certificate) cert).getSerialNumber(); - - certContainer[0] = (X509CertImpl) cert; - - return serialno; - } - - /** * Process cert status change request using the Certificate Management * protocol using CMS (CMC) * <P> diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/CloneRedirect.java b/pki/base/common/src/com/netscape/cms/servlet/cert/CloneRedirect.java index 88abe80e..b3693a53 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/CloneRedirect.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/CloneRedirect.java @@ -142,19 +142,4 @@ public class CloneRedirect extends CMSServlet { throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } } - - /** - * Display information about redirecting to the master's URL info - */ - private void process(CMSTemplateParams argSet, IArgBlock header, - HttpServletRequest req, - HttpServletResponse resp, - String signatureAlgorithm, - Locale locale) - throws EBaseException { - - CMS.debug("CloneRedirect: " + CMS.getLogMessage("ADMIN_SRVLT_ADD_MASTER_URL", mNewUrl)); - header.addStringValue("masterURL", mNewUrl); - return; - } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java index ee64cb94..4688406a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java @@ -37,9 +37,7 @@ import javax.servlet.http.HttpServletResponse; import netscape.security.pkcs.PKCS10; import netscape.security.x509.AlgorithmId; import netscape.security.x509.CertificateAlgorithmId; -import netscape.security.x509.CertificateExtensions; import netscape.security.x509.CertificateX509Key; -import netscape.security.x509.KeyUsageExtension; import netscape.security.x509.X509CertImpl; import netscape.security.x509.X509CertInfo; import netscape.security.x509.X509Key; @@ -1719,71 +1717,6 @@ public class EnrollServlet extends CMSServlet { mIsTestBed = config.getBoolean("isTestBed", true); } - private void do_testbed_hack( - int nummsgs, X509CertInfo[] certinfo, IArgBlock httpParams) - throws EBaseException { - if (!mIsTestBed) - return; - - // get around bug in cartman - bits are off by one byte. - for (int i = 0; i < certinfo.length; i++) { - try { - X509CertInfo cert = certinfo[i]; - CertificateExtensions exts = (CertificateExtensions) - cert.get(CertificateExtensions.NAME); - - if (exts == null) { - // should not happen. - continue; - } - KeyUsageExtension ext = (KeyUsageExtension) - exts.get(KeyUsageExtension.NAME); - - if (ext == null) - // should not happen - continue; - byte[] value = ext.getExtensionValue(); - - if (value[0] == 0x03 && value[1] == 0x02 && value[2] == 0x07) { - byte[] newvalue = new byte[value.length + 1]; - - newvalue[0] = 0x03; - newvalue[1] = 0x03; - newvalue[2] = 0x07; - newvalue[3] = value[3]; - // force encryption certs to have digitial signature - // set too so smime can find the cert for encryption. - if (value[3] == 0x20) { - - /* - newvalue[3] = 0x3f; - newvalue[4] = (byte)0x80; - */ - if (httpParams.getValueAsBoolean( - "dual-use-hack", true)) { - newvalue[3] = (byte) 0xE0; // same as rsa-dual-use. - } - } - newvalue[4] = 0; - KeyUsageExtension newext = - new KeyUsageExtension(Boolean.valueOf(true), - (Object) newvalue); - - exts.delete(KeyUsageExtension.NAME); - exts.set(KeyUsageExtension.NAME, newext); - - } - } catch (IOException e) { - // should never happen - continue; - } catch (CertificateException e) { - // should never happen - continue; - } - } - - } - /** * Signed Audit Log Info Certificate Value * diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCAChain.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCAChain.java index facf501c..b765a2cb 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCAChain.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCAChain.java @@ -390,15 +390,6 @@ import com.netscape.cms.servlet.common.ECMSGWException; } /** - * gets base 64 encoded cert chain - */ - private String getChainBase64(byte[] certBytes) { - String certBase64 = CMS.BtoA(certBytes); - - return certBase64; - } - - /** * Retrieves locale based on the request. */ protected Locale getLocale(HttpServletRequest req) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java b/pki/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java index e79efc32..f683a83d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java @@ -21,7 +21,6 @@ package com.netscape.cms.servlet.cert; import java.io.IOException; import java.math.BigInteger; import java.security.PublicKey; -import java.util.Date; import java.util.Enumeration; import java.util.Locale; import java.util.StringTokenizer; @@ -578,87 +577,6 @@ public class ListCerts extends CMSServlet { } /** - * Process the key search. - */ - private void process(CMSTemplateParams argSet, IArgBlock header, - int maxCount, int sentinel, - String filter, HttpServletRequest req, - HttpServletResponse resp, - String revokeAll, Locale locale) - throws EBaseException { - try { - if (filter.indexOf(CURRENT_TIME, 0) > -1) { - filter = insertCurrentTime(filter); - } - if (revokeAll != null && revokeAll.indexOf(CURRENT_TIME, 0) > -1) { - revokeAll = insertCurrentTime(revokeAll); - } - - // xxx the filter includes serial number range??? - ICertRecordList list = - (ICertRecordList) mCertDB.findCertRecordsInList(filter, null, maxCount); - // sentinel is the index on the list now, not serial number - Enumeration e = - list.getCertRecords(sentinel, sentinel + maxCount - 1); - - int count = 0; - - while (e != null && e.hasMoreElements()) { - ICertRecord rec = (ICertRecord) e.nextElement(); - - count++; - IArgBlock rarg = com.netscape.certsrv.apps.CMS.createArgBlock(); - - fillRecordIntoArg(rec, rarg); - argSet.addRepeatRecord(rarg); - } - - header.addStringValue("op", req.getParameter("op")); - if (revokeAll != null) - header.addStringValue("revokeAll", revokeAll); - if (mAuthName != null) - header.addStringValue("issuerName", mAuthName.toString()); - header.addStringValue("serviceURL", req.getRequestURI()); - header.addStringValue("templateName", "queryCert"); - header.addStringValue("queryFilter", filter); - header.addIntegerValue("maxCount", maxCount); - header.addIntegerValue("totalRecordCount", list.getSize()); - if ((sentinel + count) < list.getSize()) - header.addIntegerValue("querySentinelDown", sentinel + count); - else - header.addStringValue("querySentinelDown", null); - } catch (EBaseException e) { - log(ILogger.LL_FAILURE, com.netscape.certsrv.apps.CMS.getLogMessage("CMSGW_ERROR_LISTCERTS", e.toString())); - throw e; - } - return; - } - - private String insertCurrentTime(String filter) { - Date now = null; - StringBuffer newFilter = new StringBuffer(); - int k = 0; - int i = filter.indexOf(CURRENT_TIME, k); - - while (i > -1) { - if (now == null) now = new Date(); - if (newFilter.length() == 0) { - newFilter.append(filter.substring(k, i)); - newFilter.append(now.getTime()); - } else { - newFilter.append(filter.substring(k, i)); - newFilter.append(now.getTime()); - } - k = i + CURRENT_TIME.length(); - i = filter.indexOf(CURRENT_TIME, k); - } - if (k > 0) { - newFilter.append(filter.substring(k, filter.length())); - } - return newFilter.toString(); - } - - /** * Fills cert record into argument block. */ private void fillRecordIntoArg(ICertRecord rec, IArgBlock rarg) diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java index 79151072..19714cbf 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java @@ -19,7 +19,6 @@ package com.netscape.cms.servlet.cert.scep; import java.io.ByteArrayInputStream; import java.io.FileOutputStream; -import java.io.IOException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.PublicKey; @@ -1853,19 +1852,7 @@ throws EBaseException { - /** - * This needs to be re-written to log the messages to the system log, since there - * will be no visual webpage feedback for the user. (he's using a router) - */ - - private void writeError(String errMsg, HttpServletRequest httpReq, - HttpServletResponse httpResp) - throws IOException - { - } - - - protected String hashPassword(String pwd) { + protected String hashPassword(String pwd) { String salt = "lala123"; byte[] pwdDigest = mSHADigest.digest((salt+pwd).getBytes()); String b64E = com.netscape.osutil.OSUtil.BtoA(pwdDigest); diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java index 4528ea7e..fd89ceaf 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java @@ -574,21 +574,11 @@ public class CMSTemplate extends CMSFile { flush(); return; } - - public void println(String s) throws IOException { - print(s); - write('\n'); - flush(); - return; - } } private class templateLine { private StringBuffer s = new StringBuffer(); - void templateLine() { - } - void println(String p) { s.append('\n'); s.append(p); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java index 17a4bae6..e18d86cf 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java @@ -1210,23 +1210,6 @@ public class DatabasePanel extends WizardPanelBase { context.put("panel", "admin/console/config/databasepanel.vm"); } - private boolean isAgreementExist(String replicadn, LDAPConnection conn, - String name) { - String dn = "cn="+name+","+replicadn; - String filter = "(cn="+name+")"; - String[] attrs = {"cn"}; - try { - LDAPSearchResults results = conn.search(dn, LDAPv3.SCOPE_SUB, - filter, attrs, false); - while (results.hasMoreElements()) - return true; - } catch (LDAPException e) { - return false; - } - - return false; - } - private void createReplicationManager(LDAPConnection conn, String bindUser, String pwd) throws LDAPException { LDAPAttributeSet attrs = null; diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java index 0a6c5ec3..c1bf138e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java @@ -130,22 +130,4 @@ public class GetSubsystemCert extends CMSServlet { } return locale; } - - private String normalizeCertStr(String s) { - StringBuffer val = new StringBuffer(); - - for (int i = 0; i < s.length(); i++) { - if (s.charAt(i) == '\n') { - continue; - } else if (s.charAt(i) == '\r') { - continue; - } else if (s.charAt(i) == '"') { - continue; - } else if (s.charAt(i) == ' ') { - continue; - } - val.append(s.charAt(i)); - } - return val.toString(); - } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/QueryReq.java b/pki/base/common/src/com/netscape/cms/servlet/request/QueryReq.java index c065173c..036bd5d0 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/QueryReq.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/QueryReq.java @@ -39,7 +39,6 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.IRequestQueue; import com.netscape.certsrv.request.IRequestVirtualList; import com.netscape.certsrv.request.RequestId; -import com.netscape.certsrv.request.RequestStatus; import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.CMSTemplate; @@ -359,14 +358,6 @@ public class QueryReq extends CMSServlet { return; } - private static String makeRequestStatusEq(RequestStatus s) { - return "(" + "requestState" + "=" + s + ")"; - } - - private static String makeRequestIdCmp(String op, int bound) { - return "(requestId" + op + bound + ")"; - } - /** * Perform search based on direction button pressed * @param filter ldap filter indicating which VLV to search through. This can be diff --git a/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java b/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java index 1f6efa85..ca785565 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java @@ -23,7 +23,6 @@ import java.io.OutputStream; import java.security.PublicKey; import java.security.SecureRandom; import java.util.StringTokenizer; -import java.util.Vector; import javax.servlet.ServletConfig; import javax.servlet.ServletException; @@ -46,7 +45,6 @@ import com.netscape.certsrv.base.IPrettyPrintFormat; import com.netscape.certsrv.base.SessionContext; import com.netscape.certsrv.common.Constants; import com.netscape.certsrv.logging.ILogger; -import com.netscape.certsrv.security.Credential; import com.netscape.certsrv.tks.ITKSAuthority; import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; @@ -1376,27 +1374,4 @@ public class TokenServlet extends CMSServlet { super.service(req, resp); } - - /** - * Parses uid0=pwd0,uid1=pwd1,... into AgentCredential. - * - * @param s credential string - * @return a list of credentials - */ - private Credential[] parseCredentialStr(String s) { - StringTokenizer st = new StringTokenizer(s, ","); - Vector v = new Vector(); - - while (st.hasMoreTokens()) { - String a = st.nextToken(); - StringTokenizer st0 = new StringTokenizer(a, "="); - - v.addElement(new Credential(st0.nextToken(), - st0.nextToken())); - } - Credential ac[] = new Credential[v.size()]; - - v.copyInto(ac); - return ac; - } } |